Author: rhs
Date: Thu Oct 16 16:05:11 2014
New Revision: 1632372
URL: http://svn.apache.org/r1632372
Log:
PROTON-717: disable SSLv3
Modified:
qpid/proton/trunk/proton-j/src/main/java/org/apache/qpid/proton/engine/impl/ssl/SslEngineFacadeFactory.java
Modified:
qpid/proton/trunk/proton-j/src/main/java/org/apache/qpid/proton/engine/impl/ssl/SslEngineFacadeFactory.java
URL:
http://svn.apache.org/viewvc/qpid/proton/trunk/proton-j/src/main/java/org/apache/qpid/proton/engine/impl/ssl/SslEngineFacadeFactory.java?rev=1632372&r1=1632371&r2=1632372&view=diff
==============================================================================
---
qpid/proton/trunk/proton-j/src/main/java/org/apache/qpid/proton/engine/impl/ssl/SslEngineFacadeFactory.java
(original)
+++
qpid/proton/trunk/proton-j/src/main/java/org/apache/qpid/proton/engine/impl/ssl/SslEngineFacadeFactory.java
Thu Oct 16 16:05:11 2014
@@ -204,9 +204,24 @@ public class SslEngineFacadeFactory
boolean useClientMode = mode == SslDomain.Mode.CLIENT ? true : false;
sslEngine.setUseClientMode(useClientMode);
+ removeSSLv3Support(sslEngine);
+
return sslEngine;
}
+ private static final String SSLV3_PROTOCOL = "SSLv3";
+
+ private static void removeSSLv3Support(final SSLEngine engine)
+ {
+ List<String> enabledProtocols =
Arrays.asList(engine.getEnabledProtocols());
+ if(enabledProtocols.contains(SSLV3_PROTOCOL))
+ {
+ List<String> allowedProtocols = new
ArrayList<String>(enabledProtocols);
+ allowedProtocols.remove(SSLV3_PROTOCOL);
+ engine.setEnabledProtocols(allowedProtocols.toArray(new
String[allowedProtocols.size()]));
+ }
+ }
+
/**
* @param sslPeerDetails is allowed to be null. A non-null value is used
to hint that SSL resumption
* should be attempted
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@qpid.apache.org
For additional commands, e-mail: commits-h...@qpid.apache.org
