You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by lq...@apache.org on 2016/05/18 09:31:14 UTC
svn commit: r1744368 - in /qpid/java/trunk:
broker-core/src/main/java/org/apache/qpid/server/transport/
broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/
broker-plugins/websocket/src/main/java/org/apache/qpid/server...
Author: lquack
Date: Wed May 18 09:31:13 2016
New Revision: 1744368
URL: http://svn.apache.org/viewvc?rev=1744368&view=rev
Log:
QPID-7270: [Java Broker] Fix broker side TLS cipher suite ordering
Modified:
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/transport/NonBlockingConnectionTLSDelegate.java
qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagement.java
qpid/java/trunk/broker-plugins/websocket/src/main/java/org/apache/qpid/server/transport/websocket/WebSocketProvider.java
qpid/java/trunk/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLUtil.java
Modified: qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/transport/NonBlockingConnectionTLSDelegate.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/transport/NonBlockingConnectionTLSDelegate.java?rev=1744368&r1=1744367&r2=1744368&view=diff
==============================================================================
--- qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/transport/NonBlockingConnectionTLSDelegate.java (original)
+++ qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/transport/NonBlockingConnectionTLSDelegate.java Wed May 18 09:31:13 2016
@@ -321,7 +321,7 @@ public class NonBlockingConnectionTLSDel
SSLUtil.updateEnabledCipherSuites(sslEngine, port.getTlsCipherSuiteWhiteList(), port.getTlsCipherSuiteBlackList());
if(port.getTlsCipherSuiteWhiteList() != null && !port.getTlsCipherSuiteWhiteList().isEmpty())
{
- SSLUtil.useCipherOrderIfPossible(sslEngine.getSSLParameters());
+ SSLUtil.useCipherOrderIfPossible(sslEngine);
}
if(port.getNeedClientAuth())
Modified: qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagement.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagement.java?rev=1744368&r1=1744367&r2=1744368&view=diff
==============================================================================
--- qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagement.java (original)
+++ qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagement.java Wed May 18 09:31:13 2016
@@ -39,8 +39,6 @@ import java.util.Set;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
-import javax.net.ssl.SSLParameters;
-import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import javax.servlet.DispatcherType;
@@ -435,15 +433,15 @@ public class HttpManagement extends Abst
public void customize(final SSLEngine sslEngine)
{
super.customize(sslEngine);
- useCipherOrderIfPossible(sslEngine.getSSLParameters());
+ useCipherOrderIfPossible(sslEngine);
}
- private void useCipherOrderIfPossible(final SSLParameters sslParameters)
+ private void useCipherOrderIfPossible(final SSLEngine sslEngine)
{
if(port.getTlsCipherSuiteWhiteList() != null
&& !port.getTlsCipherSuiteWhiteList().isEmpty())
{
- SSLUtil.useCipherOrderIfPossible(sslParameters);
+ SSLUtil.useCipherOrderIfPossible(sslEngine);
}
}
};
Modified: qpid/java/trunk/broker-plugins/websocket/src/main/java/org/apache/qpid/server/transport/websocket/WebSocketProvider.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-plugins/websocket/src/main/java/org/apache/qpid/server/transport/websocket/WebSocketProvider.java?rev=1744368&r1=1744367&r2=1744368&view=diff
==============================================================================
--- qpid/java/trunk/broker-plugins/websocket/src/main/java/org/apache/qpid/server/transport/websocket/WebSocketProvider.java (original)
+++ qpid/java/trunk/broker-plugins/websocket/src/main/java/org/apache/qpid/server/transport/websocket/WebSocketProvider.java Wed May 18 09:31:13 2016
@@ -36,7 +36,6 @@ import java.util.concurrent.atomic.Atomi
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
-import javax.net.ssl.SSLParameters;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@@ -143,15 +142,15 @@ class WebSocketProvider implements Accep
public void customize(final SSLEngine sslEngine)
{
super.customize(sslEngine);
- useCipherOrderIfPossible(sslEngine.getSSLParameters());
+ useCipherOrderIfPossible(sslEngine);
}
- private void useCipherOrderIfPossible(final SSLParameters sslParameters)
+ private void useCipherOrderIfPossible(final SSLEngine sslEngine)
{
if(_port.getTlsCipherSuiteWhiteList() != null
&& !_port.getTlsCipherSuiteWhiteList().isEmpty())
{
- SSLUtil.useCipherOrderIfPossible(sslParameters);
+ SSLUtil.useCipherOrderIfPossible(sslEngine);
}
}
};
Modified: qpid/java/trunk/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLUtil.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLUtil.java?rev=1744368&r1=1744367&r2=1744368&view=diff
==============================================================================
--- qpid/java/trunk/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLUtil.java (original)
+++ qpid/java/trunk/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLUtil.java Wed May 18 09:31:13 2016
@@ -625,13 +625,15 @@ public class SSLUtil
Arrays.toString(protocols)));
}
- public static void useCipherOrderIfPossible(final SSLParameters sslParameters)
+ public static void useCipherOrderIfPossible(final SSLEngine sslEngine)
{
if(SSL_PARAMETERS_SET_USE_CIPHER_SUITES_ORDER != null)
{
+ SSLParameters sslParameters = sslEngine.getSSLParameters();
try
{
SSL_PARAMETERS_SET_USE_CIPHER_SUITES_ORDER.invoke(sslParameters, Boolean.TRUE);
+ sslEngine.setSSLParameters(sslParameters);
}
catch (IllegalAccessException | InvocationTargetException e)
{
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org