You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@hc.apache.org by GitBox <gi...@apache.org> on 2019/03/01 17:01:52 UTC

[GitHub] artem-smotrakov opened a new pull request #140: HTTPCLIENT-1969: Filter out weak cipher suites

artem-smotrakov opened a new pull request #140: HTTPCLIENT-1969: Filter out weak cipher suites
URL: https://github.com/apache/httpcomponents-client/pull/140
 
 
   Please consider a patch for [HTTPCLIENT-1969](https://issues.apache.org/jira/browse/HTTPCLIENT-1969):
   - Defined a list of weak algorithms which may be used in a TLS connection. The list is based on the latest settings in modern OpenJDK, see [java.security](https://hg.openjdk.java.net/jdk/jdk/file/1019c97e1bde/src/java.base/share/conf/security/java.security#l678) file (EXPORT ciphers are also disabled in modern OpenJDK by default)
   - Updated `SSLConnectionSocketFactory` to filter out weak ciphers if cipher suites are not explicitly set.
   
   Please note that the test passes with latest Java versions even without patching `SSLConnectionSocketFactory` because latest Java versions disable weak ciphers by default. The filtering mechanism blocks weak ciphers in case older Java versions are used.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org