You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by rh...@apache.org on 2014/10/16 18:05:12 UTC
svn commit: r1632372 -
/qpid/proton/trunk/proton-j/src/main/java/org/apache/qpid/proton/engine/impl/ssl/SslEngineFacadeFactory.java
Author: rhs
Date: Thu Oct 16 16:05:11 2014
New Revision: 1632372
URL: http://svn.apache.org/r1632372
Log:
PROTON-717: disable SSLv3
Modified:
qpid/proton/trunk/proton-j/src/main/java/org/apache/qpid/proton/engine/impl/ssl/SslEngineFacadeFactory.java
Modified: qpid/proton/trunk/proton-j/src/main/java/org/apache/qpid/proton/engine/impl/ssl/SslEngineFacadeFactory.java
URL: http://svn.apache.org/viewvc/qpid/proton/trunk/proton-j/src/main/java/org/apache/qpid/proton/engine/impl/ssl/SslEngineFacadeFactory.java?rev=1632372&r1=1632371&r2=1632372&view=diff
==============================================================================
--- qpid/proton/trunk/proton-j/src/main/java/org/apache/qpid/proton/engine/impl/ssl/SslEngineFacadeFactory.java (original)
+++ qpid/proton/trunk/proton-j/src/main/java/org/apache/qpid/proton/engine/impl/ssl/SslEngineFacadeFactory.java Thu Oct 16 16:05:11 2014
@@ -204,9 +204,24 @@ public class SslEngineFacadeFactory
boolean useClientMode = mode == SslDomain.Mode.CLIENT ? true : false;
sslEngine.setUseClientMode(useClientMode);
+ removeSSLv3Support(sslEngine);
+
return sslEngine;
}
+ private static final String SSLV3_PROTOCOL = "SSLv3";
+
+ private static void removeSSLv3Support(final SSLEngine engine)
+ {
+ List<String> enabledProtocols = Arrays.asList(engine.getEnabledProtocols());
+ if(enabledProtocols.contains(SSLV3_PROTOCOL))
+ {
+ List<String> allowedProtocols = new ArrayList<String>(enabledProtocols);
+ allowedProtocols.remove(SSLV3_PROTOCOL);
+ engine.setEnabledProtocols(allowedProtocols.toArray(new String[allowedProtocols.size()]));
+ }
+ }
+
/**
* @param sslPeerDetails is allowed to be null. A non-null value is used to hint that SSL resumption
* should be attempted
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org