You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by lq...@apache.org on 2016/01/15 17:37:05 UTC
svn commit: r1724850 - in /qpid/java/branches/6.0.x: ./
broker-core/src/main/java/org/apache/qpid/server/transport/
broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/
broker-plugins/management-jmx/src/main/java/org/a...
Author: lquack
Date: Fri Jan 15 16:37:05 2016
New Revision: 1724850
URL: http://svn.apache.org/viewvc?rev=1724850&view=rev
Log:
QPID-6977, QPID-6978: [Java Client, Java Broker] Enable TLSv1.1 and TLSv1.2 support on Qpid client and add ability to disable TLS protocols via context variables
merged from trunk via
svn merge -c 1718889,1718893,1718918,1718922,1719026,1719028,1719033,1719037 https://svn.apache.org/repos/asf/qpid/java/trunk
manually reverted changes related to disabling TLSv1.0 by default
Modified:
qpid/java/branches/6.0.x/ (props changed)
qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/transport/NonBlockingConnectionTLSDelegate.java
qpid/java/branches/6.0.x/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagement.java
qpid/java/branches/6.0.x/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/QpidSslRMIServerSocketFactory.java
qpid/java/branches/6.0.x/broker-plugins/websocket/src/main/java/org/apache/qpid/server/transport/websocket/WebSocketProvider.java
qpid/java/branches/6.0.x/client/example/src/main/java/org/apache/qpid/example/hello.properties
qpid/java/branches/6.0.x/common/src/main/java/org/apache/qpid/configuration/CommonProperties.java
qpid/java/branches/6.0.x/common/src/main/java/org/apache/qpid/transport/network/security/SecurityLayerFactory.java
qpid/java/branches/6.0.x/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLUtil.java
qpid/java/branches/6.0.x/systests/src/main/java/org/apache/qpid/systest/rest/RestTestHelper.java
Propchange: qpid/java/branches/6.0.x/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Fri Jan 15 16:37:05 2016
@@ -9,5 +9,5 @@
/qpid/branches/java-broker-vhost-refactor/java:1493674-1494547
/qpid/branches/java-network-refactor/qpid/java:805429-821809
/qpid/branches/qpid-2935/qpid/java:1061302-1072333
-/qpid/java/trunk:1715445-1715447,1715586,1715940,1716086-1716087,1716127-1716128,1716141,1716153,1716155,1716194,1716204,1716209,1716227,1716277,1716357,1716368,1716370,1716374,1716432,1716444-1716445,1716455,1716461,1716474,1716489,1716497,1716515,1716555,1716602,1716606-1716610,1716619,1716636,1717269,1717299,1717401,1717446,1717449,1717626,1717691,1717735,1717780,1718744,1719047,1719051,1720664,1721151,1721198,1722246,1722339,1723064,1723194,1723563,1724216,1724251,1724257,1724397,1724432,1724582,1724603,1724780
+/qpid/java/trunk:1715445-1715447,1715586,1715940,1716086-1716087,1716127-1716128,1716141,1716153,1716155,1716194,1716204,1716209,1716227,1716277,1716357,1716368,1716370,1716374,1716432,1716444-1716445,1716455,1716461,1716474,1716489,1716497,1716515,1716555,1716602,1716606-1716610,1716619,1716636,1717269,1717299,1717401,1717446,1717449,1717626,1717691,1717735,1717780,1718744,1718889,1718893,1718918,1718922,1719026,1719028,1719033,1719037,1719047,1719051,1720664,1721151,1721198,1722246,1722339,1723064,1723194,1723563,1724216,1724251,1724257,1724397,1724432,1724582,1724603,1724780
/qpid/trunk/qpid:796646-796653
Modified: qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/transport/NonBlockingConnectionTLSDelegate.java
URL: http://svn.apache.org/viewvc/qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/transport/NonBlockingConnectionTLSDelegate.java?rev=1724850&r1=1724849&r2=1724850&view=diff
==============================================================================
--- qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/transport/NonBlockingConnectionTLSDelegate.java (original)
+++ qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/transport/NonBlockingConnectionTLSDelegate.java Fri Jan 15 16:37:05 2016
@@ -315,7 +315,7 @@ public class NonBlockingConnectionTLSDel
{
SSLEngine sslEngine = port.getSSLContext().createSSLEngine();
sslEngine.setUseClientMode(false);
- SSLUtil.removeSSLv3Support(sslEngine);
+ SSLUtil.updateProtocolSupport(sslEngine);
SSLUtil.updateEnabledCipherSuites(sslEngine, port.getEnabledCipherSuites(), port.getDisabledCipherSuites());
if(port.getNeedClientAuth())
Modified: qpid/java/branches/6.0.x/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagement.java
URL: http://svn.apache.org/viewvc/qpid/java/branches/6.0.x/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagement.java?rev=1724850&r1=1724849&r2=1724850&view=diff
==============================================================================
--- qpid/java/branches/6.0.x/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagement.java (original)
+++ qpid/java/branches/6.0.x/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagement.java Fri Jan 15 16:37:05 2016
@@ -374,8 +374,17 @@ public class HttpManagement extends Abst
{
throw new IllegalConfigurationException("Key store is not configured. Cannot start management on HTTPS port without keystore");
}
- SslContextFactory factory = new SslContextFactory();
- factory.addExcludeProtocols(SSLUtil.SSLV3_PROTOCOL);
+ SslContextFactory factory = new SslContextFactory()
+ {
+ public String[] selectProtocols(String[] enabledProtocols, String[] supportedProtocols)
+ {
+ List<String> selectedProtocols = new ArrayList<>(Arrays.asList(enabledProtocols));
+ SSLUtil.updateEnabledProtocols(selectedProtocols, supportedProtocols);
+
+ return selectedProtocols.toArray(new String[selectedProtocols.size()]);
+ }
+
+ };
if(port.getDisabledCipherSuites() != null)
{
Modified: qpid/java/branches/6.0.x/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/QpidSslRMIServerSocketFactory.java
URL: http://svn.apache.org/viewvc/qpid/java/branches/6.0.x/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/QpidSslRMIServerSocketFactory.java?rev=1724850&r1=1724849&r2=1724850&view=diff
==============================================================================
--- qpid/java/branches/6.0.x/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/QpidSslRMIServerSocketFactory.java (original)
+++ qpid/java/branches/6.0.x/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/QpidSslRMIServerSocketFactory.java Fri Jan 15 16:37:05 2016
@@ -87,7 +87,7 @@ public class QpidSslRMIServerSocketFacto
socket.getPort(),
true);
sslSocket.setUseClientMode(false);
- SSLUtil.removeSSLv3Support(sslSocket);
+ SSLUtil.updateProtocolSupport(sslSocket);
SSLUtil.updateEnabledCipherSuites(sslSocket, _enabledCipherSuites, _disabledCipherSuites);
return sslSocket;
}
Modified: qpid/java/branches/6.0.x/broker-plugins/websocket/src/main/java/org/apache/qpid/server/transport/websocket/WebSocketProvider.java
URL: http://svn.apache.org/viewvc/qpid/java/branches/6.0.x/broker-plugins/websocket/src/main/java/org/apache/qpid/server/transport/websocket/WebSocketProvider.java?rev=1724850&r1=1724849&r2=1724850&view=diff
==============================================================================
--- qpid/java/branches/6.0.x/broker-plugins/websocket/src/main/java/org/apache/qpid/server/transport/websocket/WebSocketProvider.java (original)
+++ qpid/java/branches/6.0.x/broker-plugins/websocket/src/main/java/org/apache/qpid/server/transport/websocket/WebSocketProvider.java Fri Jan 15 16:37:05 2016
@@ -27,6 +27,7 @@ import java.security.Principal;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
+import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
@@ -118,9 +119,29 @@ class WebSocketProvider implements Accep
}
else if (_transport == Transport.WSS)
{
- SslContextFactory factory = new SslContextFactory();
+ SslContextFactory factory = new SslContextFactory()
+ {
+ public String[] selectProtocols(String[] enabledProtocols, String[] supportedProtocols)
+ {
+ List<String> selectedProtocols = new ArrayList<>(Arrays.asList(enabledProtocols));
+ SSLUtil.updateEnabledProtocols(selectedProtocols, supportedProtocols);
+
+ return selectedProtocols.toArray(new String[selectedProtocols.size()]);
+ }
+
+ };
factory.setSslContext(_sslContext);
- factory.addExcludeProtocols(SSLUtil.SSLV3_PROTOCOL);
+
+ if(_port.getDisabledCipherSuites() != null)
+ {
+ factory.addExcludeCipherSuites(_port.getDisabledCipherSuites().toArray(new String[_port.getDisabledCipherSuites().size()]));
+ }
+
+ if(_port.getEnabledCipherSuites() != null && !_port.getEnabledCipherSuites().isEmpty())
+ {
+ factory.setIncludeCipherSuites(_port.getEnabledCipherSuites().toArray(new String[_port.getEnabledCipherSuites().size()]));
+ }
+
factory.setNeedClientAuth(_port.getNeedClientAuth());
factory.setWantClientAuth(_port.getWantClientAuth());
connector = new SslSelectChannelConnector(factory);
Modified: qpid/java/branches/6.0.x/client/example/src/main/java/org/apache/qpid/example/hello.properties
URL: http://svn.apache.org/viewvc/qpid/java/branches/6.0.x/client/example/src/main/java/org/apache/qpid/example/hello.properties?rev=1724850&r1=1724849&r2=1724850&view=diff
==============================================================================
--- qpid/java/branches/6.0.x/client/example/src/main/java/org/apache/qpid/example/hello.properties (original)
+++ qpid/java/branches/6.0.x/client/example/src/main/java/org/apache/qpid/example/hello.properties Fri Jan 15 16:37:05 2016
@@ -20,7 +20,7 @@ java.naming.factory.initial = org.apache
# register some connection factories
# connectionfactory.[jndiname] = [ConnectionURL]
-connectionfactory.qpidConnectionfactory = amqp://guest:guest@clientid/?brokerlist='tcp://localhost:5672'
+connectionfactory.qpidConnectionfactory = amqp://guest:guest@clientid/?brokerlist='tcp://localhost:5672?ssl='true'&trust_store='C:/Users/I641522/Downloads/xxx.jks'&ssl_verify_hostname='false''
# Register an AMQP destination in JNDI
# destination.[jniName] = [Address Format]
Modified: qpid/java/branches/6.0.x/common/src/main/java/org/apache/qpid/configuration/CommonProperties.java
URL: http://svn.apache.org/viewvc/qpid/java/branches/6.0.x/common/src/main/java/org/apache/qpid/configuration/CommonProperties.java?rev=1724850&r1=1724849&r2=1724850&view=diff
==============================================================================
--- qpid/java/branches/6.0.x/common/src/main/java/org/apache/qpid/configuration/CommonProperties.java (original)
+++ qpid/java/branches/6.0.x/common/src/main/java/org/apache/qpid/configuration/CommonProperties.java Fri Jan 15 16:37:05 2016
@@ -55,6 +55,13 @@ public class CommonProperties
public static final String HANDSHAKE_TIMEOUT_PROP_NAME = "qpid.handshake_timeout";
public static final int HANDSHAKE_TIMEOUT_DEFAULT = 2;
+ public static final String DISABLED_SSL_PROTOCOLS = "qpid.disabled_ssl_protocols";
+ public static final String DISABLED_SSL_PROTOCOLS_DEFAULT = "SSLv3";
+
+ public static final String ENABLED_SSL_PROTOCOLS = "qpid.enabled_ssl_protocols";
+ public static final String ENABLED_SSL_PROTOCOLS_DEFAULT = "TLSv1.1,TLSv1.2";
+
+
/** The name of the version properties file to load from the class path. */
public static final String VERSION_RESOURCE = "qpidversion.properties";
Modified: qpid/java/branches/6.0.x/common/src/main/java/org/apache/qpid/transport/network/security/SecurityLayerFactory.java
URL: http://svn.apache.org/viewvc/qpid/java/branches/6.0.x/common/src/main/java/org/apache/qpid/transport/network/security/SecurityLayerFactory.java?rev=1724850&r1=1724849&r2=1724850&view=diff
==============================================================================
--- qpid/java/branches/6.0.x/common/src/main/java/org/apache/qpid/transport/network/security/SecurityLayerFactory.java (original)
+++ qpid/java/branches/6.0.x/common/src/main/java/org/apache/qpid/transport/network/security/SecurityLayerFactory.java Fri Jan 15 16:37:05 2016
@@ -101,7 +101,7 @@ public class SecurityLayerFactory
{
_engine = sslCtx.createSSLEngine();
_engine.setUseClientMode(true);
- SSLUtil.removeSSLv3Support(_engine);
+ SSLUtil.updateProtocolSupport(_engine);
}
catch(Exception e)
{
Modified: qpid/java/branches/6.0.x/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLUtil.java
URL: http://svn.apache.org/viewvc/qpid/java/branches/6.0.x/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLUtil.java?rev=1724850&r1=1724849&r2=1724850&view=diff
==============================================================================
--- qpid/java/branches/6.0.x/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLUtil.java (original)
+++ qpid/java/branches/6.0.x/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLUtil.java Fri Jan 15 16:37:05 2016
@@ -70,6 +70,7 @@ import javax.xml.bind.DatatypeConverter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import org.apache.qpid.configuration.CommonProperties;
import org.apache.qpid.transport.TransportException;
public class SSLUtil
@@ -77,7 +78,6 @@ public class SSLUtil
private static final Logger LOGGER = LoggerFactory.getLogger(SSLUtil.class);
private static final Integer DNS_NAME_TYPE = 2;
- public static final String SSLV3_PROTOCOL = "SSLv3";
private SSLUtil()
{
@@ -478,100 +478,109 @@ public class SSLUtil
return new BigInteger(num);
}
- private static interface SSLEntity
+ public static String[] getExcludedSSlProtocols()
{
- String[] getEnabledCipherSuites();
-
- void setEnabledCipherSuites(String[] strings);
-
- String[] getEnabledProtocols();
-
- void setEnabledProtocols(String[] protocols);
-
- String[] getSupportedCipherSuites();
-
- String[] getSupportedProtocols();
+ String property = System.getProperty(CommonProperties.DISABLED_SSL_PROTOCOLS,
+ CommonProperties.DISABLED_SSL_PROTOCOLS_DEFAULT);
+ return property.split("\\s*,\\s*");
}
- private static SSLEntity asSSLEntity(final Object object, final Class<?> clazz)
+
+ public static String[] getEnabledSSlProtocols()
{
- return (SSLEntity) Proxy.newProxyInstance(SSLEntity.class.getClassLoader(), new Class[] { SSLEntity.class }, new InvocationHandler()
- {
- @Override
- public Object invoke(final Object proxy, final Method method, final Object[] args) throws Throwable
- {
- Method delegateMethod = clazz.getMethod(method.getName(), method.getParameterTypes());
- return delegateMethod.invoke(object, args);
- }
- }) ;
+ String property = System.getProperty(CommonProperties.ENABLED_SSL_PROTOCOLS,
+ CommonProperties.ENABLED_SSL_PROTOCOLS_DEFAULT);
+ return property.split("\\s*,\\s*");
}
- private static void removeSSLv3Support(final SSLEntity engine)
+ public static void updateProtocolSupport(final SSLEngine engine)
{
- List<String> enabledProtocols = Arrays.asList(engine.getEnabledProtocols());
- if(enabledProtocols.contains(SSLV3_PROTOCOL))
+ List<String> enabledProtocols = new ArrayList<>(Arrays.asList(engine.getEnabledProtocols()));
+ String[] supportedProtocols = engine.getSupportedProtocols();
+ boolean modified = updateEnabledProtocols(enabledProtocols, supportedProtocols);
+ if(modified)
{
- List<String> allowedProtocols = new ArrayList<>(enabledProtocols);
- allowedProtocols.remove(SSLV3_PROTOCOL);
- engine.setEnabledProtocols(allowedProtocols.toArray(new String[allowedProtocols.size()]));
+ engine.setEnabledProtocols(enabledProtocols.toArray(new String[enabledProtocols.size()]));
}
}
- public static void removeSSLv3Support(final SSLEngine engine)
+ // version overloaded on SSLSocket is needed for RMI
+ public static void updateProtocolSupport(final SSLSocket serverSocket)
{
- removeSSLv3Support(asSSLEntity(engine, SSLEngine.class));
+ List<String> enabledProtocols = new ArrayList<>(Arrays.asList(serverSocket.getEnabledProtocols()));
+ String[] supportedProtocols = serverSocket.getSupportedProtocols();
+ boolean modified = updateEnabledProtocols(enabledProtocols, supportedProtocols);
+ if(modified)
+ {
+ serverSocket.setEnabledProtocols(enabledProtocols.toArray(new String[enabledProtocols.size()]));
+ }
}
- public static void removeSSLv3Support(final SSLSocket socket)
+ public static boolean updateEnabledProtocols(final List<String> enabledProtocols, final String[] supportedProtocols)
{
- removeSSLv3Support(asSSLEntity(socket, SSLSocket.class));
+ boolean modified = false;
+ for(String protocol : getExcludedSSlProtocols())
+ {
+ if (enabledProtocols.contains(protocol))
+ {
+ enabledProtocols.remove(protocol);
+ modified = true;
+ }
+ }
+ for(String protocol : getEnabledSSlProtocols())
+ {
+ if(!enabledProtocols.contains(protocol) && Arrays.asList(supportedProtocols).contains(protocol))
+ {
+ enabledProtocols.add(protocol);
+ modified = true;
+ }
+ }
+ return modified;
}
- public static void removeSSLv3Support(final SSLServerSocket socket)
- {
- removeSSLv3Support(asSSLEntity(socket, SSLServerSocket.class));
- }
- private static void updateEnabledCipherSuites(final SSLEntity entity,
- final Collection<String> enabledCipherSuites,
- final Collection<String> disabledCipherSuites)
+ public static void updateEnabledCipherSuites(final SSLEngine engine,
+ final Collection<String> enabledCipherSuites,
+ final Collection<String> disabledCipherSuites)
{
if(enabledCipherSuites != null && !enabledCipherSuites.isEmpty())
{
final Set<String> supportedSuites =
- new HashSet<>(Arrays.asList(entity.getSupportedCipherSuites()));
+ new HashSet<>(Arrays.asList(engine.getSupportedCipherSuites()));
supportedSuites.retainAll(enabledCipherSuites);
- entity.setEnabledCipherSuites(supportedSuites.toArray(new String[supportedSuites.size()]));
+ engine.setEnabledCipherSuites(supportedSuites.toArray(new String[supportedSuites.size()]));
}
if(disabledCipherSuites != null && !disabledCipherSuites.isEmpty())
{
- final Set<String> enabledSuites = new HashSet<>(Arrays.asList(entity.getEnabledCipherSuites()));
+ final Set<String> enabledSuites = new HashSet<>(Arrays.asList(engine.getEnabledCipherSuites()));
enabledSuites.removeAll(disabledCipherSuites);
- entity.setEnabledCipherSuites(enabledSuites.toArray(new String[enabledSuites.size()]));
+ engine.setEnabledCipherSuites(enabledSuites.toArray(new String[enabledSuites.size()]));
}
}
-
- public static void updateEnabledCipherSuites(final SSLEngine engine,
+ // version overloaded on SSLSocket is needed for RMI
+ public static void updateEnabledCipherSuites(final SSLSocket socket,
final Collection<String> enabledCipherSuites,
final Collection<String> disabledCipherSuites)
{
- updateEnabledCipherSuites(asSSLEntity(engine, SSLEngine.class), enabledCipherSuites, disabledCipherSuites);
- }
+ if(enabledCipherSuites != null && !enabledCipherSuites.isEmpty())
+ {
+ final Set<String> supportedSuites =
+ new HashSet<>(Arrays.asList(socket.getSupportedCipherSuites()));
+ supportedSuites.retainAll(enabledCipherSuites);
+ socket.setEnabledCipherSuites(supportedSuites.toArray(new String[supportedSuites.size()]));
+ }
- public static void updateEnabledCipherSuites(final SSLServerSocket socket,
- final Collection<String> enabledCipherSuites,
- final Collection<String> disabledCipherSuites)
- {
- updateEnabledCipherSuites(asSSLEntity(socket, SSLServerSocket.class), enabledCipherSuites, disabledCipherSuites);
- }
+ if(disabledCipherSuites != null && !disabledCipherSuites.isEmpty())
+ {
+ final Set<String> enabledSuites = new HashSet<>(Arrays.asList(socket.getEnabledCipherSuites()));
+ enabledSuites.removeAll(disabledCipherSuites);
+ socket.setEnabledCipherSuites(enabledSuites.toArray(new String[enabledSuites.size()]));
+ }
- public static void updateEnabledCipherSuites(final SSLSocket socket,
- final Collection<String> enabledCipherSuites,
- final Collection<String> disabledCipherSuites)
- {
- updateEnabledCipherSuites(asSSLEntity(socket, SSLSocket.class), enabledCipherSuites, disabledCipherSuites);
}
+
+
}
Modified: qpid/java/branches/6.0.x/systests/src/main/java/org/apache/qpid/systest/rest/RestTestHelper.java
URL: http://svn.apache.org/viewvc/qpid/java/branches/6.0.x/systests/src/main/java/org/apache/qpid/systest/rest/RestTestHelper.java?rev=1724850&r1=1724849&r2=1724850&view=diff
==============================================================================
--- qpid/java/branches/6.0.x/systests/src/main/java/org/apache/qpid/systest/rest/RestTestHelper.java (original)
+++ qpid/java/branches/6.0.x/systests/src/main/java/org/apache/qpid/systest/rest/RestTestHelper.java Fri Jan 15 16:37:05 2016
@@ -67,6 +67,7 @@ import org.apache.qpid.server.model.Queu
import org.apache.qpid.ssl.SSLContextFactory;
import org.apache.qpid.test.utils.QpidBrokerTestCase;
import org.apache.qpid.test.utils.TestBrokerConfiguration;
+import org.apache.qpid.transport.network.security.ssl.SSLUtil;
public class RestTestHelper
{
@@ -157,7 +158,9 @@ public class RestTestHelper
CERT_ALIAS_APP1);
- SSLContext sslContext = SSLContextFactory.buildClientContext(trustManagers, keyManagers);
+ final SSLContext sslContext = SSLContext.getInstance(SSLUtil.getEnabledSSlProtocols()[SSLUtil.getEnabledSSlProtocols().length-1]);
+
+ sslContext.init(keyManagers, trustManagers, null);
SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
@@ -188,7 +191,9 @@ public class RestTestHelper
SSLContextFactory.getKeyManagers(null, null, null, null, null);
- SSLContext sslContext = SSLContextFactory.buildClientContext(trustManagers, keyManagers);
+ final SSLContext sslContext = SSLContext.getInstance(SSLUtil.getEnabledSSlProtocols()[SSLUtil.getEnabledSSlProtocols().length-1]);
+
+ sslContext.init(keyManagers, trustManagers, null);
SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org