You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@servicecomb.apache.org by li...@apache.org on 2018/10/19 01:53:53 UTC

[incubator-servicecomb-java-chassis] 01/02: [SCB-964] remove weak cipher suites

This is an automated email from the ASF dual-hosted git repository.

liubao pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-servicecomb-java-chassis.git

commit b0b3b835c908c50333a1991df5db170149853cf9
Author: yaohaishi <ya...@huawei.com>
AuthorDate: Tue Oct 16 09:26:15 2018 +0800

    [SCB-964] remove weak cipher suites
---
 .../java/org/apache/servicecomb/foundation/ssl/SSLOption.java     | 8 +++-----
 .../apache/servicecomb/foundation/vertx/TestVertxTLSBuilder.java  | 2 +-
 2 files changed, 4 insertions(+), 6 deletions(-)

diff --git a/foundations/foundation-ssl/src/main/java/org/apache/servicecomb/foundation/ssl/SSLOption.java b/foundations/foundation-ssl/src/main/java/org/apache/servicecomb/foundation/ssl/SSLOption.java
index 012ad80..b7b5034 100644
--- a/foundations/foundation-ssl/src/main/java/org/apache/servicecomb/foundation/ssl/SSLOption.java
+++ b/foundations/foundation-ssl/src/main/java/org/apache/servicecomb/foundation/ssl/SSLOption.java
@@ -38,15 +38,13 @@ import com.netflix.config.DynamicPropertyFactory;
 public final class SSLOption {
   private static final SSLOption DEFAULT_OPTION = new SSLOption();
 
-  public static final String DEFAUL_CIPHERS = "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,"
-      + "TLS_RSA_WITH_AES_256_GCM_SHA384,"
-      + "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,"
-      + "TLS_RSA_WITH_AES_128_GCM_SHA256";
+  public static final String DEFAULT_CIPHERS = "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,"
+      + "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256";
 
   static {
     DEFAULT_OPTION.setEngine("jdk");
     DEFAULT_OPTION.setProtocols("TLSv1.2");
-    DEFAULT_OPTION.setCiphers(DEFAUL_CIPHERS);
+    DEFAULT_OPTION.setCiphers(DEFAULT_CIPHERS);
     DEFAULT_OPTION.setAuthPeer(false);
     DEFAULT_OPTION.setCheckCNHost(false);
     DEFAULT_OPTION.setCheckCNWhite(false);
diff --git a/foundations/foundation-vertx/src/test/java/org/apache/servicecomb/foundation/vertx/TestVertxTLSBuilder.java b/foundations/foundation-vertx/src/test/java/org/apache/servicecomb/foundation/vertx/TestVertxTLSBuilder.java
index 5703855..95a2cd1 100644
--- a/foundations/foundation-vertx/src/test/java/org/apache/servicecomb/foundation/vertx/TestVertxTLSBuilder.java
+++ b/foundations/foundation-vertx/src/test/java/org/apache/servicecomb/foundation/vertx/TestVertxTLSBuilder.java
@@ -66,7 +66,7 @@ public class TestVertxTLSBuilder {
     static {
       sslOption.setEngine("openssl");
       sslOption.setProtocols("");
-      sslOption.setCiphers(SSLOption.DEFAUL_CIPHERS);
+      sslOption.setCiphers(SSLOption.DEFAULT_CIPHERS);
       sslOption.setCheckCNHost(true);
     }