You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-commits@db.apache.org by ma...@apache.org on 2014/11/04 19:06:08 UTC
svn commit: r1636668 - in /db/derby/code/trunk/java: client/org/apache/derby/client/net/OpenSocketAction.java drda/org/apache/derby/impl/drda/NetworkServerControlImpl.java

Author: mamta
Date: Tue Nov  4 18:06:08 2014
New Revision: 1636668

URL: http://svn.apache.org/r1636668
Log:
DERBY-674(analyze impact of poodle security alert on Derby client - server ssl support)

Changes based on Knut's feedback.


Modified:
    db/derby/code/trunk/java/client/org/apache/derby/client/net/OpenSocketAction.java
    db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/NetworkServerControlImpl.java

Modified: db/derby/code/trunk/java/client/org/apache/derby/client/net/OpenSocketAction.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/client/org/apache/derby/client/net/OpenSocketAction.java?rev=1636668&r1=1636667&r2=1636668&view=diff
==============================================================================
--- db/derby/code/trunk/java/client/org/apache/derby/client/net/OpenSocketAction.java (original)
+++ db/derby/code/trunk/java/client/org/apache/derby/client/net/OpenSocketAction.java Tue Nov  4 18:06:08 2014
@@ -81,21 +81,22 @@ class OpenSocketAction implements Privil
             clientSSLMode_ == BasicClientDataSource40.SSL_PEER_AUTHENTICATION){
         	//DERBY-6764(analyze impact of poodle security alert on Derby 
         	// client - server ssl support)
-        	//If SSLv3 or SSLv2Hello is one of the enabled protocols, then 
-        	// we want to remove it from the list of enabled protocols  
+        	//If SSLv3 and/or SSLv2Hello is one of the enabled protocols,  
+        	// then we want to remove it from the list of enabled protocols  
         	// because of poodle security breach
         	SSLSocket sSocket = (SSLSocket)sf.createSocket(server_, port_);
         	String[] enabledProtocols = sSocket.getEnabledProtocols();
 
-            //If SSLv3 is one of the enabled protocols, then remove it from the
-            // list of enabled protocols because of its security breach.
+            //If SSLv3 and/or SSLv2Hello is one of the enabled protocols, 
+            // then remove it from the list of enabled protocols because of 
+            // its security breach.
             String[] removeTwoProtocols = new String[enabledProtocols.length];
             int removedProtocolsCount  = 0;
             boolean foundProtocolToRemove=false;
             for ( int i = 0; i < enabledProtocols.length; i++ )
             {
                 if (enabledProtocols[i].toUpperCase().contains("SSLV3") ||
-                    enabledProtocols[i].toUpperCase().contains("SSLv2Hello")) {
+                    enabledProtocols[i].toUpperCase().contains("SSLV2HELLO")) {
                 	foundProtocolToRemove=true;
                 } else {
                 	removeTwoProtocols[removedProtocolsCount] = 
@@ -105,13 +106,14 @@ class OpenSocketAction implements Privil
             }
             if(foundProtocolToRemove) {
             	String[] newEnabledProtocolsList = null;
-            	//We found that SSLv3 is one of the enabled protocols for this
-            	// jvm. Following code will remove it from enabled list.
+            	//We found that SSLv3 and or SSLv2Hello is one of the enabled 
+            	// protocols for this jvm. Following code will remove it from 
+            	// enabled list.
             	newEnabledProtocolsList = 
             			new String[(removeTwoProtocols.length)-1];
             	System.arraycopy(removeTwoProtocols, 0, 
             			newEnabledProtocolsList, 0, 
-            			(removeTwoProtocols.length)-1);
+            			removedProtocolsCount);
             	sSocket.setEnabledProtocols(newEnabledProtocolsList);
             }
             return sSocket;

Modified: db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/NetworkServerControlImpl.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/NetworkServerControlImpl.java?rev=1636668&r1=1636667&r2=1636668&view=diff
==============================================================================
--- db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/NetworkServerControlImpl.java (original)
+++ db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/NetworkServerControlImpl.java Tue Nov  4 18:06:08 2014
@@ -2715,7 +2715,7 @@ public final class NetworkServerControlI
         for ( int i = 0; i < enabledProtocols.length; i++ )
         {
             if (enabledProtocols[i].toUpperCase().contains("SSLV3") ||
-            	enabledProtocols[i].toUpperCase().contains("SSLv2Hello")) {
+            	enabledProtocols[i].toUpperCase().contains("SSLV2HELLO")) {
             	foundProtocolToRemove=true;
             } else {
             	removeTwoProtocols[removedProtocolsCount] = enabledProtocols[i];
@@ -2731,7 +2731,7 @@ public final class NetworkServerControlI
                 new String[(removeTwoProtocols.length)-1];
             System.arraycopy(removeTwoProtocols, 0, 
                 newEnabledProtocolsList, 0, 
-                (removeTwoProtocols.length)-1);
+                removedProtocolsCount);
             return(newEnabledProtocolsList);
         } else 
             return(enabledProtocols);