You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-commits@db.apache.org by ma...@apache.org on 2014/11/04 19:06:08 UTC
svn commit: r1636668 - in /db/derby/code/trunk/java:
client/org/apache/derby/client/net/OpenSocketAction.java
drda/org/apache/derby/impl/drda/NetworkServerControlImpl.java
Author: mamta
Date: Tue Nov 4 18:06:08 2014
New Revision: 1636668
URL: http://svn.apache.org/r1636668
Log:
DERBY-674(analyze impact of poodle security alert on Derby client - server ssl support)
Changes based on Knut's feedback.
Modified:
db/derby/code/trunk/java/client/org/apache/derby/client/net/OpenSocketAction.java
db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/NetworkServerControlImpl.java
Modified: db/derby/code/trunk/java/client/org/apache/derby/client/net/OpenSocketAction.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/client/org/apache/derby/client/net/OpenSocketAction.java?rev=1636668&r1=1636667&r2=1636668&view=diff
==============================================================================
--- db/derby/code/trunk/java/client/org/apache/derby/client/net/OpenSocketAction.java (original)
+++ db/derby/code/trunk/java/client/org/apache/derby/client/net/OpenSocketAction.java Tue Nov 4 18:06:08 2014
@@ -81,21 +81,22 @@ class OpenSocketAction implements Privil
clientSSLMode_ == BasicClientDataSource40.SSL_PEER_AUTHENTICATION){
//DERBY-6764(analyze impact of poodle security alert on Derby
// client - server ssl support)
- //If SSLv3 or SSLv2Hello is one of the enabled protocols, then
- // we want to remove it from the list of enabled protocols
+ //If SSLv3 and/or SSLv2Hello is one of the enabled protocols,
+ // then we want to remove it from the list of enabled protocols
// because of poodle security breach
SSLSocket sSocket = (SSLSocket)sf.createSocket(server_, port_);
String[] enabledProtocols = sSocket.getEnabledProtocols();
- //If SSLv3 is one of the enabled protocols, then remove it from the
- // list of enabled protocols because of its security breach.
+ //If SSLv3 and/or SSLv2Hello is one of the enabled protocols,
+ // then remove it from the list of enabled protocols because of
+ // its security breach.
String[] removeTwoProtocols = new String[enabledProtocols.length];
int removedProtocolsCount = 0;
boolean foundProtocolToRemove=false;
for ( int i = 0; i < enabledProtocols.length; i++ )
{
if (enabledProtocols[i].toUpperCase().contains("SSLV3") ||
- enabledProtocols[i].toUpperCase().contains("SSLv2Hello")) {
+ enabledProtocols[i].toUpperCase().contains("SSLV2HELLO")) {
foundProtocolToRemove=true;
} else {
removeTwoProtocols[removedProtocolsCount] =
@@ -105,13 +106,14 @@ class OpenSocketAction implements Privil
}
if(foundProtocolToRemove) {
String[] newEnabledProtocolsList = null;
- //We found that SSLv3 is one of the enabled protocols for this
- // jvm. Following code will remove it from enabled list.
+ //We found that SSLv3 and or SSLv2Hello is one of the enabled
+ // protocols for this jvm. Following code will remove it from
+ // enabled list.
newEnabledProtocolsList =
new String[(removeTwoProtocols.length)-1];
System.arraycopy(removeTwoProtocols, 0,
newEnabledProtocolsList, 0,
- (removeTwoProtocols.length)-1);
+ removedProtocolsCount);
sSocket.setEnabledProtocols(newEnabledProtocolsList);
}
return sSocket;
Modified: db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/NetworkServerControlImpl.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/NetworkServerControlImpl.java?rev=1636668&r1=1636667&r2=1636668&view=diff
==============================================================================
--- db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/NetworkServerControlImpl.java (original)
+++ db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/NetworkServerControlImpl.java Tue Nov 4 18:06:08 2014
@@ -2715,7 +2715,7 @@ public final class NetworkServerControlI
for ( int i = 0; i < enabledProtocols.length; i++ )
{
if (enabledProtocols[i].toUpperCase().contains("SSLV3") ||
- enabledProtocols[i].toUpperCase().contains("SSLv2Hello")) {
+ enabledProtocols[i].toUpperCase().contains("SSLV2HELLO")) {
foundProtocolToRemove=true;
} else {
removeTwoProtocols[removedProtocolsCount] = enabledProtocols[i];
@@ -2731,7 +2731,7 @@ public final class NetworkServerControlI
new String[(removeTwoProtocols.length)-1];
System.arraycopy(removeTwoProtocols, 0,
newEnabledProtocolsList, 0,
- (removeTwoProtocols.length)-1);
+ removedProtocolsCount);
return(newEnabledProtocolsList);
} else
return(enabledProtocols);