You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2014/12/10 14:42:15 UTC

[3/3] cxf git commit: Also exclude export ciphers by default

Also exclude export ciphers by default


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/e5a80585
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/e5a80585
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/e5a80585

Branch: refs/heads/master
Commit: e5a805853864e291626bdb913448fc4e2409cca0
Parents: 94cfe7e
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Wed Dec 10 11:37:02 2014 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Wed Dec 10 13:38:29 2014 +0000

----------------------------------------------------------------------
 .../main/java/org/apache/cxf/configuration/jsse/SSLUtils.java | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/e5a80585/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java b/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java
index dff171d..534c256 100644
--- a/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java
+++ b/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java
@@ -68,14 +68,15 @@ public final class SSLUtils {
     private static final boolean DEFAULT_REQUIRE_CLIENT_AUTHENTICATION = false;
     private static final boolean DEFAULT_WANT_CLIENT_AUTHENTICATION = true;
     
-    /**
-     * By default, only include export-compatible ciphersuites.
-     */
     private static final List<String> DEFAULT_CIPHERSUITE_FILTERS_INCLUDE =
         Arrays.asList(new String[] {".*"});
+    /**
+     * By default, exclude NULL, anon, EXPORT, DES ciphersuites
+     */
     private static final List<String> DEFAULT_CIPHERSUITE_FILTERS_EXCLUDE =
         Arrays.asList(new String[] {".*_NULL_.*",
                                     ".*_anon_.*",
+                                    ".*_EXPORT_.*",
                                     ".*_DES_.*"});
     
     private static volatile KeyManager[] defaultManagers;