cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bhais...@apache.org
Subject [2/2] git commit: updated refs/heads/master to 664186f
Date Wed, 21 Jan 2015 12:35:18 GMT
CLOUDSTACK-8160: use preferable protocols

(cherry picked from commit debfcdef788ce0d51be06db0ef10f6815f9b563b)
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/664186f4
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/664186f4
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/664186f4

Branch: refs/heads/master
Commit: 664186f483e15e572553f86b3cdec33d2e96b9be
Parents: e7c8002
Author: Rohit Yadav <rohit.yadav@shapeblue.com>
Authored: Wed Jan 21 18:01:34 2015 +0530
Committer: Rohit Yadav <rohit.yadav@shapeblue.com>
Committed: Wed Jan 21 18:04:45 2015 +0530

----------------------------------------------------------------------
 client/tomcatconf/server-nonssl.xml.in          |  2 +-
 client/tomcatconf/server-ssl.xml.in             |  2 +-
 client/tomcatconf/server7-nonssl.xml.in         |  2 +-
 client/tomcatconf/server7-ssl.xml.in            |  2 +-
 .../manager/ClusteredAgentManagerImpl.java      |  2 +
 .../mom/rabbitmq/RabbitMQEventBus.java          |  7 ++-
 .../resource/XenServerConnectionPool.java       |  4 +-
 .../opendaylight/api/NeutronRestApi.java        | 19 ++++++--
 .../cloud/network/utils/HttpClientWrapper.java  |  4 +-
 .../storage/datastore/util/ElastistorUtil.java  |  3 +-
 .../datastore/util/NexentaNmsClient.java        |  4 +-
 .../storage/datastore/util/SolidFireUtil.java   |  4 +-
 .../main/java/streamer/SocketWrapperImpl.java   |  2 +-
 .../ConsoleProxySecureServerFactoryImpl.java    |  6 ++-
 .../com/cloud/consoleproxy/util/RawHTTP.java    | 25 +++++-----
 .../etc/apache2/sites-available/default-ssl     |  1 +
 .../debian/config/etc/apache2/vhostexample.conf |  1 +
 systemvm/scripts/config_ssl.sh                  |  2 +
 utils/src/com/cloud/utils/nio/Link.java         |  3 +-
 utils/src/com/cloud/utils/nio/NioClient.java    |  3 ++
 .../src/com/cloud/utils/nio/NioConnection.java  |  3 ++
 .../cloud/utils/rest/RESTServiceConnector.java  | 20 ++++++--
 .../cloudstack/utils/security/SSLUtils.java     | 51 ++++++++++++++++++++
 .../ssl/EasySSLProtocolSocketFactory.java       | 24 ++++++---
 .../hypervisor/vmware/util/VmwareClient.java    |  4 +-
 .../hypervisor/vmware/util/VmwareContext.java   |  3 +-
 26 files changed, 156 insertions(+), 47 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/664186f4/client/tomcatconf/server-nonssl.xml.in
----------------------------------------------------------------------
diff --git a/client/tomcatconf/server-nonssl.xml.in b/client/tomcatconf/server-nonssl.xml.in
index 847197c..e0debe4 100755
--- a/client/tomcatconf/server-nonssl.xml.in
+++ b/client/tomcatconf/server-nonssl.xml.in
@@ -82,7 +82,7 @@
     <!--
     <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
                maxThreads="150" scheme="https" secure="true"
-               clientAuth="false" sslProtocol="TLS" 
+               clientAuth="false" sslProtocol="TLS" sslEnabledProtocols="TLSv1.2,TLSv1.1"
                keystoreType="PKCS12"
 	       keystoreFile="conf\cloud-localhost.pk12" 
 	       keystorePass="password"

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/664186f4/client/tomcatconf/server-ssl.xml.in
----------------------------------------------------------------------
diff --git a/client/tomcatconf/server-ssl.xml.in b/client/tomcatconf/server-ssl.xml.in
index 37bc53d..2e61251 100755
--- a/client/tomcatconf/server-ssl.xml.in
+++ b/client/tomcatconf/server-ssl.xml.in
@@ -82,7 +82,7 @@
     <!--
     <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
                maxThreads="150" scheme="https" secure="true"
-               clientAuth="false" sslProtocol="TLS" 
+               clientAuth="false" sslProtocol="TLS" sslEnabledProtocols="TLSv1.2,TLSv1.1"
                keystoreType="PKCS12"
 	       keystoreFile="conf\cloud-localhost.pk12" 
 	       keystorePass="password"

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/664186f4/client/tomcatconf/server7-nonssl.xml.in
----------------------------------------------------------------------
diff --git a/client/tomcatconf/server7-nonssl.xml.in b/client/tomcatconf/server7-nonssl.xml.in
index 16085d7..7ea251a 100755
--- a/client/tomcatconf/server7-nonssl.xml.in
+++ b/client/tomcatconf/server7-nonssl.xml.in
@@ -82,7 +82,7 @@
     <!--
     <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
                maxThreads="150" scheme="https" secure="true"
-               clientAuth="false" sslProtocol="TLS"
+               clientAuth="false" sslProtocol="TLS" sslEnabledProtocols="TLSv1.2,TLSv1.1"
                keystoreType="PKCS12"
 	       keystoreFile="conf\cloud-localhost.pk12"
 	       keystorePass="password"

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/664186f4/client/tomcatconf/server7-ssl.xml.in
----------------------------------------------------------------------
diff --git a/client/tomcatconf/server7-ssl.xml.in b/client/tomcatconf/server7-ssl.xml.in
index e8f3f10..97421ba 100755
--- a/client/tomcatconf/server7-ssl.xml.in
+++ b/client/tomcatconf/server7-ssl.xml.in
@@ -82,7 +82,7 @@
     <!--
     <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
                maxThreads="150" scheme="https" secure="true"
-               clientAuth="false" sslProtocol="TLS"
+               clientAuth="false" sslProtocol="TLS" sslEnabledProtocols="TLSv1.2,TLSv1.1"
                keystoreType="PKCS12"
 	       keystoreFile="conf\cloud-localhost.pk12"
 	       keystorePass="password"

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/664186f4/engine/orchestration/src/com/cloud/agent/manager/ClusteredAgentManagerImpl.java
----------------------------------------------------------------------
diff --git a/engine/orchestration/src/com/cloud/agent/manager/ClusteredAgentManagerImpl.java
b/engine/orchestration/src/com/cloud/agent/manager/ClusteredAgentManagerImpl.java
index ca978ff..e38489b 100644
--- a/engine/orchestration/src/com/cloud/agent/manager/ClusteredAgentManagerImpl.java
+++ b/engine/orchestration/src/com/cloud/agent/manager/ClusteredAgentManagerImpl.java
@@ -53,6 +53,7 @@ import org.apache.cloudstack.framework.config.dao.ConfigurationDao;
 import org.apache.cloudstack.managed.context.ManagedContextRunnable;
 import org.apache.cloudstack.managed.context.ManagedContextTimerTask;
 import org.apache.cloudstack.utils.identity.ManagementServerNode;
+import org.apache.cloudstack.utils.security.SSLUtils;
 
 import com.cloud.agent.AgentManager;
 import com.cloud.agent.api.Answer;
@@ -505,6 +506,7 @@ public class ClusteredAgentManagerImpl extends AgentManagerImpl implements
Clust
                         SSLContext sslContext = Link.initSSLContext(true);
                         sslEngine = sslContext.createSSLEngine(ip, Port.value());
                         sslEngine.setUseClientMode(true);
+                        sslEngine.setEnabledProtocols(SSLUtils.getSupportedProtocols(sslEngine.getEnabledProtocols()));
 
                         Link.doHandshake(ch1, sslEngine, true);
                         s_logger.info("SSL: Handshake done");

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/664186f4/plugins/event-bus/rabbitmq/src/org/apache/cloudstack/mom/rabbitmq/RabbitMQEventBus.java
----------------------------------------------------------------------
diff --git a/plugins/event-bus/rabbitmq/src/org/apache/cloudstack/mom/rabbitmq/RabbitMQEventBus.java
b/plugins/event-bus/rabbitmq/src/org/apache/cloudstack/mom/rabbitmq/RabbitMQEventBus.java
index 2d389f2..25ecb75 100644
--- a/plugins/event-bus/rabbitmq/src/org/apache/cloudstack/mom/rabbitmq/RabbitMQEventBus.java
+++ b/plugins/event-bus/rabbitmq/src/org/apache/cloudstack/mom/rabbitmq/RabbitMQEventBus.java
@@ -59,6 +59,7 @@ public class RabbitMQEventBus extends ManagerBase implements EventBus {
     private static Integer port;
     private static String username;
     private static String password;
+    private static String secureProtocol = "TLSv1.2";
 
     public synchronized static void setVirtualHost(String virtualHost) {
         RabbitMQEventBus.virtualHost = virtualHost;
@@ -153,6 +154,10 @@ public class RabbitMQEventBus extends ManagerBase implements EventBus
{
         RabbitMQEventBus.port = port;
     }
 
+    public void setSecureProtocol(String protocol) {
+        RabbitMQEventBus.secureProtocol = protocol;
+    }
+
     @Override
     public void setName(String name) {
         this.name = name;
@@ -373,7 +378,7 @@ public class RabbitMQEventBus extends ManagerBase implements EventBus
{
             }
 
             if (useSsl != null && !useSsl.isEmpty() && useSsl.equalsIgnoreCase("true"))
{
-                factory.useSslProtocol();
+                factory.useSslProtocol(this.secureProtocol);
             }
             Connection connection = factory.newConnection();
             connection.addShutdownListener(disconnectHandler);

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/664186f4/plugins/hypervisors/xenserver/src/com/cloud/hypervisor/xenserver/resource/XenServerConnectionPool.java
----------------------------------------------------------------------
diff --git a/plugins/hypervisors/xenserver/src/com/cloud/hypervisor/xenserver/resource/XenServerConnectionPool.java
b/plugins/hypervisors/xenserver/src/com/cloud/hypervisor/xenserver/resource/XenServerConnectionPool.java
index 762c6dc..8df415e 100644
--- a/plugins/hypervisors/xenserver/src/com/cloud/hypervisor/xenserver/resource/XenServerConnectionPool.java
+++ b/plugins/hypervisors/xenserver/src/com/cloud/hypervisor/xenserver/resource/XenServerConnectionPool.java
@@ -35,6 +35,8 @@ import org.apache.log4j.Logger;
 import org.apache.xmlrpc.XmlRpcException;
 import org.apache.xmlrpc.client.XmlRpcClientException;
 
+import org.apache.cloudstack.utils.security.SSLUtils;
+
 import com.xensource.xenapi.APIVersion;
 import com.xensource.xenapi.Connection;
 import com.xensource.xenapi.Host;
@@ -77,7 +79,7 @@ public class XenServerConnectionPool {
             javax.net.ssl.TrustManager[] trustAllCerts = new javax.net.ssl.TrustManager[1];
             javax.net.ssl.TrustManager tm = new TrustAllManager();
             trustAllCerts[0] = tm;
-            javax.net.ssl.SSLContext sc = javax.net.ssl.SSLContext.getInstance("TLS");
+            javax.net.ssl.SSLContext sc = SSLUtils.getSSLContext();
             sc.init(null, trustAllCerts, null);
             javax.net.ssl.HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
             HostnameVerifier hv = new HostnameVerifier() {

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/664186f4/plugins/network-elements/opendaylight/src/main/java/org/apache/cloudstack/network/opendaylight/api/NeutronRestApi.java
----------------------------------------------------------------------
diff --git a/plugins/network-elements/opendaylight/src/main/java/org/apache/cloudstack/network/opendaylight/api/NeutronRestApi.java
b/plugins/network-elements/opendaylight/src/main/java/org/apache/cloudstack/network/opendaylight/api/NeutronRestApi.java
index 8c67a98..63d81a8 100644
--- a/plugins/network-elements/opendaylight/src/main/java/org/apache/cloudstack/network/opendaylight/api/NeutronRestApi.java
+++ b/plugins/network-elements/opendaylight/src/main/java/org/apache/cloudstack/network/opendaylight/api/NeutronRestApi.java
@@ -19,6 +19,7 @@
 
 package org.apache.cloudstack.network.opendaylight.api;
 
+import org.apache.cloudstack.utils.security.SSLUtils;
 import java.io.IOException;
 import java.lang.reflect.Constructor;
 import java.lang.reflect.InvocationTargetException;
@@ -33,6 +34,7 @@ import java.security.NoSuchAlgorithmException;
 import java.security.cert.X509Certificate;
 
 import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSocket;
 import javax.net.ssl.SSLSocketFactory;
 import javax.net.ssl.TrustManager;
 import javax.net.ssl.X509TrustManager;
@@ -175,7 +177,7 @@ public class NeutronRestApi {
 
             try {
                 // Install the all-trusting trust manager
-                SSLContext sc = SSLContext.getInstance("SSL");
+                SSLContext sc = SSLUtils.getSSLContext();
                 sc.init(null, trustAllCerts, new java.security.SecureRandom());
                 ssf = sc.getSocketFactory();
             } catch (KeyManagementException e) {
@@ -187,17 +189,23 @@ public class NeutronRestApi {
 
         @Override
         public Socket createSocket(final String host, final int port) throws IOException
{
-            return ssf.createSocket(host, port);
+            SSLSocket s = (SSLSocket) ssf.createSocket(host, port);
+            s.setEnabledProtocols(SSLUtils.getSupportedProtocols(s.getEnabledProtocols()));
+            return s;
         }
 
         @Override
         public Socket createSocket(final String address, final int port, final InetAddress
localAddress, final int localPort) throws IOException, UnknownHostException {
-            return ssf.createSocket(address, port, localAddress, localPort);
+            SSLSocket s = (SSLSocket) ssf.createSocket(address, port, localAddress, localPort);
+            s.setEnabledProtocols(SSLUtils.getSupportedProtocols(s.getEnabledProtocols()));
+            return s;
         }
 
         @Override
         public Socket createSocket(final Socket socket, final String host, final int port,
final boolean autoClose) throws IOException, UnknownHostException {
-            return ssf.createSocket(socket, host, port, autoClose);
+            SSLSocket s = (SSLSocket) ssf.createSocket(socket, host, port, autoClose);
+            s.setEnabledProtocols(SSLUtils.getSupportedProtocols(s.getEnabledProtocols()));
+            return s;
         }
 
         @Override
@@ -207,7 +215,8 @@ public class NeutronRestApi {
             if (timeout == 0) {
                 return createSocket(host, port, localAddress, localPort);
             } else {
-                Socket s = ssf.createSocket();
+                SSLSocket s = (SSLSocket) ssf.createSocket();
+                s.setEnabledProtocols(SSLUtils.getSupportedProtocols(s.getEnabledProtocols()));
                 s.bind(new InetSocketAddress(localAddress, localPort));
                 s.connect(new InetSocketAddress(host, port), timeout);
                 return s;

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/664186f4/plugins/network-elements/palo-alto/src/com/cloud/network/utils/HttpClientWrapper.java
----------------------------------------------------------------------
diff --git a/plugins/network-elements/palo-alto/src/com/cloud/network/utils/HttpClientWrapper.java
b/plugins/network-elements/palo-alto/src/com/cloud/network/utils/HttpClientWrapper.java
index 8fdc82d..014cefb 100644
--- a/plugins/network-elements/palo-alto/src/com/cloud/network/utils/HttpClientWrapper.java
+++ b/plugins/network-elements/palo-alto/src/com/cloud/network/utils/HttpClientWrapper.java
@@ -27,6 +27,8 @@ import javax.net.ssl.SSLSocket;
 import javax.net.ssl.TrustManager;
 import javax.net.ssl.X509TrustManager;
 
+import org.apache.cloudstack.utils.security.SSLUtils;
+
 import org.apache.http.client.HttpClient;
 import org.apache.http.conn.ClientConnectionManager;
 import org.apache.http.conn.scheme.Scheme;
@@ -39,7 +41,7 @@ public class HttpClientWrapper {
 
     public static HttpClient wrapClient(HttpClient base) {
         try {
-            SSLContext ctx = SSLContext.getInstance("TLS");
+            SSLContext ctx = SSLUtils.getSSLContext();
             X509TrustManager tm = new X509TrustManager() {
 
                 @Override

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/664186f4/plugins/storage/volume/cloudbyte/src/org/apache/cloudstack/storage/datastore/util/ElastistorUtil.java
----------------------------------------------------------------------
diff --git a/plugins/storage/volume/cloudbyte/src/org/apache/cloudstack/storage/datastore/util/ElastistorUtil.java
b/plugins/storage/volume/cloudbyte/src/org/apache/cloudstack/storage/datastore/util/ElastistorUtil.java
index 7f2da72..7e1a5cb 100644
--- a/plugins/storage/volume/cloudbyte/src/org/apache/cloudstack/storage/datastore/util/ElastistorUtil.java
+++ b/plugins/storage/volume/cloudbyte/src/org/apache/cloudstack/storage/datastore/util/ElastistorUtil.java
@@ -39,6 +39,7 @@ import javax.ws.rs.core.UriBuilder;
 
 import org.apache.http.auth.InvalidCredentialsException;
 import org.apache.log4j.Logger;
+import org.apache.cloudstack.utils.security.SSLUtils;
 
 import com.google.gson.Gson;
 import com.google.gson.annotations.SerializedName;
@@ -1086,7 +1087,7 @@ public class ElastistorUtil {
 
                 // Install the all-trusting trust manager
                 try {
-                    SSLContext sc = SSLContext.getInstance("TLS");
+                    SSLContext sc = SSLUtils.getSSLContext();
                     sc.init(null, trustAllCerts, new SecureRandom());
                     HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
                     HttpsURLConnection.setDefaultHostnameVerifier(hv);

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/664186f4/plugins/storage/volume/nexenta/src/org/apache/cloudstack/storage/datastore/util/NexentaNmsClient.java
----------------------------------------------------------------------
diff --git a/plugins/storage/volume/nexenta/src/org/apache/cloudstack/storage/datastore/util/NexentaNmsClient.java
b/plugins/storage/volume/nexenta/src/org/apache/cloudstack/storage/datastore/util/NexentaNmsClient.java
index beebb44..e1a59f7 100644
--- a/plugins/storage/volume/nexenta/src/org/apache/cloudstack/storage/datastore/util/NexentaNmsClient.java
+++ b/plugins/storage/volume/nexenta/src/org/apache/cloudstack/storage/datastore/util/NexentaNmsClient.java
@@ -45,6 +45,8 @@ import org.apache.http.impl.client.DefaultHttpClient;
 import org.apache.http.impl.conn.BasicClientConnectionManager;
 import org.apache.log4j.Logger;
 
+import org.apache.cloudstack.utils.security.SSLUtils;
+
 import com.google.gson.Gson;
 import com.google.gson.annotations.SerializedName;
 
@@ -80,7 +82,7 @@ public class NexentaNmsClient {
 
     protected DefaultHttpClient getHttpsClient() {
         try {
-            SSLContext sslContext = SSLContext.getInstance("SSL");
+            SSLContext sslContext = SSLUtils.getSSLContext();
             X509TrustManager tm = new X509TrustManager() {
                 @Override
                 public void checkClientTrusted(X509Certificate[] xcs, String string) throws
CertificateException {

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/664186f4/plugins/storage/volume/solidfire/src/org/apache/cloudstack/storage/datastore/util/SolidFireUtil.java
----------------------------------------------------------------------
diff --git a/plugins/storage/volume/solidfire/src/org/apache/cloudstack/storage/datastore/util/SolidFireUtil.java
b/plugins/storage/volume/solidfire/src/org/apache/cloudstack/storage/datastore/util/SolidFireUtil.java
index 174dc18..8ff4454 100644
--- a/plugins/storage/volume/solidfire/src/org/apache/cloudstack/storage/datastore/util/SolidFireUtil.java
+++ b/plugins/storage/volume/solidfire/src/org/apache/cloudstack/storage/datastore/util/SolidFireUtil.java
@@ -54,6 +54,8 @@ import org.apache.http.entity.StringEntity;
 import org.apache.http.impl.client.DefaultHttpClient;
 import org.apache.http.impl.conn.BasicClientConnectionManager;
 
+import org.apache.cloudstack.utils.security.SSLUtils;
+
 import com.google.gson.Gson;
 import com.google.gson.GsonBuilder;
 
@@ -1688,7 +1690,7 @@ public class SolidFireUtil {
 
     private static DefaultHttpClient getHttpClient(int iPort) {
         try {
-            SSLContext sslContext = SSLContext.getInstance("SSL");
+            SSLContext sslContext = SSLUtils.getSSLContext();
             X509TrustManager tm = new X509TrustManager() {
                 @Override
                 public void checkClientTrusted(X509Certificate[] xcs, String string) throws
CertificateException {

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/664186f4/services/console-proxy-rdp/rdpconsole/src/main/java/streamer/SocketWrapperImpl.java
----------------------------------------------------------------------
diff --git a/services/console-proxy-rdp/rdpconsole/src/main/java/streamer/SocketWrapperImpl.java
b/services/console-proxy-rdp/rdpconsole/src/main/java/streamer/SocketWrapperImpl.java
index da89a0d..abb5b84 100644
--- a/services/console-proxy-rdp/rdpconsole/src/main/java/streamer/SocketWrapperImpl.java
+++ b/services/console-proxy-rdp/rdpconsole/src/main/java/streamer/SocketWrapperImpl.java
@@ -139,7 +139,7 @@ public class SocketWrapperImpl extends PipelineImpl implements SocketWrapper
{
 
             SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
             sslSocket = (SSLSocket)sslSocketFactory.createSocket(socket, address.getHostName(),
address.getPort(), true);
-
+            sslSocket.setEnabledProtocols(new String[]{"TLSv1", "TLSv1.1", "TLSv1.2"});
             sslSocket.startHandshake();
 
             InputStream sis = sslSocket.getInputStream();

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/664186f4/services/console-proxy/server/src/com/cloud/consoleproxy/ConsoleProxySecureServerFactoryImpl.java
----------------------------------------------------------------------
diff --git a/services/console-proxy/server/src/com/cloud/consoleproxy/ConsoleProxySecureServerFactoryImpl.java
b/services/console-proxy/server/src/com/cloud/consoleproxy/ConsoleProxySecureServerFactoryImpl.java
index 75d23b1..e15ddd4 100644
--- a/services/console-proxy/server/src/com/cloud/consoleproxy/ConsoleProxySecureServerFactoryImpl.java
+++ b/services/console-proxy/server/src/com/cloud/consoleproxy/ConsoleProxySecureServerFactoryImpl.java
@@ -21,6 +21,7 @@ import com.sun.net.httpserver.HttpServer;
 import com.sun.net.httpserver.HttpsConfigurator;
 import com.sun.net.httpserver.HttpsParameters;
 import com.sun.net.httpserver.HttpsServer;
+import org.apache.cloudstack.utils.security.SSLUtils;
 import org.apache.log4j.Logger;
 
 import javax.net.ssl.KeyManagerFactory;
@@ -71,7 +72,7 @@ public class ConsoleProxySecureServerFactoryImpl implements ConsoleProxyServerFa
                 tmf.init(ks);
                 s_logger.info("Trust manager factory is initialized");
 
-                sslContext = SSLContext.getInstance("TLS");
+                sslContext = SSLUtils.getSSLContext();
                 sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
                 s_logger.info("SSL context is initialized");
             } catch (Exception ioe) {
@@ -94,7 +95,7 @@ public class ConsoleProxySecureServerFactoryImpl implements ConsoleProxyServerFa
                 tmf.init(ks);
                 s_logger.info("Trust manager factory is initialized");
 
-                sslContext = SSLContext.getInstance("TLS");
+                sslContext = SSLUtils.getSSLContext();
                 sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
                 s_logger.info("SSL context is initialized");
             } catch (Exception e) {
@@ -139,6 +140,7 @@ public class ConsoleProxySecureServerFactoryImpl implements ConsoleProxyServerFa
             SSLServerSocket srvSock = null;
             SSLServerSocketFactory ssf = sslContext.getServerSocketFactory();
             srvSock = (SSLServerSocket)ssf.createServerSocket(port);
+            srvSock.setEnabledProtocols(SSLUtils.getSupportedProtocols(srvSock.getEnabledProtocols()));
 
             s_logger.info("create SSL server socket on port: " + port);
             return srvSock;

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/664186f4/services/console-proxy/server/src/com/cloud/consoleproxy/util/RawHTTP.java
----------------------------------------------------------------------
diff --git a/services/console-proxy/server/src/com/cloud/consoleproxy/util/RawHTTP.java b/services/console-proxy/server/src/com/cloud/consoleproxy/util/RawHTTP.java
index 2a115b2..8f78fb3 100644
--- a/services/console-proxy/server/src/com/cloud/consoleproxy/util/RawHTTP.java
+++ b/services/console-proxy/server/src/com/cloud/consoleproxy/util/RawHTTP.java
@@ -16,6 +16,8 @@
 // under the License.
 package com.cloud.consoleproxy.util;
 
+import org.apache.cloudstack.utils.security.SSLUtils;
+
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.OutputStream;
@@ -134,7 +136,15 @@ public final class RawHTTP {
 
     private Socket _getSocket() throws IOException {
         if (useSSL) {
-            SSLContext context = getClientSSLContext();
+            SSLContext context = null;
+            try {
+                context = SSLUtils.getSSLContext("SunJSSE");
+            } catch (NoSuchAlgorithmException e) {
+                s_logger.error("Unexpected exception ", e);
+            } catch (NoSuchProviderException e) {
+                s_logger.error("Unexpected exception ", e);
+            }
+
             if (context == null)
                 throw new IOException("Unable to setup SSL context");
 
@@ -143,6 +153,7 @@ public final class RawHTTP {
                 context.init(null, trustAllCerts, new SecureRandom());
                 SocketFactory factory = context.getSocketFactory();
                 ssl = (SSLSocket)factory.createSocket(host, port);
+                ssl.setEnabledProtocols(SSLUtils.getSupportedProtocols(ssl.getEnabledProtocols()));
                 /* ssl.setSSLParameters(context.getDefaultSSLParameters()); */
             } catch (IOException e) {
                 s_logger.error("IOException: " + e.getMessage(), e);
@@ -229,16 +240,4 @@ public final class RawHTTP {
             }
         }
     }
-
-    private SSLContext getClientSSLContext() {
-        SSLContext sslContext = null;
-        try {
-            sslContext = SSLContext.getInstance("SSL", "SunJSSE");
-        } catch (NoSuchAlgorithmException e) {
-            s_logger.error("Unexpected exception ", e);
-        } catch (NoSuchProviderException e) {
-            s_logger.error("Unexpected exception ", e);
-        }
-        return sslContext;
-    }
 }

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/664186f4/systemvm/patches/debian/config/etc/apache2/sites-available/default-ssl
----------------------------------------------------------------------
diff --git a/systemvm/patches/debian/config/etc/apache2/sites-available/default-ssl b/systemvm/patches/debian/config/etc/apache2/sites-available/default-ssl
index 0eea44d..6699f14 100644
--- a/systemvm/patches/debian/config/etc/apache2/sites-available/default-ssl
+++ b/systemvm/patches/debian/config/etc/apache2/sites-available/default-ssl
@@ -42,6 +42,7 @@
 	#   SSL Engine Switch:
 	#   Enable/Disable SSL for this virtual host.
 	SSLEngine on
+	SSLProtocol all -SSLv2 -SSLv3
 
 	#   A self-signed (snakeoil) certificate can be created by installing
 	#   the ssl-cert package. See

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/664186f4/systemvm/patches/debian/config/etc/apache2/vhostexample.conf
----------------------------------------------------------------------
diff --git a/systemvm/patches/debian/config/etc/apache2/vhostexample.conf b/systemvm/patches/debian/config/etc/apache2/vhostexample.conf
index c1bf8ea..70cb7dc 100644
--- a/systemvm/patches/debian/config/etc/apache2/vhostexample.conf
+++ b/systemvm/patches/debian/config/etc/apache2/vhostexample.conf
@@ -86,6 +86,7 @@
 	#   SSL Engine Switch:
 	#   Enable/Disable SSL for this virtual host.
 	SSLEngine on
+	SSLProtocol all -SSLv2 -SSLv3
 
 	#   A self-signed (snakeoil) certificate can be created by installing
 	#   the ssl-cert package. See

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/664186f4/systemvm/scripts/config_ssl.sh
----------------------------------------------------------------------
diff --git a/systemvm/scripts/config_ssl.sh b/systemvm/scripts/config_ssl.sh
index 6971055..0659737 100755
--- a/systemvm/scripts/config_ssl.sh
+++ b/systemvm/scripts/config_ssl.sh
@@ -37,6 +37,7 @@ config_httpd_conf() {
   echo "  DocumentRoot /var/www/html/" >> /etc/httpd/conf/httpd.conf
   echo "  ServerName $srvr" >> /etc/httpd/conf/httpd.conf
   echo "  SSLEngine on" >>  /etc/httpd/conf/httpd.conf
+  echo "  SSLProtocol all -SSLv2 -SSLv3" >>  /etc/httpd/conf/httpd.conf
   echo "  SSLCertificateFile /etc/httpd/ssl/certs/realhostip.crt" >>  /etc/httpd/conf/httpd.conf
   echo "  SSLCertificateKeyFile /etc/httpd/ssl/keys/realhostip.key" >> /etc/httpd/conf/httpd.conf
   echo "</VirtualHost>" >> /etc/httpd/conf/httpd.conf
@@ -54,6 +55,7 @@ config_apache2_conf() {
   sed -i -e "s/NameVirtualHost .*:80/NameVirtualHost $ip:80/g" /etc/apache2/ports.conf
   sed -i  's/ssl-cert-snakeoil.key/cert_apache.key/' /etc/apache2/sites-available/default-ssl
   sed -i  's/ssl-cert-snakeoil.pem/cert_apache.crt/' /etc/apache2/sites-available/default-ssl
+  sed -i  's/SSLProtocol.*$/SSLProtocol all -SSLv2 -SSLv3/' /etc/apache2/sites-available/default-ssl
   if [ -f /etc/ssl/certs/cert_apache_chain.crt ]
   then
     sed -i -e "s/#SSLCertificateChainFile.*/SSLCertificateChainFile \/etc\/ssl\/certs\/cert_apache_chain.crt/"
/etc/apache2/sites-available/default-ssl

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/664186f4/utils/src/com/cloud/utils/nio/Link.java
----------------------------------------------------------------------
diff --git a/utils/src/com/cloud/utils/nio/Link.java b/utils/src/com/cloud/utils/nio/Link.java
index 904afbb..971c253 100644
--- a/utils/src/com/cloud/utils/nio/Link.java
+++ b/utils/src/com/cloud/utils/nio/Link.java
@@ -44,6 +44,7 @@ import javax.net.ssl.SSLSession;
 import javax.net.ssl.TrustManager;
 import javax.net.ssl.TrustManagerFactory;
 
+import org.apache.cloudstack.utils.security.SSLUtils;
 import org.apache.log4j.Logger;
 
 import com.cloud.utils.PropertiesUtil;
@@ -443,7 +444,7 @@ public class Link {
             tms[0] = new TrustAllManager();
         }
 
-        sslContext = SSLContext.getInstance("TLS");
+        sslContext = SSLUtils.getSSLContext();
         sslContext.init(kmf.getKeyManagers(), tms, null);
         if (s_logger.isTraceEnabled()) {
             s_logger.trace("SSL: SSLcontext has been initialized");

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/664186f4/utils/src/com/cloud/utils/nio/NioClient.java
----------------------------------------------------------------------
diff --git a/utils/src/com/cloud/utils/nio/NioClient.java b/utils/src/com/cloud/utils/nio/NioClient.java
index 5b00105..2f742f9 100644
--- a/utils/src/com/cloud/utils/nio/NioClient.java
+++ b/utils/src/com/cloud/utils/nio/NioClient.java
@@ -31,6 +31,8 @@ import javax.net.ssl.SSLEngine;
 
 import org.apache.log4j.Logger;
 
+import org.apache.cloudstack.utils.security.SSLUtils;
+
 public class NioClient extends NioConnection {
     private static final Logger s_logger = Logger.getLogger(NioClient.class);
 
@@ -74,6 +76,7 @@ public class NioClient extends NioConnection {
             SSLContext sslContext = Link.initSSLContext(true);
             sslEngine = sslContext.createSSLEngine(_host, _port);
             sslEngine.setUseClientMode(true);
+            sslEngine.setEnabledProtocols(SSLUtils.getSupportedProtocols(sslEngine.getEnabledProtocols()));
 
             Link.doHandshake(_clientConnection, sslEngine, true);
             s_logger.info("SSL: Handshake done");

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/664186f4/utils/src/com/cloud/utils/nio/NioConnection.java
----------------------------------------------------------------------
diff --git a/utils/src/com/cloud/utils/nio/NioConnection.java b/utils/src/com/cloud/utils/nio/NioConnection.java
index 773b1b0..34679b8 100644
--- a/utils/src/com/cloud/utils/nio/NioConnection.java
+++ b/utils/src/com/cloud/utils/nio/NioConnection.java
@@ -41,6 +41,8 @@ import java.util.concurrent.TimeUnit;
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.SSLEngine;
 
+import org.apache.cloudstack.utils.security.SSLUtils;
+
 import org.apache.log4j.Logger;
 
 import com.cloud.utils.concurrency.NamedThreadFactory;
@@ -198,6 +200,7 @@ public abstract class NioConnection implements Runnable {
             sslEngine = sslContext.createSSLEngine();
             sslEngine.setUseClientMode(false);
             sslEngine.setNeedClientAuth(false);
+            sslEngine.setEnabledProtocols(SSLUtils.getSupportedProtocols(sslEngine.getEnabledProtocols()));
 
             Link.doHandshake(socketChannel, sslEngine, false);
 

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/664186f4/utils/src/com/cloud/utils/rest/RESTServiceConnector.java
----------------------------------------------------------------------
diff --git a/utils/src/com/cloud/utils/rest/RESTServiceConnector.java b/utils/src/com/cloud/utils/rest/RESTServiceConnector.java
index 7cc2e89..487610a 100644
--- a/utils/src/com/cloud/utils/rest/RESTServiceConnector.java
+++ b/utils/src/com/cloud/utils/rest/RESTServiceConnector.java
@@ -37,6 +37,7 @@ import java.util.Map;
 import java.util.Map.Entry;
 
 import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSocket;
 import javax.net.ssl.SSLSocketFactory;
 import javax.net.ssl.TrustManager;
 import javax.net.ssl.X509TrustManager;
@@ -61,6 +62,8 @@ import org.apache.commons.httpclient.protocol.ProtocolSocketFactory;
 import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;
 import org.apache.log4j.Logger;
 
+import org.apache.cloudstack.utils.security.SSLUtils;
+
 import com.google.gson.FieldNamingPolicy;
 import com.google.gson.Gson;
 import com.google.gson.GsonBuilder;
@@ -334,7 +337,7 @@ public class RESTServiceConnector {
 
             try {
                 // Install the all-trusting trust manager
-                final SSLContext sc = SSLContext.getInstance("SSL");
+                final SSLContext sc = SSLUtils.getSSLContext();
                 sc.init(null, trustAllCerts, new java.security.SecureRandom());
                 ssf = sc.getSocketFactory();
             } catch (final KeyManagementException e) {
@@ -346,17 +349,23 @@ public class RESTServiceConnector {
 
         @Override
         public Socket createSocket(final String host, final int port) throws IOException
{
-            return ssf.createSocket(host, port);
+            SSLSocket socket = (SSLSocket) ssf.createSocket(host, port);
+            socket.setEnabledProtocols(SSLUtils.getSupportedProtocols(socket.getEnabledProtocols()));
+            return socket;
         }
 
         @Override
         public Socket createSocket(final String address, final int port, final InetAddress
localAddress, final int localPort) throws IOException, UnknownHostException {
-            return ssf.createSocket(address, port, localAddress, localPort);
+            SSLSocket socket = (SSLSocket) ssf.createSocket(address, port, localAddress,
localPort);
+            socket.setEnabledProtocols(SSLUtils.getSupportedProtocols(socket.getEnabledProtocols()));
+            return socket;
         }
 
         @Override
         public Socket createSocket(final Socket socket, final String host, final int port,
final boolean autoClose) throws IOException, UnknownHostException {
-            return ssf.createSocket(socket, host, port, autoClose);
+            SSLSocket s = (SSLSocket) ssf.createSocket(socket, host, port, autoClose);
+            s.setEnabledProtocols(SSLUtils.getSupportedProtocols(s.getEnabledProtocols()));
+            return s;
         }
 
         @Override
@@ -366,7 +375,8 @@ public class RESTServiceConnector {
             if (timeout == 0) {
                 return createSocket(host, port, localAddress, localPort);
             } else {
-                final Socket s = ssf.createSocket();
+                final SSLSocket s = (SSLSocket) ssf.createSocket();
+                s.setEnabledProtocols(SSLUtils.getSupportedProtocols(s.getEnabledProtocols()));
                 s.bind(new InetSocketAddress(localAddress, localPort));
                 s.connect(new InetSocketAddress(host, port), timeout);
                 return s;

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/664186f4/utils/src/org/apache/cloudstack/utils/security/SSLUtils.java
----------------------------------------------------------------------
diff --git a/utils/src/org/apache/cloudstack/utils/security/SSLUtils.java b/utils/src/org/apache/cloudstack/utils/security/SSLUtils.java
new file mode 100644
index 0000000..7f9ee77
--- /dev/null
+++ b/utils/src/org/apache/cloudstack/utils/security/SSLUtils.java
@@ -0,0 +1,51 @@
+//
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+//
+
+package org.apache.cloudstack.utils.security;
+
+import org.apache.log4j.Logger;
+
+import javax.net.ssl.SSLContext;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.util.HashSet;
+import java.util.Set;
+
+public class SSLUtils {
+    public static final Logger s_logger = Logger.getLogger(SSLUtils.class);
+
+    public static String[] getSupportedProtocols(String[] protocols) {
+        Set set = new HashSet();
+        for (String s : protocols) {
+            if (s.equals("SSLv3") || s.equals("SSLv2Hello")) {
+                continue;
+            }
+            set.add(s);
+        }
+        return (String[]) set.toArray(new String[set.size()]);
+    }
+
+    public static SSLContext getSSLContext() throws NoSuchAlgorithmException {
+        return SSLContext.getInstance("TLSv1.2");
+    }
+
+    public static SSLContext getSSLContext(String provider) throws NoSuchAlgorithmException,
NoSuchProviderException {
+        return SSLContext.getInstance("TLSv1.2", provider);
+    }
+}

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/664186f4/utils/src/org/apache/commons/httpclient/contrib/ssl/EasySSLProtocolSocketFactory.java
----------------------------------------------------------------------
diff --git a/utils/src/org/apache/commons/httpclient/contrib/ssl/EasySSLProtocolSocketFactory.java
b/utils/src/org/apache/commons/httpclient/contrib/ssl/EasySSLProtocolSocketFactory.java
index 42650fc..d180f5d 100644
--- a/utils/src/org/apache/commons/httpclient/contrib/ssl/EasySSLProtocolSocketFactory.java
+++ b/utils/src/org/apache/commons/httpclient/contrib/ssl/EasySSLProtocolSocketFactory.java
@@ -19,6 +19,7 @@
 
 package org.apache.commons.httpclient.contrib.ssl;
 
+import org.apache.cloudstack.utils.security.SSLUtils;
 import org.apache.commons.httpclient.ConnectTimeoutException;
 import org.apache.commons.httpclient.HttpClientError;
 import org.apache.commons.httpclient.params.HttpConnectionParams;
@@ -28,6 +29,7 @@ import org.apache.commons.logging.LogFactory;
 
 import javax.net.SocketFactory;
 import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSocket;
 import javax.net.ssl.TrustManager;
 import java.io.IOException;
 import java.net.InetAddress;
@@ -99,7 +101,7 @@ public class EasySSLProtocolSocketFactory implements ProtocolSocketFactory
{
 
     private static SSLContext createEasySSLContext() {
         try {
-            SSLContext context = SSLContext.getInstance("SSL");
+            SSLContext context = SSLUtils.getSSLContext();
             context.init(null, new TrustManager[] {new EasyX509TrustManager(null)}, null);
             return context;
         } catch (Exception e) {
@@ -120,8 +122,9 @@ public class EasySSLProtocolSocketFactory implements ProtocolSocketFactory
{
      */
     @Override
     public Socket createSocket(String host, int port, InetAddress clientHost, int clientPort)
throws IOException, UnknownHostException {
-
-        return getSSLContext().getSocketFactory().createSocket(host, port, clientHost, clientPort);
+        SSLSocket socket = (SSLSocket) getSSLContext().getSocketFactory().createSocket(host,
port, clientHost, clientPort);
+        socket.setEnabledProtocols(SSLUtils.getSupportedProtocols(socket.getEnabledProtocols()));
+        return socket;
     }
 
     /**
@@ -135,8 +138,8 @@ public class EasySSLProtocolSocketFactory implements ProtocolSocketFactory
{
      *
      * @param host the host name/IP
      * @param port the port on the host
-     * @param clientHost the local host name/IP to bind the socket to
-     * @param clientPort the port on the local machine
+     * @param localAddress the local host name/IP to bind the socket to
+     * @param localPort the port on the local machine
      * @param params {@link HttpConnectionParams Http connection parameters}
      *
      * @return Socket a new socket
@@ -156,7 +159,8 @@ public class EasySSLProtocolSocketFactory implements ProtocolSocketFactory
{
         if (timeout == 0) {
             return socketfactory.createSocket(host, port, localAddress, localPort);
         } else {
-            Socket socket = socketfactory.createSocket();
+            SSLSocket socket = (SSLSocket)  socketfactory.createSocket();
+            socket.setEnabledProtocols(SSLUtils.getSupportedProtocols(socket.getEnabledProtocols()));
             SocketAddress localaddr = new InetSocketAddress(localAddress, localPort);
             SocketAddress remoteaddr = new InetSocketAddress(host, port);
             socket.bind(localaddr);
@@ -170,11 +174,15 @@ public class EasySSLProtocolSocketFactory implements ProtocolSocketFactory
{
      */
     @Override
     public Socket createSocket(String host, int port) throws IOException, UnknownHostException
{
-        return getSSLContext().getSocketFactory().createSocket(host, port);
+        SSLSocket socket = (SSLSocket) getSSLContext().getSocketFactory().createSocket(host,
port);
+        socket.setEnabledProtocols(SSLUtils.getSupportedProtocols(socket.getEnabledProtocols()));
+        return socket;
     }
 
     public Socket createSocket(Socket socket, String host, int port, boolean autoClose) throws
IOException, UnknownHostException {
-        return getSSLContext().getSocketFactory().createSocket(socket, host, port, autoClose);
+        SSLSocket s= (SSLSocket) getSSLContext().getSocketFactory().createSocket(socket,
host, port, autoClose);
+        s.setEnabledProtocols(SSLUtils.getSupportedProtocols(s.getEnabledProtocols()));
+        return s;
     }
 
     @Override

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/664186f4/vmware-base/src/com/cloud/hypervisor/vmware/util/VmwareClient.java
----------------------------------------------------------------------
diff --git a/vmware-base/src/com/cloud/hypervisor/vmware/util/VmwareClient.java b/vmware-base/src/com/cloud/hypervisor/vmware/util/VmwareClient.java
index 9284569..cc657a6 100644
--- a/vmware-base/src/com/cloud/hypervisor/vmware/util/VmwareClient.java
+++ b/vmware-base/src/com/cloud/hypervisor/vmware/util/VmwareClient.java
@@ -32,6 +32,8 @@ import javax.xml.ws.handler.MessageContext;
 
 import org.apache.log4j.Logger;
 
+import org.apache.cloudstack.utils.security.SSLUtils;
+
 import com.vmware.vim25.DynamicProperty;
 import com.vmware.vim25.InvalidCollectorVersionFaultMsg;
 import com.vmware.vim25.InvalidPropertyFaultMsg;
@@ -103,7 +105,7 @@ public class VmwareClient {
         javax.net.ssl.TrustManager[] trustAllCerts = new javax.net.ssl.TrustManager[1];
         javax.net.ssl.TrustManager tm = new TrustAllTrustManager();
         trustAllCerts[0] = tm;
-        javax.net.ssl.SSLContext sc = javax.net.ssl.SSLContext.getInstance("SSL");
+        javax.net.ssl.SSLContext sc = SSLUtils.getSSLContext();
         javax.net.ssl.SSLSessionContext sslsc = sc.getServerSessionContext();
         sslsc.setSessionTimeout(0);
         sc.init(null, trustAllCerts, null);

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/664186f4/vmware-base/src/com/cloud/hypervisor/vmware/util/VmwareContext.java
----------------------------------------------------------------------
diff --git a/vmware-base/src/com/cloud/hypervisor/vmware/util/VmwareContext.java b/vmware-base/src/com/cloud/hypervisor/vmware/util/VmwareContext.java
index 08456c4..cb0c4d7 100644
--- a/vmware-base/src/com/cloud/hypervisor/vmware/util/VmwareContext.java
+++ b/vmware-base/src/com/cloud/hypervisor/vmware/util/VmwareContext.java
@@ -41,6 +41,7 @@ import javax.net.ssl.SSLSession;
 import javax.xml.ws.soap.SOAPFaultException;
 
 import org.apache.log4j.Logger;
+import org.apache.cloudstack.utils.security.SSLUtils;
 
 import com.vmware.vim25.ManagedObjectReference;
 import com.vmware.vim25.ObjectContent;
@@ -79,7 +80,7 @@ public class VmwareContext {
             javax.net.ssl.TrustManager[] trustAllCerts = new javax.net.ssl.TrustManager[1];
             javax.net.ssl.TrustManager tm = new TrustAllManager();
             trustAllCerts[0] = tm;
-            javax.net.ssl.SSLContext sc = javax.net.ssl.SSLContext.getInstance("SSL");
+            javax.net.ssl.SSLContext sc = SSLUtils.getSSLContext();
             sc.init(null, trustAllCerts, null);
             javax.net.ssl.HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
 


Mime
View raw message