cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject git commit: Disable SSLv3 by default for the client
Date Tue, 04 Nov 2014 15:23:40 GMT
Repository: cxf
Updated Branches:
  refs/heads/master 3cf19d0f7 -> 98a578dbf


Disable SSLv3 by default for the client


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/98a578db
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/98a578db
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/98a578db

Branch: refs/heads/master
Commit: 98a578dbf4b7e19c4555bd2011f24c650d0f54c0
Parents: 3cf19d0
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Tue Nov 4 15:03:18 2014 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Tue Nov 4 15:03:35 2014 +0000

----------------------------------------------------------------------
 .../apache/cxf/transport/http_jetty/JettyHTTPServerEngine.java    | 3 ---
 .../org/apache/cxf/transport/https/HttpsURLConnectionFactory.java | 2 +-
 2 files changed, 1 insertion(+), 4 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/98a578db/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/JettyHTTPServerEngine.java
----------------------------------------------------------------------
diff --git a/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/JettyHTTPServerEngine.java
b/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/JettyHTTPServerEngine.java
index 5e7a182..7e4c3e2 100644
--- a/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/JettyHTTPServerEngine.java
+++ b/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/JettyHTTPServerEngine.java
@@ -677,9 +677,6 @@ public class JettyHTTPServerEngine
         if (!"SSLv3".equals(proto)) {
             scf.addExcludeProtocols("SSLv3");
         }
-        if (!"SSLv2Hello".equals(proto)) {
-            scf.addExcludeProtocols("SSLv2Hello");
-        }
  
         SSLContext context = tlsServerParameters.getJsseProvider() == null
             ? SSLContext.getInstance(proto)

http://git-wip-us.apache.org/repos/asf/cxf/blob/98a578db/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java
----------------------------------------------------------------------
diff --git a/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java
b/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java
index f95c5a7..4d1ec43 100644
--- a/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java
+++ b/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java
@@ -176,7 +176,7 @@ public class HttpsURLConnectionFactory {
             // The SSLSocketFactoryWrapper enables certain cipher suites
             // from the policy.
             socketFactory = new SSLSocketFactoryWrapper(ctx.getSocketFactory(), cipherSuites,
-                                                        tlsClientParameters.getSecureSocketProtocol());
+                                                        protocol);
             //recalc the hashcode since somet of the above MAY have changed the tlsClientParameters

             lastTlsHash = tlsClientParameters.hashCode();
         } else {


Mime
View raw message