cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject git commit: Disable SSLv2Hello unless protocol is given as SSLv3
Date Thu, 06 Nov 2014 10:17:52 GMT
Repository: cxf
Updated Branches:
  refs/heads/master 1701e6c8d -> 89b87071f


Disable SSLv2Hello unless protocol is given as SSLv3


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/89b87071
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/89b87071
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/89b87071

Branch: refs/heads/master
Commit: 89b87071f3dedd2cd5ed874e56f69ab7dcf7953d
Parents: 1701e6c
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Thu Nov 6 10:17:31 2014 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Thu Nov 6 10:17:31 2014 +0000

----------------------------------------------------------------------
 .../apache/cxf/transport/http_jetty/JettyHTTPServerEngine.java    | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/89b87071/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/JettyHTTPServerEngine.java
----------------------------------------------------------------------
diff --git a/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/JettyHTTPServerEngine.java
b/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/JettyHTTPServerEngine.java
index 3d13a96..54e8e9a 100644
--- a/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/JettyHTTPServerEngine.java
+++ b/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/JettyHTTPServerEngine.java
@@ -674,9 +674,10 @@ public class JettyHTTPServerEngine
         String proto = tlsServerParameters.getSecureSocketProtocol() == null
             ? "TLS" : tlsServerParameters.getSecureSocketProtocol();
         
-        // Exclude SSLv3 by default unless the protocol is given as SSLv3
+        // Exclude SSLv3 + SSLv2Hello by default unless the protocol is given as SSLv3
         if (!"SSLv3".equals(proto) && tlsServerParameters.getExcludeProtocols().isEmpty())
{
             scf.addExcludeProtocols("SSLv3");
+            scf.addExcludeProtocols("SSLv2Hello");
         } else {
             for (String p : tlsServerParameters.getExcludeProtocols()) {
                 scf.addExcludeProtocols(p);


Mime
View raw message