cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject git commit: Disable SSLv2Hello unless server protocol is SSLv3
Date Thu, 06 Nov 2014 10:32:26 GMT
Repository: cxf
Updated Branches:
  refs/heads/2.7.x-fixes 5c2d36d20 -> dd4c60de2


Disable SSLv2Hello unless server protocol is SSLv3


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/dd4c60de
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/dd4c60de
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/dd4c60de

Branch: refs/heads/2.7.x-fixes
Commit: dd4c60de245f90a25e8c37943758e324e030b0ec
Parents: 5c2d36d
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Thu Nov 6 10:20:11 2014 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Thu Nov 6 10:29:22 2014 +0000

----------------------------------------------------------------------
 .../cxf/transport/https_jetty/CXFJettySslSocketConnector.java     | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/dd4c60de/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/https_jetty/CXFJettySslSocketConnector.java
----------------------------------------------------------------------
diff --git a/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/https_jetty/CXFJettySslSocketConnector.java
b/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/https_jetty/CXFJettySslSocketConnector.java
index 072c7d0..619850d 100644
--- a/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/https_jetty/CXFJettySslSocketConnector.java
+++ b/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/https_jetty/CXFJettySslSocketConnector.java
@@ -121,10 +121,11 @@ public class CXFJettySslSocketConnector extends SslSelectChannelConnector
{
             ? "TLS"
                 : getCxfSslContextFactory().getProtocol();
  
-        // Exclude SSLv3 by default unless the protocol is given as SSLv3
+        // Exclude SSLv3 + SSLv2Hello by default unless the protocol is given as SSLv3
         if (!"SSLv3".equals(proto) 
             && (excludeProtocols == null || excludeProtocols.isEmpty())) {
             getSslContextFactory().addExcludeProtocols("SSLv3");
+            getSslContextFactory().addExcludeProtocols("SSLv2Hello");
         } else if (excludeProtocols != null) {
             for (String p : excludeProtocols) {
                 getSslContextFactory().addExcludeProtocols(p);


Mime
View raw message