Return-Path: X-Original-To: apmail-cxf-commits-archive@www.apache.org Delivered-To: apmail-cxf-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 0B06017CE4 for ; Thu, 6 Nov 2014 10:17:53 +0000 (UTC) Received: (qmail 56443 invoked by uid 500); 6 Nov 2014 10:17:52 -0000 Delivered-To: apmail-cxf-commits-archive@cxf.apache.org Received: (qmail 56383 invoked by uid 500); 6 Nov 2014 10:17:52 -0000 Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list commits@cxf.apache.org Received: (qmail 56374 invoked by uid 99); 6 Nov 2014 10:17:52 -0000 Received: from tyr.zones.apache.org (HELO tyr.zones.apache.org) (140.211.11.114) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 06 Nov 2014 10:17:52 +0000 Received: by tyr.zones.apache.org (Postfix, from userid 65534) id 757A2930F84; Thu, 6 Nov 2014 10:17:52 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: coheigea@apache.org To: commits@cxf.apache.org Message-Id: <3daa43478e3b494d8a129ce37a6fdb52@git.apache.org> X-Mailer: ASF-Git Admin Mailer Subject: git commit: Disable SSLv2Hello unless protocol is given as SSLv3 Date: Thu, 6 Nov 2014 10:17:52 +0000 (UTC) Repository: cxf Updated Branches: refs/heads/master 1701e6c8d -> 89b87071f Disable SSLv2Hello unless protocol is given as SSLv3 Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/89b87071 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/89b87071 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/89b87071 Branch: refs/heads/master Commit: 89b87071f3dedd2cd5ed874e56f69ab7dcf7953d Parents: 1701e6c Author: Colm O hEigeartaigh Authored: Thu Nov 6 10:17:31 2014 +0000 Committer: Colm O hEigeartaigh Committed: Thu Nov 6 10:17:31 2014 +0000 ---------------------------------------------------------------------- .../apache/cxf/transport/http_jetty/JettyHTTPServerEngine.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/89b87071/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/JettyHTTPServerEngine.java ---------------------------------------------------------------------- diff --git a/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/JettyHTTPServerEngine.java b/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/JettyHTTPServerEngine.java index 3d13a96..54e8e9a 100644 --- a/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/JettyHTTPServerEngine.java +++ b/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/JettyHTTPServerEngine.java @@ -674,9 +674,10 @@ public class JettyHTTPServerEngine String proto = tlsServerParameters.getSecureSocketProtocol() == null ? "TLS" : tlsServerParameters.getSecureSocketProtocol(); - // Exclude SSLv3 by default unless the protocol is given as SSLv3 + // Exclude SSLv3 + SSLv2Hello by default unless the protocol is given as SSLv3 if (!"SSLv3".equals(proto) && tlsServerParameters.getExcludeProtocols().isEmpty()) { scf.addExcludeProtocols("SSLv3"); + scf.addExcludeProtocols("SSLv2Hello"); } else { for (String p : tlsServerParameters.getExcludeProtocols()) { scf.addExcludeProtocols(p);