Also exclude export ciphers by default
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/e5a80585
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/e5a80585
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/e5a80585
Branch: refs/heads/master
Commit: e5a805853864e291626bdb913448fc4e2409cca0
Parents: 94cfe7e
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Wed Dec 10 11:37:02 2014 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Wed Dec 10 13:38:29 2014 +0000
----------------------------------------------------------------------
.../main/java/org/apache/cxf/configuration/jsse/SSLUtils.java | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/e5a80585/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java b/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java
index dff171d..534c256 100644
--- a/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java
+++ b/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java
@@ -68,14 +68,15 @@ public final class SSLUtils {
private static final boolean DEFAULT_REQUIRE_CLIENT_AUTHENTICATION = false;
private static final boolean DEFAULT_WANT_CLIENT_AUTHENTICATION = true;
- /**
- * By default, only include export-compatible ciphersuites.
- */
private static final List<String> DEFAULT_CIPHERSUITE_FILTERS_INCLUDE =
Arrays.asList(new String[] {".*"});
+ /**
+ * By default, exclude NULL, anon, EXPORT, DES ciphersuites
+ */
private static final List<String> DEFAULT_CIPHERSUITE_FILTERS_EXCLUDE =
Arrays.asList(new String[] {".*_NULL_.*",
".*_anon_.*",
+ ".*_EXPORT_.*",
".*_DES_.*"});
private static volatile KeyManager[] defaultManagers;
|