cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Colm O hEigeartaigh (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (CXF-6294) Cannot activate TLSv1.2 cipher suites on client on Java7
Date Thu, 19 Mar 2015 16:55:38 GMT

     [ https://issues.apache.org/jira/browse/CXF-6294?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Colm O hEigeartaigh resolved CXF-6294.
--------------------------------------
    Resolution: Cannot Reproduce


Resolving as "Cannot Reproduce" until I get a test-case.

> Cannot activate TLSv1.2 cipher suites on client on Java7
> --------------------------------------------------------
>
>                 Key: CXF-6294
>                 URL: https://issues.apache.org/jira/browse/CXF-6294
>             Project: CXF
>          Issue Type: Bug
>          Components: Transports
>    Affects Versions: 2.7.13, 2.7.14, 2.7.15
>         Environment: JRE 1.7.0_76, CXF 2.7.13-2.7.15 (previous versions not checked)
>            Reporter: SL
>            Assignee: Colm O hEigeartaigh
>
> The Java7 JRE has a distinct behavior for client and server ssl sockets (see JSSE reference)
> On server socket TLSv1.1 and TLSv1.2 are enabled by default whereas on client socket
both are disabled by default (but can be enabled with setEnabledProtocols()).
> This settings have been reverted for Java8.
> The problem with cxf lies in cxf-rt-transports-http.jar in org.apache.cxf.transport.http.SSLSocketFactoryWrapper.enableCipherSuites(...)
:
> {code:java}
>     private Socket enableCipherSuites(Socket s, Object[] logParams) {
>         SSLSocket socket = (SSLSocket)s;
>         
>         if ((socket != null) && (ciphers != null)) {
>             socket.setEnabledCipherSuites(ciphers);
>         }
>         if ((socket != null) && (protocol != null)) {
>             String p[] = findProtocols(protocol, socket.getSupportedProtocols());
>             if (p != null) {
>                 socket.setEnabledProtocols(p);
>             }
>         }
>         if (socket == null) {
>             LogUtils.log(LOG, Level.SEVERE,
>                          "PROBLEM_CREATING_OUTBOUND_REQUEST_SOCKET", 
>                          logParams);
>         }
>         return socket;        
>     }
> {code}
> This code does not permit to enable the TLSv1.2 only ciphers suites on the client.
> It produces
> {noformat}
> Caused by: java.lang.IllegalArgumentException: Unsupported ciphersuite 
> 	at sun.security.ssl.CipherSuite.valueOf(Unknown Source) ~[na:1.7.0_76]
> 	at sun.security.ssl.CipherSuiteList.<init>(Unknown Source) ~[na:1.7.0_76]
> 	at sun.security.ssl.SSLSocketImpl.setEnabledCipherSuites(Unknown Source) ~[na:1.7.0_76]
> 	at org.apache.cxf.transport.https.SSLSocketFactoryWrapper.enableCipherSuites(SSLSocketFactoryWrapper.java:101)
> {noformat}
> because when setEnabledCipherSuites() is called, TLSv1.2 is not (yet) enabled.
> IMHO setEnabledProtocols() should be called first.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message