directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From elecha...@apache.org
Subject svn commit: r1640461 - in /directory: apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/extended/ apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/ssl/ shared/trunk/ldap/client/api/...
Date Wed, 19 Nov 2014 00:44:59 GMT
Author: elecharny
Date: Wed Nov 19 00:44:59 2014
New Revision: 1640461

URL: http://svn.apache.org/r1640461
Log:
Inform the SslEngine that we aren't supporting SSLV3 explicitely

Modified:
    directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/extended/StartTlsHandler.java
    directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/ssl/LdapsInitializer.java
    directory/shared/trunk/ldap/client/api/src/main/java/org/apache/directory/ldap/client/api/LdapNetworkConnection.java

Modified: directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/extended/StartTlsHandler.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/extended/StartTlsHandler.java?rev=1640461&r1=1640460&r2=1640461&view=diff
==============================================================================
--- directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/extended/StartTlsHandler.java
(original)
+++ directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/extended/StartTlsHandler.java
Wed Nov 19 00:44:59 2014
@@ -82,7 +82,7 @@ public class StartTlsHandler implements 
 
         IoFilterChain chain = session.getIoSession().getFilterChain();
         SslFilter sslFilter = ( SslFilter ) chain.get( "sslFilter" );
-        
+
         if ( sslFilter == null )
         {
             sslFilter = new SslFilter( sslContext );
@@ -92,10 +92,16 @@ public class StartTlsHandler implements 
                 sslFilter.setEnabledCipherSuites( cipherSuites.toArray( new String[cipherSuites.size()]
) );
             }
 
+            // Be sure we disable SSLV3
+            sslFilter.setEnabledProtocols( new String[]
+                { "TLSv1", "TLSv1.1", "TLSv1.2" } );
             chain.addFirst( "sslFilter", sslFilter );
         }
         else
         {
+            // Be sure we disable SSLV3
+            sslFilter.setEnabledProtocols( new String[]
+                { "TLSv1", "TLSv1.1", "TLSv1.2" } );
             sslFilter.startSsl( session.getIoSession() );
         }
 

Modified: directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/ssl/LdapsInitializer.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/ssl/LdapsInitializer.java?rev=1640461&r1=1640460&r2=1640461&view=diff
==============================================================================
--- directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/ssl/LdapsInitializer.java
(original)
+++ directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/ssl/LdapsInitializer.java
Wed Nov 19 00:44:59 2014
@@ -63,11 +63,16 @@ public class LdapsInitializer
         SslFilter sslFilter = new SslFilter( sslCtx );
 
         List<String> cipherSuites = server.getEnabledCipherSuites();
-        if( ( cipherSuites != null ) && !cipherSuites.isEmpty() )
+
+        if ( ( cipherSuites != null ) && !cipherSuites.isEmpty() )
         {
             sslFilter.setEnabledCipherSuites( cipherSuites.toArray( new String[cipherSuites.size()]
) );
         }
-        
+
+        // Be sure we disable SSLV3
+        sslFilter.setEnabledProtocols( new String[]
+            { "TLSv1", "TLSv1.1", "TLSv1.2" } );
+
         sslFilter.setWantClientAuth( true );
         chain.addLast( "sslFilter", sslFilter );
         return chain;

Modified: directory/shared/trunk/ldap/client/api/src/main/java/org/apache/directory/ldap/client/api/LdapNetworkConnection.java
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap/client/api/src/main/java/org/apache/directory/ldap/client/api/LdapNetworkConnection.java?rev=1640461&r1=1640460&r2=1640461&view=diff
==============================================================================
--- directory/shared/trunk/ldap/client/api/src/main/java/org/apache/directory/ldap/client/api/LdapNetworkConnection.java
(original)
+++ directory/shared/trunk/ldap/client/api/src/main/java/org/apache/directory/ldap/client/api/LdapNetworkConnection.java
Wed Nov 19 00:44:59 2014
@@ -3769,6 +3769,10 @@ public class LdapNetworkConnection exten
             sslFilter.setUseClientMode( true );
             sslFilter.setEnabledCipherSuites( config.getEnabledCipherSuites() );
 
+            // Be sure we disable SSLV3
+            sslFilter.setEnabledProtocols( new String[]
+                { "TLSv1", "TLSv1.1", "TLSv1.2" } );
+
             // for LDAPS
             if ( ldapSession == null )
             {



Mime
View raw message