Return-Path: 
 <commits-return-39809-apmail-directory-commits-archive=directory.apache.org@directory.apache.org>
X-Original-To: apmail-directory-commits-archive@www.apache.org
Delivered-To: apmail-directory-commits-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id F0638103F1
	for <apmail-directory-commits-archive@www.apache.org>;
 Wed, 19 Nov 2014 00:45:51 +0000 (UTC)
Received: (qmail 48247 invoked by uid 500); 19 Nov 2014 00:45:51 -0000
Delivered-To: apmail-directory-commits-archive@directory.apache.org
Received: (qmail 48206 invoked by uid 500); 19 Nov 2014 00:45:51 -0000
Mailing-List: contact commits-help@directory.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@directory.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@directory.apache.org>
List-Post: <mailto:commits@directory.apache.org>
List-Id: <commits.directory.apache.org>
Reply-To: dev@directory.apache.org
Delivered-To: mailing list commits@directory.apache.org
Received: (qmail 48197 invoked by uid 99); 19 Nov 2014 00:45:51 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 19 Nov 2014 00:45:51 +0000
X-ASF-Spam-Status: No, hits=-2000.0 required=5.0
	tests=ALL_TRUSTED
X-Spam-Check-By: apache.org
Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 19 Nov 2014 00:45:50 +0000
Received: from eris.apache.org (localhost [127.0.0.1])
	by eris.apache.org (Postfix) with ESMTP id 184AF23889D5;
	Wed, 19 Nov 2014 00:45:00 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: svn commit: r1640461 - in /directory:
 apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/extended/
 apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/ssl/
 shared/trunk/ldap/client/api/...
Date: Wed, 19 Nov 2014 00:44:59 -0000
To: commits@directory.apache.org
From: elecharny@apache.org
X-Mailer: svnmailer-1.0.9
Message-Id: <20141119004500.184AF23889D5@eris.apache.org>
X-Virus-Checked: Checked by ClamAV on apache.org

Author: elecharny
Date: Wed Nov 19 00:44:59 2014
New Revision: 1640461

URL: http://svn.apache.org/r1640461
Log:
Inform the SslEngine that we aren't supporting SSLV3 explicitely

Modified:
    directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/extended/StartTlsHandler.java
    directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/ssl/LdapsInitializer.java
    directory/shared/trunk/ldap/client/api/src/main/java/org/apache/directory/ldap/client/api/LdapNetworkConnection.java

Modified: directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/extended/StartTlsHandler.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/extended/StartTlsHandler.java?rev=1640461&r1=1640460&r2=1640461&view=diff
==============================================================================
--- directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/extended/StartTlsHandler.java (original)
+++ directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/extended/StartTlsHandler.java Wed Nov 19 00:44:59 2014
@@ -82,7 +82,7 @@ public class StartTlsHandler implements 
 
         IoFilterChain chain = session.getIoSession().getFilterChain();
         SslFilter sslFilter = ( SslFilter ) chain.get( "sslFilter" );
-        
+
         if ( sslFilter == null )
         {
             sslFilter = new SslFilter( sslContext );
@@ -92,10 +92,16 @@ public class StartTlsHandler implements 
                 sslFilter.setEnabledCipherSuites( cipherSuites.toArray( new String[cipherSuites.size()] ) );
             }
 
+            // Be sure we disable SSLV3
+            sslFilter.setEnabledProtocols( new String[]
+                { "TLSv1", "TLSv1.1", "TLSv1.2" } );
             chain.addFirst( "sslFilter", sslFilter );
         }
         else
         {
+            // Be sure we disable SSLV3
+            sslFilter.setEnabledProtocols( new String[]
+                { "TLSv1", "TLSv1.1", "TLSv1.2" } );
             sslFilter.startSsl( session.getIoSession() );
         }
 

Modified: directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/ssl/LdapsInitializer.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/ssl/LdapsInitializer.java?rev=1640461&r1=1640460&r2=1640461&view=diff
==============================================================================
--- directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/ssl/LdapsInitializer.java (original)
+++ directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/ssl/LdapsInitializer.java Wed Nov 19 00:44:59 2014
@@ -63,11 +63,16 @@ public class LdapsInitializer
         SslFilter sslFilter = new SslFilter( sslCtx );
 
         List<String> cipherSuites = server.getEnabledCipherSuites();
-        if( ( cipherSuites != null ) && !cipherSuites.isEmpty() )
+
+        if ( ( cipherSuites != null ) && !cipherSuites.isEmpty() )
         {
             sslFilter.setEnabledCipherSuites( cipherSuites.toArray( new String[cipherSuites.size()] ) );
         }
-        
+
+        // Be sure we disable SSLV3
+        sslFilter.setEnabledProtocols( new String[]
+            { "TLSv1", "TLSv1.1", "TLSv1.2" } );
+
         sslFilter.setWantClientAuth( true );
         chain.addLast( "sslFilter", sslFilter );
         return chain;

Modified: directory/shared/trunk/ldap/client/api/src/main/java/org/apache/directory/ldap/client/api/LdapNetworkConnection.java
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap/client/api/src/main/java/org/apache/directory/ldap/client/api/LdapNetworkConnection.java?rev=1640461&r1=1640460&r2=1640461&view=diff
==============================================================================
--- directory/shared/trunk/ldap/client/api/src/main/java/org/apache/directory/ldap/client/api/LdapNetworkConnection.java (original)
+++ directory/shared/trunk/ldap/client/api/src/main/java/org/apache/directory/ldap/client/api/LdapNetworkConnection.java Wed Nov 19 00:44:59 2014
@@ -3769,6 +3769,10 @@ public class LdapNetworkConnection exten
             sslFilter.setUseClientMode( true );
             sslFilter.setEnabledCipherSuites( config.getEnabledCipherSuites() );
 
+            // Be sure we disable SSLV3
+            sslFilter.setEnabledProtocols( new String[]
+                { "TLSv1", "TLSv1.1", "TLSv1.2" } );
+
             // for LDAPS
             if ( ldapSession == null )
             {