directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From elecha...@apache.org
Subject svn commit: r1669081 - in /directory/shared/trunk/ldap/client/api/src/main/java/org/apache/directory/ldap/client/api: LdapConnectionConfig.java LdapNetworkConnection.java
Date Wed, 25 Mar 2015 09:56:57 GMT
Author: elecharny
Date: Wed Mar 25 09:56:57 2015
New Revision: 1669081

URL: http://svn.apache.org/r1669081
Log:
Allow the user to define the list of protocols teh SslEngine can use

Modified:
    directory/shared/trunk/ldap/client/api/src/main/java/org/apache/directory/ldap/client/api/LdapConnectionConfig.java
    directory/shared/trunk/ldap/client/api/src/main/java/org/apache/directory/ldap/client/api/LdapNetworkConnection.java

Modified: directory/shared/trunk/ldap/client/api/src/main/java/org/apache/directory/ldap/client/api/LdapConnectionConfig.java
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap/client/api/src/main/java/org/apache/directory/ldap/client/api/LdapConnectionConfig.java?rev=1669081&r1=1669080&r2=1669081&view=diff
==============================================================================
--- directory/shared/trunk/ldap/client/api/src/main/java/org/apache/directory/ldap/client/api/LdapConnectionConfig.java
(original)
+++ directory/shared/trunk/ldap/client/api/src/main/java/org/apache/directory/ldap/client/api/LdapConnectionConfig.java
Wed Mar 25 09:56:57 2015
@@ -99,6 +99,9 @@ public class LdapConnectionConfig
     /** an array of cipher suites which are enabled, if set, will be used while initializing
the SSL context */
     private String[] enabledCipherSuites;
 
+    /** an array of protocols which are enabled, if set, will be used while initializing
the SSL context */
+    private String[] enabledProtocols;
+
     /** name of the protocol used for creating SSL context, default value is "TLS" */
     private String sslProtocol = DEFAULT_SSL_PROTOCOL;
 
@@ -451,6 +454,28 @@ public class LdapConnectionConfig
     }
 
 
+    /**
+     * Gets the protocols which are enabled.
+     * 
+     * @return the protocol which are enabled
+     */
+    public String[] getEnabledProtocols()
+    {
+        return enabledProtocols;
+    }
+
+
+    /**
+     * Sets the protocols which are enabled
+     * 
+     * @param enabledProtocols the protocols which are enabled
+     */
+    public void setEnabledProtocols( String... enabledProtocols )
+    {
+        this.enabledProtocols = enabledProtocols;
+    }
+
+
     /**
      * @return the binaryAttributeDetector
      */

Modified: directory/shared/trunk/ldap/client/api/src/main/java/org/apache/directory/ldap/client/api/LdapNetworkConnection.java
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap/client/api/src/main/java/org/apache/directory/ldap/client/api/LdapNetworkConnection.java?rev=1669081&r1=1669080&r2=1669081&view=diff
==============================================================================
--- directory/shared/trunk/ldap/client/api/src/main/java/org/apache/directory/ldap/client/api/LdapNetworkConnection.java
(original)
+++ directory/shared/trunk/ldap/client/api/src/main/java/org/apache/directory/ldap/client/api/LdapNetworkConnection.java
Wed Mar 25 09:56:57 2015
@@ -3827,11 +3827,28 @@ public class LdapNetworkConnection exten
 
             SslFilter sslFilter = new SslFilter( sslContext, true );
             sslFilter.setUseClientMode( true );
-            sslFilter.setEnabledCipherSuites( config.getEnabledCipherSuites() );
+
+            // Configure the enabled cipher lists
+            String[] enabledCipherSuite = config.getEnabledCipherSuites();
+
+            if ( ( enabledCipherSuite != null ) && ( enabledCipherSuite.length !=
0 ) )
+            {
+                sslFilter.setEnabledCipherSuites( enabledCipherSuite );
+            }
 
             // Be sure we disable SSLV3
-            sslFilter.setEnabledProtocols( new String[]
-                { "TLSv1", "TLSv1.1", "TLSv1.2" } );
+            String[] enabledProtocols = config.getEnabledProtocols();
+
+            if ( ( enabledProtocols != null ) && ( enabledProtocols.length != 0 )
)
+            {
+                sslFilter.setEnabledProtocols( enabledProtocols );
+            }
+            else
+            {
+                // Default to TLS
+                sslFilter.setEnabledProtocols( new String[]
+                    { "TLSv1", "TLSv1.1", "TLSv1.2" } );
+            }
 
             // for LDAPS
             if ( ldapSession == null )



Mime
View raw message