qpid-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From g...@apache.org
Subject [21/50] [abbrv] qpid-proton git commit: PROTON-717: disable SSLv3
Date Fri, 14 Nov 2014 11:03:30 GMT
PROTON-717: disable SSLv3

git-svn-id: https://svn.apache.org/repos/asf/qpid/proton/trunk@1632372 13f79535-47bb-0310-9956-ffa450edef68


Project: http://git-wip-us.apache.org/repos/asf/qpid-proton/repo
Commit: http://git-wip-us.apache.org/repos/asf/qpid-proton/commit/ad5e094e
Tree: http://git-wip-us.apache.org/repos/asf/qpid-proton/tree/ad5e094e
Diff: http://git-wip-us.apache.org/repos/asf/qpid-proton/diff/ad5e094e

Branch: refs/heads/examples
Commit: ad5e094ebb7f1ead3171885e3d7a221260c75511
Parents: 423dbc5
Author: Rafael H. Schloming <rhs@apache.org>
Authored: Thu Oct 16 16:05:11 2014 +0000
Committer: Rafael H. Schloming <rhs@apache.org>
Committed: Thu Oct 16 16:05:11 2014 +0000

----------------------------------------------------------------------
 .../engine/impl/ssl/SslEngineFacadeFactory.java      | 15 +++++++++++++++
 1 file changed, 15 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/ad5e094e/proton-j/src/main/java/org/apache/qpid/proton/engine/impl/ssl/SslEngineFacadeFactory.java
----------------------------------------------------------------------
diff --git a/proton-j/src/main/java/org/apache/qpid/proton/engine/impl/ssl/SslEngineFacadeFactory.java
b/proton-j/src/main/java/org/apache/qpid/proton/engine/impl/ssl/SslEngineFacadeFactory.java
index 37021d6..9824d00 100644
--- a/proton-j/src/main/java/org/apache/qpid/proton/engine/impl/ssl/SslEngineFacadeFactory.java
+++ b/proton-j/src/main/java/org/apache/qpid/proton/engine/impl/ssl/SslEngineFacadeFactory.java
@@ -204,9 +204,24 @@ public class SslEngineFacadeFactory
         boolean useClientMode = mode == SslDomain.Mode.CLIENT ? true : false;
         sslEngine.setUseClientMode(useClientMode);
 
+        removeSSLv3Support(sslEngine);
+
         return sslEngine;
     }
 
+    private static final String SSLV3_PROTOCOL = "SSLv3";
+
+    private static void removeSSLv3Support(final SSLEngine engine)
+    {
+        List<String> enabledProtocols = Arrays.asList(engine.getEnabledProtocols());
+        if(enabledProtocols.contains(SSLV3_PROTOCOL))
+        {
+            List<String> allowedProtocols = new ArrayList<String>(enabledProtocols);
+            allowedProtocols.remove(SSLV3_PROTOCOL);
+            engine.setEnabledProtocols(allowedProtocols.toArray(new String[allowedProtocols.size()]));
+        }
+    }
+
     /**
      * @param sslPeerDetails is allowed to be null. A non-null value is used to hint that
SSL resumption
      * should be attempted


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org


Mime
View raw message