Return-Path: 
 <commits-return-443-apmail-argus-commits-archive=argus.apache.org@argus.incubator.apache.org>
X-Original-To: apmail-argus-commits-archive@minotaur.apache.org
Delivered-To: apmail-argus-commits-archive@minotaur.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 73EB8174FD
	for <apmail-argus-commits-archive@minotaur.apache.org>;
 Wed,  5 Nov 2014 23:30:35 +0000 (UTC)
Received: (qmail 51279 invoked by uid 500); 5 Nov 2014 23:30:34 -0000
Delivered-To: apmail-argus-commits-archive@argus.apache.org
Received: (qmail 51201 invoked by uid 500); 5 Nov 2014 23:30:34 -0000
Mailing-List: contact commits-help@argus.incubator.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@argus.incubator.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@argus.incubator.apache.org>
List-Post: <mailto:commits@argus.incubator.apache.org>
List-Id: <commits.argus.incubator.apache.org>
Reply-To: dev@argus.incubator.apache.org
Delivered-To: mailing list commits@argus.incubator.apache.org
Received: (qmail 51085 invoked by uid 99); 5 Nov 2014 23:30:34 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 05 Nov 2014 23:30:34 +0000
X-ASF-Spam-Status: No, hits=-2000.6 required=5.0
	tests=ALL_TRUSTED,RP_MATCHES_RCVD
X-Spam-Check-By: apache.org
Received: from [140.211.11.3] (HELO mail.apache.org) (140.211.11.3)
    by apache.org (qpsmtpd/0.29) with SMTP; Wed, 05 Nov 2014 23:30:11 +0000
Received: (qmail 49874 invoked by uid 99); 5 Nov 2014 23:30:09 -0000
Received: from tyr.zones.apache.org (HELO tyr.zones.apache.org)
 (140.211.11.114)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 05 Nov 2014 23:30:09 +0000
Received: by tyr.zones.apache.org (Postfix, from userid 65534)
	id 7E47590969B; Wed,  5 Nov 2014 23:30:09 +0000 (UTC)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: sneethir@apache.org
To: commits@argus.incubator.apache.org
Date: Wed, 05 Nov 2014 23:30:09 -0000
Message-Id: <d372be51dd694f87b2405b04811a4fb0@git.apache.org>
X-Mailer: ASF-Git Admin Mailer
Subject: [1/2] git commit: ARGUS-158 - SSL service disables SSLv3 protocol
X-Virus-Checked: Checked by ClamAV on apache.org

Repository: incubator-argus
Updated Branches:
  refs/heads/ranger-0.4 2f8287b4c -> 548fac2a5


ARGUS-158 - SSL service disables SSLv3 protocol


Project: http://git-wip-us.apache.org/repos/asf/incubator-argus/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-argus/commit/558270ef
Tree: http://git-wip-us.apache.org/repos/asf/incubator-argus/tree/558270ef
Diff: http://git-wip-us.apache.org/repos/asf/incubator-argus/diff/558270ef

Branch: refs/heads/ranger-0.4
Commit: 558270ef2f9cbf4ae2b64bcd7e4896d80ac8bdf9
Parents: 37c62a8
Author: sneethiraj <sneethir@apache.org>
Authored: Wed Nov 5 17:52:54 2014 -0500
Committer: sneethiraj <sneethir@apache.org>
Committed: Wed Nov 5 17:52:54 2014 -0500

----------------------------------------------------------------------
 .../xasecure/server/tomcat/EmbededServer.java   |  4 ++++
 .../UnixAuthenticationService.java              | 25 +++++++++++++++++++-
 2 files changed, 28 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/558270ef/embededwebserver/src/main/java/com/xasecure/server/tomcat/EmbededServer.java
----------------------------------------------------------------------
diff --git a/embededwebserver/src/main/java/com/xasecure/server/tomcat/EmbededServer.java b/embededwebserver/src/main/java/com/xasecure/server/tomcat/EmbededServer.java
index 7adc1aa..fd014e7 100644
--- a/embededwebserver/src/main/java/com/xasecure/server/tomcat/EmbededServer.java
+++ b/embededwebserver/src/main/java/com/xasecure/server/tomcat/EmbededServer.java
@@ -111,6 +111,10 @@ public class EmbededServer {
 			ssl.setAttribute("keyAlias", getConfig("https.attrib.keyAlias") ) ;
 			ssl.setAttribute("keystorePass", getConfig("https.attrib.keystorePass"));
 			ssl.setAttribute("keystoreFile",  getConfig("https.attrib.keystoreFile")) ;
+			
+			String enabledProtocols = "TLSv1, TLSv1.1, TLSv1.2" ;
+			ssl.setAttribute("sslEnabledProtocols", enabledProtocols ) ;
+			
 			server.getService().addConnector(ssl); 
 		}
 

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/558270ef/unixauthservice/src/main/java/com/xasecure/authentication/UnixAuthenticationService.java
----------------------------------------------------------------------
diff --git a/unixauthservice/src/main/java/com/xasecure/authentication/UnixAuthenticationService.java b/unixauthservice/src/main/java/com/xasecure/authentication/UnixAuthenticationService.java
index 107ba40..bd9eac2 100644
--- a/unixauthservice/src/main/java/com/xasecure/authentication/UnixAuthenticationService.java
+++ b/unixauthservice/src/main/java/com/xasecure/authentication/UnixAuthenticationService.java
@@ -28,12 +28,15 @@ import java.net.Socket;
 import java.security.KeyStore;
 import java.security.SecureRandom;
 import java.util.ArrayList;
+import java.util.HashSet;
 import java.util.List;
 import java.util.Properties;
+import java.util.Set;
 
 import javax.net.ssl.KeyManager;
 import javax.net.ssl.KeyManagerFactory;
 import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLServerSocket;
 import javax.net.ssl.SSLServerSocketFactory;
 import javax.net.ssl.TrustManager;
 import javax.net.ssl.TrustManagerFactory;
@@ -48,7 +51,7 @@ public class UnixAuthenticationService {
 	
 	private static final String serviceName = "UnixAuthenticationService" ;
 	
-	private static final String SSL_ALGORITHM = "SSLv3" ;
+	private static final String SSL_ALGORITHM = "TLS" ;
 	private static final String REMOTE_LOGIN_AUTH_SERVICE_PORT_PARAM = "authServicePort" ;
 	private static final String SSL_KEYSTORE_PATH_PARAM = "keyStore" ;
 	private static final String SSL_KEYSTORE_PATH_PASSWORD_PARAM = "keyStorePassword" ;
@@ -216,6 +219,26 @@ public class UnixAuthenticationService {
 		SSLServerSocketFactory sf = context.getServerSocketFactory() ; 
 
 		ServerSocket socket = (SSLEnabled ? sf.createServerSocket(portNum) :  new ServerSocket(portNum) ) ;
+		
+		if (SSLEnabled) {
+			SSLServerSocket secureSocket = (SSLServerSocket) socket ;
+			String[] protocols = secureSocket.getEnabledProtocols() ;
+			Set<String> allowedProtocols = new HashSet<String>() ;
+			for(String ep : protocols) {
+				if (! ep.toUpperCase().startsWith("SSLV3")) {
+					LOG.info("Enabling Protocol: [" + ep + "]");
+					allowedProtocols.add(ep) ;
+				}
+				else {
+					LOG.info("Disabling Protocol: [" + ep + "]");
+				}
+			}
+			
+			if (!allowedProtocols.isEmpty()) {
+				secureSocket.setEnabledProtocols(allowedProtocols.toArray(new String[0]));
+			}
+		}
+		
 				
 		Socket client = null ;