summaryrefslogtreecommitdiff
path: root/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLUtil.java
diff options
context:
space:
mode:
Diffstat (limited to 'java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLUtil.java')
-rw-r--r--java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLUtil.java39
1 files changed, 39 insertions, 0 deletions
diff --git a/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLUtil.java b/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLUtil.java
index 487b0c485b..98229fd2a1 100644
--- a/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLUtil.java
+++ b/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLUtil.java
@@ -30,6 +30,8 @@ import java.security.Principal;
import java.security.cert.Certificate;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.Arrays;
import java.util.List;
import java.util.SortedSet;
import java.util.TreeSet;
@@ -39,6 +41,8 @@ import javax.naming.ldap.LdapName;
import javax.naming.ldap.Rdn;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLPeerUnverifiedException;
+import javax.net.ssl.SSLServerSocket;
+import javax.net.ssl.SSLSocket;
import org.apache.qpid.transport.TransportException;
import org.apache.qpid.transport.util.Logger;
@@ -47,6 +51,7 @@ public class SSLUtil
{
private static final Logger log = Logger.get(SSLUtil.class);
private static final Integer DNS_NAME_TYPE = 2;
+ public static final String SSLV3_PROTOCOL = "SSLv3";
private SSLUtil()
{
@@ -242,4 +247,38 @@ public class SSLUtil
}
return ks;
}
+
+ public static void removeSSLv3Support(final SSLEngine engine)
+ {
+ List<String> enabledProtocols = Arrays.asList(engine.getEnabledProtocols());
+ if(enabledProtocols.contains(SSLV3_PROTOCOL))
+ {
+ List<String> allowedProtocols = new ArrayList<>(enabledProtocols);
+ allowedProtocols.remove(SSLV3_PROTOCOL);
+ engine.setEnabledProtocols(allowedProtocols.toArray(new String[allowedProtocols.size()]));
+ }
+ }
+
+ public static void removeSSLv3Support(final SSLSocket socket)
+ {
+ List<String> enabledProtocols = Arrays.asList(socket.getEnabledProtocols());
+ if(enabledProtocols.contains(SSLV3_PROTOCOL))
+ {
+ List<String> allowedProtocols = new ArrayList<>(enabledProtocols);
+ allowedProtocols.remove(SSLV3_PROTOCOL);
+ socket.setEnabledProtocols(allowedProtocols.toArray(new String[allowedProtocols.size()]));
+ }
+ }
+
+
+ public static void removeSSLv3Support(final SSLServerSocket socket)
+ {
+ List<String> enabledProtocols = Arrays.asList(socket.getEnabledProtocols());
+ if(enabledProtocols.contains(SSLV3_PROTOCOL))
+ {
+ List<String> allowedProtocols = new ArrayList<>(enabledProtocols);
+ allowedProtocols.remove(SSLV3_PROTOCOL);
+ socket.setEnabledProtocols(allowedProtocols.toArray(new String[allowedProtocols.size()]));
+ }
+ }
}
View Lorry Controller Status