diff options
Diffstat (limited to 'java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLUtil.java')
-rw-r--r-- | java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLUtil.java | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLUtil.java b/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLUtil.java index 487b0c485b..98229fd2a1 100644 --- a/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLUtil.java +++ b/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLUtil.java @@ -30,6 +30,8 @@ import java.security.Principal; import java.security.cert.Certificate; import java.security.cert.CertificateParsingException; import java.security.cert.X509Certificate; +import java.util.ArrayList; +import java.util.Arrays; import java.util.List; import java.util.SortedSet; import java.util.TreeSet; @@ -39,6 +41,8 @@ import javax.naming.ldap.LdapName; import javax.naming.ldap.Rdn; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLPeerUnverifiedException; +import javax.net.ssl.SSLServerSocket; +import javax.net.ssl.SSLSocket; import org.apache.qpid.transport.TransportException; import org.apache.qpid.transport.util.Logger; @@ -47,6 +51,7 @@ public class SSLUtil { private static final Logger log = Logger.get(SSLUtil.class); private static final Integer DNS_NAME_TYPE = 2; + public static final String SSLV3_PROTOCOL = "SSLv3"; private SSLUtil() { @@ -242,4 +247,38 @@ public class SSLUtil } return ks; } + + public static void removeSSLv3Support(final SSLEngine engine) + { + List<String> enabledProtocols = Arrays.asList(engine.getEnabledProtocols()); + if(enabledProtocols.contains(SSLV3_PROTOCOL)) + { + List<String> allowedProtocols = new ArrayList<>(enabledProtocols); + allowedProtocols.remove(SSLV3_PROTOCOL); + engine.setEnabledProtocols(allowedProtocols.toArray(new String[allowedProtocols.size()])); + } + } + + public static void removeSSLv3Support(final SSLSocket socket) + { + List<String> enabledProtocols = Arrays.asList(socket.getEnabledProtocols()); + if(enabledProtocols.contains(SSLV3_PROTOCOL)) + { + List<String> allowedProtocols = new ArrayList<>(enabledProtocols); + allowedProtocols.remove(SSLV3_PROTOCOL); + socket.setEnabledProtocols(allowedProtocols.toArray(new String[allowedProtocols.size()])); + } + } + + + public static void removeSSLv3Support(final SSLServerSocket socket) + { + List<String> enabledProtocols = Arrays.asList(socket.getEnabledProtocols()); + if(enabledProtocols.contains(SSLV3_PROTOCOL)) + { + List<String> allowedProtocols = new ArrayList<>(enabledProtocols); + allowedProtocols.remove(SSLV3_PROTOCOL); + socket.setEnabledProtocols(allowedProtocols.toArray(new String[allowedProtocols.size()])); + } + } } |