diff options
| author | Greg Wilkins | 2016-01-13 04:38:27 +0000 |
|---|---|---|
| committer | Greg Wilkins | 2016-01-13 04:38:27 +0000 |
| commit | 41329dccc43e9e605e36bd505e9e988c35ccb66d (patch) | |
| tree | 9e513af4aab0299b602602a745f4bd4d1740d65c /jetty-util | |
| parent | 46ed803023d1fda6abe81a5deb8100c38416ccf3 (diff) | |
| download | org.eclipse.jetty.project-41329dccc43e9e605e36bd505e9e988c35ccb66d.tar.gz org.eclipse.jetty.project-41329dccc43e9e605e36bd505e9e988c35ccb66d.tar.xz org.eclipse.jetty.project-41329dccc43e9e605e36bd505e9e988c35ccb66d.zip | |
Revert "485714 - Update SSL configuration to mitigate SLOTH vulnerability"
This reverts commit 46ed803023d1fda6abe81a5deb8100c38416ccf3.
The fix broke several unit tests.
Diffstat (limited to 'jetty-util')
| -rw-r--r-- | jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java | 8 | ||||
| -rw-r--r-- | jetty-util/src/test/java/org/eclipse/jetty/util/ssl/SslContextFactoryTest.java | 15 |
2 files changed, 6 insertions, 17 deletions
diff --git a/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java b/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java index 42f109c7d4..5025b2da2c 100644 --- a/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java +++ b/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java @@ -250,10 +250,14 @@ public class SslContextFactory extends AbstractLifeCycle setTrustAll(trustAll); addExcludeProtocols("SSL", "SSLv2", "SSLv2Hello", "SSLv3"); setExcludeCipherSuites( - "^.*_RSA_.*_(MD5|SHA|SHA1)$", + "SSL_RSA_WITH_DES_CBC_SHA", + "SSL_DHE_RSA_WITH_DES_CBC_SHA", "SSL_DHE_DSS_WITH_DES_CBC_SHA", + "SSL_RSA_EXPORT_WITH_RC4_40_MD5", + "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", + "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA"); - } +} /** * Construct an instance of SslContextFactory diff --git a/jetty-util/src/test/java/org/eclipse/jetty/util/ssl/SslContextFactoryTest.java b/jetty-util/src/test/java/org/eclipse/jetty/util/ssl/SslContextFactoryTest.java index a5e65c0251..0ca664436f 100644 --- a/jetty-util/src/test/java/org/eclipse/jetty/util/ssl/SslContextFactoryTest.java +++ b/jetty-util/src/test/java/org/eclipse/jetty/util/ssl/SslContextFactoryTest.java @@ -29,7 +29,6 @@ import static org.junit.Assert.assertTrue; import java.io.IOException; import java.io.InputStream; import java.security.KeyStore; -import java.util.Arrays; import javax.net.ssl.SSLEngine; @@ -58,20 +57,6 @@ public class SslContextFactoryTest } @Test - public void testSLOTH() throws Exception - { - cf.setKeyStorePassword("storepwd"); - cf.setKeyManagerPassword("keypwd"); - - cf.start(); - - System.err.println(Arrays.asList(cf.getSelectedProtocols())); - for (String cipher : cf.getSelectedCipherSuites()) - System.err.println(cipher); - - } - - @Test public void testNoTsFileKs() throws Exception { cf.setKeyStorePassword("storepwd"); |