Apache
/
httpcomponents-client
mirror of https://github.com/apache/httpcomponents-client.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Disable all versions of SSL protocol by default 

git-svn-id: https://svn.apache.org/repos/asf/httpcomponents/httpclient/trunk@1632979 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Oleg Kalnichevski 2014-10-19 19:20:56 +00:00
parent 6cad0904e7
commit 114a5bf4ab
2 changed files with 63 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
httpclient/src/main/java/org/apache/http/conn/ssl/SSLConnectionSocketFactory.java
View File

@ -33,6 +33,8 @@ import java.net.InetSocketAddress;
import java.net.Socket;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import javax.net.SocketFactory;
import javax.net.ssl.HostnameVerifier;
@ -356,6 +358,16 @@ public class SSLConnectionSocketFactory implements LayeredConnectionSocketFactor
true);
if (supportedProtocols != null) {
sslsock.setEnabledProtocols(supportedProtocols);
} else {
// If supported protocols are not explicitly set, remove all SSL protocol versions
final String[] allProtocols = sslsock.getSupportedProtocols();
final List<String> enabledProtocols = new ArrayList<String>(allProtocols.length);
for (String protocol: allProtocols) {
if (!protocol.startsWith("SSL")) {
enabledProtocols.add(protocol);
}
}
sslsock.setEnabledProtocols(enabledProtocols.toArray(new String[enabledProtocols.size()]));
}
if (supportedCipherSuites != null) {
sslsock.setEnabledCipherSuites(supportedCipherSuites);

51
httpclient/src/test/java/org/apache/http/conn/ssl/TestSSLSocketFactory.java
View File

@ -250,4 +250,55 @@ public class TestSSLSocketFactory {
sslSocket.close();
}
@Test
public void testTLSOnly() throws Exception {
this.server = ServerBootstrap.bootstrap()
.setServerInfo(LocalServerTestBase.ORIGIN)
.setSslContext(SSLTestContexts.createServerSSLContext())
.setSslSetupHandler(new SSLServerSetupHandler() {
@Override
public void initialize(final SSLServerSocket socket) throws SSLException {
socket.setEnabledProtocols(new String[] {"TLSv1"});
}
})
.create();
this.server.start();
final HttpContext context = new BasicHttpContext();
final SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(
SSLTestContexts.createClientSSLContext());
final Socket socket = socketFactory.createSocket(context);
final InetSocketAddress remoteAddress = new InetSocketAddress("localhost", this.server.getLocalPort());
final HttpHost target = new HttpHost("localhost", this.server.getLocalPort(), "https");
final SSLSocket sslSocket = (SSLSocket) socketFactory.connectSocket(0, socket, target, remoteAddress, null, context);
final SSLSession sslsession = sslSocket.getSession();
Assert.assertNotNull(sslsession);
}
@Test(expected=IOException.class)
public void testSSLDisabledByDefault() throws Exception {
this.server = ServerBootstrap.bootstrap()
.setServerInfo(LocalServerTestBase.ORIGIN)
.setSslContext(SSLTestContexts.createServerSSLContext())
.setSslSetupHandler(new SSLServerSetupHandler() {
@Override
public void initialize(final SSLServerSocket socket) throws SSLException {
socket.setEnabledProtocols(new String[] {"SSLv3"});
}
})
.create();
this.server.start();
final HttpContext context = new BasicHttpContext();
final SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(
SSLTestContexts.createClientSSLContext());
final Socket socket = socketFactory.createSocket(context);
final InetSocketAddress remoteAddress = new InetSocketAddress("localhost", this.server.getLocalPort());
final HttpHost target = new HttpHost("localhost", this.server.getLocalPort(), "https");
socketFactory.connectSocket(0, socket, target, remoteAddress, null, context);
}
}