Eclipse
/
jetty.project
mirror of https://github.com/jetty/jetty.project.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

485714 - Update SSL configuration to mitigate SLOTH vulnerability

This commit is contained in:
Joakim Erdfelt 2016-01-13 15:00:16 -07:00
parent 30308f2316
commit 0a1b0b2bc6
4 changed files with 22 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
jetty-server/src/test/java/org/eclipse/jetty/server/ssl/SSLCloseTest.java
View File

@ -27,6 +27,7 @@ import java.net.Socket;
import java.nio.charset.StandardCharsets;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@ -36,6 +37,7 @@ import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.ServerConnector;
import org.eclipse.jetty.server.handler.AbstractHandler;
import org.eclipse.jetty.toolchain.test.MavenTestingUtils;
import org.eclipse.jetty.util.TypeUtil;
import org.eclipse.jetty.util.resource.Resource;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.junit.Test;
@ -59,7 +61,7 @@ public class SSLCloseTest
server.setHandler(new WriteHandler());
server.start();
SSLContext ctx=SSLContext.getInstance("SSLv3");
SSLContext ctx=SSLContext.getInstance("TLSv1.2");
ctx.init(null,SslContextFactory.TRUST_ALL_CERTS,new java.security.SecureRandom());
int port=connector.getLocalPort();

2
jetty-server/src/test/java/org/eclipse/jetty/server/ssl/SSLEngineTest.java
View File

@ -189,7 +189,7 @@ public class SSLEngineTest
Socket[] client=new Socket[numConns];
SSLContext ctx=SSLContext.getInstance("SSLv3");
SSLContext ctx=SSLContext.getInstance("TLSv1.2");
ctx.init(null,SslContextFactory.TRUST_ALL_CERTS,new java.security.SecureRandom());
int port=connector.getLocalPort();

8
jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java
View File

@ -250,14 +250,10 @@ public class SslContextFactory extends AbstractLifeCycle
setTrustAll(trustAll);
addExcludeProtocols("SSL", "SSLv2", "SSLv2Hello", "SSLv3");
setExcludeCipherSuites(
"SSL_RSA_WITH_DES_CBC_SHA",
"SSL_DHE_RSA_WITH_DES_CBC_SHA",
"^.*_RSA_.*_(MD5|SHA|SHA1)$",
"SSL_DHE_DSS_WITH_DES_CBC_SHA",
"SSL_RSA_EXPORT_WITH_RC4_40_MD5",
"SSL_RSA_EXPORT_WITH_DES40_CBC_SHA",
"SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
"SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA");
}
}
/**
* Construct an instance of SslContextFactory

15
jetty-util/src/test/java/org/eclipse/jetty/util/ssl/SslContextFactoryTest.java
View File

@ -29,6 +29,7 @@ import static org.junit.Assert.assertTrue;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyStore;
import java.util.Arrays;
import javax.net.ssl.SSLEngine;
@ -56,6 +57,20 @@ public class SslContextFactoryTest
cf = new SslContextFactory();
}
@Test
public void testSLOTH() throws Exception
{
cf.setKeyStorePassword("storepwd");
cf.setKeyManagerPassword("keypwd");
cf.start();
System.err.println(Arrays.asList(cf.getSelectedProtocols()));
for (String cipher : cf.getSelectedCipherSuites())
System.err.println(cipher);
}
@Test
public void testNoTsFileKs() throws Exception
{