Revert "485714 - Update SSL configuration to mitigate SLOTH vulnerability"

This reverts commit 46ed803023. The fix broke several unit tests.
2016-01-13 15:38:27 +11:00 · 2016-01-13 15:38:27 +11:00 · 41329dccc4
parent 46ed803023
commit 41329dccc4
2 changed files with 6 additions and 17 deletions
--- a/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java
+++ b/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java
@ -250,8 +250,12 @@ public class SslContextFactory extends AbstractLifeCycle
        setTrustAll(trustAll);
        addExcludeProtocols("SSL", "SSLv2", "SSLv2Hello", "SSLv3");
        setExcludeCipherSuites(
-                "^.*_RSA_.*_(MD5|SHA|SHA1)$",
+                "SSL_RSA_WITH_DES_CBC_SHA",
                "SSL_DHE_RSA_WITH_DES_CBC_SHA",
                "SSL_DHE_DSS_WITH_DES_CBC_SHA",
                "SSL_RSA_EXPORT_WITH_RC4_40_MD5",
                "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA",
                "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
                "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA");
 }
--- a/jetty-util/src/test/java/org/eclipse/jetty/util/ssl/SslContextFactoryTest.java
+++ b/jetty-util/src/test/java/org/eclipse/jetty/util/ssl/SslContextFactoryTest.java
@ -29,7 +29,6 @@ import static org.junit.Assert.assertTrue;
 import java.io.IOException;
 import java.io.InputStream;
 import java.security.KeyStore;
 import java.util.Arrays;
 import javax.net.ssl.SSLEngine;
@ -57,20 +56,6 @@ public class SslContextFactoryTest
        cf = new SslContextFactory();
    }
    @Test
    public void testSLOTH() throws Exception
    {
        cf.setKeyStorePassword("storepwd");
        cf.setKeyManagerPassword("keypwd");
        cf.start();
        System.err.println(Arrays.asList(cf.getSelectedProtocols()));
        for (String cipher : cf.getSelectedCipherSuites())
            System.err.println(cipher);
    }
    @Test
    public void testNoTsFileKs() throws Exception
    {