andreacavalli/netty5
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

[#3987] Remove RC4 from default ciphers.

Browse Source 
Motivation:

Remove RC4 from default ciphers as it is not known as secure anymore.

Modifications:

Remove RC4

Result:

Not use an insecure cipher as default.
This commit is contained in:
Norman Maurer 2015-07-16 21:29:04 +02:00
parent 1a34427a51
commit 58ad1e3106
3 changed files with 11 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
handler/src/main/java/io/netty/handler/ssl/JdkSslContext.java
View File

@ -107,15 +107,18 @@ public abstract class JdkSslContext extends SslContext {
"TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_RSA_WITH_AES_128_CBC_SHA",
// AES256 requires JCE unlimited strength jurisdiction policy files. // AES256 requires JCE unlimited strength jurisdiction policy files.
"TLS_RSA_WITH_AES_256_CBC_SHA", "TLS_RSA_WITH_AES_256_CBC_SHA",
"SSL_RSA_WITH_3DES_EDE_CBC_SHA", "SSL_RSA_WITH_3DES_EDE_CBC_SHA");
"SSL_RSA_WITH_RC4_128_SHA");
if (!ciphers.isEmpty()) { if (ciphers.isEmpty()) {
DEFAULT_CIPHERS = Collections.unmodifiableList(ciphers);
} else {
// Use the default from JDK as fallback. // Use the default from JDK as fallback.
DEFAULT_CIPHERS = Collections.unmodifiableList(Arrays.asList(engine.getEnabledCipherSuites())); for (String cipher : engine.getEnabledCipherSuites()) {
if (cipher.contains("_RC4_")) {
continue;
}
ciphers.add(cipher);
}
} }
DEFAULT_CIPHERS = Collections.unmodifiableList(ciphers);
if (logger.isDebugEnabled()) { if (logger.isDebugEnabled()) {
logger.debug("Default protocols (JDK): {} ", Arrays.asList(PROTOCOLS)); logger.debug("Default protocols (JDK): {} ", Arrays.asList(PROTOCOLS));

3
handler/src/main/java/io/netty/handler/ssl/OpenSslContext.java
View File

@ -107,8 +107,7 @@ public abstract class OpenSslContext extends SslContext {
"AES128-GCM-SHA256", "AES128-GCM-SHA256",
"AES128-SHA", "AES128-SHA",
"AES256-SHA", "AES256-SHA",
"DES-CBC3-SHA", "DES-CBC3-SHA");
"RC4-SHA");
DEFAULT_CIPHERS = Collections.unmodifiableList(ciphers); DEFAULT_CIPHERS = Collections.unmodifiableList(ciphers);
if (logger.isDebugEnabled()) { if (logger.isDebugEnabled()) {

2
testsuite/src/main/java/io/netty/testsuite/transport/socket/SocketSslEchoTest.java
View File

@ -148,7 +148,7 @@ public class SocketSslEchoTest extends AbstractSocketTest {
if (rt == RenegotiationType.NONE) { if (rt == RenegotiationType.NONE) {
r = Renegotiation.NONE; r = Renegotiation.NONE;
} else { } else {
r = new Renegotiation(rt, "SSL_RSA_WITH_RC4_128_SHA"); r = new Renegotiation(rt, "SSL_RSA_WITH_3DES_EDE_CBC_SHA");
} }
for (int i = 0; i < 8; i++) { for (int i = 0; i < 8; i++) {