andreacavalli/netty5
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

NETTY-438 Re-enable SSL re-negotiation by default

Browse Source 
* Re-enabled renegotiation
* Updated Javadoc
This commit is contained in:
Trustin Lee 2011-10-10 20:47:32 +09:00
parent b89487c445
commit ba72bf7235
1 changed files with 13 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
src/main/java/org/jboss/netty/handler/ssl/SslHandler.java
View File

@ -69,17 +69,22 @@ import org.jboss.netty.util.internal.NonReentrantLock;
* *
* <h3>Renegotiation</h3> * <h3>Renegotiation</h3>
* <p> * <p>
* TLS renegotiation has been disabled by default due to a known security issue, * If {@link #isEnableRenegotiation() enableRenegotiation} is {@code true}
* <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555">CVE-2009-3555</a>. * (default) and the initial handshake has been done successfully, you can call
* You can re-enable renegotiation by calling {@link #setEnableRenegotiation(boolean)}
* with {@code true} at your own risk.
* <p>
* If {@link #isEnableRenegotiation() enableRenegotiation} is {@code true} and
* the initial handshake has been done successfully, you can call
* {@link #handshake()} to trigger the renegotiation. * {@link #handshake()} to trigger the renegotiation.
* <p> * <p>
* If {@link #isEnableRenegotiation() enableRenegotiation} is {@code false}, * If {@link #isEnableRenegotiation() enableRenegotiation} is {@code false},
* an attempt to trigger renegotiation will result in the connection closure. * an attempt to trigger renegotiation will result in the connection closure.
* <p>
* Please note that TLS renegotiation had a security issue before. If your
* runtime environment did not fix it, please make sure to disable TLS
* renegotiation by calling {@link #setEnableRenegotiation(boolean)} with
* {@code false}. For more information, please refer to the following documents:
* <ul>
* <li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555">CVE-2009-3555</a></li>
* <li><a href="http://www.ietf.org/rfc/rfc5746.txt">RFC5746</a></li>
* <li><a href="http://www.oracle.com/technetwork/java/javase/documentation/tlsreadme2-176330.html">Phased Approach to Fixing the TLS Renegotiation Issue</a></li>
* </ul>
* *
* <h3>Closing the session</h3> * <h3>Closing the session</h3>
* <p> * <p>
@ -173,7 +178,7 @@ public class SslHandler extends FrameDecoder
private final Executor delegatedTaskExecutor; private final Executor delegatedTaskExecutor;
private final boolean startTls; private final boolean startTls;
private volatile boolean enableRenegotiation; private volatile boolean enableRenegotiation = true;
final Object handshakeLock = new Object(); final Object handshakeLock = new Object();
private boolean handshaking; private boolean handshaking;