From deb815f6cb76bb34d5ab776e6912b6cc3199cdfc Mon Sep 17 00:00:00 2001 From: Scott Mitchell Date: Mon, 24 Nov 2014 17:16:12 -0500 Subject: [PATCH] HTTP/2 Prohibitied Cihpers Allowed Motivation: The Http2SecurityUtil class lists a few ciphers that are explicitly prohibited by the HTTP/2 specification because of their characteristics. Modifications: Remove the ciphers that are prohibited. Results: Cipher suite used for HTTP/2 codec is compatible with HTTP/2 spec. --- .../io/netty/handler/codec/http2/Http2SecurityUtil.java | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/codec-http2/src/main/java/io/netty/handler/codec/http2/Http2SecurityUtil.java b/codec-http2/src/main/java/io/netty/handler/codec/http2/Http2SecurityUtil.java index d5e68626aa..792ebddf38 100644 --- a/codec-http2/src/main/java/io/netty/handler/codec/http2/Http2SecurityUtil.java +++ b/codec-http2/src/main/java/io/netty/handler/codec/http2/Http2SecurityUtil.java @@ -49,9 +49,6 @@ public final class Http2SecurityUtil { private static final List CIPHERS_JAVA_NO_MOZILLA_INCREASED_SECURITY = Collections.unmodifiableList(Arrays .asList( - /* Java 6,7,8 */ - "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", /* openssl = ECDHE-ECDSA-RC4-SHA */ - "TLS_ECDH_ECDSA_WITH_RC4_128_SHA", /* openssl = ECDH-ECDSA-RC4-SHA */ /* Java 8 */ "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384", /* openssl = ECDH-ECDSA-AES256-GCM-SHA384 */ "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384", /* openssl = ECDH-RSA-AES256-GCM-SHA384 */ @@ -64,9 +61,7 @@ public final class Http2SecurityUtil { private static final List CIPHERS_JAVA_DISABLED_DEFAULT = Collections.unmodifiableList(Arrays.asList( /* Java 8 */ "TLS_DH_anon_WITH_AES_256_GCM_SHA384", /* openssl = ADH-AES256-GCM-SHA384 */ - "TLS_DH_anon_WITH_AES_128_GCM_SHA256", /* openssl = ADH-AES128-GCM-SHA256 */ - /* Java 6,7,8 */ - "TLS_ECDH_anon_WITH_RC4_128_SHA" /* openssl = AECDH-RC4-SHA */)); + "TLS_DH_anon_WITH_AES_128_GCM_SHA256" /* openssl = ADH-AES128-GCM-SHA256 */)); static { List ciphers = new ArrayList(CIPHERS_JAVA_MOZILLA_INCREASED_SECURITY.size()