diff options
| author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2016-10-21 10:21:48 +0200 |
|---|---|---|
| committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2016-10-21 10:21:48 +0200 |
| commit | 65cdf9b59c2d2836bdc24cca27992a1f32f7876e (patch) | |
| tree | 09accd06f8a6e587e2175ba27a51b348349fccb9 | |
| parent | 7720eee7787b2149b36ac76da1b64e416e16d07c (diff) | |
| download | moa-id-spss-65cdf9b59c2d2836bdc24cca27992a1f32f7876e.tar.gz moa-id-spss-65cdf9b59c2d2836bdc24cca27992a1f32f7876e.tar.bz2 moa-id-spss-65cdf9b59c2d2836bdc24cca27992a1f32f7876e.zip | |
update default list of allowed SSL ciphers
| -rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java | 50 |
1 files changed, 32 insertions, 18 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java index 11f47052e..5769d99df 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java @@ -39,8 +39,8 @@ import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.id.util.SSLUtils; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider; -import at.gv.egovernment.moa.spss.server.iaik.config.IaikConfigurator; +import at.gv.egovernment.moa.spss.MOAException; +import at.gv.egovernment.moa.spss.api.Configurator; import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moaspss.logging.LoggingContext; import at.gv.egovernment.moaspss.logging.LoggingContextManager; @@ -72,16 +72,31 @@ public class MOAIDAuthInitializer { MailcapCommandMap mc = new MailcapCommandMap(); CommandMap.setDefaultCommandMap(mc); + //allowed SSL ciphers regarding to PVP SMA 1.3 document if (MiscUtil.isEmpty(System.getProperty("https.cipherSuites"))) System.setProperty( "https.cipherSuites", - "TLS_DH_anon_WITH_AES_128_CBC_SHA" + + //high secure RSA bases ciphers + ",TLS_DHE_RSA_WITH_AES_256_GCM_SHA384" + + ",TLS_DHE_RSA_WITH_AES_128_GCM_SHA256" + + ",TLS_DHE_RSA_WITH_AES_256_CBC_SHA256" + + ",TLS_DHE_RSA_WITH_AES_128_CBC_SHA256" + + + //high secure ECC bases ciphers + ",TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" + + ",TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" + + ",TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" + + ",TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256" + + ",TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" + + ",TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384" + + ",TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256" + + ",TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256" + + + //secure backup chipers + ",TLS_DHE_RSA_WITH_AES_256_CBC_SHA" + ",TLS_DHE_RSA_WITH_AES_128_CBC_SHA" + - ",TLS_DHE_DSS_WITH_AES_128_CBC_SHA" + ",TLS_RSA_WITH_AES_128_CBC_SHA" + - ",TLS_RSA_WITH_AES_256_CBC_SHA" + - ",SSL_DH_anon_WITH_3DES_EDE_CBC_SHA" + - ",SSL_RSA_WITH_3DES_EDE_CBC_SHA" + ",TLS_RSA_WITH_AES_256_CBC_SHA" ); @@ -122,17 +137,16 @@ public class MOAIDAuthInitializer { //MOA-SP is only use by API calls since MOA-ID 3.0.0 try { LoggingContextManager.getInstance().setLoggingContext( - new LoggingContext("startup")); - ConfigurationProvider config = ConfigurationProvider - .getInstance(); - new IaikConfigurator().configure(config); - - } catch (at.gv.egovernment.moa.spss.server.config.ConfigurationException ex) { - Logger.error("MOA-SP initialization FAILED!", ex.getWrapped()); - throw new ConfigurationException("config.10", new Object[] { ex - .toString() }, ex); - - } + new LoggingContext("startup")); + Logger.debug("Starting MOA-SPSS initialization process ... "); + Configurator.getInstance().init(); + Logger.info("MOA-SPSS initialization complete "); + + } catch (MOAException e) { + Logger.error("MOA-SP initialization FAILED!", e.getWrapped()); + throw new ConfigurationException("config.10", new Object[] { e + .toString() }, e); + } //IAIK.addAsProvider(); |