aboutsummaryrefslogtreecommitdiff
path: root/id
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2016-10-21 10:21:48 +0200
committerThomas Lenz <tlenz@iaik.tugraz.at>2016-10-21 10:21:48 +0200
commit65cdf9b59c2d2836bdc24cca27992a1f32f7876e (patch)
tree09accd06f8a6e587e2175ba27a51b348349fccb9 /id
parent7720eee7787b2149b36ac76da1b64e416e16d07c (diff)
downloadmoa-id-spss-65cdf9b59c2d2836bdc24cca27992a1f32f7876e.tar.gz
moa-id-spss-65cdf9b59c2d2836bdc24cca27992a1f32f7876e.tar.bz2
moa-id-spss-65cdf9b59c2d2836bdc24cca27992a1f32f7876e.zip
update default list of allowed SSL ciphers
Diffstat (limited to 'id')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java50
1 files changed, 32 insertions, 18 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
index 11f47052e..5769d99df 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
@@ -39,8 +39,8 @@ import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import at.gv.egovernment.moa.id.util.Random;
import at.gv.egovernment.moa.id.util.SSLUtils;
import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
-import at.gv.egovernment.moa.spss.server.iaik.config.IaikConfigurator;
+import at.gv.egovernment.moa.spss.MOAException;
+import at.gv.egovernment.moa.spss.api.Configurator;
import at.gv.egovernment.moa.util.MiscUtil;
import at.gv.egovernment.moaspss.logging.LoggingContext;
import at.gv.egovernment.moaspss.logging.LoggingContextManager;
@@ -72,16 +72,31 @@ public class MOAIDAuthInitializer {
MailcapCommandMap mc = new MailcapCommandMap();
CommandMap.setDefaultCommandMap(mc);
+ //allowed SSL ciphers regarding to PVP SMA 1.3 document
if (MiscUtil.isEmpty(System.getProperty("https.cipherSuites")))
System.setProperty(
"https.cipherSuites",
- "TLS_DH_anon_WITH_AES_128_CBC_SHA" +
+ //high secure RSA bases ciphers
+ ",TLS_DHE_RSA_WITH_AES_256_GCM_SHA384" +
+ ",TLS_DHE_RSA_WITH_AES_128_GCM_SHA256" +
+ ",TLS_DHE_RSA_WITH_AES_256_CBC_SHA256" +
+ ",TLS_DHE_RSA_WITH_AES_128_CBC_SHA256" +
+
+ //high secure ECC bases ciphers
+ ",TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" +
+ ",TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" +
+ ",TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" +
+ ",TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256" +
+ ",TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" +
+ ",TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384" +
+ ",TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256" +
+ ",TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256" +
+
+ //secure backup chipers
+ ",TLS_DHE_RSA_WITH_AES_256_CBC_SHA" +
",TLS_DHE_RSA_WITH_AES_128_CBC_SHA" +
- ",TLS_DHE_DSS_WITH_AES_128_CBC_SHA" +
",TLS_RSA_WITH_AES_128_CBC_SHA" +
- ",TLS_RSA_WITH_AES_256_CBC_SHA" +
- ",SSL_DH_anon_WITH_3DES_EDE_CBC_SHA" +
- ",SSL_RSA_WITH_3DES_EDE_CBC_SHA"
+ ",TLS_RSA_WITH_AES_256_CBC_SHA"
);
@@ -122,17 +137,16 @@ public class MOAIDAuthInitializer {
//MOA-SP is only use by API calls since MOA-ID 3.0.0
try {
LoggingContextManager.getInstance().setLoggingContext(
- new LoggingContext("startup"));
- ConfigurationProvider config = ConfigurationProvider
- .getInstance();
- new IaikConfigurator().configure(config);
-
- } catch (at.gv.egovernment.moa.spss.server.config.ConfigurationException ex) {
- Logger.error("MOA-SP initialization FAILED!", ex.getWrapped());
- throw new ConfigurationException("config.10", new Object[] { ex
- .toString() }, ex);
-
- }
+ new LoggingContext("startup"));
+ Logger.debug("Starting MOA-SPSS initialization process ... ");
+ Configurator.getInstance().init();
+ Logger.info("MOA-SPSS initialization complete ");
+
+ } catch (MOAException e) {
+ Logger.error("MOA-SP initialization FAILED!", e.getWrapped());
+ throw new ConfigurationException("config.10", new Object[] { e
+ .toString() }, e);
+ }
//IAIK.addAsProvider();