aboutsummaryrefslogtreecommitdiff
path: root/id/server/moa-id-commons/src/main/java/at
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/moa-id-commons/src/main/java/at')
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java39
1 files changed, 29 insertions, 10 deletions
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java
index 5bcf915e8..0479b1bc1 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java
@@ -29,6 +29,9 @@ import java.net.UnknownHostException;
import java.security.GeneralSecurityException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLPeerUnverifiedException;
@@ -189,7 +192,7 @@ public class MOAHttpProtocolSocketFactory implements SecureProtocolSocketFactory
verifyHostName(sslSocket);
//set allowed SSL ciphers
- sslSocket = setEnabledSslCiphers(sslSocket);
+ //sslSocket = setEnabledSslCiphers(sslSocket);
return sslSocket;
}
@@ -251,18 +254,34 @@ public class MOAHttpProtocolSocketFactory implements SecureProtocolSocketFactory
* @return {@link SSLSocket} with Ciphersuites
*/
private SSLSocket setEnabledSslCiphers(SSLSocket sslSocket) {
- String systemProp = System.getProperty("https.cipherSuites");
+ String systemProp = System.getProperty("https.cipherSuites");
if (MiscUtil.isNotEmpty(systemProp)) {
- sslSocket.setEnabledCipherSuites(systemProp.split(","));
-
- }
+ try {
+ List<String> possibleCiphers = new ArrayList<String>();
- try {
- Logger.trace("Enabled SSL-Cipher: " + StringUtils.join(((SSLSocket) sslSocket).getEnabledCipherSuites(), ","));
- } catch (Exception e) {
- Logger.error(e);
+ List<String> supportedCiphers = Arrays.asList(sslSocket.getSupportedCipherSuites());
+ for (String el : systemProp.split(",")) {
+ if (supportedCiphers.contains(el))
+ possibleCiphers.add(el);
+ else
+ Logger.debug("Ignore unsupported cipher: " + el);
+
+ }
+
+ sslSocket.setEnabledCipherSuites(possibleCiphers.toArray(new String[possibleCiphers.size()]));
+
+ try {
+ Logger.trace("Enabled SSL-Cipher: " + StringUtils.join(((SSLSocket) sslSocket).getEnabledCipherSuites(), ","));
+ } catch (Exception e) {
+ Logger.error(e);
+ }
+
+ } catch (IllegalArgumentException e) {
+ Logger.warn("Can not set allowed https.cipherSuites to httpClient. Use default set!");
+
+ }
}
-
+
return sslSocket;
}
}