From 54229ad45dcee43ea93b9853f346d484893e49df Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 24 Jul 2015 09:57:39 +0200 Subject: set "https.cipherSuites" only if they are not set in user configuration --- .../gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java index e1086bbd1..0c99d5ed4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java @@ -32,6 +32,7 @@ import at.gv.egovernment.moa.logging.LoggingContextManager; import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider; import at.gv.egovernment.moa.spss.server.iaik.config.IaikConfigurator; import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.MiscUtil; /** * Web application initializer @@ -99,9 +100,17 @@ public class MOAIDAuthInitializer { // EDH-DSS-DES-CBC3-SHA - // DES-CBC3-SHA SSL_RSA_WITH_3DES_EDE_CBC_SHA - System.setProperty( - "https.cipherSuites", - "TLS_DH_anon_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,SSL_DH_anon_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA"); + if (MiscUtil.isEmpty(System.getProperty("https.cipherSuites"))) + System.setProperty( + "https.cipherSuites", + "TLS_DH_anon_WITH_AES_128_CBC_SHA" + + ",TLS_DHE_RSA_WITH_AES_128_CBC_SHA" + + ",TLS_DHE_DSS_WITH_AES_128_CBC_SHA" + + ",TLS_RSA_WITH_AES_128_CBC_SHA" + + ",TLS_RSA_WITH_AES_256_CBC_SHA" + + ",SSL_DH_anon_WITH_3DES_EDE_CBC_SHA" + + ",SSL_RSA_WITH_3DES_EDE_CBC_SHA" + ); -- cgit v1.2.3