diff options
author | Tobias Kellner <tobias.kellner@iaik.tugraz.at> | 2015-10-20 17:25:11 +0200 |
---|---|---|
committer | Tobias Kellner <tobias.kellner@iaik.tugraz.at> | 2015-10-20 17:27:43 +0200 |
commit | 9ed7dbcf2f06b8cdea0648a6dd18ebecbe987568 (patch) | |
tree | ad79d0ede1ea6ecb9e8edb66cbaf5fda4bd21039 | |
parent | 8a30b20b156bc402c7e576cbcac268e664fef2e3 (diff) | |
download | mocca-9ed7dbcf2f06b8cdea0648a6dd18ebecbe987568.tar.gz mocca-9ed7dbcf2f06b8cdea0648a6dd18ebecbe987568.tar.bz2 mocca-9ed7dbcf2f06b8cdea0648a6dd18ebecbe987568.zip |
Disabling of EC cipher suites not needed anymore
3 files changed, 1 insertions, 176 deletions
diff --git a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java index 5285382c..9eaa13b2 100644 --- a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java +++ b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java @@ -116,49 +116,6 @@ public class Container { sslConnector.setPassword(passwd); sslConnector.setKeyPassword(passwd); - //avoid jetty's ClassCastException: iaik.security.ecc.ecdsa.ECPublicKey cannot be cast to java.security.interfaces.ECPublicKey - String[] RFC4492CipherSuites = new String[] { - "TLS_ECDH_ECDSA_WITH_NULL_SHA", - "TLS_ECDH_ECDSA_WITH_RC4_128_SHA", - "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", - "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", - "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", - "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384", - "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256", - "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384", - "TLS_ECDHE_ECDSA_WITH_NULL_SHA", - "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", - "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", - "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", - "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", - "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,"+ - "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", - "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", - "TLS_ECDH_RSA_WITH_NULL_SHA", - "TLS_ECDH_RSA_WITH_RC4_128_SHA", - "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", - "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", - "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", - "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,", - "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256", - "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384", - "TLS_ECDHE_RSA_WITH_NULL_SHA", - "TLS_ECDHE_RSA_WITH_RC4_128_SHA", - "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", - "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", - "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", - "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", - "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", - "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", - "TLS_ECDH_anon_WITH_NULL_SHA", - "TLS_ECDH_anon_WITH_RC4_128_SHA", - "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA", - "TLS_ECDH_anon_WITH_AES_128_CBC_SHA", - "TLS_ECDH_anon_WITH_AES_256_CBC_SHA" - }; - - sslConnector.setExcludeCipherSuites(RFC4492CipherSuites); - server.setConnectors(new Connector[]{connector, sslConnector}); webapp = new WebAppContext(); diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/spring/InternalSSLSocketFactory.java b/bkucommon/src/main/java/at/gv/egiz/bku/spring/InternalSSLSocketFactory.java deleted file mode 100644 index a9e96126..00000000 --- a/bkucommon/src/main/java/at/gv/egiz/bku/spring/InternalSSLSocketFactory.java +++ /dev/null @@ -1,83 +0,0 @@ -package at.gv.egiz.bku.spring; - -import java.io.IOException; -import java.net.InetAddress; -import java.net.Socket; -import java.net.UnknownHostException; -import java.util.ArrayList; -import java.util.Arrays; -import java.util.List; - -import javax.net.ssl.SSLSocket; -import javax.net.ssl.SSLSocketFactory; - -public class InternalSSLSocketFactory extends SSLSocketFactory { - - private SSLSocketFactory proxy; - private String[] suites; - - public InternalSSLSocketFactory(SSLSocketFactory socketFactory, - String[] disabledSuites) { - this.proxy = socketFactory; - List<String> dSuites = Arrays.asList(disabledSuites); - List<String> suites = new ArrayList<String>(Arrays.asList(proxy.getDefaultCipherSuites())); - suites.removeAll(dSuites); - this.suites = suites.toArray(new String[suites.size()]); - } - - @Override - public Socket createSocket(Socket s, String host, int port, - boolean autoClose) throws IOException { - Socket socket = proxy.createSocket(s, host, port, autoClose); - setCipherSuites(socket); - return socket; - } - - @Override - public String[] getDefaultCipherSuites() { - return suites; - } - - @Override - public String[] getSupportedCipherSuites() { - return proxy.getSupportedCipherSuites(); - } - - @Override - public Socket createSocket(String host, int port) throws IOException, - UnknownHostException { - Socket socket = proxy.createSocket(host, port); - setCipherSuites(socket); - return socket; - } - - @Override - public Socket createSocket(InetAddress host, int port) throws IOException { - Socket socket = proxy.createSocket(host, port); - setCipherSuites(socket); - return socket; - } - - @Override - public Socket createSocket(String host, int port, InetAddress localHost, - int localPort) throws IOException, UnknownHostException { - Socket socket = proxy.createSocket(host, port, localHost, - localPort); - setCipherSuites(socket); - return socket; - } - - @Override - public Socket createSocket(InetAddress address, int port, - InetAddress localAddress, int localPort) throws IOException { - Socket socket = proxy.createSocket(address, port, localAddress, - localPort); - setCipherSuites(socket); - return socket; - } - - private void setCipherSuites(Socket socket) { - if (socket instanceof SSLSocket) - ((SSLSocket) socket).setEnabledCipherSuites(suites); - } -} diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/spring/SSLSocketFactoryBean.java b/bkucommon/src/main/java/at/gv/egiz/bku/spring/SSLSocketFactoryBean.java index f49c1c17..a16265c9 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/spring/SSLSocketFactoryBean.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/spring/SSLSocketFactoryBean.java @@ -49,47 +49,6 @@ public class SSLSocketFactoryBean implements FactoryBean { private Configuration configuration; - //avoid ClassCastException: iaik.security.ecc.ecdsa.ECPublicKey cannot be cast to java.security.interfaces.ECPublicKey - private final String DEFAULT_DISABLED_CIPHER_SUITES = - "TLS_ECDH_ECDSA_WITH_NULL_SHA," + - "TLS_ECDH_ECDSA_WITH_RC4_128_SHA," + - "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA," + - "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA," + - "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA," + - "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,"+ - "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256," + - "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384," + - "TLS_ECDHE_ECDSA_WITH_NULL_SHA," + - "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA," + - "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA," + - "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA," + - "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA," + - "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,"+ - "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256," + - "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384," + - "TLS_ECDH_RSA_WITH_NULL_SHA," + - "TLS_ECDH_RSA_WITH_RC4_128_SHA," + - "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA," + - "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA," + - "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA," + - "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,"+ - "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256," + - "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384," + - "TLS_ECDHE_RSA_WITH_NULL_SHA," + - "TLS_ECDHE_RSA_WITH_RC4_128_SHA," + - "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA," + - "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA," + - "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256," + - "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA," + - "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,"+ - "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256," + - "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384," + - "TLS_ECDH_anon_WITH_NULL_SHA," + - "TLS_ECDH_anon_WITH_RC4_128_SHA," + - "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA," + - "TLS_ECDH_anon_WITH_AES_128_CBC_SHA," + - "TLS_ECDH_anon_WITH_AES_256_CBC_SHA"; - public static final String SSL_PROTOCOL = "SSL.sslProtocol"; public static final String SSL_DISABLE_ALL_CHECKS = "SSL.disableAllChecks"; @@ -103,12 +62,6 @@ public class SSLSocketFactoryBean implements FactoryBean { public boolean disableAllSslChecks() { return configuration.getBoolean(SSL_DISABLE_ALL_CHECKS, false); } - - public String[] getDisabledCipherSuites() { - String suites = configuration.getString(SSL_DISABLED_CIPHER_SUITES, - DEFAULT_DISABLED_CIPHER_SUITES); - return suites.split(","); - } } /** @@ -148,9 +101,7 @@ public class SSLSocketFactoryBean implements FactoryBean { SSLContext sslContext = SSLContext.getInstance(configurationFacade.getSslProtocol()); sslContext.init(null, new TrustManager[] {pkiTrustManager}, null); - SSLSocketFactory ssf = sslContext.getSocketFactory(); - - return new InternalSSLSocketFactory(ssf, configurationFacade.getDisabledCipherSuites()); + return sslContext.getSocketFactory(); } @Override |