From 9ed7dbcf2f06b8cdea0648a6dd18ebecbe987568 Mon Sep 17 00:00:00 2001 From: Tobias Kellner Date: Tue, 20 Oct 2015 17:25:11 +0200 Subject: Disabling of EC cipher suites not needed anymore --- .../egiz/bku/spring/InternalSSLSocketFactory.java | 83 ---------------------- .../gv/egiz/bku/spring/SSLSocketFactoryBean.java | 51 +------------ 2 files changed, 1 insertion(+), 133 deletions(-) delete mode 100644 bkucommon/src/main/java/at/gv/egiz/bku/spring/InternalSSLSocketFactory.java (limited to 'bkucommon/src') diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/spring/InternalSSLSocketFactory.java b/bkucommon/src/main/java/at/gv/egiz/bku/spring/InternalSSLSocketFactory.java deleted file mode 100644 index a9e96126..00000000 --- a/bkucommon/src/main/java/at/gv/egiz/bku/spring/InternalSSLSocketFactory.java +++ /dev/null @@ -1,83 +0,0 @@ -package at.gv.egiz.bku.spring; - -import java.io.IOException; -import java.net.InetAddress; -import java.net.Socket; -import java.net.UnknownHostException; -import java.util.ArrayList; -import java.util.Arrays; -import java.util.List; - -import javax.net.ssl.SSLSocket; -import javax.net.ssl.SSLSocketFactory; - -public class InternalSSLSocketFactory extends SSLSocketFactory { - - private SSLSocketFactory proxy; - private String[] suites; - - public InternalSSLSocketFactory(SSLSocketFactory socketFactory, - String[] disabledSuites) { - this.proxy = socketFactory; - List dSuites = Arrays.asList(disabledSuites); - List suites = new ArrayList(Arrays.asList(proxy.getDefaultCipherSuites())); - suites.removeAll(dSuites); - this.suites = suites.toArray(new String[suites.size()]); - } - - @Override - public Socket createSocket(Socket s, String host, int port, - boolean autoClose) throws IOException { - Socket socket = proxy.createSocket(s, host, port, autoClose); - setCipherSuites(socket); - return socket; - } - - @Override - public String[] getDefaultCipherSuites() { - return suites; - } - - @Override - public String[] getSupportedCipherSuites() { - return proxy.getSupportedCipherSuites(); - } - - @Override - public Socket createSocket(String host, int port) throws IOException, - UnknownHostException { - Socket socket = proxy.createSocket(host, port); - setCipherSuites(socket); - return socket; - } - - @Override - public Socket createSocket(InetAddress host, int port) throws IOException { - Socket socket = proxy.createSocket(host, port); - setCipherSuites(socket); - return socket; - } - - @Override - public Socket createSocket(String host, int port, InetAddress localHost, - int localPort) throws IOException, UnknownHostException { - Socket socket = proxy.createSocket(host, port, localHost, - localPort); - setCipherSuites(socket); - return socket; - } - - @Override - public Socket createSocket(InetAddress address, int port, - InetAddress localAddress, int localPort) throws IOException { - Socket socket = proxy.createSocket(address, port, localAddress, - localPort); - setCipherSuites(socket); - return socket; - } - - private void setCipherSuites(Socket socket) { - if (socket instanceof SSLSocket) - ((SSLSocket) socket).setEnabledCipherSuites(suites); - } -} diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/spring/SSLSocketFactoryBean.java b/bkucommon/src/main/java/at/gv/egiz/bku/spring/SSLSocketFactoryBean.java index f49c1c17..a16265c9 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/spring/SSLSocketFactoryBean.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/spring/SSLSocketFactoryBean.java @@ -49,47 +49,6 @@ public class SSLSocketFactoryBean implements FactoryBean { private Configuration configuration; - //avoid ClassCastException: iaik.security.ecc.ecdsa.ECPublicKey cannot be cast to java.security.interfaces.ECPublicKey - private final String DEFAULT_DISABLED_CIPHER_SUITES = - "TLS_ECDH_ECDSA_WITH_NULL_SHA," + - "TLS_ECDH_ECDSA_WITH_RC4_128_SHA," + - "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA," + - "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA," + - "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA," + - "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,"+ - "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256," + - "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384," + - "TLS_ECDHE_ECDSA_WITH_NULL_SHA," + - "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA," + - "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA," + - "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA," + - "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA," + - "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,"+ - "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256," + - "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384," + - "TLS_ECDH_RSA_WITH_NULL_SHA," + - "TLS_ECDH_RSA_WITH_RC4_128_SHA," + - "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA," + - "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA," + - "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA," + - "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,"+ - "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256," + - "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384," + - "TLS_ECDHE_RSA_WITH_NULL_SHA," + - "TLS_ECDHE_RSA_WITH_RC4_128_SHA," + - "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA," + - "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA," + - "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256," + - "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA," + - "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,"+ - "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256," + - "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384," + - "TLS_ECDH_anon_WITH_NULL_SHA," + - "TLS_ECDH_anon_WITH_RC4_128_SHA," + - "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA," + - "TLS_ECDH_anon_WITH_AES_128_CBC_SHA," + - "TLS_ECDH_anon_WITH_AES_256_CBC_SHA"; - public static final String SSL_PROTOCOL = "SSL.sslProtocol"; public static final String SSL_DISABLE_ALL_CHECKS = "SSL.disableAllChecks"; @@ -103,12 +62,6 @@ public class SSLSocketFactoryBean implements FactoryBean { public boolean disableAllSslChecks() { return configuration.getBoolean(SSL_DISABLE_ALL_CHECKS, false); } - - public String[] getDisabledCipherSuites() { - String suites = configuration.getString(SSL_DISABLED_CIPHER_SUITES, - DEFAULT_DISABLED_CIPHER_SUITES); - return suites.split(","); - } } /** @@ -148,9 +101,7 @@ public class SSLSocketFactoryBean implements FactoryBean { SSLContext sslContext = SSLContext.getInstance(configurationFacade.getSslProtocol()); sslContext.init(null, new TrustManager[] {pkiTrustManager}, null); - SSLSocketFactory ssf = sslContext.getSocketFactory(); - - return new InternalSSLSocketFactory(ssf, configurationFacade.getDisabledCipherSuites()); + return sslContext.getSocketFactory(); } @Override -- cgit v1.2.3