[4/4] cxf git commit: Fixing backmerge for 3.0

Tue, 19 May 2015 09:10:18 -0700 

Fixing backmerge for 3.0


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/ae6ce728
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/ae6ce728
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/ae6ce728

Branch: refs/heads/3.0.x-fixes
Commit: ae6ce728989ab031c076bbbebe65d64ff8d2f3bc
Parents: 936392e
Author: Colm O hEigeartaigh <[email protected]>
Authored: Tue May 19 17:09:41 2015 +0100
Committer: Colm O hEigeartaigh <[email protected]>
Committed: Tue May 19 17:09:41 2015 +0100

----------------------------------------------------------------------
 .../https_jetty/CXFJettySslSocketConnector.java | 26 +++++++++++++++-----
 .../https_jetty/JettySslConnectorFactory.java   |  1 +
 2 files changed, 21 insertions(+), 6 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/ae6ce728/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/https_jetty/CXFJettySslSocketConnector.java
----------------------------------------------------------------------
diff --git 
a/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/https_jetty/CXFJettySslSocketConnector.java
 
b/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/https_jetty/CXFJettySslSocketConnector.java
index 48522df..8ea334b 100644
--- 
a/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/https_jetty/CXFJettySslSocketConnector.java
+++ 
b/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/https_jetty/CXFJettySslSocketConnector.java
@@ -50,6 +50,7 @@ public class CXFJettySslSocketConnector extends 
SslSelectChannelConnector {
     protected List<String>   cipherSuites;
     protected FiltersType    cipherSuitesFilter;
     protected List<String>   excludeProtocols;
+    protected List<String>   includeProtocols;
        
     /**
      * Set the cipherSuites
@@ -73,6 +74,13 @@ public class CXFJettySslSocketConnector extends 
SslSelectChannelConnector {
     }
     
     /**
+     * Set the protocols to include
+     */
+    protected void setIncludeProtocols(List<String> ps) {
+        includeProtocols = ps;
+    }
+    
+    /**
      * Set the KeyManagers.
      */
     protected void setKeyManagers(KeyManager[] kmgrs) {
@@ -118,15 +126,21 @@ public class CXFJettySslSocketConnector extends 
SslSelectChannelConnector {
     
     protected SSLContext createSSLContext() throws Exception  {
         String proto = getCxfSslContextFactory().getProtocol() == null
-            ? "TLS"
-                : getCxfSslContextFactory().getProtocol();
+            ? "TLS" : getCxfSslContextFactory().getProtocol();
  
-        // Exclude SSLv3 + SSLv2Hello by default unless the protocol is given 
as SSLv3
+        // Exclude SSLv3 + SSLv2Hello by default unless the protocol is given 
as SSLv3, or if
+        // they have been explicitly included
         if (!"SSLv3".equals(proto) 
             && (excludeProtocols == null || excludeProtocols.isEmpty())) {
-            getSslContextFactory().addExcludeProtocols("SSLv3");
-            getSslContextFactory().addExcludeProtocols("SSLv2Hello");
-        } else if (excludeProtocols != null) {
+            if (includeProtocols == null || 
!includeProtocols.contains("SSLv3")) {
+                getSslContextFactory().addExcludeProtocols("SSLv3");
+            }
+            if (includeProtocols == null || 
!includeProtocols.contains("SSLv2Hello")) {
+                getSslContextFactory().addExcludeProtocols("SSLv2Hello");
+            }
+        }
+        
+        if (excludeProtocols != null) {
             for (String p : excludeProtocols) {
                 getSslContextFactory().addExcludeProtocols(p);
             }

http://git-wip-us.apache.org/repos/asf/cxf/blob/ae6ce728/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/https_jetty/JettySslConnectorFactory.java
----------------------------------------------------------------------
diff --git 
a/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/https_jetty/JettySslConnectorFactory.java
 
b/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/https_jetty/JettySslConnectorFactory.java
index 807bba7..0c7a87c 100644
--- 
a/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/https_jetty/JettySslConnectorFactory.java
+++ 
b/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/https_jetty/JettySslConnectorFactory.java
@@ -88,6 +88,7 @@ public final class JettySslConnectorFactory implements 
JettyConnectorFactory {
         con.setCipherSuites(tlsServerParameters.getCipherSuites());
         con.setCipherSuitesFilter(tlsServerParameters.getCipherSuitesFilter());
         con.setExcludeProtocols(tlsServerParameters.getExcludeProtocols());
+        con.setIncludeProtocols(tlsServerParameters.getIncludeProtocols());
         
con.getCxfSslContextFactory().setCertAlias(tlsServerParameters.getCertAlias());
     }

Reply via email to