[cxf] 03/04: CXF-7866 - Exclude DES, 3DES, MD5, CBC and RC4 ciphersuites as well by default

Fri, 05 Oct 2018 08:15:41 -0700 

This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cxf.git

commit a9c0c7705f70054a70eb3e95439d2a37731e0332
Author: Colm O hEigeartaigh <[email protected]>
AuthorDate: Fri Oct 5 14:16:15 2018 +0100

    CXF-7866 - Exclude DES, 3DES, MD5, CBC and RC4 ciphersuites as well by 
default
---
 .../src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java | 8 ++++++--
 .../apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java   | 2 +-
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java 
b/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java
index ed79a51..6446719 100644
--- a/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java
+++ b/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java
@@ -67,12 +67,16 @@ public final class SSLUtils {
     private static final String HTTPS_CIPHER_SUITES = "https.cipherSuites";
 
     /**
-     * By default, exclude NULL, anon and EXPORT ciphersuites
+     * By default, exclude NULL, anon, EXPORT, (3)DES, MD5, CBC and RC4 
ciphersuites
      */
     private static final List<String> DEFAULT_CIPHERSUITE_FILTERS_EXCLUDE =
         Arrays.asList(new String[] {".*NULL.*",
                                     ".*anon.*",
-                                    ".*EXPORT.*"});
+                                    ".*EXPORT.*",
+                                    ".*DES.*",
+                                    ".*MD5",
+                                    ".*CBC.*",
+                                    ".*RC4.*"});
 
     private static volatile KeyManager[] defaultManagers;
 
diff --git 
a/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java
 
b/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java
index 7a4c54b..24f3904 100644
--- 
a/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java
+++ 
b/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java
@@ -688,7 +688,7 @@ public class CipherSuitesTest extends 
AbstractBusClientServerTestBase {
 
         // Check we have no anon/EXPORT/NULL/etc ciphersuites
         assertFalse(Arrays.stream(
-            filteredCipherSuites).anyMatch(c -> 
c.matches(".*NULL|anon|EXPORT.*")));
+            filteredCipherSuites).anyMatch(c -> 
c.matches(".*NULL|anon|EXPORT|DES|MD5|CBC|RC4.*")));
     }
 
     @org.junit.Test

Reply via email to