Author: rgodfrey
Date: Thu Dec 10 08:39:23 2015
New Revision: 1719028
URL: http://svn.apache.org/viewvc?rev=1719028&view=rev
Log:
QPID-6938 : Ensure HTTPS ports offer TLSv1.1 and TLSv1.2 on the IBM JDK
Modified:
qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagement.java
qpid/java/trunk/broker-plugins/websocket/src/main/java/org/apache/qpid/server/transport/websocket/WebSocketProvider.java
Modified:
qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagement.java
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagement.java?rev=1719028&r1=1719027&r2=1719028&view=diff
==============================================================================
---
qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagement.java
(original)
+++
qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagement.java
Thu Dec 10 08:39:23 2015
@@ -374,8 +374,17 @@ public class HttpManagement extends Abst
{
throw new IllegalConfigurationException("Key store is not
configured. Cannot start management on HTTPS port without keystore");
}
- SslContextFactory factory = new SslContextFactory();
- factory.addExcludeProtocols(SSLUtil.getExcludedSSlProtocols());
+ SslContextFactory factory = new SslContextFactory()
+ {
+ public String[]
selectProtocols(String[] enabledProtocols, String[] supportedProtocols)
+ {
+ List<String> selectedProtocols =
new ArrayList<>(Arrays.asList(enabledProtocols));
+
SSLUtil.updateEnabledProtocols(selectedProtocols, supportedProtocols);
+
+ return
selectedProtocols.toArray(new String[selectedProtocols.size()]);
+ }
+
+ };
if(port.getDisabledCipherSuites() != null)
{
Modified:
qpid/java/trunk/broker-plugins/websocket/src/main/java/org/apache/qpid/server/transport/websocket/WebSocketProvider.java
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/broker-plugins/websocket/src/main/java/org/apache/qpid/server/transport/websocket/WebSocketProvider.java?rev=1719028&r1=1719027&r2=1719028&view=diff
==============================================================================
---
qpid/java/trunk/broker-plugins/websocket/src/main/java/org/apache/qpid/server/transport/websocket/WebSocketProvider.java
(original)
+++
qpid/java/trunk/broker-plugins/websocket/src/main/java/org/apache/qpid/server/transport/websocket/WebSocketProvider.java
Thu Dec 10 08:39:23 2015
@@ -119,9 +119,18 @@ class WebSocketProvider implements Accep
}
else if (_transport == Transport.WSS)
{
- SslContextFactory factory = new SslContextFactory();
+ SslContextFactory factory = new SslContextFactory()
+ {
+ public String[]
selectProtocols(String[] enabledProtocols, String[] supportedProtocols)
+ {
+ List<String> selectedProtocols
= new ArrayList<>(Arrays.asList(enabledProtocols));
+
SSLUtil.updateEnabledProtocols(selectedProtocols, supportedProtocols);
+
+ return
selectedProtocols.toArray(new String[selectedProtocols.size()]);
+ }
+
+ };
factory.setSslContext(_sslContext);
- factory.addExcludeProtocols(SSLUtil.getExcludedSSlProtocols());
if(_port.getDisabledCipherSuites() != null)
{
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
