artem-smotrakov opened a new pull request #140: HTTPCLIENT-1969: Filter out weak cipher suites URL: https://github.com/apache/httpcomponents-client/pull/140 Please consider a patch for [HTTPCLIENT-1969](https://issues.apache.org/jira/browse/HTTPCLIENT-1969): - Defined a list of weak algorithms which may be used in a TLS connection. The list is based on the latest settings in modern OpenJDK, see [java.security](https://hg.openjdk.java.net/jdk/jdk/file/1019c97e1bde/src/java.base/share/conf/security/java.security#l678) file (EXPORT ciphers are also disabled in modern OpenJDK by default) - Updated `SSLConnectionSocketFactory` to filter out weak ciphers if cipher suites are not explicitly set. Please note that the test passes with latest Java versions even without patching `SSLConnectionSocketFactory` because latest Java versions disable weak ciphers by default. The filtering mechanism blocks weak ciphers in case older Java versions are used.
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
