artem-smotrakov commented on a change in pull request #140: HTTPCLIENT-1969:
Filter out weak cipher suites
URL:
https://github.com/apache/httpcomponents-client/pull/140#discussion_r261818999
##########
File path:
httpclient/src/main/java/org/apache/http/conn/ssl/SSLConnectionSocketFactory.java
##########
@@ -183,6 +187,15 @@ public static SSLConnectionSocketFactory
getSocketFactory() throws SSLInitializa
return new SSLConnectionSocketFactory(SSLContexts.createDefault(),
getDefaultHostnameVerifier());
}
+ private static boolean isWeakCipherSuite(final String cipherSuite) {
+ for (final String weakAlgorithm : WEAK_ALGORITHMS) {
+ if (cipherSuite.contains(weakAlgorithm)) {
Review comment:
@ok2c I thought a list of weak algorithms is more straightforward. Regex
would allow to build more complex constraints but not sure if it's necessary.
TLS cipher suites have a pretty simple format where a particular crypto
algorithm may be used only in particular part of a cipher suite.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
