ok2c commented on a change in pull request #140: HTTPCLIENT-1969: Filter out
weak cipher suites
URL:
https://github.com/apache/httpcomponents-client/pull/140#discussion_r261834612
##########
File path:
httpclient/src/main/java/org/apache/http/conn/ssl/SSLConnectionSocketFactory.java
##########
@@ -183,6 +187,15 @@ public static SSLConnectionSocketFactory
getSocketFactory() throws SSLInitializa
return new SSLConnectionSocketFactory(SSLContexts.createDefault(),
getDefaultHostnameVerifier());
}
+ private static boolean isWeakCipherSuite(final String cipherSuite) {
+ for (final String weakAlgorithm : WEAK_ALGORITHMS) {
+ if (cipherSuite.contains(weakAlgorithm)) {
Review comment:
> WEAK_ALGORITHMS can occur only in specific parts of a cipher suite
@artem-smotrakov This is precisely what bothers me. The weak algorithms can
occur at specific parts but the propose change-set simply tests for occurrence
of those expressions at any arbitrary position in the cipher name. This looks
sloppy.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
