artem-smotrakov commented on a change in pull request #140: HTTPCLIENT-1969:
Filter out weak cipher suites
URL:
https://github.com/apache/httpcomponents-client/pull/140#discussion_r261835813
##########
File path:
httpclient/src/main/java/org/apache/http/conn/ssl/SSLConnectionSocketFactory.java
##########
@@ -183,6 +187,15 @@ public static SSLConnectionSocketFactory
getSocketFactory() throws SSLInitializa
return new SSLConnectionSocketFactory(SSLContexts.createDefault(),
getDefaultHostnameVerifier());
}
+ private static boolean isWeakCipherSuite(final String cipherSuite) {
+ for (final String weakAlgorithm : WEAK_ALGORITHMS) {
+ if (cipherSuite.contains(weakAlgorithm)) {
Review comment:
@ok2c The weak algorithms can't occur at arbitrary position in the cipher
suites defined in TLS specifications. That's why I think it's enough to search
for specific weak algorithms in a cipher suite. Again, no problem with updating
it to use regex, I just don't think it's worth it.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
