artem-smotrakov commented on a change in pull request #140: HTTPCLIENT-1969:
Filter out weak cipher suites
URL:
https://github.com/apache/httpcomponents-client/pull/140#discussion_r261836039
##########
File path:
httpclient/src/main/java/org/apache/http/conn/ssl/SSLConnectionSocketFactory.java
##########
@@ -183,6 +187,15 @@ public static SSLConnectionSocketFactory
getSocketFactory() throws SSLInitializa
return new SSLConnectionSocketFactory(SSLContexts.createDefault(),
getDefaultHostnameVerifier());
}
+ private static boolean isWeakCipherSuite(final String cipherSuite) {
+ for (final String weakAlgorithm : WEAK_ALGORITHMS) {
+ if (cipherSuite.contains(weakAlgorithm)) {
Review comment:
Just noticed one more thing. It may be better to use convert the string to
upper-case before search or matching. The JSSE spec currently mentions only
_anon_ but not sure if _ANON_ may not appear.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
