Emmanuel Lecharny created DIRMINA-1028:
------------------------------------------
Summary: The supported ciphers configuration might not be used
Key: DIRMINA-1028
URL: https://issues.apache.org/jira/browse/DIRMINA-1028
Project: MINA
Issue Type: Bug
Affects Versions: 2.0.13
Reporter: Emmanuel Lecharny
Fix For: 2.0.14
The fact is that we apply the {{SslContext}} ciphers instead of the ones that
has been configured in the filter :
{noformat}
sslHandler.init();
// Adding the supported ciphers in the SSLHandler
// In Java 6, we should call sslContext.getSupportedSSLParameters()
// instead
String[] ciphers =
sslContext.getServerSocketFactory().getSupportedCipherSuites();
setEnabledCipherSuites(ciphers);
{noformat}
Here, the configured ciphers are set in the {{sslHandler.init}} method :
{noformat}
/**
* Initialize the SSL handshake.
*
* @throws SSLException If the underlying SSLEngine handshake
initialization failed
*/
/* no qualifier */void init() throws SSLException {
...
// Set the cipher suite to use by this SslEngine instance
if (sslFilter.getEnabledCipherSuites() != null) {
sslEngine.setEnabledCipherSuites(sslFilter.getEnabledCipherSuites());
}
...
{noformat}
but this is overriden by the lines that follow.
the code should look like :
{noformat}
public void onPreAdd(IoFilterChain parent, String name, NextFilter
nextFilter) throws SSLException {
...
// Create a SSL handler and start handshake.
SslHandler sslHandler = new SslHandler(this, session);
// Adding the supported ciphers in the SSLHandler
if ((enabledCipherSuites == null) || (enabledCipherSuites.length == 0))
{
enabledCipherSuites =
sslContext.getServerSocketFactory().getSupportedCipherSuites();
}
sslHandler.init();
...
{noformat}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
