Author: markt
Date: Fri Feb 5 13:59:57 2016
New Revision: 1728669
URL: http://svn.apache.org/viewvc?rev=1728669&view=rev
Log:
Allow SSLv2Hello to be specified as a protocol
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEUtil.java
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEUtil.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEUtil.java?rev=1728669&r1=1728668&r2=1728669&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEUtil.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEUtil.java Fri Feb 5
13:59:57 2016
@@ -96,12 +96,15 @@ public class JSSEUtil extends SSLUtilBas
implementedProtocols = new HashSet<>();
try (SSLServerSocket socket = (SSLServerSocket)
ssf.createServerSocket()) {
// Filter out all the SSL protocols (SSLv2 and SSLv3) from the
- // defaults
- // since they are no longer considered secure
+ // defaults since they are no longer considered secure but allow
+ // SSLv2Hello
for (String protocol : socket.getEnabledProtocols()) {
- if (protocol.toUpperCase(Locale.ENGLISH).contains("SSL")) {
- log.debug(sm.getString("jsse.excludeDefaultProtocol",
protocol));
- continue;
+ String protocolUpper = protocol.toUpperCase(Locale.ENGLISH);
+ if (!"SSLV2HELLO".equals(protocolUpper)) {
+ if (protocolUpper.contains("SSL")) {
+ log.debug(sm.getString("jsse.excludeDefaultProtocol",
protocol));
+ continue;
+ }
}
implementedProtocols.add(protocol);
}
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
