Great.
The procedure to sumit a code change is to open a JIRA (in your case on
https://issues.apache.org/jira/browse/PROTOCOLS) and upload the patch
granting Apache for the license.
I know this is a tiny change, but it allows to track down the history...
Would you mind opening that JIRA?
Thx, Eric
On 11/12/2012 17:24, Phillip Odam wrote:
Setting the supported cipher suites when startTLS is enabled is not
limiting the available ciphers since the instantiation of the Encryption
object always sets the member enabledCipherSuites to null.
Demonstrate issue:
Add the following to the tls tag in conf/smtpserver.conf
<supportedCipherSuites>
<cipherSuite>TLS_DHE_DSS_WITH_AES_256_CBC_SHA</cipherSuite>
</supportedCipherSuites>
With the change active, attempting to connect to the server with the
following command will succeed (with a weaker cipher)
openssl s_client -connect mail.server.tld:25 -crlf -starttls smtp
-cipher LOW
Patch:
---
current/protocols/api/src/main/java/org/apache/james/protocols/api/Encryption.java
(revision 1420267)
+++
current/protocols/api/src/main/java/org/apache/james/protocols/api/Encryption.java
2012-12-11 11:41:45.000000000 -0500
@@ -73,7 +73,7 @@
* @return enc
*/
public static Encryption createStartTls(SSLContext context,
String[] enabledCipherSuites) {
- return new Encryption(context, true, null);
+ return new Encryption(context, true, enabledCipherSuites);
}
/**
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
