Uploaded image for project: 'MINA'
  1. MINA
  2. DIRMINA-1028

The supported ciphers configuration might not be used

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 2.0.13
    • 2.0.14
    • None
    • None

    Description

      The fact is that we apply the SslContext ciphers instead of the ones that has been configured in the filter :

              sslHandler.init();
      
              // Adding the supported ciphers in the SSLHandler
              // In Java 6, we should call sslContext.getSupportedSSLParameters()
              // instead
              String[] ciphers = sslContext.getServerSocketFactory().getSupportedCipherSuites();
              setEnabledCipherSuites(ciphers);
      

      Here, the configured ciphers are set in the sslHandler.init method :

          /**
           * Initialize the SSL handshake.
           *
           * @throws SSLException If the underlying SSLEngine handshake initialization failed
           */
          /* no qualifier */void init() throws SSLException {
          ...
              // Set the cipher suite to use by this SslEngine instance
              if (sslFilter.getEnabledCipherSuites() != null) {
                  sslEngine.setEnabledCipherSuites(sslFilter.getEnabledCipherSuites());
              }
          ...
      

      but this is overriden by the lines that follow.

      the code should look like :

          public void onPreAdd(IoFilterChain parent, String name, NextFilter nextFilter) throws SSLException {
              ...
              // Create a SSL handler and start handshake.
              SslHandler sslHandler = new SslHandler(this, session);
              
              // Adding the supported ciphers in the SSLHandler
              if ((enabledCipherSuites == null) || (enabledCipherSuites.length == 0)) {
                  enabledCipherSuites = sslContext.getServerSocketFactory().getSupportedCipherSuites();
              }
      
              sslHandler.init();
              ...
      

      Attachments

        Activity

          People

            Unassigned Unassigned
            elecharny Emmanuel L├ęcharny
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: