Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
2.0.13
-
None
-
None
Description
The fact is that we apply the SslContext ciphers instead of the ones that has been configured in the filter :
sslHandler.init();
// Adding the supported ciphers in the SSLHandler
// In Java 6, we should call sslContext.getSupportedSSLParameters()
// instead
String[] ciphers = sslContext.getServerSocketFactory().getSupportedCipherSuites();
setEnabledCipherSuites(ciphers);
Here, the configured ciphers are set in the sslHandler.init method :
/**
* Initialize the SSL handshake.
*
* @throws SSLException If the underlying SSLEngine handshake initialization failed
*/
/* no qualifier */void init() throws SSLException {
...
// Set the cipher suite to use by this SslEngine instance
if (sslFilter.getEnabledCipherSuites() != null) {
sslEngine.setEnabledCipherSuites(sslFilter.getEnabledCipherSuites());
}
...
but this is overriden by the lines that follow.
the code should look like :
public void onPreAdd(IoFilterChain parent, String name, NextFilter nextFilter) throws SSLException {
...
// Create a SSL handler and start handshake.
SslHandler sslHandler = new SslHandler(this, session);
// Adding the supported ciphers in the SSLHandler
if ((enabledCipherSuites == null) || (enabledCipherSuites.length == 0)) {
enabledCipherSuites = sslContext.getServerSocketFactory().getSupportedCipherSuites();
}
sslHandler.init();
...