Uploaded image for project: 'MINA'
  1. MINA
  2. DIRMINA-1028

The supported ciphers configuration might not be used

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.0.13
    • Fix Version/s: 2.0.14
    • Component/s: None
    • Labels:
      None

      Description

      The fact is that we apply the SslContext ciphers instead of the ones that has been configured in the filter :

              sslHandler.init();
      
              // Adding the supported ciphers in the SSLHandler
              // In Java 6, we should call sslContext.getSupportedSSLParameters()
              // instead
              String[] ciphers = sslContext.getServerSocketFactory().getSupportedCipherSuites();
              setEnabledCipherSuites(ciphers);
      

      Here, the configured ciphers are set in the sslHandler.init method :

          /**
           * Initialize the SSL handshake.
           *
           * @throws SSLException If the underlying SSLEngine handshake initialization failed
           */
          /* no qualifier */void init() throws SSLException {
          ...
              // Set the cipher suite to use by this SslEngine instance
              if (sslFilter.getEnabledCipherSuites() != null) {
                  sslEngine.setEnabledCipherSuites(sslFilter.getEnabledCipherSuites());
              }
          ...
      

      but this is overriden by the lines that follow.

      the code should look like :

          public void onPreAdd(IoFilterChain parent, String name, NextFilter nextFilter) throws SSLException {
              ...
              // Create a SSL handler and start handshake.
              SslHandler sslHandler = new SslHandler(this, session);
              
              // Adding the supported ciphers in the SSLHandler
              if ((enabledCipherSuites == null) || (enabledCipherSuites.length == 0)) {
                  enabledCipherSuites = sslContext.getServerSocketFactory().getSupportedCipherSuites();
              }
      
              sslHandler.init();
              ...
      

        Activity

        Show
        elecharny Emmanuel Lecharny added a comment - Should be fixed with http://git-wip-us.apache.org/repos/asf/mina/commit/50b70a05

          People

          • Assignee:
            Unassigned
            Reporter:
            elecharny Emmanuel Lecharny
          • Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development