Address review comments

igniterealtime · Jan 8, 2016 · ff40722 · ff40722
1 parent 66fed72
commit ff40722
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 11 deletions.
diff --git a/src/i18n/openfire_i18n_en.properties b/src/i18n/openfire_i18n_en.properties
@@ -1661,7 +1661,7 @@ connection.advanced.settings.certchain.label_selfsigned=Allow peer certificates
 connection.advanced.settings.certchain.label_validity=Verify that the certificate is currently valid (based on the 'notBefore' and 'notAfter' values of the certificate).
 connection.advanced.settings.protocols.boxtitle=Encryption Protocols
 connection.advanced.settings.protocols.info=These are all encryption protocols that this instance of Openfire supports. Those with a checked box are enabled, and can be used to establish an encrypted connection. Deselecting all values will cause a default to be restored.
-connection.advanced.settings.protocols.sslv2hello.info=When setting up a new encrypted connection some encryption protocols allow you to have part of the handshake (the 'hello') encapsulated in an SSLv2 format. The SSLv2Hello option below controls this encapsulation. When disabled, all incoming data must conform to the SSLv3/TLSv1 handshake format, and all outgoing data (which applies to outbound server-to-server connections) will conform to the SSLv3/TLSv1 format.
+connection.advanced.settings.protocols.sslv2hello.info=When setting up a new encrypted connection some encryption protocols allow you to have part of the handshake (the 'hello') encapsulated in an SSLv2 format. The SSLv2Hello option below controls this encapsulation. When enabled, incoming data may use the SSLv2 handshake format (but SSLv2 itself will never be allowed). When disabled, all incoming data must conform to the SSLv3/TLSv1 handshake format. All outgoing data (which applies to outbound server-to-server connections) will always conform to the SSLv3/TLSv1 format irrespective of this setting.
 connection.advanced.settings.ciphersuites.boxtitle=Encryption Cipher Suites
 connection.advanced.settings.ciphersuites.info=These are all encryption cipher suites that this instance of Openfire supports. Those in the list on the left are enabled, and can be used to establish an encrypted connection. Removing all values from that list will cause a default to be restored.
 connection.advanced.settings.ciphersuites.label_enable=Enabled

diff --git a/src/java/org/jivesoftware/openfire/spi/EncryptionArtifactFactory.java b/src/java/org/jivesoftware/openfire/spi/EncryptionArtifactFactory.java
@@ -169,16 +169,9 @@ public SSLEngine createClientModeSSLEngine() throws UnrecoverableKeyException, N
     {
         final SSLEngine sslEngine = createSSLEngine();
         sslEngine.setUseClientMode( true );
-        String[] protocols = sslEngine.getEnabledProtocols();
-        if (this.configuration.getEncryptionProtocols().contains("SSLv2Hello")) {
-            Set<String> set = new HashSet<>();
-            for (String s : protocols) {
-                if (!s.equals("SSLv2Hello")) {
-                    set.add(s);
-                }
-            }
-            sslEngine.setEnabledProtocols(set.toArray(new String[set.size()]));
-        }
+        final Set<String> protocols = new LinkedHashSet<>( Arrays.asList( sslEngine.getEnabledProtocols() ) );
+        protocols.remove( "SSLv2Hello" );
+        sslEngine.setEnabledProtocols( protocols.toArray( new String[ protocols.size() ] ) );
 
         return sslEngine;
     }