From ff40722e7d889871cb2a1a69fea974ab202e003e Mon Sep 17 00:00:00 2001 From: Dave Cridland Date: Fri, 8 Jan 2016 20:08:20 +0000 Subject: [PATCH] Address review comments --- src/i18n/openfire_i18n_en.properties | 2 +- .../openfire/spi/EncryptionArtifactFactory.java | 13 +++---------- 2 files changed, 4 insertions(+), 11 deletions(-) diff --git a/src/i18n/openfire_i18n_en.properties b/src/i18n/openfire_i18n_en.properties index befb641e02..6123f3433f 100644 --- a/src/i18n/openfire_i18n_en.properties +++ b/src/i18n/openfire_i18n_en.properties @@ -1661,7 +1661,7 @@ connection.advanced.settings.certchain.label_selfsigned=Allow peer certificates connection.advanced.settings.certchain.label_validity=Verify that the certificate is currently valid (based on the 'notBefore' and 'notAfter' values of the certificate). connection.advanced.settings.protocols.boxtitle=Encryption Protocols connection.advanced.settings.protocols.info=These are all encryption protocols that this instance of Openfire supports. Those with a checked box are enabled, and can be used to establish an encrypted connection. Deselecting all values will cause a default to be restored. -connection.advanced.settings.protocols.sslv2hello.info=When setting up a new encrypted connection some encryption protocols allow you to have part of the handshake (the 'hello') encapsulated in an SSLv2 format. The SSLv2Hello option below controls this encapsulation. When disabled, all incoming data must conform to the SSLv3/TLSv1 handshake format, and all outgoing data (which applies to outbound server-to-server connections) will conform to the SSLv3/TLSv1 format. +connection.advanced.settings.protocols.sslv2hello.info=When setting up a new encrypted connection some encryption protocols allow you to have part of the handshake (the 'hello') encapsulated in an SSLv2 format. The SSLv2Hello option below controls this encapsulation. When enabled, incoming data may use the SSLv2 handshake format (but SSLv2 itself will never be allowed). When disabled, all incoming data must conform to the SSLv3/TLSv1 handshake format. All outgoing data (which applies to outbound server-to-server connections) will always conform to the SSLv3/TLSv1 format irrespective of this setting. connection.advanced.settings.ciphersuites.boxtitle=Encryption Cipher Suites connection.advanced.settings.ciphersuites.info=These are all encryption cipher suites that this instance of Openfire supports. Those in the list on the left are enabled, and can be used to establish an encrypted connection. Removing all values from that list will cause a default to be restored. connection.advanced.settings.ciphersuites.label_enable=Enabled diff --git a/src/java/org/jivesoftware/openfire/spi/EncryptionArtifactFactory.java b/src/java/org/jivesoftware/openfire/spi/EncryptionArtifactFactory.java index 1652bf995d..0570d32bf6 100644 --- a/src/java/org/jivesoftware/openfire/spi/EncryptionArtifactFactory.java +++ b/src/java/org/jivesoftware/openfire/spi/EncryptionArtifactFactory.java @@ -169,16 +169,9 @@ public SSLEngine createClientModeSSLEngine() throws UnrecoverableKeyException, N { final SSLEngine sslEngine = createSSLEngine(); sslEngine.setUseClientMode( true ); - String[] protocols = sslEngine.getEnabledProtocols(); - if (this.configuration.getEncryptionProtocols().contains("SSLv2Hello")) { - Set set = new HashSet<>(); - for (String s : protocols) { - if (!s.equals("SSLv2Hello")) { - set.add(s); - } - } - sslEngine.setEnabledProtocols(set.toArray(new String[set.size()])); - } + final Set protocols = new LinkedHashSet<>( Arrays.asList( sslEngine.getEnabledProtocols() ) ); + protocols.remove( "SSLv2Hello" ); + sslEngine.setEnabledProtocols( protocols.toArray( new String[ protocols.size() ] ) ); return sslEngine; }