[teiid-commits] teiid SVN: r3538 - in trunk: runtime/src/main/java/org/teiid/transport and 1 other directory.
teiid-commits at lists.jboss.org
teiid-commits at lists.jboss.org
Thu Oct 6 16:43:45 EDT 2011
Author: rareddy
Date: 2011-10-06 16:43:45 -0400 (Thu, 06 Oct 2011)
New Revision: 3538
Modified:
trunk/build/kits/jboss-container/deploy/teiid/teiid-jboss-beans.xml
trunk/runtime/src/main/java/org/teiid/transport/SSLConfiguration.java
Log:
TEIID-1772: adding ability custom configure the cipher suites for ssl connection
Modified: trunk/build/kits/jboss-container/deploy/teiid/teiid-jboss-beans.xml
===================================================================
--- trunk/build/kits/jboss-container/deploy/teiid/teiid-jboss-beans.xml 2011-10-06 19:40:43 UTC (rev 3537)
+++ trunk/build/kits/jboss-container/deploy/teiid/teiid-jboss-beans.xml 2011-10-06 20:43:45 UTC (rev 3538)
@@ -231,6 +231,9 @@
<property name="truststorePassword">passwd</property>
<!-- 1-way, 2-way, anonymous -->
<property name="authenticationMode">anonymous</property>
+ <!-- uncomment for enforcing the minimum 128 bit encryption, edit or supply only supported cipher suites from JVM
+ <property name="enabledCipherSuites">SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_KRB5_WITH_RC4_128_MD5,TLS_KRB5_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_KRB5_WITH_3DES_EDE_CBC_MD5,TLS_KRB5_WITH_3DES_EDE_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_DSS_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA</property>
+ -->
</bean>
<!-- JDBC Socket connection properties (SSL see below) -->
Modified: trunk/runtime/src/main/java/org/teiid/transport/SSLConfiguration.java
===================================================================
--- trunk/runtime/src/main/java/org/teiid/transport/SSLConfiguration.java 2011-10-06 19:40:43 UTC (rev 3537)
+++ trunk/runtime/src/main/java/org/teiid/transport/SSLConfiguration.java 2011-10-06 20:43:45 UTC (rev 3538)
@@ -24,7 +24,9 @@
import java.io.IOException;
import java.security.GeneralSecurityException;
+import java.util.ArrayList;
import java.util.Arrays;
+import java.util.StringTokenizer;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
@@ -59,8 +61,10 @@
private String trustStoreFileName;
private String trustStorePassword = ""; //$NON-NLS-1$
private String authenticationMode = ONEWAY;
+ private String[] enabledCipherSuites;
- public SSLEngine getServerSSLEngine() throws IOException, GeneralSecurityException {
+
+ public SSLEngine getServerSSLEngine() throws IOException, GeneralSecurityException {
if (!isSslEnabled()) {
return null;
}
@@ -86,10 +90,13 @@
if (!(Arrays.asList(result.getSupportedCipherSuites()).contains(SocketUtil.ANON_CIPHER_SUITE))) {
throw new GeneralSecurityException(RuntimePlugin.Util.getString("SSLConfiguration.no_anonymous")); //$NON-NLS-1$
}
- result.setEnabledCipherSuites(new String[] {
- SocketUtil.ANON_CIPHER_SUITE
- });
- }
+ result.setEnabledCipherSuites(this.enabledCipherSuites == null?new String[] {SocketUtil.ANON_CIPHER_SUITE}:this.enabledCipherSuites);
+ } else {
+ if (this.enabledCipherSuites != null) {
+ result.setEnabledCipherSuites(this.enabledCipherSuites);
+ }
+ }
+
result.setNeedClientAuth(TWOWAY.equals(authenticationMode));
return result;
}
@@ -142,4 +149,15 @@
this.authenticationMode = value;
}
+ public void setEnabledCipherSuites(String enabledCipherSuites) {
+ ArrayList<String> ciphers = new ArrayList<String>();
+ StringTokenizer st = new StringTokenizer(enabledCipherSuites);
+ while(st.hasMoreTokens()) {
+ ciphers.add(st.nextToken().trim());
+ }
+
+ if (!ciphers.isEmpty()) {
+ this.enabledCipherSuites = ciphers.toArray(new String[ciphers.size()]);
+ }
+ }
}
More information about the teiid-commits
mailing list