Author: remy.maucherat(a)jboss.com
Date: 2014-12-08 06:47:04 -0500 (Mon, 08 Dec 2014)
New Revision: 2570
Modified:
branches/7.5.x/src/main/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
Log:
Allow SSLv2Hello if Java 6. But this is a very short term strategy probably.
Modified:
branches/7.5.x/src/main/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
===================================================================
---
branches/7.5.x/src/main/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java 2014-12-08
09:56:56 UTC (rev 2569)
+++
branches/7.5.x/src/main/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java 2014-12-08
11:47:04 UTC (rev 2570)
@@ -736,23 +736,24 @@
}
public static String[] filterInsecureProcotols(String[] protocols) {
- // Filtering is disabled for Java 6 compatibility (TLS is nearly unusable with
it)
- return protocols;
- /*
if (protocols == null) {
return null;
}
+ String vmVersion = System.getProperty("java.runtime.version");
+ boolean isJava6JVM = (vmVersion != null) &&
vmVersion.startsWith("1.6");
List<String> result = new ArrayList<String>(protocols.length);
for (String protocol : protocols) {
if (protocol == null ||
protocol.toUpperCase(Locale.ENGLISH).contains("SSL")) {
if (CoyoteLogger.UTIL_LOGGER.isDebugEnabled()) {
CoyoteLogger.UTIL_LOGGER.debug("Exclude protocol: " +
protocol);
}
+ if (protocol != null && isJava6JVM &&
protocol.equalsIgnoreCase("SSLv2Hello")) {
+ result.add(protocol);
+ }
} else {
result.add(protocol);
}
}
return result.toArray(new String[result.size()]);
- */
}
}