FISH-5987 Removed SSL2 and SSL3

payara · Mar 30, 2022 · 21094fb · 21094fb
1 parent e69e116
commit 21094fb
Show file tree

Hide file tree

Showing 18 changed files with 49 additions and 334 deletions.
diff --git a/appserver/admingui/common/src/main/resources/shared/sslAttrs.inc b/appserver/admingui/common/src/main/resources/shared/sslAttrs.inc
@@ -65,15 +65,7 @@
      <!afterCreate
         getClientId(component="$this{component}" clientId=>$page{sheetId});
      />
-
-     <sun:property id="SSL3Prop"  labelAlign="left" noWrap="#{true}" overlapLabel="#{false}" label="$resource{i18n.ssl.ssl3Label}" >
-        <sun:checkbox id="SSL3" label="$resource{i18n.desc.Enabled}" selected="#{pageSession.valueMap['ssl3Enabled']}" selectedValue="true" />
-     </sun:property>
-     <!--
-     <sun:property id="SSL2Prop"  rendered="#{ssl2}"  labelAlign="left" noWrap="#{true}" overlapLabel="#{false}" label="$resource{i18n.ssl.ssl2Label}" >
-        <sun:checkbox id="SSL2" label="$resource{i18n.desc.Enabled}" selected="#{pageSession.valueMap['ssl2Enabled']}" selectedValue="true" />
-     </sun:property>
-     -->
+
      <sun:property id="TLSProp12"  labelAlign="left" noWrap="#{true}" overlapLabel="#{false}" label="$resource{i18n.ssl.tlsLabel12}" >
         <sun:checkbox id="TLS12" label="$resource{i18n.desc.Enabled}" selected="#{pageSession.valueMap['tls12Enabled']}" selectedValue="true"/>
      </sun:property>

diff --git a/appserver/admingui/common/src/main/resources/shared/sslPrepare.inc b/appserver/admingui/common/src/main/resources/shared/sslPrepare.inc
@@ -60,7 +60,6 @@ if (! #{requestScope.exist}){
          TODO: REST need to provide an endpoint to get the default value.
       -->
     createMap(result="#{pageSession.valueMap}");
-    mapPut(map="#{pageSession.valueMap}" key="ssl3Enabled" value="false");
     mapPut(map="#{pageSession.valueMap}" key="tls12Enabled" value="true");
     mapPut(map="#{pageSession.valueMap}" key="tls13Enabled" value="true");
     mapPut(map="#{pageSession.valueMap}" key="trustMaxCertLength" value="5");
@@ -73,7 +72,7 @@ if (! #{requestScope.exist}){
 }
 
 //set the following for including buttons.inc
-setPageSessionAttribute(key="convertToFalseList" value={"ssl3Enabled" "tls12Enabled" "tls13Enabled" "clientAuthEnabled" "sniEnabled"})
+setPageSessionAttribute(key="convertToFalseList" value={"tls12Enabled" "tls13Enabled" "clientAuthEnabled" "sniEnabled"})
 setPageSessionAttribute(key="skipAttrsList", value={"sslInactivityTimeout"});
 setPageSessionAttribute(key="showDefaultButton" value="#{false}" )
 setPageSessionAttribute(key="hasPropertySheet" value="#{true}" )

diff --git a/appserver/admingui/common/src/main/resources/shared/sslValidationsJS.inc b/appserver/admingui/common/src/main/resources/shared/sslValidationsJS.inc
@@ -53,20 +53,10 @@
         var ephField = document.getElementById('#{cipherId}:EphemeralCiphersProp:ephemeralAddRemove').selectedValues.value; \
         var bitField = document.getElementById('#{cipherId}:OtherCiphersProp:otherAddRemove').selectedValues.value; \
         var eccField = document.getElementById('#{cipherId}:EccCiphersProp:eccAddRemove').selectedValues.value; \
-        var ssl3Prop = document.getElementById('#{sheetId}:SSL3Prop:SSL3').checked; \
-        if(document.getElementById('#{sheetId}:SSL2Prop:SSL2')) { \
-           var ssl2Prop = document.getElementById('#{sheetId}:SSL2Prop:SSL2').checked; \
-        } \
 	var tls12Prop = document.getElementById('#{sheetId}:TLSProp12:TLS12').checked; \
         var tls13Prop = document.getElementById('#{sheetId}:TLSProp13:TLS13').checked; \
-        if (ssl3Prop || tlsProp || ssl2Prop) {   \
-            var result = checkForValue(getTextElement('#{sheetId}:CertNicknameProp:CertNickname'));  \
-            if(result != true){ \
-                return showAlert('$resource{i18n.msg.JS.ssl.errSslTlsCert}'); \
-            } \
-        } \
         if ((comField != '') || (ephField != '') || (bitField != '') || (eccField != '')){ \
-            if ((!ssl3Prop) &&(!tls12Prop) &&(!tls13Prop)) {   \
+            if ((!tls12Prop) &&(!tls13Prop)) {   \
                 return showAlert('$resource{i18n.msg.JS.ssl.errCiphersSelected}'); \
             } \
         } \

diff --git a/...ver/admingui/devtests/src/test/java/org/glassfish/admingui/devtests/AdminServiceTest.java b/...ver/admingui/devtests/src/test/java/org/glassfish/admingui/devtests/AdminServiceTest.java
@@ -37,7 +37,7 @@
  * only if the new code is made subject to such option by the copyright
  * holder.
  */
-
+// Portions Copyright 2022 Payara Foundation and/or affiliates
 package org.glassfish.admingui.devtests;
 
 import org.junit.Test;
@@ -74,8 +74,6 @@ public void testSsl() {
         clickAndWait("treeForm:tree:configurations:server-config:adminService:adminService_link", TRIGGER_EDIT_JMX_CONNECTOR);
         clickAndWait("form1:jmxConnectorTab:jmxSSLEdit", TRIGGER_SSL);
 
-        clearCheckbox("propertyForm:propertySheet:propertySheetSection:SSL3Prop:SSL3");
-        clearCheckbox("propertyForm:propertySheet:propertySheetSection:TLSProp:TLS");
         markCheckbox("propertyForm:propertySheet:propertySheetSection:ClientAuthProp:ClientAuth");
         setFieldValue("propertyForm:propertySheet:propertySheetSection:CertNicknameProp:CertNickname", nickname);
         setFieldValue("propertyForm:propertySheet:propertySheetSection:keystore:keystore", keystore);
@@ -91,8 +89,6 @@ public void testSsl() {
         clickAndWait("treeForm:tree:configurations:server-config:adminService:adminService_link", TRIGGER_EDIT_JMX_CONNECTOR);
         clickAndWait("form1:jmxConnectorTab:jmxSSLEdit", TRIGGER_SSL);
 
-        assertEquals(false, isChecked("propertyForm:propertySheet:propertySheetSection:SSL3Prop:SSL3"));
-        assertEquals(false, isChecked("propertyForm:propertySheet:propertySheetSection:TLSProp:TLS"));
         assertEquals(true, isChecked("propertyForm:propertySheet:propertySheetSection:ClientAuthProp:ClientAuth"));
         assertEquals(nickname, getFieldValue("propertyForm:propertySheet:propertySheetSection:CertNicknameProp:CertNickname"));
         assertEquals(keystore, getFieldValue("propertyForm:propertySheet:propertySheetSection:keystore:keystore"));

diff --git a/appserver/admingui/reference-manual/src/main/help/en/help/reference/create-ssl.html b/appserver/admingui/reference-manual/src/main/help/en/help/reference/create-ssl.html
@@ -17,7 +17,7 @@
     SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
 
 -->
-<!-- Portions Copyright [2019] [Payara Foundation and/or its affiliates] -->
+<!-- Portions Copyright [2019-2022] [Payara Foundation and/or its affiliates] -->
 <html lang="en">
   <head>
     <meta charset="utf-8"/>
@@ -90,8 +90,7 @@ <h2 id="_create_ssl">create-ssl</h2>
 [--target target]
 --type listener_or_service_type
 --certname cert_name
-[--ssl2enabled={false|true}] [--ssl2ciphers ss12ciphers]
-[--ssl3enabled={true|false}] [--tlsenabled={true|false}]
+[--tlsenabled={true|false}]
 [--ssl3tlsciphers ssl3tlsciphers]
 [--tlsrollbackenabled={true|false}]
 [--clientauthenabled={false|true}]
@@ -192,53 +191,6 @@ <h2 id="_create_ssl">create-ssl</h2>
 the PKCS#11 token. The format of the name in the certificate is
 tokenname:nickname. For this property, the tokenname: is optional.</p>
 </dd>
-<dt class="hdlist1"><code>--ssl2enabled</code></dt>
-<dd>
-<p>Set this property to <code>true</code> to enable SSL2. The default value is
-<code>false</code>. If both SSL2 and SSL3 are enabled for a virtual server, the
-server tries SSL3 encryption first. In the event SSL3 encryption
-fails, the server then tries SSL2 encryption.</p>
-</dd>
-<dt class="hdlist1"><code>--ssl2ciphers</code></dt>
-<dd>
-<p>A comma-separated list of the SSL2 ciphers to be used. Ciphers not
-explicitly listed will be disabled for the target, even if those
-ciphers are available in the particular cipher suite you are using. If
-this option is not used, all supported ciphers are assumed to be
-enabled. Allowed values are:<br></p>
-<div class="ulist">
-<ul>
-<li>
-<p><code>rc4</code></p>
-</li>
-<li>
-<p><code>rc4export</code></p>
-</li>
-<li>
-<p><code>rc2</code></p>
-</li>
-<li>
-<p><code>rc2export</code></p>
-</li>
-<li>
-<p><code>idea</code></p>
-</li>
-<li>
-<p><code>des</code></p>
-</li>
-<li>
-<p><code>desede3</code></p>
-</li>
-</ul>
-</div>
-</dd>
-<dt class="hdlist1"><code>--ssl3enabled</code></dt>
-<dd>
-<p>Set this property to <code>false</code> to disable SSL3. The default value is
-<code>true</code>. If both SSL2 and SSL3 are enabled for a virtual server, the
-server tries SSL3 encryption first. In the event SSL3 encryption
-fails, the server then tries SSL2 encryption.</p>
-</dd>
 <dt class="hdlist1"><code>--tlsenabled</code></dt>
 <dd>
 <p>Set this property to <code>false</code> to disable TLS. The default value is

diff --git a/appserver/appclient/client/acc-config/src/main/resources/configBindings.xml b/appserver/appclient/client/acc-config/src/main/resources/configBindings.xml
@@ -81,8 +81,6 @@
     </element>
 
     <element name="ssl" type="class">
-        <attribute name="ssl2-enabled" property="Ssl2Enabled" convert="boolean"/>
-        <attribute name="ssl3-enabled" property="Ssl3Enabled" convert="boolean"/>
         <attribute name="tls12-enabled" property="Tls12Enabled" convert="boolean"/>
         <attribute name="tls13-enabled" property="Tls13Enabled" convert="boolean"/>
         <attribute name="tls-rollback-enabled" property="TlsRollbackEnabled" convert="boolean"/>