Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Adding support to restrict SSL protocols and Cypher Suites
- Loading branch information
Showing
14 changed files
with
135 additions
and
42 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
19 changes: 19 additions & 0 deletions
19
blended.security.ssl/src/main/scala/blended/security/ssl/SslContextInfo.scala
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
package blended.security.ssl | ||
|
||
trait SslContextInfo { | ||
|
||
val allowedCyphers : List[String] | ||
|
||
def getProtocol() : String | ||
def getEnabledProtocols() : Array[String] | ||
def getEnabledCypherSuites() : Array[String] | ||
|
||
def getInvalidCypherSuites() : Array[String] = { | ||
getEnabledCypherSuites().filter{ s => !allowedCyphers.contains(s) } | ||
} | ||
|
||
override def toString: String = s"SSLContextInfo(protocol=$getProtocol()," + | ||
s"enabledProtocols=${getEnabledProtocols().mkString(",")},\n" + | ||
s"enabledCyphers=${getEnabledCypherSuites().mkString(",\n")}\n" + | ||
s"invalidCyphers=${getInvalidCypherSuites().mkString(",\n")}\n)" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
15 changes: 0 additions & 15 deletions
15
blended.security.ssl/src/main/scala/blended/security/ssl/internal/ServerContextInfo.scala
This file was deleted.
Oops, something went wrong.
17 changes: 17 additions & 0 deletions
17
blended.security.ssl/src/main/scala/blended/security/ssl/internal/SslContextInfo.scala
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
package blended.security.ssl.internal | ||
|
||
import blended.security.ssl.{ SslContextInfo => SslContextInfoTrait } | ||
import javax.net.ssl.SSLContext | ||
|
||
trait SslContextInfoMBean extends SslContextInfoTrait | ||
|
||
class SslContextInfo( | ||
sslContext : SSLContext, | ||
override val allowedCyphers: List[String] | ||
) extends SslContextInfoMBean { | ||
|
||
override def getProtocol(): String = sslContext.getProtocol() | ||
override def getEnabledProtocols(): Array[String] = sslContext.getDefaultSSLParameters().getProtocols() | ||
override def getEnabledCypherSuites(): Array[String] = sslContext.getDefaultSSLParameters().getCipherSuites() | ||
|
||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
9 changes: 9 additions & 0 deletions
9
blended.security.ssl/src/test/resources/container/security.properties
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
crypto.policy=unlimited | ||
|
||
jdk.certpath.disabledAlgorithms=MD2, MD5, SHA1 jdkCA & usage TLSServer, \ | ||
RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224 | ||
|
||
jdk.tls.disabledAlgorithms=TlSv1, TLSv1.1, SSLv3, DHE_DSS, DHE_RSA, RC4, DES, MD5withRSA, DH keySize < 1024, \ | ||
EC keySize < 224, 3DES_EDE_CBC, AES_128_CBC, AES_128_GCM, TLS_EMPTY_RENEGOTIATION_INFO_SCSV, \ | ||
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, \ | ||
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,17 +1,17 @@ | ||
-----BEGIN PGP SIGNATURE----- | ||
Version: BCPG v1.51 | ||
|
||
iQIcBAABAgAGBQJceRcXAAoJEEYY0oeTi6qO7YsP/0ky0rdZf02dYuUUSC3fRtfI | ||
zqwOHQ8d443L6uayqeuTIjsl2+vLtJ5PnD5wGUI8s3CQAJK41c2Y5vvqt6oW3qDJ | ||
ppLVAk28zieoRocZhCmJwZTm67Lbi9g8LeGxFHNnRXt8k9+ib6bEx1DCO98aZwCs | ||
+ISNEexQXO2G/ZEtOxfarYayV/MtJQeJ8bjcrqlmzaRuZfmjIYCpm5Me8jh+OsW2 | ||
JyWNr539PTYECu8qgY919KdNGga3vAMc9ml8zBe+9pOvsvAdlUPHXXvA9zrOefmu | ||
ghgT4rtLsnpUDny7UYprr51YgTz4rNTaWNNuDXwqko2JbSn6b4/dYk3q+Us3TTyW | ||
6TrmqYiXj7x3qTeS7VX0vQYLHSt40FVKnxa9s1hModI6te5iWHS2qAJN4hKKr8kb | ||
EIqtsxQJYysotedGIMxDjRJK2TqlnvjcEx2qmpkvO9p0ignOeXWQGv9Zm3c0KQZ0 | ||
Fr/VqCBnklBPio6hYlq4/jS6NmvolBHek2DYw6JvjYyk96G/8GUGf699aG9NBQOo | ||
2CNyir6QN7vuj1ZopM7wCcYOD+tNyxrZ4rAURHE38lQ/VVveg678Mkq/ejSARUZ6 | ||
9TT0Y1IU0hxSVVxGXM2OUhmMN/Wdb1dlohna7s3kQVLi0TqYvGpw0uGumXf0Yxj0 | ||
AIz3OlqWqWh+AdJm9zO1 | ||
=ijTV | ||
iQIcBAABAgAGBQJcfmcBAAoJEEYY0oeTi6qOOscQAIYL6nNsARfM7tOAOMAB7iO1 | ||
pYraogSl6kP2w+0cpwznfY/3XhRr4vk5BFkZoBhNCQUtCWDLmuLAzF2O0fdqnTlA | ||
z5frWG0vv3WsirSSMniwZTRwAW5hVEcHUeMPnvD6Ko8e/sd259OhFE5wmpDbwHQE | ||
bduq45IEmp3X7N2R93kXhdTW9pypqEUTEiNSsKFE1/1zt+LmAwPaPv59KxAXmbNl | ||
siHyJLOkAKF7rIpZRdsJR8Zjmo7dhLQMx9JEuaM6z3Gkm7+dIqTHGaUUx3Rmr1M9 | ||
DlfSo2zxcAh+DLfyDFjKvANVn2RLCxDvl3wPjr0uejwNudeCRIavEugRUYH1gCbI | ||
tqeuSzKdxIk6YVgQ15R/x9G4SSk/VKVMsQ/qjHm6Rm4nbSo1MPdX75SuxaGvMruS | ||
izaPBlR0w82XDjYqy54jgTYHlz3UBR+AcWhGW4W7bv9oSd3gzOyjMNfoOura9jUK | ||
xwSGK+kXqHUkJQ+yJmI7L55JfONNUY98LvUa9oXnKA851lDIuTGtigq96dVQfh1Y | ||
OnV00Nd/ZNz4wVjtPAgf+u70GxtOqOzq8mM8NL2jyZLiFWFquHJABCTCCEgZp3zi | ||
CFDe3HXz8BK7sn+aRIdGMdtryd5VNYavwj3zpk090I9MU6QtUGwXHTYvC1bVRNyb | ||
IfyncMan8G45ELDozGXd | ||
=2IMc | ||
-----END PGP SIGNATURE----- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1 @@ | ||
3.0-M5 | ||
3.0-M6-SNAPSHOT |