提交 84278f23 authored 作者: Tomas Pospichal's avatar Tomas Pospichal

Make anonymous TLS ciphers first in order when enabled.

Allow also anonymous 3DES ciphers to be used.
上级 84745974
......@@ -23,6 +23,7 @@ import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.LinkedHashSet;
import java.util.Properties;
import javax.net.ServerSocketFactory;
import javax.net.ssl.SSLServerSocket;
......@@ -270,16 +271,16 @@ public class CipherFactory {
}
private static String[] enableAnonymous(String[] enabled, String[] supported) {
HashSet<String> set = new HashSet<String>();
Collections.addAll(set, enabled);
LinkedHashSet<String> set = new LinkedHashSet<String>();
for (String x : supported) {
if (!x.startsWith("SSL") &&
x.indexOf("_anon_") >= 0 &&
x.indexOf("_AES_") >= 0 &&
(x.indexOf("_AES_") >= 0 || x.indexOf("_3DES_") >= 0) &&
x.indexOf("_SHA") >= 0) {
set.add(x);
}
}
Collections.addAll(set, enabled);
return set.toArray(new String[0]);
}
......
Markdown 格式
0%
您添加了 0 到此讨论。请谨慎行事。
请先完成此评论的编辑!
注册 或者 后发表评论