Lines 317-323
Link Here
|
317 |
public void setSSLInsecureRenegotiation(boolean SSLInsecureRenegotiation) { this.SSLInsecureRenegotiation = SSLInsecureRenegotiation; } |
317 |
public void setSSLInsecureRenegotiation(boolean SSLInsecureRenegotiation) { this.SSLInsecureRenegotiation = SSLInsecureRenegotiation; } |
318 |
public boolean getSSLInsecureRenegotiation() { return SSLInsecureRenegotiation; } |
318 |
public boolean getSSLInsecureRenegotiation() { return SSLInsecureRenegotiation; } |
319 |
|
319 |
|
|
|
320 |
/** |
321 |
* SSL allow insecure renegotiation for the the client that does not |
322 |
* support the secure renegotiation. |
323 |
*/ |
324 |
protected boolean SSLHonorCipherOrder = false; |
325 |
public void setSSLHonorCipherOrder(boolean SSLHonorCipherOrder) { this.SSLHonorCipherOrder = SSLHonorCipherOrder; } |
326 |
public boolean getSSLHonorCipherOrder() { return SSLHonorCipherOrder; } |
320 |
|
327 |
|
|
|
328 |
|
321 |
/** |
329 |
/** |
322 |
* Port in use. |
330 |
* Port in use. |
323 |
*/ |
331 |
*/ |
Lines 526-531
Link Here
|
526 |
SSL.versionString())); |
534 |
SSL.versionString())); |
527 |
} |
535 |
} |
528 |
} |
536 |
} |
|
|
537 |
if (SSLHonorCipherOrder) { |
538 |
boolean orderCiphersSupported = false; |
539 |
try { |
540 |
orderCiphersSupported = SSL.hasOp(SSL.SSL_OP_CIPHER_SERVER_PREFERENCE); |
541 |
if (orderCiphersSupported) |
542 |
SSLContext.setOptions(sslContext, SSL.SSL_OP_CIPHER_SERVER_PREFERENCE); |
543 |
} catch (UnsatisfiedLinkError e) { |
544 |
// Ignore |
545 |
} |
546 |
if (!orderCiphersSupported) { |
547 |
// OpenSSL does not support ciphers ordering. |
548 |
log.warn(sm.getString("endpoint.warn.noHonorCipherOrder", |
549 |
SSL.versionString())); |
550 |
} |
551 |
} |
529 |
// List the ciphers that the client is permitted to negotiate |
552 |
// List the ciphers that the client is permitted to negotiate |
530 |
SSLContext.setCipherSuite(sslContext, SSLCipherSuite); |
553 |
SSLContext.setCipherSuite(sslContext, SSLCipherSuite); |
531 |
// Load Server key and certificate |
554 |
// Load Server key and certificate |