Lines 393-399
Link Here
|
393 |
|
393 |
|
394 |
// ----------------------------------------------- Public Lifecycle Methods |
394 |
// ----------------------------------------------- Public Lifecycle Methods |
395 |
|
395 |
|
|
|
396 |
private boolean isTLS11Supported() { |
397 |
return SSL.hasOp(SSL.SSL_OP_NO_TLSv1_1); |
398 |
} |
396 |
|
399 |
|
|
|
400 |
private boolean isTLS12Supported() { |
401 |
return SSL.hasOp(SSL.SSL_OP_NO_TLSv1_2); |
402 |
} |
403 |
|
404 |
private int getSSLProtocolAll() { |
405 |
int value = SSL.SSL_PROTOCOL_ALL; |
406 |
if (!isTLS11Supported()) { |
407 |
value &= ~SSL.SSL_PROTOCOL_TLSV1_1; |
408 |
} |
409 |
if (!isTLS12Supported()) { |
410 |
value &= ~SSL.SSL_PROTOCOL_TLSV1_2; |
411 |
} |
412 |
return value; |
413 |
} |
414 |
|
397 |
/** |
415 |
/** |
398 |
* Initialize the endpoint. |
416 |
* Initialize the endpoint. |
399 |
*/ |
417 |
*/ |
Lines 505-511
Link Here
|
505 |
// SSL protocol |
523 |
// SSL protocol |
506 |
int value = SSL.SSL_PROTOCOL_NONE; |
524 |
int value = SSL.SSL_PROTOCOL_NONE; |
507 |
if (SSLProtocol == null || SSLProtocol.length() == 0) { |
525 |
if (SSLProtocol == null || SSLProtocol.length() == 0) { |
508 |
value = SSL.SSL_PROTOCOL_ALL; |
526 |
value = getSSLProtocolAll(); |
509 |
} else { |
527 |
} else { |
510 |
for (String protocol : SSLProtocol.split("\\+")) { |
528 |
for (String protocol : SSLProtocol.split("\\+")) { |
511 |
protocol = protocol.trim(); |
529 |
protocol = protocol.trim(); |
Lines 515-522
Link Here
|
515 |
value |= SSL.SSL_PROTOCOL_SSLV3; |
533 |
value |= SSL.SSL_PROTOCOL_SSLV3; |
516 |
} else if ("TLSv1".equalsIgnoreCase(protocol)) { |
534 |
} else if ("TLSv1".equalsIgnoreCase(protocol)) { |
517 |
value |= SSL.SSL_PROTOCOL_TLSV1; |
535 |
value |= SSL.SSL_PROTOCOL_TLSV1; |
|
|
536 |
} else if ("TLSv1.1".equalsIgnoreCase(protocol)) { |
537 |
if (!isTLS11Supported()) { |
538 |
throw new Exception(sm.getString( |
539 |
"endpoint.apr.invalidSslProtocol", SSLProtocol)); |
540 |
} |
541 |
value |= SSL.SSL_PROTOCOL_TLSV1_1; |
542 |
} else if ("TLSv1.2".equalsIgnoreCase(protocol)) { |
543 |
if (!isTLS12Supported()) { |
544 |
throw new Exception(sm.getString( |
545 |
"endpoint.apr.invalidSslProtocol", SSLProtocol)); |
546 |
} |
547 |
value |= SSL.SSL_PROTOCOL_TLSV1_2; |
518 |
} else if ("all".equalsIgnoreCase(protocol)) { |
548 |
} else if ("all".equalsIgnoreCase(protocol)) { |
519 |
value |= SSL.SSL_PROTOCOL_ALL; |
549 |
value |= getSSLProtocolAll(); |
520 |
} else { |
550 |
} else { |
521 |
// Protocol not recognized, fail to start as it is safer than |
551 |
// Protocol not recognized, fail to start as it is safer than |
522 |
// continuing with the default which might enable more than the |
552 |
// continuing with the default which might enable more than the |