Address review comments

ff40722e · Dave Cridland · 66fed72a · ff40722e · ff40722e
Commit ff40722e authored Jan 08, 2016 by Dave Cridland
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 11 deletions

openfire_i18n_en.properties src/i18n/openfire_i18n_en.properties +1 -1

EncryptionArtifactFactory.java .../jivesoftware/openfire/spi/EncryptionArtifactFactory.java +3 -10

No files found.
--- a/src/i18n/openfire_i18n_en.properties
+++ b/src/i18n/openfire_i18n_en.properties
@@ -1661,7 +1661,7 @@ connection.advanced.settings.certchain.label_selfsigned=Allow peer certificates
 connection.advanced.settings.certchain.label_validity=Verify that the certificate is currently valid (based on the 'notBefore' and 'notAfter' values of the certificate).
 connection.advanced.settings.protocols.boxtitle=Encryption Protocols
 connection.advanced.settings.protocols.info=These are all encryption protocols that this instance of Openfire supports. Those with a checked box are enabled, and can be used to establish an encrypted connection. Deselecting all values will cause a default to be restored.
-connection.advanced.settings.protocols.sslv2hello.info=When setting up a new encrypted connection some encryption protocols allow you to have part of the handshake (the 'hello') encapsulated in an SSLv2 format. The SSLv2Hello option below controls this encapsulation. When disabled, all incoming data must conform to the SSLv3/TLSv1 handshake format, and all outgoing data (which applies to outbound server-to-server connections) will conform to the SSLv3/TLSv1 format.
+connection.advanced.settings.protocols.sslv2hello.info=When setting up a new encrypted connection some encryption protocols allow you to have part of the handshake (the 'hello') encapsulated in an SSLv2 format. The SSLv2Hello option below controls this encapsulation. When enabled, incoming data may use the SSLv2 handshake format (but SSLv2 itself will never be allowed). When disabled, all incoming data must conform to the SSLv3/TLSv1 handshake format. All outgoing data (which applies to outbound server-to-server connections) will always conform to the SSLv3/TLSv1 format irrespective of this setting.
 connection.advanced.settings.ciphersuites.boxtitle=Encryption Cipher Suites
 connection.advanced.settings.ciphersuites.info=These are all encryption cipher suites that this instance of Openfire supports. Those in the list on the left are enabled, and can be used to establish an encrypted connection. Removing all values from that list will cause a default to be restored.
 connection.advanced.settings.ciphersuites.label_enable=Enabled

--- a/src/java/org/jivesoftware/openfire/spi/EncryptionArtifactFactory.java
+++ b/src/java/org/jivesoftware/openfire/spi/EncryptionArtifactFactory.java
@@ -169,16 +169,9 @@ public class EncryptionArtifactFactory
    {
        final SSLEngine sslEngine = createSSLEngine();
        sslEngine.setUseClientMode( true );
-        String[] protocols = sslEngine.getEnabledProtocols();
-        if (this.configuration.getEncryptionProtocols().contains("SSLv2Hello")) {
-            Set<String> set = new HashSet<>();
-            for (String s : protocols) {
-                if (!s.equals("SSLv2Hello")) {
-                    set.add(s);
-                }
-            }
-            sslEngine.setEnabledProtocols(set.toArray(new String[set.size()]));
-        }
+        final Set<String> protocols = new LinkedHashSet<>( Arrays.asList( sslEngine.getEnabledProtocols() ) );
+        protocols.remove( "SSLv2Hello" );
+        sslEngine.setEnabledProtocols( protocols.toArray( new String[ protocols.size() ] ) );

        return sslEngine;
    }