SSL: Don't prohibit SSLv3 ciphers if that's all we have

2014-10-23 15:32:07 +00:00
parent 937a17c5dd
commit d7130c15cc
3 changed files with 17 additions and 3 deletions
--- a/core/java/src/net/i2p/util/I2PSSLSocketFactory.java
+++ b/core/java/src/net/i2p/util/I2PSSLSocketFactory.java
@@ -261,8 +261,15 @@ public class I2PSSLSocketFactory {
     * @since 0.9.16
     */
    public static void setProtocolsAndCiphers(SSLServerSocket socket) {
-        socket.setEnabledProtocols(selectProtocols(socket.getEnabledProtocols(),
-                                                   socket.getSupportedProtocols()));
+        String[] p = selectProtocols(socket.getEnabledProtocols(),
+                                     socket.getSupportedProtocols());
+        for (int i = 0; i < p.length; i++) {
+            // if we left SSLv3 in there, we don't support TLS,
+            // so we should't remove the SSL ciphers
+            if (p.equals("SSLv3"))
+                return;
+        }
+        socket.setEnabledProtocols(p);
        socket.setEnabledCipherSuites(selectCipherSuites(socket.getEnabledCipherSuites(),
                                                         socket.getSupportedCipherSuites()));
    }