Uploaded image for project: 'MariaDB Connector/J'
  1. MariaDB Connector/J
  2. CONJ-332

enabledSslCipherSuites driver setting does not enable new ciphers

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 1.5.1-RC
    • Fix Version/s: 1.5.2
    • Component/s: Failover
    • Labels:
      None

      Description

      The provided enabledSslCipherSuites in org.mariadb.jdbc.internal.protocol.AbstractConnectProtocol.enabledSslCipherSuites(SSLSocket sslSocket) is compared against sslSocket.getEnabledCipherSuites() instead of sslSocket.getSupportedCipherSuites(). This will always fail if you want to enable a new CipherSuite not in the current enabled cipher list.

      The enabledSslProtocolSuites is implemented correctly by comparing against sslSocket.getSupportedProtocols().

      This functionality is Critical for enabling TLS 1.2 protocol and ciphers on Java 7 to connect to Mariadb

      protected void enabledSslCipherSuites(SSLSocket sslSocket) throws QueryException {
      if (options.enabledSslCipherSuites != null) {
      List<String> possibleCiphers = Arrays.asList(sslSocket.getEnabledCipherSuites());
      String[] ciphers = options.enabledSslCipherSuites.split("[,;\\s]+");
      for (String cipher : ciphers) {
      if (!possibleCiphers.contains(cipher))

      { throw new QueryException("Unsupported SSL cipher '" + cipher + "'. Supported ciphers : " + possibleCiphers.toString().replace("[", "").replace("]", "")); }

      }
      sslSocket.setEnabledCipherSuites(ciphers);
      }
      }

      protected void enabledSslProtocolSuites(SSLSocket sslSocket) throws QueryException {
      if (options.enabledSslProtocolSuites == null) {
      sslSocket.setEnabledProtocols(new String[]

      {"TLSv1", "TLSv1.1"}

      );
      } else {
      List<String> possibleProtocols = Arrays.asList(sslSocket.getSupportedProtocols());
      String[] protocols = options.enabledSslProtocolSuites.split("[,;\\s]+");
      for (String protocol : protocols) {
      if (!possibleProtocols.contains(protocol))

      { throw new QueryException("Unsupported SSL protocol '" + protocol + "'. Supported protocols : " + possibleProtocols.toString().replace("[", "").replace("]", "")); }

      }
      sslSocket.setEnabledProtocols(protocols);
      }
      }

        Attachments

          Activity

            People

            Assignee:
            diego dupin Diego Dupin
            Reporter:
            kgrandhe@us.ibm.com Kishor Grandhe
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Git Integration