Uploaded image for project: 'MariaDB Connector/J'
  1. MariaDB Connector/J
  2. CONJ-332

enabledSslCipherSuites driver setting does not enable new ciphers

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • Critical
    • Resolution: Fixed
    • 1.5.1-RC
    • 1.5.2
    • Failover
    • None

    Description

      The provided enabledSslCipherSuites in org.mariadb.jdbc.internal.protocol.AbstractConnectProtocol.enabledSslCipherSuites(SSLSocket sslSocket) is compared against sslSocket.getEnabledCipherSuites() instead of sslSocket.getSupportedCipherSuites(). This will always fail if you want to enable a new CipherSuite not in the current enabled cipher list.

      The enabledSslProtocolSuites is implemented correctly by comparing against sslSocket.getSupportedProtocols().

      This functionality is Critical for enabling TLS 1.2 protocol and ciphers on Java 7 to connect to Mariadb

      protected void enabledSslCipherSuites(SSLSocket sslSocket) throws QueryException {
      if (options.enabledSslCipherSuites != null) {
      List<String> possibleCiphers = Arrays.asList(sslSocket.getEnabledCipherSuites());
      String[] ciphers = options.enabledSslCipherSuites.split("[,;\\s]+");
      for (String cipher : ciphers) {
      if (!possibleCiphers.contains(cipher))

      { throw new QueryException("Unsupported SSL cipher '" + cipher + "'. Supported ciphers : " + possibleCiphers.toString().replace("[", "").replace("]", "")); }

      }
      sslSocket.setEnabledCipherSuites(ciphers);
      }
      }

      protected void enabledSslProtocolSuites(SSLSocket sslSocket) throws QueryException {
      if (options.enabledSslProtocolSuites == null) {
      sslSocket.setEnabledProtocols(new String[]

      {"TLSv1", "TLSv1.1"}

      );
      } else {
      List<String> possibleProtocols = Arrays.asList(sslSocket.getSupportedProtocols());
      String[] protocols = options.enabledSslProtocolSuites.split("[,;\\s]+");
      for (String protocol : protocols) {
      if (!possibleProtocols.contains(protocol))

      { throw new QueryException("Unsupported SSL protocol '" + protocol + "'. Supported protocols : " + possibleProtocols.toString().replace("[", "").replace("]", "")); }

      }
      sslSocket.setEnabledProtocols(protocols);
      }
      }

      Attachments

        Activity

          People

            diego dupin Diego Dupin
            kgrandhe@us.ibm.com Kishor Grandhe
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.