motiejus
/
jgit
1
Fork 0
Code Releases Activity

Don't use SSL anymore to avoid POODLE attack 

For details about poodle see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566

Bug 450170
Change-Id: Ib169e88d9d51f4d0e6caa3a498f48edc81e0991d
Signed-off-by: Dani Megert <Daniel_Megert@ch.ibm.com>
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
This commit is contained in:
Dani Megert 2014-11-05 17:05:34 +01:00 committed by Matthias Sohn
parent dcb52291a9
commit 3e131a35e3
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
org.eclipse.jgit/src/org/eclipse/jgit/transport/http/JDKHttpConnection.java
View File

@ -186,7 +186,7 @@ public void setHostnameVerifier(HostnameVerifier hostnameverifier) {
public void configure(KeyManager[] km, TrustManager[] tm,
SecureRandom random) throws NoSuchAlgorithmException,
KeyManagementException {
SSLContext ctx = SSLContext.getInstance("SSL"); //$NON-NLS-1$
SSLContext ctx = SSLContext.getInstance("TLS"); //$NON-NLS-1$
ctx.init(km, tm, random);
((HttpsURLConnection) wrappedUrlConnection).setSSLSocketFactory(ctx
.getSocketFactory());