Don't use SSL anymore to avoid POODLE attack

For details about poodle see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566 Bug 450170 Change-Id: Ib169e88d9d51f4d0e6caa3a498f48edc81e0991d Signed-off-by: Dani Megert <Daniel_Megert@ch.ibm.com> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
10 years ago · 3e131a35e3
1 changed files with 1 additions and 1 deletions
--- a/org.eclipse.jgit/src/org/eclipse/jgit/transport/http/JDKHttpConnection.java
+++ b/org.eclipse.jgit/src/org/eclipse/jgit/transport/http/JDKHttpConnection.java
@ -186,7 +186,7 @@ public class JDKHttpConnection implements HttpConnection {
 	public void configure(KeyManager[] km, TrustManager[] tm,
 			SecureRandom random) throws NoSuchAlgorithmException,
 			KeyManagementException {
-		SSLContext ctx = SSLContext.getInstance("SSL"); //$NON-NLS-1$
+		SSLContext ctx = SSLContext.getInstance("TLS"); //$NON-NLS-1$
 		ctx.init(km, tm, random);
 		((HttpsURLConnection) wrappedUrlConnection).setSSLSocketFactory(ctx
 				.getSocketFactory());