Browse Source

Don't use SSL anymore to avoid POODLE attack

For details about poodle see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566

Bug 450170
Change-Id: Ib169e88d9d51f4d0e6caa3a498f48edc81e0991d
Signed-off-by: Dani Megert <Daniel_Megert@ch.ibm.com>
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
stable-3.5
Dani Megert 10 years ago committed by Matthias Sohn
parent
commit
3e131a35e3
  1. 2
      org.eclipse.jgit/src/org/eclipse/jgit/transport/http/JDKHttpConnection.java

2
org.eclipse.jgit/src/org/eclipse/jgit/transport/http/JDKHttpConnection.java

@ -186,7 +186,7 @@ public class JDKHttpConnection implements HttpConnection {
public void configure(KeyManager[] km, TrustManager[] tm,
SecureRandom random) throws NoSuchAlgorithmException,
KeyManagementException {
SSLContext ctx = SSLContext.getInstance("SSL"); //$NON-NLS-1$
SSLContext ctx = SSLContext.getInstance("TLS"); //$NON-NLS-1$
ctx.init(km, tm, random);
((HttpsURLConnection) wrappedUrlConnection).setSSLSocketFactory(ctx
.getSocketFactory());

Loading…
Cancel
Save