sockets - Forbid SSL rehandshake in Java (JSSE)? -


is there way forbid re-handshake in java's ssl libraries on client , server side?

i've searched javadocs of sslcontext, sslparameters, sslsocket, sslserversocket , according factories have not found solution.

i don't know of (simple) solution, have found bad one.

it turns out in 2009, security flaw found in ssl protocol affected ssl renegotiation (or rehandshake). java team addressed in 2 phases (as described here.). first phase disable renegotiation ... , done in java 6 patch 19. second phase implement protocol changes renegotiation specified in new rfc.

so, 1 way disable ssl renegotiation downgrade jvm java 6 patch 19.

frankly, think bad idea:

  • you winding version of java has been eol'd.
  • you backing out of whole stack of security patches.
  • if you've started using java 7 or java 8 language / library features, in work.

however, if digs out of deep hole, might consider it.

well, looked @ source code of sslengineimpl (here), , cannot see straightforward solution based on that. kickstarthandshake method.

there couple of properties enable / disable unsafe forms of renegotiation (for compatibility), there no properties turn off entirely. , since method of work private, don't think disable renegotiation functionality overriding methods in subclass.

so leaves copying code, modifying disable renegotiation, changing package names , creating alternative "provider" ssl engine.

and confuse things further ... there implementation of ssl protocol in sslsocketimpl class (here). didn't try figure out of 2 implementations 1 "by default".


Comments

Post a Comment

Popular posts from this blog

javascript - Jquery show_hide, what to add in order to make the page scroll to the bottom of the hidden field once button is clicked -

i have button on website when clicked, reveals map. button can seen when page first loads up, when clicked, section holding map slides open , goes out of screen since page loads @ top (normal). want page scroll down bottom of div select when button pushed, if map out of screen. if page scrolled down, , clicks show map button, don't want page jump bottom of map. i tried figure out myself, no luck. seasoned jquery coders able give me guidance? many thanks! map = mapdiv.gmap3("get"); infobox = new infobox({ pixeloffset: new google.maps.size(-220, -310), closeboxurl: '', enableeventpropagation: true }); mapdiv.delegate('.infobox .close','click',function () { infobox.close(); }); jquery(".slidingdiv").hide(); jquery(".show_hide").show(); jquery('.show_hide').click(function(){ lastcenter=map.getcenter(); jquery(".slidingdiv&quo
Read more

javascript - Highcharts multi-color line -

Image
i looking create highchart multi-colored line. if goes down under value, become red, , when comes on value, become green . here picture example: or maybe highcharts have other charts models differentiate high or low level color? you can achieve coloring using lineargradient coloring: color: { lineargradient: { x1: 0, x2: 0, y1: 0, y2: 1 }, stops: [ [0, 'red'], [0.25, 'yellow'], [0.50, 'green'], [0.75, 'yellow'], [1, 'red'] ] } here 0 in stops relates minimum value of series , 1 maximum value, , in between percentages between values. if find percentages according values prior creating chart use correct stops values make relate specific values in data (at least approximately). see this jsfiddle example .
Read more

javascript - Enter key does not work in search box -

tried search guys sorry. input in search box doesnt work (or search) when hit enter when user clicks search button. doing wrong? here code. thanks. <script type="text/javascript"> $(document).ready(function() { $("#submit").click(function() { var url = "http://asla.org/awardssearch.html"; url += "?s=" + $('#googlecse').val(); window.location = url; }); $('#googlecse').keydown(function(event) { if (event.keycode == '13') { $("#submit").click(); } else { //do nothing :) } }); }); </script> <form class="navbar-form navbar-right" role="search"> <div class="search"> <input id="googlecse" type="text" onblur="if(this.value=='')this.value=this.defaultvalue;" onfocus="if(this.value==this.defaultvalue)t
Read more