WolfSSL
/
wolfssljni
mirror of https://github.com/wolfSSL/wolfssljni.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #270 from rlm2002/JSSEprotocols 

always disable DTLSv1 and DTLSv1.2
pull/256/merge
Chris Conlon 2025-05-30 16:41:55 -06:00 committed by GitHub
parent 1587e6b865 dd29707c55
commit d53d9d840c
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/java/com/wolfssl/provider/jsse/WolfSSLUtil.java
View File

@ -87,14 +87,17 @@ public class WolfSSLUtil {
WolfSSLDebug.log(WolfSSLUtil.class, WolfSSLDebug.INFO, WolfSSLDebug.log(WolfSSLUtil.class, WolfSSLDebug.INFO,
() -> "jdk.tls.disabledAlgorithms: " + tmpDisabledAlgos); () -> "jdk.tls.disabledAlgorithms: " + tmpDisabledAlgos);
/*
* WolfJSSE only supports DTLSv1.3, automatically add DTLSv1,
* and DTLSv1.2 to disabled algorithms for now */
disabledAlgos += ",DTLSv1,DTLSv1.2";
/* If WolfSSL.INVALID is passed in as currentVersion, no filtering /* If WolfSSL.INVALID is passed in as currentVersion, no filtering
* is done based on current protocol */ * is done based on current protocol */
if (currentVersion != WolfSSL.TLS_VERSION.INVALID) { if (currentVersion != WolfSSL.TLS_VERSION.INVALID) {
/* Remove DTLS protocols if using TLS explicitly. Needed /* Remove DTLS protocols if using TLS explicitly. Needed
* since native wolfSSL doesn't have protocol masks for DTLS. */ * since native wolfSSL doesn't have protocol masks for DTLS. */
if (currentVersion != WolfSSL.TLS_VERSION.DTLSv1_2) {
disabledAlgos += ",DTLSv1.2";
}
if (currentVersion != WolfSSL.TLS_VERSION.DTLSv1_3) { if (currentVersion != WolfSSL.TLS_VERSION.DTLSv1_3) {
disabledAlgos += ",DTLSv1.3"; disabledAlgos += ",DTLSv1.3";
} }