WolfSSL
/
wolfssljni
mirror of https://github.com/wolfSSL/wolfssljni.git
1
0
Fork 0
Code Issues Releases Wiki Activity

always disable DTLSv1 and DTLSv1.2

pull/270/head
Ruby Martin 2025-05-28 16:33:12 -06:00
parent 8b939f46ef
commit dd29707c55
1 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/java/com/wolfssl/provider/jsse/WolfSSLUtil.java
View File

@ -87,14 +87,17 @@ public class WolfSSLUtil {
WolfSSLDebug.log(WolfSSLUtil.class, WolfSSLDebug.INFO, WolfSSLDebug.log(WolfSSLUtil.class, WolfSSLDebug.INFO,
() -> "jdk.tls.disabledAlgorithms: " + tmpDisabledAlgos); () -> "jdk.tls.disabledAlgorithms: " + tmpDisabledAlgos);
/*
* WolfJSSE only supports DTLSv1.3, automatically add DTLSv1,
* and DTLSv1.2 to disabled algorithms for now */
disabledAlgos += ",DTLSv1,DTLSv1.2";
/* If WolfSSL.INVALID is passed in as currentVersion, no filtering /* If WolfSSL.INVALID is passed in as currentVersion, no filtering
* is done based on current protocol */ * is done based on current protocol */
if (currentVersion != WolfSSL.TLS_VERSION.INVALID) { if (currentVersion != WolfSSL.TLS_VERSION.INVALID) {
/* Remove DTLS protocols if using TLS explicitly. Needed /* Remove DTLS protocols if using TLS explicitly. Needed
* since native wolfSSL doesn't have protocol masks for DTLS. */ * since native wolfSSL doesn't have protocol masks for DTLS. */
if (currentVersion != WolfSSL.TLS_VERSION.DTLSv1_2) {
disabledAlgos += ",DTLSv1.2";
}
if (currentVersion != WolfSSL.TLS_VERSION.DTLSv1_3) { if (currentVersion != WolfSSL.TLS_VERSION.DTLSv1_3) {
disabledAlgos += ",DTLSv1.3"; disabledAlgos += ",DTLSv1.3";
} }