Use default SslContextFactory excludes for weak ciphers and protocols (…

…openhab#1241) To prevent weak cipher/protocol warnings it's better to not customize the default excluded ciphers and protocols. The MD5 ciphers have already been excluded by default since Jetty 9.3.11.v20160721. Fixes openhab#1064 Signed-off-by: Wouter Born <[email protected]> GitOrigin-RevId: c50766d
ConnectorIO · Jul 11, 2023 · 3d6afc1 · 3d6afc1
1 parent 02d3b3f
commit 3d6afc1
Showing 1 changed file with 0 additions and 6 deletions.
diff --git a/...io.net/src/main/java/org/eclipse/smarthome/io/net/http/internal/WebClientFactoryImpl.java b/...io.net/src/main/java/org/eclipse/smarthome/io/net/http/internal/WebClientFactoryImpl.java
@@ -388,10 +388,6 @@ private SslContextFactory createSslContextFactoryFromExtensibleTrustManager() {
         } catch (NoSuchAlgorithmException | KeyManagementException ex) {
             throw new HttpClientInitializationException("Cannot create an TLS context!", ex);
         }
-        // Exclude weak / insecure ciphers
-        sslContextFactory.addExcludeCipherSuites("^.*_(MD5|SHA|SHA1)$");
-        // Exclude ciphers that don't support forward secrecy
-        sslContextFactory.addExcludeCipherSuites("^TLS_RSA_.*$");
         return sslContextFactory;
     }
 
@@ -416,8 +412,6 @@ private SslContextFactory createSslContextFactoryFromTrustManagerProvider(@Nulla
             }
         }
 
-        String excludeCipherSuites[] = { "^.*_(MD5)$" };
-        sslContextFactory.setExcludeCipherSuites(excludeCipherSuites);
         return sslContextFactory;
     }