From b3dff2789104e11f0b7ba9e47385ead9a6166d53 Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Fri, 21 Nov 2014 12:21:25 +0100
Subject: Add TLS support for thrift connection to master, switch to TLSv1.2
 everywhere

---
 src/main/java/org/openslx/satellitedaemon/Globals.java | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

(limited to 'src/main/java/org/openslx/satellitedaemon/Globals.java')

diff --git a/src/main/java/org/openslx/satellitedaemon/Globals.java b/src/main/java/org/openslx/satellitedaemon/Globals.java
index fa39d2d..bb6e6da 100644
--- a/src/main/java/org/openslx/satellitedaemon/Globals.java
+++ b/src/main/java/org/openslx/satellitedaemon/Globals.java
@@ -5,6 +5,7 @@ import java.io.FileNotFoundException;
 import java.io.IOException;
 import java.io.InputStreamReader;
 import java.nio.charset.StandardCharsets;
+import java.security.KeyManagementException;
 import java.security.KeyStore;
 import java.security.NoSuchAlgorithmException;
 import java.util.Properties;
@@ -48,6 +49,12 @@ public class Globals
 
 	// Integers //
 
+	public static boolean getThriftTls()
+	{
+		String s = properties.getProperty( "THRIFT_TLS", "yes" );
+		return s.equalsIgnoreCase( "yes" ) || s.equalsIgnoreCase( "true" ) || s.equalsIgnoreCase( "1" ) || s.equalsIgnoreCase( "on" );
+	}
+
 	public static int getThriftPort()
 	{
 		return Util.tryToParseInt( properties.getProperty( "THRIFT_PORT" ) );
@@ -87,8 +94,9 @@ public class Globals
 			return true;
 		if ( getTruststorePath() == null || getTruststorePath().isEmpty() ) {
 			try {
-				context = SSLContext.getDefault();
-			} catch ( NoSuchAlgorithmException e ) {
+				context = SSLContext.getInstance( "TLSv1.2" );
+				context.init( null, null, null );
+			} catch ( NoSuchAlgorithmException | KeyManagementException e ) {
 				log.error( "could not load system default ssl context.", e );
 				return false;
 			}
@@ -101,7 +109,7 @@ public class Globals
 			TrustManagerFactory tmf = TrustManagerFactory
 					.getInstance( TrustManagerFactory.getDefaultAlgorithm() );
 			tmf.init( keystore );
-			context = SSLContext.getInstance( "SSLv3" );
+			context = SSLContext.getInstance( "TLSv1.2" );
 			TrustManager[] trustManagers = tmf.getTrustManagers();
 			context.init( null, trustManagers, null );
 		} catch ( FileNotFoundException e ) {
-- 
cgit v1.2.3-55-g7522