hbase-server/src/main/java/org/apache/hadoop/hbase/SslRMIClientSocketFactorySecure.java

   1 /**
   2  * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
   3  * agreements. See the NOTICE file distributed with this work for additional information regarding
   4  * copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the
   5  * "License"); you may not use this file except in compliance with the License. You may obtain a
   6  * copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable
   7  * law or agreed to in writing, software distributed under the License is distributed on an "AS IS"
   8  * BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License
   9  * for the specific language governing permissions and limitations under the License.
  10  */
  11 package org.apache.hadoop.hbase;
  12
  13 import java.io.IOException;
  14 import java.net.Socket;
  15 import java.util.ArrayList;
  16 import javax.net.ssl.SSLSocket;
  17 import javax.rmi.ssl.SslRMIClientSocketFactory;
  18 import org.apache.yetus.audience.InterfaceAudience;
  19
  20 /**
  21  * Avoid SSL V3.0 "Poodle" Vulnerability - CVE-2014-3566
  22  */
  23 @SuppressWarnings("serial")
  24 @InterfaceAudience.Private
  25 public class SslRMIClientSocketFactorySecure extends SslRMIClientSocketFactory {
  26   @Override
  27   public Socket createSocket(String host, int port) throws IOException {
  28     SSLSocket socket = (SSLSocket) super.createSocket(host, port);
  29     ArrayList<String> secureProtocols = new ArrayList<>();
  30     for (String p : socket.getEnabledProtocols()) {
  31       if (!p.contains("SSLv3")) {
  32         secureProtocols.add(p);
  33       }
  34     }
  35     socket.setEnabledProtocols(secureProtocols.toArray(
  36             new String[secureProtocols.size()]));
  37     return socket;
  38   }
  39 }