SteamWar/Velocity
13
0
Fork 0
geforkt von Mirrors/Velocity
Code Issues Pull-Requests Aktivität

Stronger TLS settings.

Quellcode durchsuchen 
Velocity will now validate the hostname and use TLSv1.2 only.
Dieser Commit ist enthalten in:
Andrew Steinborn 2018-12-30 11:13:58 -05:00
Ursprung 466d06216d
Commit 696b6549e5
1 geänderte Dateien mit 8 neuen und 2 gelöschten Zeilen
Statistiken anzeigen Patch-Datei herunterladen Vergleichs-Datei herunterladen Alle Dateien ausklappen Alle Dateien einklappen

10
proxy/src/main/java/com/velocitypowered/proxy/network/http/NettyHttpClient.java
Datei anzeigen

@ -53,8 +53,14 @@ public class NettyHttpClient {
@Override @Override
public void channelCreated(Channel channel) throws Exception { public void channelCreated(Channel channel) throws Exception {
if (key.getPort() == 443) { if (key.getPort() == 443) {
SslContext context = SslContextBuilder.forClient().build(); SslContext context = SslContextBuilder.forClient().protocols("TLSv1.2").build();
SSLEngine engine = context.newEngine(channel.alloc()); // Unbelievably, Java doesn't automatically check the CN to make sure we're talking
// to the right host! Therefore, we provide the intended host name and port, along
// with asking Java very nicely if it could check the hostname in the certificate
// for us.
SSLEngine engine = context.newEngine(channel.alloc(), key.getHostString(),
key.getPort());
engine.getSSLParameters().setEndpointIdentificationAlgorithm("HTTPS");
channel.pipeline().addLast("ssl", new SslHandler(engine)); channel.pipeline().addLast("ssl", new SslHandler(engine));
} }
channel.pipeline().addLast("http", new HttpClientCodec()); channel.pipeline().addLast("http", new HttpClientCodec());