use a preferable protocol that works on most infra

yadvr · yadvr · commit 0d74d7bdea35 · 2015-01-29T16:03:29.000+05:30
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com> (cherry picked from commit f5f6c2d) Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com> Conflicts: services/console-proxy-rdp/rdpconsole/src/main/java/streamer/SocketWrapperImpl.java (cherry picked from commit 1bab1d0) Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
diff --git a/plugins/event-bus/rabbitmq/src/org/apache/cloudstack/mom/rabbitmq/RabbitMQEventBus.java b/plugins/event-bus/rabbitmq/src/org/apache/cloudstack/mom/rabbitmq/RabbitMQEventBus.java
@@ -59,7 +59,7 @@ public class RabbitMQEventBus extends ManagerBase implements EventBus {
     private static Integer port;
     private static String username;
     private static String password;
-    private static String secureProtocol = "TLSv1.2";
+    private static String secureProtocol = "TLSv1";
 
     public synchronized static void setVirtualHost(String virtualHost) {
         RabbitMQEventBus.virtualHost = virtualHost;
diff --git a/services/console-proxy-rdp/rdpconsole/src/main/java/streamer/SocketWrapperImpl.java b/services/console-proxy-rdp/rdpconsole/src/main/java/streamer/SocketWrapperImpl.java
@@ -48,8 +48,6 @@ public class SocketWrapperImpl extends PipelineImpl implements SocketWrapper {
 
     protected SSLSocket sslSocket;
 
-    protected String sslVersionToUse = "TLSv1.2";
-
     protected SSLState sslState;
 
     public SocketWrapperImpl(String id, SSLState sslState) {
@@ -134,7 +132,7 @@ public void upgradeToSsl() {
             // Use most secure implementation of SSL available now.
             // JVM will try to negotiate TLS1.2, then will fallback to TLS1.0, if
             // TLS1.2 is not supported.
-            SSLContext sslContext = SSLContext.getInstance(sslVersionToUse);
+            SSLContext sslContext = SSLUtils.getSSLContext();
 
             // Trust all certificates (FIXME: insecure)
             sslContext.init(null, new TrustManager[] {new TrustAllX509TrustManager(sslState)}, null);
diff --git a/utils/src/org/apache/cloudstack/utils/security/SSLUtils.java b/utils/src/org/apache/cloudstack/utils/security/SSLUtils.java
@@ -42,10 +42,10 @@ public static String[] getSupportedProtocols(String[] protocols) {
     }
 
     public static SSLContext getSSLContext() throws NoSuchAlgorithmException {
-        return SSLContext.getInstance("TLSv1.2");
+        return SSLContext.getInstance("TLSv1");
     }
 
     public static SSLContext getSSLContext(String provider) throws NoSuchAlgorithmException, NoSuchProviderException {
-        return SSLContext.getInstance("TLSv1.2", provider);
+        return SSLContext.getInstance("TLSv1", provider);
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -42,10 +42,10 @@ public static String[] getSupportedProtocols(String[] protocols) {`
`42`	`42`	`}`
`43`	`43`
`44`	`44`	`public static SSLContext getSSLContext() throws NoSuchAlgorithmException {`
`45`		`- return SSLContext.getInstance("TLSv1.2");`
	`45`	`+ return SSLContext.getInstance("TLSv1");`
`46`	`46`	`}`
`47`	`47`
`48`	`48`	`public static SSLContext getSSLContext(String provider) throws NoSuchAlgorithmException, NoSuchProviderException {`
`49`		`- return SSLContext.getInstance("TLSv1.2", provider);`
	`49`	`+ return SSLContext.getInstance("TLSv1", provider);`
`50`	`50`	`}`
`51`	`51`	`}`