Improve TLS settings: disable Client-initiated TLS renegotiation with...

Improve TLS settings: disable Client-initiated TLS renegotiation with jdk.tls.rejectClientInitiatedRenegotiation and force strong ephemeral Diffie-Hellman parameter with jdk.tls.ephemeralDHKeySize git-svn-id: https://svn.code.sf.net/p/davmail/code/trunk@2460 3d1905a2-6b24-0410-a738-b14d5a86fcbd

Improve TLS settings: disable Client-initiated TLS renegotiation with...
Improve TLS settings: disable Client-initiated TLS renegotiation with jdk.tls.rejectClientInitiatedRenegotiation and force strong ephemeral Diffie-Hellman parameter with jdk.tls.ephemeralDHKeySize git-svn-id: https://svn.code.sf.net/p/davmail/code/trunk@2460 3d1905a2-6b24-0410-a738-b14d5a86fcbd
54ad767b · Mickaël Guessant · 867bb083 · 54ad767b
Commit 54ad767b authored Jan 21, 2017 by Mickaël Guessant
Hide whitespace changes
Inline Side-by-side

Showing with 5 additions and 0 deletions

DavGatewayHttpClientFacade.java src/java/davmail/http/DavGatewayHttpClientFacade.java +5 -0

No files found.
--- a/src/java/davmail/http/DavGatewayHttpClientFacade.java
+++ b/src/java/davmail/http/DavGatewayHttpClientFacade.java
@@ -70,6 +70,11 @@ public final class DavGatewayHttpClientFacade {
    private static IdleConnectionTimeoutThread httpConnectionManagerThread;

    static {
+        // disable Client-initiated TLS renegotiation
+        System.setProperty("jdk.tls.rejectClientInitiatedRenegotiation", "true");
+            // force strong ephemeral Diffie-Hellman parameter
+        System.setProperty("jdk.tls.ephemeralDHKeySize", "2048");
+
        DavGatewayHttpClientFacade.start();

        // register custom cookie policy