etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

CS-15649: Remove DES from s2s vpn support policy 

DES is considered INSECURE.
This commit is contained in:
Sheng Yang 2012-07-20 10:50:48 -07:00
parent 8830bf33ba
commit 79f7f8cc1f
2 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
utils/src/com/cloud/utils/net/NetUtils.java
View File

@ -1108,7 +1108,7 @@ public class NetUtils {
}
String cipher = list[0];
String hash = list[1];
if (!cipher.matches("des|3des|aes|aes128|aes256")) {
if (!cipher.matches("3des|aes|aes128|aes256")) {
return false;
}
if (!hash.matches("md5|sha1")) {

4
utils/test/com/cloud/utils/net/NetUtilsTest.java
View File

@ -51,10 +51,12 @@ public class NetUtilsTest extends TestCase {
public void testVpnPolicy() {
assertTrue(NetUtils.isValidS2SVpnPolicy("aes-sha1"));
assertTrue(NetUtils.isValidS2SVpnPolicy("3des-sha1"));
assertTrue(NetUtils.isValidS2SVpnPolicy("3des-sha1,aes-sha1"));
assertFalse(NetUtils.isValidS2SVpnPolicy("des-md5;modp1024"));
assertFalse(NetUtils.isValidS2SVpnPolicy("des-md5;modp1024,aes-sha1;modp1536"));
assertFalse(NetUtils.isValidS2SVpnPolicy("3des-sha1,aes-sha1;modp1536"));
assertTrue(NetUtils.isValidS2SVpnPolicy("3des-sha1,aes-sha1"));
assertFalse(NetUtils.isValidS2SVpnPolicy("des-sha1"));
assertFalse(NetUtils.isValidS2SVpnPolicy("abc-123,ase-sha1"));
assertFalse(NetUtils.isValidS2SVpnPolicy("de-sh,aes-sha1"));
assertFalse(NetUtils.isValidS2SVpnPolicy(""));