From 79f7f8cc1f7d7e4e8bb2e14e7080d17cab1d8f15 Mon Sep 17 00:00:00 2001 From: Sheng Yang Date: Fri, 20 Jul 2012 10:50:48 -0700 Subject: [PATCH] CS-15649: Remove DES from s2s vpn support policy DES is considered INSECURE. --- utils/src/com/cloud/utils/net/NetUtils.java | 2 +- utils/test/com/cloud/utils/net/NetUtilsTest.java | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/utils/src/com/cloud/utils/net/NetUtils.java b/utils/src/com/cloud/utils/net/NetUtils.java index 97f6cd29258..ac301726da5 100755 --- a/utils/src/com/cloud/utils/net/NetUtils.java +++ b/utils/src/com/cloud/utils/net/NetUtils.java @@ -1108,7 +1108,7 @@ public class NetUtils { } String cipher = list[0]; String hash = list[1]; - if (!cipher.matches("des|3des|aes|aes128|aes256")) { + if (!cipher.matches("3des|aes|aes128|aes256")) { return false; } if (!hash.matches("md5|sha1")) { diff --git a/utils/test/com/cloud/utils/net/NetUtilsTest.java b/utils/test/com/cloud/utils/net/NetUtilsTest.java index f25215a4d42..06fc1769675 100644 --- a/utils/test/com/cloud/utils/net/NetUtilsTest.java +++ b/utils/test/com/cloud/utils/net/NetUtilsTest.java @@ -51,10 +51,12 @@ public class NetUtilsTest extends TestCase { public void testVpnPolicy() { assertTrue(NetUtils.isValidS2SVpnPolicy("aes-sha1")); + assertTrue(NetUtils.isValidS2SVpnPolicy("3des-sha1")); + assertTrue(NetUtils.isValidS2SVpnPolicy("3des-sha1,aes-sha1")); assertFalse(NetUtils.isValidS2SVpnPolicy("des-md5;modp1024")); assertFalse(NetUtils.isValidS2SVpnPolicy("des-md5;modp1024,aes-sha1;modp1536")); assertFalse(NetUtils.isValidS2SVpnPolicy("3des-sha1,aes-sha1;modp1536")); - assertTrue(NetUtils.isValidS2SVpnPolicy("3des-sha1,aes-sha1")); + assertFalse(NetUtils.isValidS2SVpnPolicy("des-sha1")); assertFalse(NetUtils.isValidS2SVpnPolicy("abc-123,ase-sha1")); assertFalse(NetUtils.isValidS2SVpnPolicy("de-sh,aes-sha1")); assertFalse(NetUtils.isValidS2SVpnPolicy(""));