From e9ae7336c1ceba8d81dd4ee034e7e7c3af09578a Mon Sep 17 00:00:00 2001 From: Sheng Yang Date: Fri, 20 Jul 2012 10:50:48 -0700 Subject: [PATCH] CS-15649: Remove DES from s2s vpn support policy DES is considered INSECURE. --- utils/src/com/cloud/utils/net/NetUtils.java | 2 +- utils/test/com/cloud/utils/net/NetUtilsTest.java | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/utils/src/com/cloud/utils/net/NetUtils.java b/utils/src/com/cloud/utils/net/NetUtils.java index fe3dedc454c..e84a7e2ee8f 100755 --- a/utils/src/com/cloud/utils/net/NetUtils.java +++ b/utils/src/com/cloud/utils/net/NetUtils.java @@ -1080,7 +1080,7 @@ public class NetUtils { } String cipher = list[0]; String hash = list[1]; - if (!cipher.matches("des|3des|aes|aes128|aes256")) { + if (!cipher.matches("3des|aes|aes128|aes256")) { return false; } if (!hash.matches("md5|sha1")) { diff --git a/utils/test/com/cloud/utils/net/NetUtilsTest.java b/utils/test/com/cloud/utils/net/NetUtilsTest.java index b187b55cfe7..67465d717e7 100644 --- a/utils/test/com/cloud/utils/net/NetUtilsTest.java +++ b/utils/test/com/cloud/utils/net/NetUtilsTest.java @@ -55,10 +55,12 @@ public class NetUtilsTest extends TestCase { public void testVpnPolicy() { assertTrue(NetUtils.isValidS2SVpnPolicy("aes-sha1")); + assertTrue(NetUtils.isValidS2SVpnPolicy("3des-sha1")); + assertTrue(NetUtils.isValidS2SVpnPolicy("3des-sha1,aes-sha1")); assertFalse(NetUtils.isValidS2SVpnPolicy("des-md5;modp1024")); assertFalse(NetUtils.isValidS2SVpnPolicy("des-md5;modp1024,aes-sha1;modp1536")); assertFalse(NetUtils.isValidS2SVpnPolicy("3des-sha1,aes-sha1;modp1536")); - assertTrue(NetUtils.isValidS2SVpnPolicy("3des-sha1,aes-sha1")); + assertFalse(NetUtils.isValidS2SVpnPolicy("des-sha1")); assertFalse(NetUtils.isValidS2SVpnPolicy("abc-123,ase-sha1")); assertFalse(NetUtils.isValidS2SVpnPolicy("de-sh,aes-sha1")); assertFalse(NetUtils.isValidS2SVpnPolicy(""));