001/** 002 * Licensed to the Apache Software Foundation (ASF) under one or more contributor license 003 * agreements. See the NOTICE file distributed with this work for additional information regarding 004 * copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the 005 * "License"); you may not use this file except in compliance with the License. You may obtain a 006 * copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable 007 * law or agreed to in writing, software distributed under the License is distributed on an "AS IS" 008 * BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License 009 * for the specific language governing permissions and limitations under the License. 010 */ 011package org.apache.hadoop.hbase; 012 013import java.io.IOException; 014import java.net.Socket; 015import java.util.ArrayList; 016import javax.net.ssl.SSLSocket; 017import javax.rmi.ssl.SslRMIClientSocketFactory; 018import org.apache.yetus.audience.InterfaceAudience; 019 020/** 021 * Avoid SSL V3.0 "Poodle" Vulnerability - CVE-2014-3566 022 */ 023@SuppressWarnings("serial") 024@InterfaceAudience.Private 025public class SslRMIClientSocketFactorySecure extends SslRMIClientSocketFactory { 026 @Override 027 public Socket createSocket(String host, int port) throws IOException { 028 SSLSocket socket = (SSLSocket) super.createSocket(host, port); 029 ArrayList<String> secureProtocols = new ArrayList<>(); 030 for (String p : socket.getEnabledProtocols()) { 031 if (!p.contains("SSLv3")) { 032 secureProtocols.add(p); 033 } 034 } 035 socket.setEnabledProtocols(secureProtocols.toArray( 036 new String[secureProtocols.size()])); 037 return socket; 038 } 039}