use a preferable protocol that works on most infra

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com> (cherry picked from commit f5f6c2d1a74444bbbf5a5f4565953b6410b87a5c) Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com> Conflicts: services/console-proxy-rdp/rdpconsole/src/main/java/streamer/SocketWrapperImpl.java (cherry picked from commit 1bab1d0855f8813a54028aa58715db75d9c06ca0) Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
2025-10-26 08:42:29 +01:00 · 2015-01-28 13:41:00 +05:30 · 2015-01-28 13:41:00 +05:30 · 0d74d7bdea
commit 0d74d7bdea
parent fa76b3c9f5
3 changed files with 4 additions and 6 deletions
--- a/plugins/event-bus/rabbitmq/src/org/apache/cloudstack/mom/rabbitmq/RabbitMQEventBus.java
+++ b/plugins/event-bus/rabbitmq/src/org/apache/cloudstack/mom/rabbitmq/RabbitMQEventBus.java
@ -59,7 +59,7 @@ public class RabbitMQEventBus extends ManagerBase implements EventBus {
    private static Integer port;
    private static String username;
    private static String password;
-    private static String secureProtocol = "TLSv1.2";
+    private static String secureProtocol = "TLSv1";

    public synchronized static void setVirtualHost(String virtualHost) {
        RabbitMQEventBus.virtualHost = virtualHost;
--- a/services/console-proxy-rdp/rdpconsole/src/main/java/streamer/SocketWrapperImpl.java
+++ b/services/console-proxy-rdp/rdpconsole/src/main/java/streamer/SocketWrapperImpl.java
@ -48,8 +48,6 @@ public class SocketWrapperImpl extends PipelineImpl implements SocketWrapper {

    protected SSLSocket sslSocket;

-    protected String sslVersionToUse = "TLSv1.2";
-
    protected SSLState sslState;

    public SocketWrapperImpl(String id, SSLState sslState) {
@ -134,7 +132,7 @@ public class SocketWrapperImpl extends PipelineImpl implements SocketWrapper {
            // Use most secure implementation of SSL available now.
            // JVM will try to negotiate TLS1.2, then will fallback to TLS1.0, if
            // TLS1.2 is not supported.
-            SSLContext sslContext = SSLContext.getInstance(sslVersionToUse);
+            SSLContext sslContext = SSLUtils.getSSLContext();

            // Trust all certificates (FIXME: insecure)
            sslContext.init(null, new TrustManager[] {new TrustAllX509TrustManager(sslState)}, null);
--- a/utils/src/org/apache/cloudstack/utils/security/SSLUtils.java
+++ b/utils/src/org/apache/cloudstack/utils/security/SSLUtils.java
@ -42,10 +42,10 @@ public class SSLUtils {
    }

    public static SSLContext getSSLContext() throws NoSuchAlgorithmException {
-        return SSLContext.getInstance("TLSv1.2");
+        return SSLContext.getInstance("TLSv1");
    }

    public static SSLContext getSSLContext(String provider) throws NoSuchAlgorithmException, NoSuchProviderException {
-        return SSLContext.getInstance("TLSv1.2", provider);
+        return SSLContext.getInstance("TLSv1", provider);
    }
 }