diff --git a/awsapi/src/com/cloud/bridge/util/EC2RestAuth.java b/awsapi/src/com/cloud/bridge/util/EC2RestAuth.java
index 33368c10fe5..ebe127017da 100644
--- a/awsapi/src/com/cloud/bridge/util/EC2RestAuth.java
+++ b/awsapi/src/com/cloud/bridge/util/EC2RestAuth.java
@@ -16,6 +16,8 @@
// under the License.
package com.cloud.bridge.util;
+import com.cloud.utils.ConstantTimeComparator;
+
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.security.SignatureException;
@@ -209,7 +211,7 @@ public class EC2RestAuth {
if (-1 != offset)
signature = URLDecoder.decode(signature, "UTF-8");
- boolean match = signature.equals(calSig);
+ boolean match = ConstantTimeComparator.compareStrings(signature, calSig);
if (!match)
logger.error("Signature mismatch, [" + signature + "] [" + calSig + "] over [" + StringToSign + "]");
return match;
diff --git a/awsapi/src/com/cloud/bridge/util/RestAuth.java b/awsapi/src/com/cloud/bridge/util/RestAuth.java
index c370c4a3123..1eec41131e2 100644
--- a/awsapi/src/com/cloud/bridge/util/RestAuth.java
+++ b/awsapi/src/com/cloud/bridge/util/RestAuth.java
@@ -16,6 +16,8 @@
// under the License.
package com.cloud.bridge.util;
+import com.cloud.utils.ConstantTimeComparator;
+
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.security.InvalidKeyException;
@@ -286,7 +288,7 @@ public class RestAuth {
if (-1 != offset)
signature = URLDecoder.decode(signature, "UTF-8");
- boolean match = signature.equals(calSig);
+ boolean match = ConstantTimeComparator.compareStrings(signature, calSig);
if (!match)
logger.error("Signature mismatch, [" + signature + "] [" + calSig + "] over [" + StringToSign + "]");
diff --git a/services/console-proxy-rdp/rdpconsole/pom.xml b/services/console-proxy-rdp/rdpconsole/pom.xml
index b9704a3f6fa..9c04a8b9eac 100755
--- a/services/console-proxy-rdp/rdpconsole/pom.xml
+++ b/services/console-proxy-rdp/rdpconsole/pom.xml
@@ -61,6 +61,11 @@
${cs.junit.version}
test
+
+ org.apache.cloudstack
+ cloud-utils
+ ${project.version}
+
diff --git a/services/console-proxy-rdp/rdpconsole/src/main/java/rdpclient/ntlmssp/ClientNtlmsspPubKeyAuth.java b/services/console-proxy-rdp/rdpconsole/src/main/java/rdpclient/ntlmssp/ClientNtlmsspPubKeyAuth.java
index ffd16304df0..7aae145237b 100644
--- a/services/console-proxy-rdp/rdpconsole/src/main/java/rdpclient/ntlmssp/ClientNtlmsspPubKeyAuth.java
+++ b/services/console-proxy-rdp/rdpconsole/src/main/java/rdpclient/ntlmssp/ClientNtlmsspPubKeyAuth.java
@@ -16,6 +16,8 @@
// under the License.
package rdpclient.ntlmssp;
+import com.cloud.utils.ConstantTimeComparator;
+
import java.nio.charset.Charset;
import rdpclient.ntlmssp.asn1.NegoItem;
@@ -604,7 +606,7 @@ public class ClientNtlmsspPubKeyAuth extends OneTimeSwitch implements NtlmConsta
private void dumpNegoToken(ByteBuffer buf) {
String signature = buf.readVariableString(RdpConstants.CHARSET_8);
- if (!signature.equals(NTLMSSP))
+ if (!ConstantTimeComparator.compareStrings(signature, NTLMSSP))
throw new RuntimeException("Unexpected NTLM message singature: \"" + signature + "\". Expected signature: \"" + NTLMSSP + "\". Data: " + buf + ".");
// MessageType (CHALLENGE)
diff --git a/services/console-proxy-rdp/rdpconsole/src/main/java/rdpclient/ntlmssp/ServerNtlmsspChallenge.java b/services/console-proxy-rdp/rdpconsole/src/main/java/rdpclient/ntlmssp/ServerNtlmsspChallenge.java
index eaac62b92d9..d8cfb4c9594 100644
--- a/services/console-proxy-rdp/rdpconsole/src/main/java/rdpclient/ntlmssp/ServerNtlmsspChallenge.java
+++ b/services/console-proxy-rdp/rdpconsole/src/main/java/rdpclient/ntlmssp/ServerNtlmsspChallenge.java
@@ -16,6 +16,8 @@
// under the License.
package rdpclient.ntlmssp;
+import com.cloud.utils.ConstantTimeComparator;
+
import java.util.Arrays;
import rdpclient.ntlmssp.asn1.NegoItem;
@@ -70,7 +72,7 @@ public class ServerNtlmsspChallenge extends OneTimeSwitch implements NtlmConstan
// Signature: "NTLMSSP\0"
String signature = buf.readVariableString(RdpConstants.CHARSET_8);
- if (!signature.equals(NTLMSSP))
+ if (!ConstantTimeComparator.compareStrings(signature, NTLMSSP))
throw new RuntimeException("Unexpected NTLM message singature: \"" + signature + "\". Expected signature: \"" + NTLMSSP + "\". Data: " + buf + ".");
// MessageType (CHALLENGE)
diff --git a/services/console-proxy-rdp/rdpconsole/src/main/java/streamer/SocketWrapperImpl.java b/services/console-proxy-rdp/rdpconsole/src/main/java/streamer/SocketWrapperImpl.java
index abb5b84c1d5..6d996286a36 100644
--- a/services/console-proxy-rdp/rdpconsole/src/main/java/streamer/SocketWrapperImpl.java
+++ b/services/console-proxy-rdp/rdpconsole/src/main/java/streamer/SocketWrapperImpl.java
@@ -32,6 +32,8 @@ import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
+import org.apache.cloudstack.utils.security.SSLUtils;
+
import streamer.debug.MockServer;
import streamer.debug.MockServer.Packet;
import streamer.ssl.SSLState;
@@ -139,7 +141,8 @@ public class SocketWrapperImpl extends PipelineImpl implements SocketWrapper {
SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
sslSocket = (SSLSocket)sslSocketFactory.createSocket(socket, address.getHostName(), address.getPort(), true);
- sslSocket.setEnabledProtocols(new String[]{"TLSv1", "TLSv1.1", "TLSv1.2"});
+ sslSocket.setEnabledProtocols(SSLUtils.getSupportedProtocols(sslSocket.getEnabledProtocols()));
+
sslSocket.startHandshake();
InputStream sis = sslSocket.getInputStream();