[Merge 4.11] CLOUDSTACK-10319: Allow TLSv1, v1.1 for XenServer, Vmware (#2507)

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>

client/conf/java.security.ciphers.in

@@ -15,4 +15,4 @@
  # specific language governing permissions and limitations
  # under the License.
 
-jdk.tls.disabledAlgorithms=DH keySize < 128, RSA keySize < 128, DES keySize < 128, SHA1 keySize < 128, MD5 keySize < 128, RC4
+jdk.tls.disabledAlgorithms=SSLv2Hello, SSLv3, TLSv1, TLSv1.1, DH keySize < 128, RSA keySize < 128, DES keySize < 128, SHA1 keySize < 128, MD5 keySize < 128, RC4

utils/src/main/java/org/apache/cloudstack/utils/security/SSLUtils.java

@@ -34,7 +34,7 @@ public class SSLUtils {
     public static String[] getSupportedProtocols(String[] protocols) {
         Set<String> set = new HashSet<String>();
         for (String s : protocols) {
-            if (s.equals("TLSv1") || s.equals("TLSv1.1") || s.equals("SSLv3") || s.equals("SSLv2Hello")) {
+            if (s.equals("SSLv3") || s.equals("SSLv2Hello")) {
                 continue;
             }
             set.add(s);
@@ -46,7 +46,7 @@ public class SSLUtils {
      * It returns recommended protocols that are considered secure.
      */
     public static String[] getRecommendedProtocols() {
-        return new String[] { "TLSv1.2" };
+        return new String[] { "TLSv1", "TLSv1.1", "TLSv1.2" };
     }
 
     /**

utils/src/test/java/com/cloud/utils/security/SSLUtilsTest.java

@@ -69,9 +69,9 @@ public class SSLUtilsTest {
     }
 
     private void verifyProtocols(ArrayList<String> protocolsList) {
+        Assert.assertTrue(protocolsList.contains("TLSv1"));
+        Assert.assertTrue(protocolsList.contains("TLSv1.1"));
         Assert.assertTrue(protocolsList.contains("TLSv1.2"));
-        Assert.assertFalse(protocolsList.contains("TLSv1"));
-        Assert.assertFalse(protocolsList.contains("TLSv1.1"));
         Assert.assertFalse(protocolsList.contains("SSLv3"));
         Assert.assertFalse(protocolsList.contains("SSLv2Hello"));
     }