Updated MANDATORY_CIPHERS

mhatta · Nov 19, 2018 · 8ba3e60 · 8ba3e60
1 parent f165f2f
commit 8ba3e60
Showing 1 changed file with 69 additions and 3 deletions.
diff --git a/src/main/java/com/subgraph/orchid/connections/ConnectionSocketFactory.java b/src/main/java/com/subgraph/orchid/connections/ConnectionSocketFactory.java
@@ -22,10 +22,76 @@ public class ConnectionSocketFactory {
 	};
 
 	private static final String[] MANDATORY_CIPHERS = {
-		"TLS_DHE_RSA_WITH_AES_256_CBC_SHA",
+	    //		"TLS_DHE_RSA_WITH_AES_256_CBC_SHA",
+	    //"TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
+	    //"SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
+	    //"SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA"
+		    "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
+	    "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
+	    "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
+	    "TLS_RSA_WITH_AES_256_GCM_SHA384",
+	    "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384",
+	    "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384",
+	    "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",
+	    "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384",
+	    "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
+	    "TLS_RSA_WITH_AES_128_GCM_SHA256",
+	    "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256",
+	    "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256",
+	    "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
+	    "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256",
+	    "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
+	    "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
+	    "TLS_RSA_WITH_AES_256_CBC_SHA256",
+	    "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384",
+	    "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384",
+	    "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256",
+	    "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256",
+	    "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
+	    "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
+	    "TLS_RSA_WITH_AES_256_CBC_SHA",
+	    "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA",
+	    "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA",
+	    "TLS_DHE_RSA_WITH_AES_256_CBC_SHA",
+	    "TLS_DHE_DSS_WITH_AES_256_CBC_SHA",
+	    "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
+	    "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
+	    "TLS_RSA_WITH_AES_128_CBC_SHA256",
+	    "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256",
+	    "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256",
+	    "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256",
+	    "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256",
+	    "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
+	    "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
+	    "TLS_RSA_WITH_AES_128_CBC_SHA",
+	    "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA",
+	    "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA",
 	    "TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
-	    "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
-	    "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA"};
+	    "TLS_DHE_DSS_WITH_AES_128_CBC_SHA",
+	    "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
+	    "TLS_DH_anon_WITH_AES_256_GCM_SHA384",
+	    "TLS_DH_anon_WITH_AES_128_GCM_SHA256",
+	    "TLS_DH_anon_WITH_AES_256_CBC_SHA256",
+	    "TLS_ECDH_anon_WITH_AES_256_CBC_SHA",
+	    "TLS_DH_anon_WITH_AES_256_CBC_SHA",
+	    "TLS_DH_anon_WITH_AES_128_CBC_SHA256",
+	    "TLS_ECDH_anon_WITH_AES_128_CBC_SHA",
+	    "TLS_DH_anon_WITH_AES_128_CBC_SHA",
+	    "SSL_RSA_WITH_DES_CBC_SHA",
+	    "SSL_DHE_RSA_WITH_DES_CBC_SHA",
+	    "SSL_DHE_DSS_WITH_DES_CBC_SHA",
+	    "SSL_DH_anon_WITH_DES_CBC_SHA",
+	    "TLS_RSA_WITH_NULL_SHA256",
+	    "TLS_ECDHE_ECDSA_WITH_NULL_SHA",
+	    "TLS_ECDHE_RSA_WITH_NULL_SHA",
+	    "SSL_RSA_WITH_NULL_SHA",
+	    "TLS_ECDH_ECDSA_WITH_NULL_SHA",
+	    "TLS_ECDH_RSA_WITH_NULL_SHA",
+	    "TLS_ECDH_anon_WITH_NULL_SHA",
+	    "SSL_RSA_WITH_NULL_MD5",
+	    "TLS_KRB5_WITH_DES_CBC_SHA",
+	    "TLS_KRB5_WITH_DES_CBC_MD5",
+	};
 
 	private static final TrustManager[] NULL_TRUST = {
 		new X509TrustManager() {