From 8ba3e60f6eae3a9589e5212f77fb6aec9b5d8a40 Mon Sep 17 00:00:00 2001
From: Masayuki Hatta <mhatta@debian.org>
Date: Tue, 20 Nov 2018 05:37:25 +0900
Subject: [PATCH] Updated MANDATORY_CIPHERS

---
 .../connections/ConnectionSocketFactory.java  | 72 ++++++++++++++++++-
 1 file changed, 69 insertions(+), 3 deletions(-)

diff --git a/src/main/java/com/subgraph/orchid/connections/ConnectionSocketFactory.java b/src/main/java/com/subgraph/orchid/connections/ConnectionSocketFactory.java
index 9ffdf6c9..c0540956 100644
--- a/src/main/java/com/subgraph/orchid/connections/ConnectionSocketFactory.java
+++ b/src/main/java/com/subgraph/orchid/connections/ConnectionSocketFactory.java
@@ -22,10 +22,76 @@ public class ConnectionSocketFactory {
 	};
 	
 	private static final String[] MANDATORY_CIPHERS = {
-		"TLS_DHE_RSA_WITH_AES_256_CBC_SHA",
+	    //		"TLS_DHE_RSA_WITH_AES_256_CBC_SHA",
+	    //"TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
+	    //"SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
+	    //"SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA"
+		    "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
+	    "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
+	    "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
+	    "TLS_RSA_WITH_AES_256_GCM_SHA384",
+	    "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384",
+	    "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384",
+	    "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",
+	    "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384",
+	    "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
+	    "TLS_RSA_WITH_AES_128_GCM_SHA256",
+	    "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256",
+	    "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256",
+	    "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
+	    "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256",
+	    "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
+	    "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
+	    "TLS_RSA_WITH_AES_256_CBC_SHA256",
+	    "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384",
+	    "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384",
+	    "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256",
+	    "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256",
+	    "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
+	    "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
+	    "TLS_RSA_WITH_AES_256_CBC_SHA",
+	    "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA",
+	    "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA",
+	    "TLS_DHE_RSA_WITH_AES_256_CBC_SHA",
+	    "TLS_DHE_DSS_WITH_AES_256_CBC_SHA",
+	    "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
+	    "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
+	    "TLS_RSA_WITH_AES_128_CBC_SHA256",
+	    "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256",
+	    "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256",
+	    "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256",
+	    "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256",
+	    "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
+	    "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
+	    "TLS_RSA_WITH_AES_128_CBC_SHA",
+	    "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA",
+	    "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA",
 	    "TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
-	    "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
-	    "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA"};
+	    "TLS_DHE_DSS_WITH_AES_128_CBC_SHA",
+	    "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
+	    "TLS_DH_anon_WITH_AES_256_GCM_SHA384",
+	    "TLS_DH_anon_WITH_AES_128_GCM_SHA256",
+	    "TLS_DH_anon_WITH_AES_256_CBC_SHA256",
+	    "TLS_ECDH_anon_WITH_AES_256_CBC_SHA",
+	    "TLS_DH_anon_WITH_AES_256_CBC_SHA",
+	    "TLS_DH_anon_WITH_AES_128_CBC_SHA256",
+	    "TLS_ECDH_anon_WITH_AES_128_CBC_SHA",
+	    "TLS_DH_anon_WITH_AES_128_CBC_SHA",
+	    "SSL_RSA_WITH_DES_CBC_SHA",
+	    "SSL_DHE_RSA_WITH_DES_CBC_SHA",
+	    "SSL_DHE_DSS_WITH_DES_CBC_SHA",
+	    "SSL_DH_anon_WITH_DES_CBC_SHA",
+	    "TLS_RSA_WITH_NULL_SHA256",
+	    "TLS_ECDHE_ECDSA_WITH_NULL_SHA",
+	    "TLS_ECDHE_RSA_WITH_NULL_SHA",
+	    "SSL_RSA_WITH_NULL_SHA",
+	    "TLS_ECDH_ECDSA_WITH_NULL_SHA",
+	    "TLS_ECDH_RSA_WITH_NULL_SHA",
+	    "TLS_ECDH_anon_WITH_NULL_SHA",
+	    "SSL_RSA_WITH_NULL_MD5",
+	    "TLS_KRB5_WITH_DES_CBC_SHA",
+	    "TLS_KRB5_WITH_DES_CBC_MD5",
+	};
 
 	private static final TrustManager[] NULL_TRUST = {
 		new X509TrustManager() {