mirror/Velocity
2
0
Fork 0
mirror of https://github.com/PaperMC/Velocity.git synced 2025-02-11 15:29:30 +08:00
Code Issues Packages Projects Releases Wiki Activity

Stronger TLS settings.

Browse Source 
Velocity will now validate the hostname and use TLSv1.2 only.
This commit is contained in:
Andrew Steinborn 2018-12-30 11:13:58 -05:00
parent 466d06216d
commit 696b6549e5
1 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
proxy/src/main/java/com/velocitypowered/proxy/network/http/NettyHttpClient.java
View File

@ -53,8 +53,14 @@ public class NettyHttpClient {
@Override
public void channelCreated(Channel channel) throws Exception {
if (key.getPort() == 443) {
SslContext context = SslContextBuilder.forClient().build();
SSLEngine engine = context.newEngine(channel.alloc());
SslContext context = SslContextBuilder.forClient().protocols("TLSv1.2").build();
// Unbelievably, Java doesn't automatically check the CN to make sure we're talking
// to the right host! Therefore, we provide the intended host name and port, along
// with asking Java very nicely if it could check the hostname in the certificate
// for us.
SSLEngine engine = context.newEngine(channel.alloc(), key.getHostString(),
key.getPort());
engine.getSSLParameters().setEndpointIdentificationAlgorithm("HTTPS");
channel.pipeline().addLast("ssl", new SslHandler(engine));
}
channel.pipeline().addLast("http", new HttpClientCodec());