From 26f4528698df699e58ea6221c9f9f728967c1b70 Mon Sep 17 00:00:00 2001 From: Florian Schmaus Date: Fri, 13 Feb 2015 17:01:09 +0100 Subject: [PATCH] Rename SecurityMode.enabled to 'ifpossible' Using the term 'enabled' was a terriable choice from a security perspective, as it gives the user the impression that the security is "enabled". In fact this setting is only slightly better then "disabled". Make that fact clear in the javadoc too. --- .../jivesoftware/smack/ConnectionConfiguration.java | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/smack-core/src/main/java/org/jivesoftware/smack/ConnectionConfiguration.java b/smack-core/src/main/java/org/jivesoftware/smack/ConnectionConfiguration.java index e74dc272f..125c691ed 100644 --- a/smack-core/src/main/java/org/jivesoftware/smack/ConnectionConfiguration.java +++ b/smack-core/src/main/java/org/jivesoftware/smack/ConnectionConfiguration.java @@ -142,7 +142,7 @@ public abstract class ConnectionConfiguration { /** * Returns the TLS security mode used when making the connection. By default, - * the mode is {@link SecurityMode#enabled}. + * the mode is {@link SecurityMode#ifpossible}. * * @return the security mode. */ @@ -284,8 +284,13 @@ public abstract class ConnectionConfiguration { /** * Security via TLS encryption is used whenever it's available. This is the * default setting. + *

+ * Do not use this setting unless you can't use {@link #required}. An attacker could easily perform a + * Man-in-the-middle attack and prevent TLS from being used, leaving you with an unencrypted (and + * unauthenticated) connection. + *

*/ - enabled, + ifpossible, /** * Security via TLS encryption is disabled and only un-encrypted connections will @@ -360,7 +365,7 @@ public abstract class ConnectionConfiguration { * @param the resulting connection configuration type parameter. */ public static abstract class Builder, C extends ConnectionConfiguration> { - private SecurityMode securityMode = SecurityMode.enabled; + private SecurityMode securityMode = SecurityMode.ifpossible; private String keystorePath = System.getProperty("javax.net.ssl.keyStore"); private String keystoreType = "jks"; private String pkcs11Library = "pkcs11.config"; @@ -455,7 +460,7 @@ public abstract class ConnectionConfiguration { /** * Sets the TLS security mode used when making the connection. By default, - * the mode is {@link SecurityMode#enabled}. + * the mode is {@link SecurityMode#ifpossible}. * * @param securityMode the security mode. * @return a reference to this builder.