mirror of
https://codeberg.org/Mercury-IM/Smack
synced 2024-11-16 12:12:06 +01:00
Rename SecurityMode.enabled to 'ifpossible'
Using the term 'enabled' was a terriable choice from a security perspective, as it gives the user the impression that the security is "enabled". In fact this setting is only slightly better then "disabled". Make that fact clear in the javadoc too.
This commit is contained in:
parent
0d19b56fbb
commit
26f4528698
1 changed files with 9 additions and 4 deletions
|
@ -142,7 +142,7 @@ public abstract class ConnectionConfiguration {
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns the TLS security mode used when making the connection. By default,
|
* Returns the TLS security mode used when making the connection. By default,
|
||||||
* the mode is {@link SecurityMode#enabled}.
|
* the mode is {@link SecurityMode#ifpossible}.
|
||||||
*
|
*
|
||||||
* @return the security mode.
|
* @return the security mode.
|
||||||
*/
|
*/
|
||||||
|
@ -284,8 +284,13 @@ public abstract class ConnectionConfiguration {
|
||||||
/**
|
/**
|
||||||
* Security via TLS encryption is used whenever it's available. This is the
|
* Security via TLS encryption is used whenever it's available. This is the
|
||||||
* default setting.
|
* default setting.
|
||||||
|
* <p>
|
||||||
|
* <b>Do not use this setting</b> unless you can't use {@link #required}. An attacker could easily perform a
|
||||||
|
* Man-in-the-middle attack and prevent TLS from being used, leaving you with an unencrypted (and
|
||||||
|
* unauthenticated) connection.
|
||||||
|
* </p>
|
||||||
*/
|
*/
|
||||||
enabled,
|
ifpossible,
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Security via TLS encryption is disabled and only un-encrypted connections will
|
* Security via TLS encryption is disabled and only un-encrypted connections will
|
||||||
|
@ -360,7 +365,7 @@ public abstract class ConnectionConfiguration {
|
||||||
* @param <C> the resulting connection configuration type parameter.
|
* @param <C> the resulting connection configuration type parameter.
|
||||||
*/
|
*/
|
||||||
public static abstract class Builder<B extends Builder<B, C>, C extends ConnectionConfiguration> {
|
public static abstract class Builder<B extends Builder<B, C>, C extends ConnectionConfiguration> {
|
||||||
private SecurityMode securityMode = SecurityMode.enabled;
|
private SecurityMode securityMode = SecurityMode.ifpossible;
|
||||||
private String keystorePath = System.getProperty("javax.net.ssl.keyStore");
|
private String keystorePath = System.getProperty("javax.net.ssl.keyStore");
|
||||||
private String keystoreType = "jks";
|
private String keystoreType = "jks";
|
||||||
private String pkcs11Library = "pkcs11.config";
|
private String pkcs11Library = "pkcs11.config";
|
||||||
|
@ -455,7 +460,7 @@ public abstract class ConnectionConfiguration {
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Sets the TLS security mode used when making the connection. By default,
|
* Sets the TLS security mode used when making the connection. By default,
|
||||||
* the mode is {@link SecurityMode#enabled}.
|
* the mode is {@link SecurityMode#ifpossible}.
|
||||||
*
|
*
|
||||||
* @param securityMode the security mode.
|
* @param securityMode the security mode.
|
||||||
* @return a reference to this builder.
|
* @return a reference to this builder.
|
||||||
|
|
Loading…
Reference in a new issue