1
0
Fork 0
mirror of https://github.com/vanitasvitae/Smack.git synced 2024-12-26 12:37:58 +01:00

Rename SecurityMode.enabled to 'ifpossible'

Using the term 'enabled' was a terriable choice from a security
perspective, as it gives the user the impression that the security is
"enabled". In fact this setting is only slightly better then
"disabled".

Make that fact clear in the javadoc too.
This commit is contained in:
Florian Schmaus 2015-02-13 17:01:09 +01:00
parent 0d19b56fbb
commit 26f4528698

View file

@ -142,7 +142,7 @@ public abstract class ConnectionConfiguration {
/**
* Returns the TLS security mode used when making the connection. By default,
* the mode is {@link SecurityMode#enabled}.
* the mode is {@link SecurityMode#ifpossible}.
*
* @return the security mode.
*/
@ -284,8 +284,13 @@ public abstract class ConnectionConfiguration {
/**
* Security via TLS encryption is used whenever it's available. This is the
* default setting.
* <p>
* <b>Do not use this setting</b> unless you can't use {@link #required}. An attacker could easily perform a
* Man-in-the-middle attack and prevent TLS from being used, leaving you with an unencrypted (and
* unauthenticated) connection.
* </p>
*/
enabled,
ifpossible,
/**
* Security via TLS encryption is disabled and only un-encrypted connections will
@ -360,7 +365,7 @@ public abstract class ConnectionConfiguration {
* @param <C> the resulting connection configuration type parameter.
*/
public static abstract class Builder<B extends Builder<B, C>, C extends ConnectionConfiguration> {
private SecurityMode securityMode = SecurityMode.enabled;
private SecurityMode securityMode = SecurityMode.ifpossible;
private String keystorePath = System.getProperty("javax.net.ssl.keyStore");
private String keystoreType = "jks";
private String pkcs11Library = "pkcs11.config";
@ -455,7 +460,7 @@ public abstract class ConnectionConfiguration {
/**
* Sets the TLS security mode used when making the connection. By default,
* the mode is {@link SecurityMode#enabled}.
* the mode is {@link SecurityMode#ifpossible}.
*
* @param securityMode the security mode.
* @return a reference to this builder.