vanitasvitae
/
Smack
mirror of https://github.com/vanitasvitae/Smack.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Rename SecurityMode.enabled to 'ifpossible' 

Using the term 'enabled' was a terriable choice from a security
perspective, as it gives the user the impression that the security is
"enabled". In fact this setting is only slightly better then
"disabled".

Make that fact clear in the javadoc too.
This commit is contained in:
Florian Schmaus 2015-02-13 17:01:09 +01:00
parent 0d19b56fbb
commit 26f4528698
1 changed files with 9 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
smack-core/src/main/java/org/jivesoftware/smack/ConnectionConfiguration.java
View File

@ -142,7 +142,7 @@ public abstract class ConnectionConfiguration {
/** /**
* Returns the TLS security mode used when making the connection. By default, * Returns the TLS security mode used when making the connection. By default,
* the mode is {@link SecurityMode#enabled}. * the mode is {@link SecurityMode#ifpossible}.
* *
* @return the security mode. * @return the security mode.
*/ */
@ -284,8 +284,13 @@ public abstract class ConnectionConfiguration {
/** /**
* Security via TLS encryption is used whenever it's available. This is the * Security via TLS encryption is used whenever it's available. This is the
* default setting. * default setting.
* <p>
* <b>Do not use this setting</b> unless you can't use {@link #required}. An attacker could easily perform a
* Man-in-the-middle attack and prevent TLS from being used, leaving you with an unencrypted (and
* unauthenticated) connection.
* </p>
*/ */
enabled, ifpossible,
/** /**
* Security via TLS encryption is disabled and only un-encrypted connections will * Security via TLS encryption is disabled and only un-encrypted connections will
@ -360,7 +365,7 @@ public abstract class ConnectionConfiguration {
* @param <C> the resulting connection configuration type parameter. * @param <C> the resulting connection configuration type parameter.
*/ */
public static abstract class Builder<B extends Builder<B, C>, C extends ConnectionConfiguration> { public static abstract class Builder<B extends Builder<B, C>, C extends ConnectionConfiguration> {
private SecurityMode securityMode = SecurityMode.enabled; private SecurityMode securityMode = SecurityMode.ifpossible;
private String keystorePath = System.getProperty("javax.net.ssl.keyStore"); private String keystorePath = System.getProperty("javax.net.ssl.keyStore");
private String keystoreType = "jks"; private String keystoreType = "jks";
private String pkcs11Library = "pkcs11.config"; private String pkcs11Library = "pkcs11.config";
@ -455,7 +460,7 @@ public abstract class ConnectionConfiguration {
/** /**
* Sets the TLS security mode used when making the connection. By default, * Sets the TLS security mode used when making the connection. By default,
* the mode is {@link SecurityMode#enabled}. * the mode is {@link SecurityMode#ifpossible}.
* *
* @param securityMode the security mode. * @param securityMode the security mode.
* @return a reference to this builder. * @return a reference to this builder.