From 2c0555f90ecb61a068754569e2624a6569b89a2c Mon Sep 17 00:00:00 2001
From: Fabrice Bacchella <fbacchella@spamcop.net>
Date: Fri, 15 May 2015 16:36:45 -0400
Subject: [PATCH] A patch that allows to extract a new user informations from the HTTP session if the webapp container can fill it.

---
 src/main/java/com/gitblit/GitblitSslContextFactory.java |   23 ++---------------------
 1 files changed, 2 insertions(+), 21 deletions(-)

diff --git a/src/main/java/com/gitblit/GitblitSslContextFactory.java b/src/main/java/com/gitblit/GitblitSslContextFactory.java
index 2a4735e..bda92af 100644
--- a/src/main/java/com/gitblit/GitblitSslContextFactory.java
+++ b/src/main/java/com/gitblit/GitblitSslContextFactory.java
@@ -47,33 +47,14 @@
 
 		this.caRevocationList = caRevocationList;
 
-		// disable renegotiation unless this is a patched JVM
-		boolean allowRenegotiation = false;
-		String v = System.getProperty("java.version");
-		if (v.startsWith("1.7")) {
-			allowRenegotiation = true;
-		} else if (v.startsWith("1.6")) {
-			// 1.6.0_22 was first release with RFC-5746 implemented fix.
-			if (v.indexOf('_') > -1) {
-				String b = v.substring(v.indexOf('_') + 1);
-				if (Integer.parseInt(b) >= 22) {
-					allowRenegotiation = true;
-				}
-			}
-		}
-		if (allowRenegotiation) {
-			logger.info("   allowing SSL renegotiation on Java " + v);
-			setAllowRenegotiate(allowRenegotiation);
-		}
-
-
 		if (!StringUtils.isEmpty(certAlias)) {
 			logger.info("   certificate alias = " + certAlias);
 			setCertAlias(certAlias);
 		}
 		setKeyStorePassword(storePassword);
-		setTrustStore(clientTrustStore.getAbsolutePath());
+		setTrustStorePath(clientTrustStore.getAbsolutePath());
 		setTrustStorePassword(storePassword);
+		addExcludeProtocols("SSLv3");
 
 		logger.info("   keyStorePath   = " + keyStore.getAbsolutePath());
 		logger.info("   trustStorePath = " + clientTrustStore.getAbsolutePath());

--
Gitblit v1.9.1