source.dussan.org Git - tigervnc.git/commit

author	Brian P. Hinz <bphinz@users.sf.net>
	Mon, 3 Nov 2014 04:37:54 +0000 (23:37 -0500)
committer	Brian P. Hinz <bphinz@users.sf.net>
	Mon, 3 Nov 2014 04:37:54 +0000 (23:37 -0500)
commit	e20370827bf9441c91de0baeb696a4cf9d6f75a6
tree	f9b4487e743dab698a54e6c1011e868bb68683eb	tree \| snapshot
parent	a6d6dbb5b003025ba43acdc2c71248375c5af275	commit \| diff

Major overhaul of SSLEngineManager

The SSLEngineManager was basically an abomination. The work is now
done as it should be, with the buffers being fed and the engine
deciding when data is consumed or produced. The engine should be
much more robust now as well.

Additionally, although JRE 7 supports the TLSv1.1 and TLSv1.2
protocols, they are not actually enabled by default. The JSSE
reference cites compatibility reasons for this but this doesn't
appear to be the case with the TigerVNC server and they will be
enabled by default in JRE 8.

The regular expression for enabling anonymous DH cipher suites
was too narrow and excluded the elliptic curve ciphers, which
are now ordered ahead of the ephemeral ciphers by the default
security provider.

Lastly, increase the size of the buffer in FdOutStream from 8Kb
to 16Kb. I'm not sure why FdInStream and FdOutStream were
asymmetric to begin with, but 16Kb is the default size for TLS
packets and there seems to be now negative effects on plain
text connections.

java/com/tigervnc/network/SSLEngineManager.java		diff \| blob \| history
java/com/tigervnc/rdr/FdInStream.java		diff \| blob \| history
java/com/tigervnc/rdr/FdOutStream.java		diff \| blob \| history
java/com/tigervnc/rfb/CSecurityTLS.java		diff \| blob \| history