From 80a27cc56621ad6467ef6a5406d98f2b1d96cb57 Mon Sep 17 00:00:00 2001 From: Pierre-Marie Padiou Date: Thu, 3 Oct 2019 15:01:10 +0200 Subject: [PATCH] Update netty dependency to 4.1.32 (#1160) Also: * explicitely set endpoint identification algorithm in strict mode * force TLS protocols 1.2/1.3 in strict mode Co-Authored-By: Bastien Teinturier <31281497+t-bast@users.noreply.github.com> --- eclair-core/pom.xml | 2 +- .../acinq/eclair/blockchain/electrum/ElectrumClient.scala | 7 ++++++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/eclair-core/pom.xml b/eclair-core/pom.xml index 21478aa0e..8655ac291 100644 --- a/eclair-core/pom.xml +++ b/eclair-core/pom.xml @@ -147,7 +147,7 @@ io.netty netty-all - 4.1.32.Final + 4.1.42.Final diff --git a/eclair-core/src/main/scala/fr/acinq/eclair/blockchain/electrum/ElectrumClient.scala b/eclair-core/src/main/scala/fr/acinq/eclair/blockchain/electrum/ElectrumClient.scala index b60662583..2da34e01f 100644 --- a/eclair-core/src/main/scala/fr/acinq/eclair/blockchain/electrum/ElectrumClient.scala +++ b/eclair-core/src/main/scala/fr/acinq/eclair/blockchain/electrum/ElectrumClient.scala @@ -67,7 +67,12 @@ class ElectrumClient(serverAddress: InetSocketAddress, ssl: SSL)(implicit val ec case SSL.OFF => () case SSL.STRICT => val sslCtx = SslContextBuilder.forClient.build - ch.pipeline.addLast(sslCtx.newHandler(ch.alloc(), serverAddress.getHostName, serverAddress.getPort)) + val handler = sslCtx.newHandler(ch.alloc(), serverAddress.getHostName, serverAddress.getPort) + val sslParameters = handler.engine().getSSLParameters + sslParameters.setEndpointIdentificationAlgorithm("HTTPS") + handler.engine().setSSLParameters(sslParameters) + handler.engine().setEnabledProtocols(Array[String]("TLSv1.2", "TLSv1.3")) + ch.pipeline.addLast(handler) case SSL.LOOSE => // INSECURE VERSION THAT DOESN'T CHECK CERTIFICATE val sslCtx = SslContextBuilder.forClient().trustManager(InsecureTrustManagerFactory.INSTANCE).build()