diff --git a/project.clj b/project.clj index 487b7efe..4410e216 100644 --- a/project.clj +++ b/project.clj @@ -18,4 +18,5 @@ :integration :integration :all (constantly true)} :aliases {"all" ["with-profile" "dev,1.2:dev,1.3:dev:1.5,dev"]} - :checksum-deps true) + :checksum-deps true + ) diff --git a/src/clj_http/lite/NoDHSocketFactory.clj b/src/clj_http/lite/NoDHSocketFactory.clj new file mode 100644 index 00000000..5d0dbe68 --- /dev/null +++ b/src/clj_http/lite/NoDHSocketFactory.clj @@ -0,0 +1,32 @@ +(ns clj-http.lite.NoDHSocketFactory + (:import (javax.net.ssl SSLSocket SSLSocketFactory) + (java.net Socket))) + +(defn strip-dh-suites + "Remove cipher suites containing 'DH'" + [suites] + (into-array String (filter #(not (or (re-find #"_DHE_" %) + (re-find #"_DH_" %) + (re-find #"_ECDH_" %) + (re-find #"_ECDHE_" %))) suites))) + +(defn set-cipher-suites [s sf] + (.setEnabledCipherSuites s (strip-dh-suites (.getSupportedCipherSuites sf))) + s) + +(defn no-dhs-socket-factory [sf] + (proxy [SSLSocketFactory] [] + (createSocket + ([] + (doto (.createSocket sf) + (set-cipher-suites sf))) + ([host port] + (doto (.createSocket sf host port) + (set-cipher-suites sf))) + ([host port local-host local-port] + (doto (.createSocket sf host port local-host local-port) + (set-cipher-suites sf)))) + (getDefaultCipherSuites [] + (.getDefaultCipherSuites sf)) + (getSupportedCipherSuites [] + (.getSupportedCipherSuites sf)))) diff --git a/src/clj_http/lite/core.clj b/src/clj_http/lite/core.clj index b0c73b42..68bd3698 100644 --- a/src/clj_http/lite/core.clj +++ b/src/clj_http/lite/core.clj @@ -1,8 +1,10 @@ (ns clj-http.lite.core "Core HTTP request/response implementation." - (:require [clojure.java.io :as io]) + (:require [clojure.java.io :as io] + [clj-http.lite.NoDHSocketFactory]) (:import (java.io ByteArrayOutputStream InputStream IOException) - (java.net URI URL HttpURLConnection))) + (java.net URI URL HttpURLConnection) + (javax.net.ssl HttpsURLConnection))) (defn parse-headers "Takes a URLConnection and returns a map of names to values. @@ -39,6 +41,17 @@ (.flush baos) (.toByteArray baos))))) +(defn- get-connection [^URL url] + "Wrap .openConnection to " + (let [conn (.openConnection url)] + (if (instance? HttpsURLConnection conn) + (doto conn + (.setSSLSocketFactory + (clj-http.lite.NoDHSocketFactory/no-dhs-socket-factory + (.getSSLSocketFactory conn)))) + conn))) + + (defn request "Executes the HTTP request corresponding to the given Ring request map and returns the Ring response map corresponding to the resulting HTTP response. @@ -52,7 +65,7 @@ (when server-port (str ":" server-port)) uri (when query-string (str "?" query-string))) - conn (.openConnection ^URL (URL. http-url))] + conn (get-connection ^URL (URL. http-url))] (when (and content-type character-encoding) (.setRequestProperty conn "Content-Type" (str content-type "; charset="