2.0.5 change ciphers

gwttk · Jul 24, 2020 · 08cf809 · 08cf809
1 parent 2fef71e
commit 08cf809
Show file tree

Hide file tree

Showing 4 changed files with 11 additions and 7 deletions.
diff --git a/pom.xml b/pom.xml
@@ -19,7 +19,7 @@
 
 	<groupId>com.github.immueggpain</groupId>
 	<artifactId>smartproxy</artifactId>
-	<version>2.0.4</version>
+	<version>2.0.5</version>
 
 	<name>smartproxy</name>
 	<url>https://github.com/Immueggpain/forwardproto</url>

diff --git a/src/main/java/com/github/immueggpain/smartproxy/Launcher.java b/src/main/java/com/github/immueggpain/smartproxy/Launcher.java
@@ -13,7 +13,7 @@
 		subcommands = { HelpCommand.class, Smartproxy.class, SmartproxyServer.class, DedupUserrule.class })
 public class Launcher implements Callable<Void> {
 
-	public static final String VERSTR = "2.0.4";
+	public static final String VERSTR = "2.0.5";
 
 	public static void main(String[] args) {
 		int exitCode = new CommandLine(new Launcher()).setCaseInsensitiveEnumValuesAllowed(true)

diff --git a/src/main/java/com/github/immueggpain/smartproxy/Smartproxy.java b/src/main/java/com/github/immueggpain/smartproxy/Smartproxy.java
@@ -870,7 +870,8 @@ private SocketBundle create_tunnel(String server_hostname, int server_port, SSLS
 			SSLSocket cserver_s = (SSLSocket) ssf.createSocket();
 
 			// config sslsocket
-			cserver_s.setEnabledCipherSuites(new String[] { "TLS_RSA_WITH_AES_128_GCM_SHA256" });
+			cserver_s.setEnabledProtocols(SmartproxyServer.TLS_PROTOCOLS);
+			cserver_s.setEnabledCipherSuites(SmartproxyServer.TLS_CIPHERS);
 			// use small timeout first
 			cserver_s.setSoTimeout(toCltReadFromSvrSmall);
 			cserver_s.setTcpNoDelay(true);
@@ -963,7 +964,8 @@ private SocketBundle create_half_tunnel(String server_hostname, int server_port,
 			SSLSocket cserver_s = (SSLSocket) ssf.createSocket();
 
 			// config sslsocket
-			cserver_s.setEnabledCipherSuites(new String[] { "TLS_RSA_WITH_AES_128_GCM_SHA256" });
+			cserver_s.setEnabledProtocols(SmartproxyServer.TLS_PROTOCOLS);
+			cserver_s.setEnabledCipherSuites(SmartproxyServer.TLS_CIPHERS);
 			// use small timeout first
 			cserver_s.setSoTimeout(toCltReadFromSvrSmall);
 			cserver_s.setTcpNoDelay(true);

diff --git a/src/main/java/com/github/immueggpain/smartproxy/SmartproxyServer.java b/src/main/java/com/github/immueggpain/smartproxy/SmartproxyServer.java
@@ -61,6 +61,9 @@
 @Command(description = "Run server", name = "server", mixinStandardHelpOptions = true, version = Launcher.VERSTR)
 public class SmartproxyServer implements Callable<Void> {
 
+	public static final String[] TLS_CIPHERS = new String[] { "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" };
+	public static final String[] TLS_PROTOCOLS = new String[] { "TLSv1.2" };
+
 	@Option(names = { "-w", "--password" }, required = true,
 			description = "password must be same between server and client, recommend 64 bytes")
 	public String password;
@@ -131,9 +134,8 @@ public Void call() throws Exception {
 		try (SSLServerSocket ss = (SSLServerSocket) ssf.createServerSocket()) {
 
 			// config ss here
-			ss.setEnabledProtocols(new String[] { "TLSv1.2" });
-			ss.setEnabledCipherSuites(new String[] { "TLS_RSA_WITH_AES_128_GCM_SHA256" });
-			ss.setPerformancePreferences(0, 0, 1);
+			ss.setEnabledProtocols(SmartproxyServer.TLS_PROTOCOLS);
+			ss.setEnabledCipherSuites(SmartproxyServer.TLS_CIPHERS);
 			if (rcvbuf_size > 0)
 				ss.setReceiveBufferSize(rcvbuf_size);