Added option to disable using of SSLv2Hello and SSLv3 protocols.

README.md

@@ -61,4 +61,5 @@ There are a few more options :
   - logfile : send logs to this file instead of stdout
   - logfilesize : maximum size of each log file (default 10M)
   - logfilenumber : number of rotated log files (default 5)
+  - disableLegacySSL : disable using SSLv2Hello and SSLv3 protocols
 

src/main/java/info/fetter/logstashforwarder/Forwarder.java

@@ -67,6 +67,7 @@ public class Forwarder {
 	private static String logfileSize = "10MB";
 	private static int logfileNumber = 5;
 	private static String sincedbFile = SINCEDB;
+	private static boolean legacySslDisabled = false;
 
 	public static void main(String[] args) {
 		try {
@@ -154,6 +155,7 @@ static void parseOptions(String[] args) {
 		Option debugWatcherOption = new Option("debugwatcher", "operate watcher in debug mode");
 		Option traceOption = new Option("trace", "operate in trace mode");
 		Option tailOption = new Option("tail", "read new files from the end");
+		Option disableLegacySSL = new Option("disableLegacySSL", "disable using SSLv2Hello and SSLv3 protocols");
 
 		Option spoolSizeOption = OptionBuilder.withArgName("number of events")
 				.hasArg()
@@ -202,7 +204,8 @@ static void parseOptions(String[] args) {
 		.addOption(logfileOption)
 		.addOption(logfileNumberOption)
 		.addOption(logfileSizeOption)
-		.addOption(sincedbOption);
+		.addOption(sincedbOption)
+		.addOption(disableLegacySSL);
 
 		CommandLineParser parser = new GnuParser();
 		try {
@@ -246,13 +249,16 @@ static void parseOptions(String[] args) {
 			if(line.hasOption("sincedb")) {
 				sincedbFile = line.getOptionValue("sincedb");
 			}
+			if(line.hasOption("disableLegacySSL")) {
+				legacySslDisabled = true;
+			}
 		} catch(ParseException e) {
 			printHelp(options);
-			System.exit(1);;
+			System.exit(1);
 		} catch(NumberFormatException e) {
 			System.err.println("Value must be an integer");
 			printHelp(options);
-			System.exit(2);;
+			System.exit(2);
 		}
 	}
 
@@ -284,4 +290,7 @@ private static void setupLogging() throws IOException {
 		//			Logger.getLogger(FileReader.class).setAdditivity(false);
 	}
 
+	public static boolean isLegacySslDisabled() {
+		return legacySslDisabled;
+	}
 }

src/main/java/info/fetter/logstashforwarder/protocol/LumberjackClient.java

@@ -18,6 +18,7 @@
  */
 
 import info.fetter.logstashforwarder.Event;
+import info.fetter.logstashforwarder.Forwarder;
 import info.fetter.logstashforwarder.ProtocolAdapter;
 import info.fetter.logstashforwarder.util.AdapterException;
 
@@ -32,9 +33,7 @@
 import java.net.ProtocolException;
 import java.net.Socket;
 import java.security.KeyStore;
-import java.util.ArrayList;
-import java.util.List;
-import java.util.Map;
+import java.util.*;
 import java.util.zip.Deflater;
 
 import javax.net.ssl.SSLContext;
@@ -88,6 +87,15 @@ public LumberjackClient(String keyStorePath, String server, int port, int timeou
 			socket.connect(new InetSocketAddress(InetAddress.getByName(server), port), timeout);
 			socket.setSoTimeout(timeout);
 			sslSocket = (SSLSocket)socketFactory.createSocket(socket, server, port, true);
+			if(Forwarder.isLegacySslDisabled()) {
+                String[] protocols = sslSocket.getEnabledProtocols();
+                Set<String> set = new HashSet<String>();
+                for (String s : protocols) {
+                    if (s.equals("SSLv3") || s.equals("SSLv2Hello")) continue;
+                    set.add(s);
+                }
+                sslSocket.setEnabledProtocols(set.toArray(new String[0]));
+            }
 			sslSocket.setUseClientMode(true);
 			sslSocket.startHandshake();