From d7130c15ccf537d6039a6dc50c06c49adcc2fa27 Mon Sep 17 00:00:00 2001
From: zzz <zzz@mail.i2p>
Date: Thu, 23 Oct 2014 15:32:07 +0000
Subject: [PATCH] SSL: Don't prohibit SSLv3 ciphers if that's all we have

---
 core/java/src/net/i2p/util/I2PSSLSocketFactory.java | 11 +++++++++--
 history.txt                                         |  7 +++++++
 router/java/src/net/i2p/router/RouterVersion.java   |  2 +-
 3 files changed, 17 insertions(+), 3 deletions(-)

diff --git a/core/java/src/net/i2p/util/I2PSSLSocketFactory.java b/core/java/src/net/i2p/util/I2PSSLSocketFactory.java
index 5f5981c8b3..ba292394a7 100644
--- a/core/java/src/net/i2p/util/I2PSSLSocketFactory.java
+++ b/core/java/src/net/i2p/util/I2PSSLSocketFactory.java
@@ -261,8 +261,15 @@ public class I2PSSLSocketFactory {
      * @since 0.9.16
      */
     public static void setProtocolsAndCiphers(SSLServerSocket socket) {
-        socket.setEnabledProtocols(selectProtocols(socket.getEnabledProtocols(),
-                                                   socket.getSupportedProtocols()));
+        String[] p = selectProtocols(socket.getEnabledProtocols(),
+                                     socket.getSupportedProtocols());
+        for (int i = 0; i < p.length; i++) {
+            // if we left SSLv3 in there, we don't support TLS,
+            // so we should't remove the SSL ciphers
+            if (p.equals("SSLv3"))
+                return;
+        }
+        socket.setEnabledProtocols(p);
         socket.setEnabledCipherSuites(selectCipherSuites(socket.getEnabledCipherSuites(),
                                                          socket.getSupportedCipherSuites()));
     }
diff --git a/history.txt b/history.txt
index aab955f8da..18dd3784e4 100644
--- a/history.txt
+++ b/history.txt
@@ -1,3 +1,10 @@
+2014-10-23 zzz
+ * SessionKeyManager:
+   - Raise inbound limit
+   - Delete oldest tagsets when limit is hit
+   - Don't delete recent tagsets when limit is hit
+ * SSL: Don't prohibit SSLv3 ciphers if that's all we have
+
 2014-10-20 zzz
  * Console: Fix lockups (ticket #1395)
  * Eepsite Jetty: Switch back to QueuedThreadPool (ticket #1395)
diff --git a/router/java/src/net/i2p/router/RouterVersion.java b/router/java/src/net/i2p/router/RouterVersion.java
index affa6f41b1..25340f779d 100644
--- a/router/java/src/net/i2p/router/RouterVersion.java
+++ b/router/java/src/net/i2p/router/RouterVersion.java
@@ -18,7 +18,7 @@ public class RouterVersion {
     /** deprecated */
     public final static String ID = "Monotone";
     public final static String VERSION = CoreVersion.VERSION;
-    public final static long BUILD = 14;
+    public final static long BUILD = 15;
 
     /** for example "-test" */
     public final static String EXTRA = "-rc";