From f7b8c123e2cec8f0f8601d0c5b63a17821d9d9bc Mon Sep 17 00:00:00 2001
From: Mattias Ellert <mattias.ellert@physics.uu.se>
Date: Mon, 12 Nov 2018 10:02:07 +0100
Subject: [PATCH 2/2] Remove unused
 FORCE_SSLV3_AND_CONSTRAIN_CIPHERSUITES_FOR_GRAM option This has not been in
 use since commit c9eeba1 (Jan 2011)

---
 .../org/globus/gsi/gssapi/GSSConstants.java   |  9 ----
 .../gsi/gssapi/GlobusGSSContextImpl.java      | 42 +++----------------
 2 files changed, 5 insertions(+), 46 deletions(-)

diff --git a/gss/src/main/java/org/globus/gsi/gssapi/GSSConstants.java b/gss/src/main/java/org/globus/gsi/gssapi/GSSConstants.java
index cd1e9ed..15d85e7 100644
--- a/gss/src/main/java/org/globus/gsi/gssapi/GSSConstants.java
+++ b/gss/src/main/java/org/globus/gsi/gssapi/GSSConstants.java
@@ -107,13 +107,6 @@ public abstract class GSSConstants {
      */
     public static final Oid AUTHZ_REQUIRED_WITH_DELEGATION;
 
-    /** Context option. It is set to a Boolean value and if true,
-     * the GSI/GSSAPI layer will force the underlying SSL/TLS to
-     * use SSLv3 and a narrow set of cipher suites so communication
-     * with GRAM servers can succeed.
-     */
-    public static final Oid FORCE_SSLV3_AND_CONSTRAIN_CIPHERSUITES_FOR_GRAM;
-
     /** Quality-of-Protection (QOP) value, indicates large block size support.
      * Can be passed to <code>wrap</code> or set by <code>unwrap</code>
      * methods  */
@@ -139,8 +132,6 @@ public abstract class GSSConstants {
 	    RECEIVED_LIMITED_PROXY = new Oid("1.3.6.1.4.1.3536.1.1.21");
 	    AUTHZ_REQUIRED_WITH_DELEGATION =
                 new Oid("1.3.6.1.4.1.3536.1.1.22");
-	    FORCE_SSLV3_AND_CONSTRAIN_CIPHERSUITES_FOR_GRAM =
-                new Oid("1.3.6.1.4.1.3536.1.1.23");
 	} catch (Exception e) {
 	    throw new RuntimeException(e.getMessage());
 	}
diff --git a/gss/src/main/java/org/globus/gsi/gssapi/GlobusGSSContextImpl.java b/gss/src/main/java/org/globus/gsi/gssapi/GlobusGSSContextImpl.java
index 48d23cc..d31662e 100644
--- a/gss/src/main/java/org/globus/gsi/gssapi/GlobusGSSContextImpl.java
+++ b/gss/src/main/java/org/globus/gsi/gssapi/GlobusGSSContextImpl.java
@@ -142,13 +142,6 @@ public class GlobusGSSContextImpl implements ExtendedGSSContext {
     private static final String [] NO_ENCRYPTION =
                     {"SSL_RSA_WITH_NULL_SHA", "SSL_RSA_WITH_NULL_MD5"};
 
-    // TODO: Delete these once GRAM server is fixed and we no longer
-    //       would be talking to old GRAM servers.
-    private static final String [] GRAM_ENCRYPTION_CIPHER_SUITES =
-		{"SSL_RSA_WITH_3DES_EDE_CBC_SHA"};
-    private static final String [] GRAM_NO_ENCRYPTION_CIPHER_SUITES =
-		{"SSL_RSA_WITH_NULL_SHA"};
-
     private static final byte[] DELEGATION_TOKEN = new byte[] {GSIConstants.DELEGATION_CHAR};
 
     private static final int
@@ -212,8 +205,6 @@ public class GlobusGSSContextImpl implements ExtendedGSSContext {
     protected Boolean requireClientAuth = Boolean.TRUE;
     protected Boolean acceptNoClientCerts = Boolean.FALSE;
     protected Boolean requireAuthzWithDelegation = Boolean.TRUE;
-    protected Boolean forceSSLv3AndConstrainCipherSuitesForGram =
-                                      Boolean.FALSE;
 
     // *** implementation-specific variables ***
 
@@ -1310,20 +1301,12 @@ done:      do {
 
         ArrayList<String> cs = new ArrayList();
         if (this.encryption) {
-            if (this.forceSSLv3AndConstrainCipherSuitesForGram.booleanValue())
-                for (String cipherSuite : GRAM_ENCRYPTION_CIPHER_SUITES)
-                    cs.add(cipherSuite);
-            else // Simply retain the default-enabled Cipher Suites
-               cs.addAll(Arrays.asList(this.sslEngine.getEnabledCipherSuites()));
+            // Simply retain the default-enabled Cipher Suites
+            cs.addAll(Arrays.asList(this.sslEngine.getEnabledCipherSuites()));
         } else {
-            if (this.forceSSLv3AndConstrainCipherSuitesForGram.booleanValue())
-                for (String cipherSuite : GRAM_NO_ENCRYPTION_CIPHER_SUITES)
-                    cs.add(cipherSuite);
-            else {
-               for (String cipherSuite : NO_ENCRYPTION)
-                   cs.add(cipherSuite);
-               cs.addAll(Arrays.asList(this.sslEngine.getEnabledCipherSuites()));
-            }
+            for (String cipherSuite : NO_ENCRYPTION)
+                cs.add(cipherSuite);
+            cs.addAll(Arrays.asList(this.sslEngine.getEnabledCipherSuites()));
         }
         cs.removeAll(Arrays.asList(bannedCiphers));
         String[] testSuite = new String[0];
@@ -2225,18 +2208,6 @@ done:      do {
         this.acceptNoClientCerts = (Boolean)value;
     }
 
-    protected void setForceSslV3AndConstrainCipherSuitesForGram(
-                             Object value)
-        throws GSSException {
-        if (!(value instanceof Boolean)) {
-            throw new GlobusGSSException(GSSException.FAILURE,
-                                         GlobusGSSException.BAD_OPTION_TYPE,
-                                         "badType",
-                                         new Object[] {"adjust cipher suites for GRAM", Boolean.class});
-        }
-        this.forceSSLv3AndConstrainCipherSuitesForGram = (Boolean)value;
-    }
-
 /*DEL
     protected void setGrimPolicyHandler(Object value)
         throws GSSException {
@@ -2319,9 +2290,6 @@ done:      do {
         } else if (option.equals(GSSConstants
                                  .AUTHZ_REQUIRED_WITH_DELEGATION)) {
             setRequireAuthzWithDelegation(value);
-        } else if (option.equals(GSSConstants
-                     .FORCE_SSLV3_AND_CONSTRAIN_CIPHERSUITES_FOR_GRAM)) {
-            setForceSslV3AndConstrainCipherSuitesForGram(value);
         } else {
             throw new GlobusGSSException(GSSException.FAILURE,
                                          GlobusGSSException.UNKNOWN_OPTION,
-- 
2.19.1