From a60cedfdd6cd639e0df47548c97ecd376437898b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jo=C3=A3o=20Duarte?= <jsvd@users.noreply.github.com>
Date: Tue, 3 Dec 2019 17:18:09 +0000
Subject: [PATCH] Update netty and tcnative dependency

* remove CBC ciphers deemed unsafe
---
 build.gradle                                              | 4 ++--
 .../plugins/inputs/http/util/SslSimpleBuilder.java        | 8 ++------
 2 files changed, 4 insertions(+), 8 deletions(-)

diff --git a/build.gradle b/build.gradle
index 599baa31..5d13f439 100644
--- a/build.gradle
+++ b/build.gradle
@@ -22,8 +22,8 @@ dependencies {
     testCompile 'org.hamcrest:hamcrest-library:1.3'
     testCompile 'org.apache.logging.log4j:log4j-core:2.11.1'
 
-    compile 'io.netty:netty-all:4.1.30.Final'
-    compile 'io.netty:netty-tcnative-boringssl-static:2.0.12.Final'
+    compile 'io.netty:netty-all:4.1.43.Final'
+    compile 'io.netty:netty-tcnative-boringssl-static:2.0.27.Final'
     compile 'org.apache.logging.log4j:log4j-api:2.11.1'
 
 }
diff --git a/src/main/java/org/logstash/plugins/inputs/http/util/SslSimpleBuilder.java b/src/main/java/org/logstash/plugins/inputs/http/util/SslSimpleBuilder.java
index b070c16f..47e0eb50 100644
--- a/src/main/java/org/logstash/plugins/inputs/http/util/SslSimpleBuilder.java
+++ b/src/main/java/org/logstash/plugins/inputs/http/util/SslSimpleBuilder.java
@@ -29,14 +29,10 @@ public class SslSimpleBuilder implements SslBuilder {
     This list require the OpenSSl engine for netty.
     */
     public final static String[] DEFAULT_CIPHERS = new String[] {
-            "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
-            "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
             "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
+            "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
             "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
-            "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
-            "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
-            "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
-            "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256"
+            "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
     };
 
     private String[] ciphers = DEFAULT_CIPHERS;