Refine search
public ServerSocket createSSLServerSocket(int port, int backlog, InetAddress inetAddress) throws IOException { this.initSSLContext(); SSLServerSocketFactory serverSocketFactory = this.sslContext.getServerSocketFactory(); SSLServerSocket serverSocket = (SSLServerSocket) serverSocketFactory.createServerSocket(port, backlog, inetAddress); if (this.jsseSecurityDomain.getProtocols() != null){ serverSocket.setEnabledProtocols(this.jsseSecurityDomain.getProtocols()); } if (this.jsseSecurityDomain.getCipherSuites() != null){ serverSocket.setEnabledCipherSuites(this.jsseSecurityDomain.getCipherSuites()); } if (this.jsseSecurityDomain.isClientAuth() || this.require_mutual_auth){ serverSocket.setNeedClientAuth(true); } else { serverSocket.setWantClientAuth(this.request_mutual_auth); } return serverSocket; }
@Override public ServerSocket create() throws IOException { SSLServerSocket ss = null; ss = (SSLServerSocket) this.sslServerSocketFactory.createServerSocket(); if (this.sslProtocols != null) { ss.setEnabledProtocols(this.sslProtocols); } else { ss.setEnabledProtocols(ss.getSupportedProtocols()); } ss.setUseClientMode(false); ss.setWantClientAuth(false); ss.setNeedClientAuth(false); return ss; }
ServerSocketFactory f = SSLServerSocketFactory.getDefault(); SSLServerSocket secureSocket; if (bindAddress == null) { secureSocket = (SSLServerSocket) f.createServerSocket(port, 0, bindAddress); secureSocket.setEnabledProtocols( disableSSL(secureSocket.getEnabledProtocols())); if (SysProperties.ENABLE_ANONYMOUS_TLS) { String[] list = enableAnonymous( secureSocket.getEnabledCipherSuites(), secureSocket.getSupportedCipherSuites()); secureSocket.setEnabledCipherSuites(list);
public void configure(final SSLContext context, final SSLServerSocket sslServerSocket) { sslServerSocket.setUseClientMode(clientMode); final SSLParameters sslParameters = sslServerSocket.getSSLParameters(); configure(sslParameters, sslServerSocket.getSupportedProtocols(), sslServerSocket.getSupportedCipherSuites()); sslServerSocket.setSSLParameters(sslParameters); }
public void setSSLParameters(final SSLContext sslContext, final SSLServerSocket sslServerSocket, final SSLParameters parameters) { sslServerSocket.setSSLParameters(redefine(parameters, sslServerSocket.getSupportedCipherSuites(), sslServerSocket.getSupportedProtocols())); }
SSLContext sslContext = SSLContext.getInstance("TLSv1.2"); sslContext.init(null, null, null); SSLServerSocket ss = (SSLServerSocket) sslContext.getServerSocketFactory().createServerSocket(12345); ss.setEnabledCipherSuites(cipherSuites); ss.setWantClientAuth(false); SSLSocket s = (SSLSocket) sslContext.getSocketFactory().createSocket(); s.setEnabledCipherSuites(cipherSuites); SSLSession session = s.getSession(); System.out.println("Client: Session secured with P: " + session.getProtocol() + " CS: " + session.getCipherSuite());
.build(); Assert.assertNotNull(clientSslContext); final SSLServerSocket serverSocket = (SSLServerSocket) serverSslContext.getServerSocketFactory().createServerSocket(); serverSocket.setNeedClientAuth(true); serverSocket.bind(new InetSocketAddress(0)); final int localPort = serverSocket.getLocalPort(); try (final SSLSocket clientSocket = (SSLSocket) clientSslContext.getSocketFactory().createSocket()) { clientSocket.connect(new InetSocketAddress("localhost", localPort), TIMEOUT.toMillisIntBound()); clientSocket.setSoTimeout(TIMEOUT.toMillisIntBound()); clientSocket.startHandshake(); final InputStream inputStream = clientSocket.getInputStream(); Assert.assertEquals(-1, inputStream.read());
trustManager.init(clientPub); SSLContext ssl = SSLContext.getInstance("TLS"); ssl.init(serverKeyManager.getKeyManagers(), trustManager.getTrustManagers(), SecureRandom.getInstance(commonServices.tlsParingAlgo)); serverSock = (SSLServerSocket) ssl.getServerSocketFactory() .createServerSocket( Integer.parseInt(commonServices.syslogPort)); serverSock.setNeedClientAuth(true); while (ConfigurationChangeImpl.collectThreadSecured) { socket = (SSLSocket) serverSock.accept(); new ClientHandlerTLS(socket).start(); try { if (serverSock != null) serverSock.close(); if (socket != null) socket.close(); } catch (IOException e) { LOG.error("IO Exception while closing connection from secured Logcollector :: "
KeyStore trustStore = KeyStore.getInstance("JKS"); InputStream tsis = new FileInputStream("trustedcerts.jks"); trustStore.load(tsis, "clientpublicpw".toCharArray()); tsis.close(); KeyStore serverKeyStore = KeyStore.getInstance("JKS"); InputStream ksis = new FileInputStream("server.jks"); clientKeyStore.load(ksis.close(), "serverprivatepw".toCharArray()); ksis.close(); TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); tmf.init(trustStore); KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); kmf.init(serverKeyStore, "serverprivatepw".toCharArray()); SSLContext sslContext = SSLContext.getInstance("TLS"); sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); SSLServerSocketFactory sf = sslContext.getServerSocketFactory(); SSLServerSocket ss = (SSLServerSocket)sf.createServerSocket(SslServer.PORT); ss.setNeedClientAuth(true);
.build(); Assert.assertNotNull(clientSslContext); final SSLServerSocket serverSocket = (SSLServerSocket) serverSslContext.getServerSocketFactory().createServerSocket(); final Set<String> supportedServerProtocols = new LinkedHashSet<>(Arrays.asList(serverSocket.getSupportedProtocols())); Assert.assertTrue(supportedServerProtocols.contains("TLSv1")); serverSocket.setEnabledProtocols(new String[] {"TLSv1"}); serverSocket.bind(new InetSocketAddress(0)); final int localPort = serverSocket.getLocalPort(); try (final SSLSocket clientSocket = (SSLSocket) clientSslContext.getSocketFactory().createSocket()) { final Set<String> supportedClientProtocols = new LinkedHashSet<>(Arrays.asList(clientSocket.getSupportedProtocols())); Assert.assertTrue(supportedClientProtocols.contains("SSLv3")); clientSocket.setEnabledProtocols(new String[] {"SSLv3"} ); clientSocket.connect(new InetSocketAddress("localhost", localPort), TIMEOUT.toMillisIntBound()); clientSocket.setSoTimeout(TIMEOUT.toMillisIntBound()); clientSocket.startHandshake();
public SSLServerSocket newSslServerSocket(String host,int port,int backlog) throws IOException { SSLServerSocketFactory factory = sslContext.getServerSocketFactory(); SSLServerSocket socket = (SSLServerSocket) (host==null ? factory.createServerSocket(port, backlog): factory.createServerSocket(port, backlog, InetAddress.getByName(host))); if (sslConfig.getWantClientAuth()) socket.setWantClientAuth(sslConfig.getWantClientAuth()); if (sslConfig.getNeedClientAuth()) socket.setNeedClientAuth(sslConfig.getNeedClientAuth()); socket.setEnabledCipherSuites(selectCipherSuites(socket.getEnabledCipherSuites(), socket.getSupportedCipherSuites())); socket.setEnabledProtocols(selectProtocols(socket.getEnabledProtocols(),socket.getSupportedProtocols())); return socket; }
private ServerSocket createServerSocket() throws IOException { final InetAddress inetAddress = hostname == null ? null : InetAddress.getByName(hostname); if (sslContext == null) { return new ServerSocket(port, 50, InetAddress.getByName(hostname)); } else { final ServerSocket serverSocket = sslContext.getServerSocketFactory().createServerSocket(port, 50, inetAddress); ((SSLServerSocket) serverSocket).setNeedClientAuth(true); return serverSocket; } }
public static SSLServerSocket getServerSocket(EncryptionOptions options, InetAddress address, int port) throws IOException { SSLContext ctx = createSSLContext(options, true); SSLServerSocket serverSocket = (SSLServerSocket)ctx.getServerSocketFactory().createServerSocket(); serverSocket.setReuseAddress(true); String[] suits = filterCipherSuites(serverSocket.getSupportedCipherSuites(), options.cipher_suites); serverSocket.setEnabledCipherSuites(suits); serverSocket.setNeedClientAuth(options.require_client_auth); serverSocket.setEnabledProtocols(ACCEPTED_PROTOCOLS); serverSocket.bind(new InetSocketAddress(address, port), 500); return serverSocket; }
/** * Builds a new ServerSocket * @return SSLServerSocket */ public SSLServerSocket buildServerSocket() throws CertificateException, UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException, IOException { // Get socket final SSLServerSocket s = (SSLServerSocket) build().getServerSocketFactory().createServerSocket(port); // Set protocols s.setEnabledProtocols(TLS.getUsable(TLS.TLS_PROTOCOLS, s.getSupportedProtocols())); s.setEnabledCipherSuites(TLS.getUsable(TLS.TLS_CIPHER_SUITES, s.getSupportedCipherSuites())); return s; } }
if (spi.isSslEnabled()) { SSLServerSocket sslSock = (SSLServerSocket)spi.sslSrvSockFactory .createServerSocket(port, 0, spi.locHost); sslSock.setNeedClientAuth(true);
/** * Configure the SSLServerSocket based on this SocketCreator's settings. */ private void finishServerSocket(SSLServerSocket serverSocket) throws IOException { serverSocket.setUseClientMode(false); if (this.sslConfig.isRequireAuth()) { // serverSocket.setWantClientAuth( true ); serverSocket.setNeedClientAuth(true); } serverSocket.setEnableSessionCreation(true); // restrict protocols String[] protocols = this.sslConfig.getProtocolsAsStringArray(); if (!"any".equalsIgnoreCase(protocols[0])) { serverSocket.setEnabledProtocols(protocols); } // restrict ciphers String[] ciphers = this.sslConfig.getCiphersAsStringArray(); if (!"any".equalsIgnoreCase(ciphers[0])) { serverSocket.setEnabledCipherSuites(ciphers); } }
ServerSocketFactory sf = SSLServerSocketFactory.getDefault(); final SSLServerSocket socket = (SSLServerSocket)sf.createServerSocket(443); System.out.println(Arrays.toString(socket.getSupportedCipherSuites())); System.out.println(Arrays.toString(socket.getEnabledCipherSuites())); socket.setEnabledCipherSuites(new String[] {"SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA"}); Thread t = new Thread() { public void run() { try { Socket client = socket.accept(); client.getOutputStream().write("Hello World\n".getBytes("ASCII")); client.close(); } catch (IOException ioe) { } } }; t.start(); Thread.sleep(2000); SSLSocket client = (SSLSocket) SSLSocketFactory.getDefault().createSocket("localhost", 443); client.setEnabledCipherSuites(new String[] {"SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA"}); InputStream in = client.getInputStream(); byte[] data = new byte[1024]; int len = in.read(data); System.out.println(new String(data, 0, len));
/** Sets relevant socket options specified in encryption settings */ private static void prepareSocket(SSLServerSocket serverSocket, EncryptionOptions options) { String[] suites = filterCipherSuites(serverSocket.getSupportedCipherSuites(), options.cipher_suites); if(options.require_endpoint_verification) { SSLParameters sslParameters = serverSocket.getSSLParameters(); sslParameters.setEndpointIdentificationAlgorithm("HTTPS"); serverSocket.setSSLParameters(sslParameters); } serverSocket.setEnabledCipherSuites(suites); serverSocket.setNeedClientAuth(options.require_client_auth); }
@Test public void testCipherSuitesFromConfigFile() throws Exception { File configFile = createDefaultConfigFile(); try { TlsConfiguration tlsConfiguration = new TlsConfiguration(DEFAULT_KEYSTORE); tlsConfiguration.initialise(true, JSSE_NAMESPACE); SSLSocket socket = (SSLSocket) tlsConfiguration.getSocketFactory().createSocket(); SSLServerSocket serverSocket = (SSLServerSocket) tlsConfiguration.getServerSocketFactory().createServerSocket(); assertArrayEquals(new String[] {SUPPORTED_CIPHER_SUITE}, socket.getEnabledCipherSuites()); assertArrayEquals(new String[] {SUPPORTED_CIPHER_SUITE}, serverSocket.getEnabledCipherSuites()); } finally { configFile.delete(); } }
/** * Select protocols and cipher suites to be used * based on configured inclusion and exclusion lists * as well as enabled and supported protocols and cipher suites. * * Adapted from Jetty SslContextFactory.java * * @since 0.9.16 */ public static void setProtocolsAndCiphers(SSLServerSocket socket) { String[] p = selectProtocols(socket.getEnabledProtocols(), socket.getSupportedProtocols()); for (int i = 0; i < p.length; i++) { // if we left SSLv3 in there, we don't support TLS, // so we should't remove the SSL ciphers if (p[i].equals("SSLv3")) return; } socket.setEnabledProtocols(p); socket.setEnabledCipherSuites(selectCipherSuites(socket.getEnabledCipherSuites(), socket.getSupportedCipherSuites())); }