@Override public String[] getEnabledCipherSuites() { return engine.getEnabledCipherSuites(); }
@Override public String[] getEnabledCipherSuites() { return delegate.getEnabledCipherSuites(); }
@Override public String[] getEnabledCipherSuites() { return delegate.getEnabledCipherSuites(); }
@Override public String[] getEnabledCipherSuites() { return engine.getEnabledCipherSuites(); }
public String[] getEnabledCipherSuites() { return delegate.getEnabledCipherSuites(); }
@Override public String[] getEnabledCipherSuites() { return engine.getEnabledCipherSuites(); }
public String[] getEnabledCipherSuites() { return currentRef.get().getEnabledCipherSuites(); }
public String[] getEnabledCipherSuites() { return currentRef.get().getEnabledCipherSuites(); }
public String[] getEnabledCipherSuites() { return currentRef.get().getEnabledCipherSuites(); }
/** * Returns the names of all encryption cipher suites that are enabled by default. * * @return An array of cipher suite names. Not expected to be empty. */ public static List<String> getDefaultCipherSuites() throws NoSuchAlgorithmException, KeyManagementException { // TODO Might want to cache the result. It's unlikely to change at runtime. final SSLContext context = SSLContext.getInstance( "TLSv1" ); context.init( null, null, null ); return Arrays.asList( context.createSSLEngine().getEnabledCipherSuites() ); }
@Override public ByteChannel wrapChannel( SocketChannel channel, SelectionKey key ) throws IOException { SSLEngine e = sslcontext.createSSLEngine(); /* * See https://github.com/TooTallNate/Java-WebSocket/issues/466 * * We remove TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 from the enabled ciphers since it is just available when you patch your java installation directly. * E.g. firefox requests this cipher and this causes some dcs/instable connections */ List<String> ciphers = new ArrayList<String>( Arrays.asList(e.getEnabledCipherSuites())); ciphers.remove("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"); e.setEnabledCipherSuites( ciphers.toArray( new String[ciphers.size()] ) ); e.setUseClientMode( false ); return new SSLSocketChannel2( channel, e, exec, key ); }
private static List<String> defaultCiphers(SSLEngine engine, Set<String> supportedCiphers) { List<String> ciphers = new ArrayList<String>(); addIfSupported(supportedCiphers, ciphers, DEFAULT_CIPHER_SUITES); useFallbackCiphersIfDefaultIsEmpty(ciphers, engine.getEnabledCipherSuites()); return ciphers; }
private Optional<SSLEngine> getSslEngine(boolean useClientMode) { return getSslContext().map(sslContext -> { SSLEngine sslEngine = sslContext.createSSLEngine(); sslEngine.setUseClientMode(useClientMode); sslEngine.setEnabledProtocols( getFilteredProtocols(sslEngine.getEnabledProtocols())); sslEngine.setEnabledCipherSuites( getFilteredCipherSuites(sslEngine.getEnabledCipherSuites())); return sslEngine; }); }
private void logSupportedParameters(SslContextFactory contextFactory) { if (LOGGED.compareAndSet(false, true)) { // When Jetty logs out which protocols are enabled / disabled they include tracing // information to detect if the protocol was disabled at the // JRE/lib/security/java.security level. Since we don't log this information we take the // SSLEngine from our context instead of a pristine version. // // For more info from Jetty: // https://github.com/eclipse/jetty.project/blob/93a8afcc6bd1a6e0af7bd9f967c97ae1bc3eb718/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java#L356-L360 final SSLEngine engine = contextFactory.getSslContext().createSSLEngine(); final Map<Boolean, List<String>> protocols = partitionSupport( engine.getSupportedProtocols(), engine.getEnabledProtocols(), contextFactory.getExcludeProtocols(), contextFactory.getIncludeProtocols() ); final Map<Boolean, List<String>> ciphers = partitionSupport( engine.getSupportedCipherSuites(), engine.getEnabledCipherSuites(), contextFactory.getExcludeCipherSuites(), contextFactory.getIncludeCipherSuites() ); LOGGER.info("Enabled protocols: {}", protocols.get(true)); LOGGER.info("Disabled protocols: {}", protocols.get(false)); LOGGER.info("Enabled cipher suites: {}", ciphers.get(true)); LOGGER.info("Disabled cipher suites: {}", ciphers.get(false)); } }
@Override public void configure(HttpsParameters params) { SSLContext context = getSSLContext(); SSLEngine engine = context.createSSLEngine(); params.setNeedClientAuth(false); params.setCipherSuites(engine.getEnabledCipherSuites()); params.setProtocols(engine.getEnabledProtocols()); params.setSSLParameters(context.getDefaultSSLParameters()); } });
@Test public void testPreserveEnabledCipherSuitesOrder() throws Exception { SSLContext context = SSLContext.getInstance("TLS"); context.init(null, null, null); SSLEngine engine = context.createSSLEngine(); HttpServerOptions options = new HttpServerOptions(); for (String suite : engine.getEnabledCipherSuites()) { options.addEnabledCipherSuite(suite); } assertEquals(new ArrayList<>(options.getEnabledCipherSuites()), Arrays.asList(engine.getEnabledCipherSuites())); assertEquals(new ArrayList<>(new HttpServerOptions(options).getEnabledCipherSuites()), Arrays.asList(engine.getEnabledCipherSuites())); JsonObject json = options.toJson(); assertEquals(new ArrayList<>(new HttpServerOptions(json).getEnabledCipherSuites()), Arrays.asList(engine.getEnabledCipherSuites())); SSLHelper helper = new SSLHelper(options, Cert.SERVER_JKS.get(), null); assertEquals(Arrays.asList(helper.createEngine((VertxInternal) vertx).getEnabledCipherSuites()), Arrays.asList(engine.getEnabledCipherSuites())); }
@Override public void start() throws Exception { log.info("Starting Jetty Server..."); server.start(); if (node.isEnableTlsPort()) { // Perform validation Preconditions.checkNotNull(sslContextFactory); final SSLEngine sslEngine = sslContextFactory.newSSLEngine(); if (sslEngine.getEnabledCipherSuites() == null || sslEngine.getEnabledCipherSuites().length == 0) { throw new ISE( "No supported cipher suites found, supported suites [%s], configured suites include list: [%s] exclude list: [%s]", Arrays.toString(sslEngine.getSupportedCipherSuites()), tlsServerConfig.getIncludeCipherSuites(), tlsServerConfig.getExcludeCipherSuites() ); } if (sslEngine.getEnabledProtocols() == null || sslEngine.getEnabledProtocols().length == 0) { throw new ISE( "No supported protocols found, supported protocols [%s], configured protocols include list: [%s] exclude list: [%s]", Arrays.toString(sslEngine.getSupportedProtocols()), tlsServerConfig.getIncludeProtocols(), tlsServerConfig.getExcludeProtocols() ); } } }
@Test public void testUseJdkCiphersWhenNotSpecified() throws Exception { SSLContext context = SSLContext.getInstance("TLS"); context.init(null, null, null); SSLEngine engine = context.createSSLEngine(); String[] expected = engine.getEnabledCipherSuites(); SSLHelper helper = new SSLHelper(new HttpClientOptions(), Cert.CLIENT_JKS.get(), Trust.SERVER_JKS.get()); SslContext ctx = helper.getContext((VertxInternal) vertx); assertEquals(new HashSet<>(Arrays.asList(expected)), new HashSet<>(ctx.cipherSuites())); }
public void configure(HttpsParameters params) { try { SSLContext c = SSLContext.getDefault(); SSLEngine engine = c.createSSLEngine(); params.setNeedClientAuth(false); params.setCipherSuites(engine.getEnabledCipherSuites()); params.setProtocols(engine.getEnabledProtocols()); SSLParameters defaultSSLParameters = c.getDefaultSSLParameters(); params.setSSLParameters(defaultSSLParameters); } catch (Exception ex) { throw new IllegalStateException(ex); } } });
/** * Returns a new SSLParameters based on this SSLSocket's current * cipher suites, protocols, and client authentication settings. * * @since 1.6 */ public SSLParameters getSSLParameters() { SSLParameters p = new SSLParameters(); p.setCipherSuites(getEnabledCipherSuites()); p.setProtocols(getEnabledProtocols()); p.setNeedClientAuth(getNeedClientAuth()); p.setWantClientAuth(getWantClientAuth()); return p; }