private boolean tryHostNameVerificationJava7(SSLEngine sslEngine) { for (Method method : SSLParameters.class.getMethods()) { // method is available since Java 7 if ("setEndpointIdentificationAlgorithm".equals(method.getName())) { SSLParameters sslParams = new SSLParameters(); try { method.invoke(sslParams, "HTTPS"); } catch (IllegalAccessException e) { LOG.debug( "SSLParameters#setEndpointIdentificationAlgorithm", e); return false; } catch (InvocationTargetException e) { LOG.debug( "SSLParameters#setEndpointIdentificationAlgorithm", e); return false; } sslEngine.setSSLParameters(sslParams); return true; } } return false; }
SSLParameters sslParams = new SSLParameters(); sslParams.setEndpointIdentificationAlgorithm("HTTPS"); ((SSLServerSocket)this.serverSocket).setSSLParameters(sslParams);
/** {@inheritDoc} */ @Override public SSLContext createSslContext() throws SSLException { checkParameters(); try { KeyManagerFactory keyMgrFactory = KeyManagerFactory.getInstance(keyAlgorithm); KeyStore keyStore = loadKeyStore(keyStoreType, keyStoreFilePath, keyStorePwd); keyMgrFactory.init(keyStore, keyStorePwd); TrustManager[] mgrs = trustMgrs; if (mgrs == null) { TrustManagerFactory trustMgrFactory = TrustManagerFactory.getInstance(keyAlgorithm); KeyStore trustStore = loadKeyStore(trustStoreType, trustStoreFilePath, trustStorePwd); trustMgrFactory.init(trustStore); mgrs = trustMgrFactory.getTrustManagers(); } SSLContext ctx = SSLContext.getInstance(proto); if (cipherSuites != null || protocols != null) { SSLParameters sslParameters = new SSLParameters(); if (cipherSuites != null) sslParameters.setCipherSuites(cipherSuites); if (protocols != null) sslParameters.setProtocols(protocols); ctx = new SSLContextWrapper(ctx, sslParameters); } ctx.init(keyMgrFactory.getKeyManagers(), mgrs, null); return ctx; } catch (GeneralSecurityException e) { throw new SSLException("Failed to initialize SSL context " + parameters(), e); } }
SSLParameters sslParams = new SSLParameters(); sslParams.setEndpointIdentificationAlgorithm("HTTPS"); ((SSLSocket)this.socket).setSSLParameters(sslParams);
SSLParameters sslParameters = new SSLParameters();
@Override public SSLEngine serverSslEngine(String peerHost, int peerPort) { try { SSLEngine sslEngine = upstreamServerSslContext.get().newEngine(ByteBufAllocator.DEFAULT, peerHost, peerPort); // support SNI by setting the endpoint identification algorithm. this requires Java 7+. SSLParameters sslParams = new SSLParameters(); if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.N) { sslParams.setEndpointIdentificationAlgorithm("HTTPS"); } sslEngine.setSSLParameters(sslParams); return sslEngine; } catch (RuntimeException e) { throw new MitmException("Error creating SSLEngine for connection to upstream server: " + peerHost + ":" + peerPort, e); } }
SSLParameters sslParams = new SSLParameters(); if (config.isSslEnableEndpointIdentification()) {
SSLParameters sslParams = new SSLParameters(); if (config.isSslEnableEndpointIdentification()) {
final SSLParameters sslParams = new SSLParameters();
SSLParameters sslParams = new SSLParameters(); sslParams.setEndpointIdentificationAlgorithm("HTTPS"); sslEngine.setSSLParameters(sslParams);
final SSLParameters sslParameters = new SSLParameters(); sslParameters.setEndpointIdentificationAlgorithm("HTTPS"); sslEngine.setSSLParameters(sslParameters);
SSLParameters sslParams = new SSLParameters(); sslParams.setEndpointIdentificationAlgorithm("HTTPS"); sslEngine.setSSLParameters(sslParams);
@SuppressWarnings("deprecation") static void initialize(final Socket socket, final InetSocketAddress inetSocketAddress, final SocketSettings settings, final SslSettings sslSettings) throws IOException { socket.setTcpNoDelay(true); socket.setSoTimeout(settings.getReadTimeout(MILLISECONDS)); socket.setKeepAlive(settings.isKeepAlive()); if (settings.getReceiveBufferSize() > 0) { socket.setReceiveBufferSize(settings.getReceiveBufferSize()); } if (settings.getSendBufferSize() > 0) { socket.setSendBufferSize(settings.getSendBufferSize()); } if (sslSettings.isEnabled() || socket instanceof SSLSocket) { if (!(socket instanceof SSLSocket)) { throw new MongoInternalException("SSL is enabled but the socket is not an instance of javax.net.ssl.SSLSocket"); } SSLSocket sslSocket = (SSLSocket) socket; SSLParameters sslParameters = sslSocket.getSSLParameters(); if (sslParameters == null) { sslParameters = new SSLParameters(); } enableSni(inetSocketAddress.getHostName(), sslParameters); if (!sslSettings.isInvalidHostNameAllowed()) { enableHostNameVerification(sslParameters); } sslSocket.setSSLParameters(sslParameters); } socket.connect(inetSocketAddress, settings.getConnectTimeout(MILLISECONDS)); }
@Override protected void initChannel(Channel channel) throws Exception { SSLParameters sslParams = new SSLParameters();
/** * Returns a new SSLParameters based on this SSLSocket's current * cipher suites, protocols, and client authentication settings. * * @since 1.6 */ public SSLParameters getSSLParameters() { SSLParameters p = new SSLParameters(); p.setCipherSuites(getEnabledCipherSuites()); p.setProtocols(getEnabledProtocols()); p.setNeedClientAuth(getNeedClientAuth()); p.setWantClientAuth(getWantClientAuth()); return p; }
/** * Returns a new SSLParameters based on this SSLSocket's current * cipher suites, protocols, and client authentication settings. * * @since 1.6 */ public SSLParameters getSSLParameters() { SSLParameters p = new SSLParameters(); p.setCipherSuites(getEnabledCipherSuites()); p.setProtocols(getEnabledProtocols()); p.setNeedClientAuth(getNeedClientAuth()); p.setWantClientAuth(getWantClientAuth()); return p; }
private javax.net.ssl.SSLParameters createSSLParameters(boolean supported) { try { SSLSocket s = (SSLSocket) engineGetSocketFactory().createSocket(); javax.net.ssl.SSLParameters p = new javax.net.ssl.SSLParameters(); String[] cipherSuites; String[] protocols; if (supported) { cipherSuites = s.getSupportedCipherSuites(); protocols = s.getSupportedProtocols(); } else { cipherSuites = s.getEnabledCipherSuites(); protocols = s.getEnabledProtocols(); } p.setCipherSuites(cipherSuites); p.setProtocols(protocols); p.setNeedClientAuth(s.getNeedClientAuth()); p.setWantClientAuth(s.getWantClientAuth()); return p; } catch (IOException e) { /* * SSLContext.getDefaultSSLParameters specifies to throw * UnsupportedOperationException if there is a problem getting the * parameters */ throw new UnsupportedOperationException("Could not access supported SSL parameters"); } } }
private SSLParameters redefine(SSLParameters original, String[] supportedCipherSuites, String[] supportedProtocols) { final SSLParameters params = new SSLParameters(); configure(params, protocolSelector.evaluate(supportedProtocols), cipherSuiteSelector.evaluate(supportedCipherSuites)); // copy all other parameters over params.setServerNames(original.getServerNames()); params.setSNIMatchers(original.getSNIMatchers()); params.setAlgorithmConstraints(original.getAlgorithmConstraints()); params.setEndpointIdentificationAlgorithm(original.getEndpointIdentificationAlgorithm()); return params; }
SSLParameters sslParams = new SSLParameters(); sslParams.setEndpointIdentificationAlgorithm("HTTPS"); sslSocket.setSSLParameters(sslParams);
SSLParameters sslParams = new SSLParameters(); sslParams.setEndpointIdentificationAlgorithm("HTTPS"); sslSocket.setSSLParameters(sslParams); // also works on SSLEngine