@Override public String[] getSupportedCipherSuites() { return sock.getSupportedCipherSuites(); }
public String[] getSupportedCipherSuites() { return delegate.getSupportedCipherSuites(); }
private SSLSocket fixupSocket(Socket socket) throws IOException { SSLSocket sslSocket = (SSLSocket) socket; sslSocket.setEnabledProtocols( filter(sslSocket.getEnabledProtocols(), sslSocket.getSupportedProtocols())); sslSocket.setEnabledCipherSuites( filter(sslSocket.getEnabledCipherSuites(), sslSocket.getSupportedCipherSuites())); return sslSocket; }
public void setSSLParameters(final SSLContext sslContext, final SSLSocket sslSocket, final SSLParameters parameters) { sslSocket.setSSLParameters(redefine(parameters, sslSocket.getSupportedCipherSuites(), sslSocket.getSupportedProtocols())); }
/** * Create a secure client socket that is connected to the given address and * port. * * @param address the address to connect to * @param port the port * @return the socket */ public static Socket createSocket(InetAddress address, int port) throws IOException { Socket socket = null; setKeystore(); SSLSocketFactory f = (SSLSocketFactory) SSLSocketFactory.getDefault(); SSLSocket secureSocket = (SSLSocket) f.createSocket(); secureSocket.connect(new InetSocketAddress(address, port), SysProperties.SOCKET_CONNECT_TIMEOUT); secureSocket.setEnabledProtocols( disableSSL(secureSocket.getEnabledProtocols())); if (SysProperties.ENABLE_ANONYMOUS_TLS) { String[] list = enableAnonymous( secureSocket.getEnabledCipherSuites(), secureSocket.getSupportedCipherSuites()); secureSocket.setEnabledCipherSuites(list); } socket = secureSocket; return socket; }
protected void accept() { try(SSLSocket client_sock=(SSLSocket)srv_sock.accept()) { client_sock.setEnabledCipherSuites(client_sock.getSupportedCipherSuites()); client_sock.startHandshake(); SSLSession sslSession=client_sock.getSession();
protected SSLSocket createSocketTo(Address target) throws Exception { SSLContext ctx=getContext(); SSLSocketFactory sslSocketFactory=ctx.getSocketFactory(); IpAddress dest=(IpAddress)down_prot.down(new Event(Event.GET_PHYSICAL_ADDRESS, target)); SSLSocket sock=null; for(int i=0; i < port_range; i++) { try { sock=(SSLSocket)sslSocketFactory.createSocket(dest.getIpAddress(), port+i); sock.setSoTimeout(socket_timeout); sock.setEnabledCipherSuites(sock.getSupportedCipherSuites()); sock.startHandshake(); SSLSession sslSession=sock.getSession(); log.debug("%s: created SSL connection to %s (%s); protocol: %s, cipher suite: %s", local_addr, target, sock.getRemoteSocketAddress(), sslSession.getProtocol(), sslSession.getCipherSuite()); if(session_verifier != null) session_verifier.verify(sslSession); return sock; } catch(SecurityException sec_ex) { throw sec_ex; } catch(Throwable t) { } } throw new IllegalStateException(String.format("failed connecting to %s (port range [%d - %d])", dest.getIpAddress(), port, port+port_range)); }
public void configure(final SSLContext context, final SSLSocket sslSocket) { sslSocket.setUseClientMode(clientMode); final SSLParameters sslParameters = sslSocket.getSSLParameters(); configure(sslParameters, sslSocket.getSupportedProtocols(), sslSocket.getSupportedCipherSuites()); sslSocket.setSSLParameters(sslParameters); }
return delegate.getSupportedCipherSuites();
return delegate.getSupportedCipherSuites();
return delegate.getSupportedCipherSuites();
private javax.net.ssl.SSLParameters createSSLParameters(boolean supported) { try { SSLSocket s = (SSLSocket) engineGetSocketFactory().createSocket(); javax.net.ssl.SSLParameters p = new javax.net.ssl.SSLParameters(); String[] cipherSuites; String[] protocols; if (supported) { cipherSuites = s.getSupportedCipherSuites(); protocols = s.getSupportedProtocols(); } else { cipherSuites = s.getEnabledCipherSuites(); protocols = s.getEnabledProtocols(); } p.setCipherSuites(cipherSuites); p.setProtocols(protocols); p.setNeedClientAuth(s.getNeedClientAuth()); p.setWantClientAuth(s.getWantClientAuth()); return p; } catch (IOException e) { /* * SSLContext.getDefaultSSLParameters specifies to throw * UnsupportedOperationException if there is a problem getting the * parameters */ throw new UnsupportedOperationException("Could not access supported SSL parameters"); } } }
/** * Returns a copy of this that omits cipher suites and TLS versions not enabled by {@code * sslSocket}. */ private ConnectionSpec supportedSpec(SSLSocket sslSocket, boolean isFallback) { String[] cipherSuitesIntersection = cipherSuites != null ? intersect(CipherSuite.ORDER_BY_NAME, sslSocket.getEnabledCipherSuites(), cipherSuites) : sslSocket.getEnabledCipherSuites(); String[] tlsVersionsIntersection = tlsVersions != null ? intersect(Util.NATURAL_ORDER, sslSocket.getEnabledProtocols(), tlsVersions) : sslSocket.getEnabledProtocols(); // In accordance with https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00 // the SCSV cipher is added to signal that a protocol fallback has taken place. String[] supportedCipherSuites = sslSocket.getSupportedCipherSuites(); int indexOfFallbackScsv = indexOf( CipherSuite.ORDER_BY_NAME, supportedCipherSuites, "TLS_FALLBACK_SCSV"); if (isFallback && indexOfFallbackScsv != -1) { cipherSuitesIntersection = concat( cipherSuitesIntersection, supportedCipherSuites[indexOfFallbackScsv]); } return new Builder(this) .cipherSuites(cipherSuitesIntersection) .tlsVersions(tlsVersionsIntersection) .build(); }
@Override public String[] getSupportedCipherSuites() { return sock.getSupportedCipherSuites(); }
public String[] getSupportedCipherSuites() { return delegate.getSupportedCipherSuites(); }
/** * Returns a copy of this that omits cipher suites and TLS versions not enabled by {@code * sslSocket}. */ private ConnectionSpec supportedSpec(SSLSocket sslSocket, boolean isFallback) { String[] cipherSuitesIntersection = cipherSuites != null ? intersect(CipherSuite.ORDER_BY_NAME, sslSocket.getEnabledCipherSuites(), cipherSuites) : sslSocket.getEnabledCipherSuites(); String[] tlsVersionsIntersection = tlsVersions != null ? intersect(Util.NATURAL_ORDER, sslSocket.getEnabledProtocols(), tlsVersions) : sslSocket.getEnabledProtocols(); // In accordance with https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00 // the SCSV cipher is added to signal that a protocol fallback has taken place. String[] supportedCipherSuites = sslSocket.getSupportedCipherSuites(); int indexOfFallbackScsv = indexOf( CipherSuite.ORDER_BY_NAME, supportedCipherSuites, "TLS_FALLBACK_SCSV"); if (isFallback && indexOfFallbackScsv != -1) { cipherSuitesIntersection = concat( cipherSuitesIntersection, supportedCipherSuites[indexOfFallbackScsv]); } return new Builder(this) .cipherSuites(cipherSuitesIntersection) .tlsVersions(tlsVersionsIntersection) .build(); }
/** * Returns a copy of this that omits cipher suites and TLS versions not enabled by {@code * sslSocket}. */ private ConnectionSpec supportedSpec(SSLSocket sslSocket, boolean isFallback) { String[] cipherSuitesIntersection = cipherSuites != null ? intersect(CipherSuite.ORDER_BY_NAME, sslSocket.getEnabledCipherSuites(), cipherSuites) : sslSocket.getEnabledCipherSuites(); String[] tlsVersionsIntersection = tlsVersions != null ? intersect(Util.NATURAL_ORDER, sslSocket.getEnabledProtocols(), tlsVersions) : sslSocket.getEnabledProtocols(); // In accordance with https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00 // the SCSV cipher is added to signal that a protocol fallback has taken place. String[] supportedCipherSuites = sslSocket.getSupportedCipherSuites(); int indexOfFallbackScsv = indexOf( CipherSuite.ORDER_BY_NAME, supportedCipherSuites, "TLS_FALLBACK_SCSV"); if (isFallback && indexOfFallbackScsv != -1) { cipherSuitesIntersection = concat( cipherSuitesIntersection, supportedCipherSuites[indexOfFallbackScsv]); } return new Builder(this) .cipherSuites(cipherSuitesIntersection) .tlsVersions(tlsVersionsIntersection) .build(); }
public static SSLSocket createSSLSocket(SSLOption option, SSLCustom custom) { try { SSLContext context = createSSLContext(option, custom); SSLSocketFactory facroty = context.getSocketFactory(); SSLSocket socket = (SSLSocket) facroty.createSocket(); socket.setEnabledProtocols(option.getProtocols().split(",")); String[] supported = socket.getSupportedCipherSuites(); String[] eanbled = option.getCiphers().split(","); socket.setEnabledCipherSuites(getEnabledCiphers(supported, eanbled)); return socket; } catch (UnknownHostException e) { throw new IllegalArgumentException("unkown host"); } catch (IOException e) { throw new IllegalArgumentException("unable create socket"); } }
sslSocket.setEnabledCipherSuites(sslSocket.getSupportedCipherSuites()); sslSocket.setUseClientMode(false); sslSocket.startHandshake();
/** * Select protocols and cipher suites to be used * based on configured inclusion and exclusion lists * as well as enabled and supported protocols and cipher suites. * * Adapted from Jetty SslContextFactory.java * * @since 0.9.16 */ public static void setProtocolsAndCiphers(SSLSocket socket) { socket.setEnabledProtocols(selectProtocols(socket.getEnabledProtocols(), socket.getSupportedProtocols())); socket.setEnabledCipherSuites(selectCipherSuites(socket.getEnabledCipherSuites(), socket.getSupportedCipherSuites())); }