private void logOpenSSLInfos() { if (OpenSsl.isAvailable()) { log.info("OpenSSL " + OpenSsl.versionString() + " (" + OpenSsl.version() + ") available"); if (OpenSsl.version() < 0x10002000L) { log.warn( "Outdated OpenSSL version detected. You should update to 1.0.2k or later. Currently installed: " + OpenSsl.versionString()); } if (!OpenSsl.supportsHostnameValidation()) { log.warn("Your OpenSSL version " + OpenSsl.versionString() + " does not support hostname verification. You should update to 1.0.2k or later."); } log.debug("OpenSSL available ciphers " + OpenSsl.availableOpenSslCipherSuites()); } else { log.info("OpenSSL not available (this is not an error, we simply fallback to built-in JDK SSL) because of " + OpenSsl.unavailabilityCause()); } }
@Test(timeout = 30000) public void testSslRenegotiationRejected() throws Throwable { // BoringSSL does not support renegotiation intentionally. Assume.assumeFalse("BoringSSL".equals(OpenSsl.versionString())); Assume.assumeTrue(OpenSsl.isAvailable()); run(); }
/** * Determines if Netty OpenSSL support is available and applicable based on the configuration * in the given TransportOptions instance. * * @param options * The configuration of the Transport being created. * * @return true if OpenSSL support is available and usable given the requested configuration. */ public static boolean isOpenSSLPossible(TransportOptions options) { boolean result = false; if (options.isUseOpenSSL()) { if (!OpenSsl.isAvailable()) { LOG.debug("OpenSSL could not be enabled because a suitable implementation could not be found.", OpenSsl.unavailabilityCause()); } else if (options.getSslContextOverride() != null) { LOG.debug("OpenSSL could not be enabled due to user SSLContext being supplied."); } else if (!OpenSsl.supportsKeyManagerFactory()) { LOG.debug("OpenSSL could not be enabled because the version provided does not allow a KeyManagerFactory to be used."); } else if (options.isVerifyHost() && !OpenSsl.supportsHostnameValidation()) { LOG.debug("OpenSSL could not be enabled due to verifyHost being enabled but not supported by the provided OpenSSL version."); } else if (options.getKeyAlias() != null) { LOG.debug("OpenSSL could not be enabled because a keyAlias is set and that feature is not supported for OpenSSL."); } else { LOG.debug("OpenSSL Enabled: Version {} of OpenSSL will be used", OpenSsl.versionString()); result = true; } } return result; }
log.debug("OPENSSL "+OpenSsl.versionString()+" supports the following ciphers (java-style) {}", OpenSsl.availableJavaCipherSuites()); log.debug("OPENSSL "+OpenSsl.versionString()+" supports the following ciphers (openssl-style) {}", OpenSsl.availableOpenSslCipherSuites());
/** * Determines if Netty OpenSSL support is available and applicable based on the configuration * in the given TransportOptions instance. * * @param options * The configuration of the Transport being created. * * @return true if OpenSSL support is available and usable given the requested configuration. */ public static boolean isOpenSSLPossible(TransportOptions options) { boolean result = false; if (options.isUseOpenSSL()) { if (!OpenSsl.isAvailable()) { LOG.debug("OpenSSL could not be enabled because a suitable implementation could not be found.", OpenSsl.unavailabilityCause()); } else if (options.getSslContextOverride() != null) { LOG.debug("OpenSSL could not be enabled due to user SSLContext being supplied."); } else if (!OpenSsl.supportsKeyManagerFactory()) { LOG.debug("OpenSSL could not be enabled because the version provided does not allow a KeyManagerFactory to be used."); } else if (options.isVerifyHost() && !OpenSsl.supportsHostnameValidation()) { LOG.debug("OpenSSL could not be enabled due to verifyHost being enabled but not supported by the provided OpenSSL version."); } else if (options.getKeyAlias() != null) { LOG.debug("OpenSSL could not be enabled because a keyAlias is set and that feature is not supported for OpenSSL."); } else { LOG.debug("OpenSSL Enabled: Version {} of OpenSSL will be used", OpenSsl.versionString()); result = true; } } return result; }
builder.field("ssl_openssl_available", OpenSsl.isAvailable()); builder.field("ssl_openssl_version", OpenSsl.version()); builder.field("ssl_openssl_version_string", OpenSsl.versionString()); Throwable openSslUnavailCause = OpenSsl.unavailabilityCause(); builder.field("ssl_openssl_non_available_cause", openSslUnavailCause==null?"":openSslUnavailCause.toString());
OpenSsl.versionString()); serverOptions.setSslEngineOptions(new OpenSSLEngineOptions()); } else {
OpenSsl.versionString()); serverOptions.setSslEngineOptions(new OpenSSLEngineOptions()); } else {
OpenSsl.versionString()); clientOptions.setSslEngineOptions(new OpenSSLEngineOptions()); } else {
OpenSsl.versionString()); clientOptions.setSslEngineOptions(new OpenSSLEngineOptions()); } else {
@Test public void shouldUpgradeUsingALPN() throws Exception { SkipTestNG.skipSinceJDK(10); // TODO: OpenSSL ALPN doesn't seem to work. Restructure the test to use internal JDK ALPN if (!OpenSsl.isAlpnSupported()) { throw new IllegalStateException("OpenSSL is not present, can not test TLS/ALPN support. Version: " + OpenSsl.versionString() + " Cause: " + OpenSsl.unavailabilityCause()); } //given restServer = RestServerHelper.defaultRestServer("http2testcache") .withKeyStore(KEY_STORE_PATH, "secret", "pkcs12") .start(TestResourceTracker.getCurrentTestShortName()); client = NettyHttpClient.newHttp2ClientWithALPN(KEY_STORE_PATH, "secret"); client.start(restServer.getHost(), restServer.getPort()); FullHttpRequest putValueInCacheRequest = new DefaultFullHttpRequest(HTTP_1_1, POST, "/rest/http2testcache/test", wrappedBuffer("test".getBytes(CharsetUtil.UTF_8))); //when client.sendRequest(putValueInCacheRequest); Queue<FullHttpResponse> responses = client.getResponses(); //then Assertions.assertThat(responses).hasSize(1); Assertions.assertThat(responses.element().status().code()).isEqualTo(200); Assertions.assertThat(restServer.getCacheManager().getCache("http2testcache").size()).isEqualTo(1); }
@Test public void shouldUpgradeThroughALPN() throws Exception { if (!OpenSsl.isAlpnSupported()) { throw new IllegalStateException("OpenSSL is not present, can not test TLS/ALPN support. Version: " + OpenSsl.versionString() + " Cause: " + OpenSsl.unavailabilityCause());
@Test public void shouldUpgradeToHotRodThroughALPN() throws Exception { if (!OpenSsl.isAlpnSupported()) { throw new IllegalStateException("OpenSSL is not present, can not test TLS/ALPN support. Version: " + OpenSsl.versionString() + " Cause: " + OpenSsl.unavailabilityCause());