@Override public SslContextBuilder createBuilderForServer() { try { ArrayList<X509Certificate> trustedCerts = getTrustedX509Certificates(); SslProvider sslProvider = chooseSslProvider(); LOG.warn("Using SslProvider of type - " + sslProvider.name() + " for certChainFile - " + serverSslConfig.getCertChainFile()); InputStream certChainInput = new FileInputStream(serverSslConfig.getCertChainFile()); InputStream keyInput = getKeyInputStream(); SslContextBuilder builder = SslContextBuilder.forServer(certChainInput, keyInput) .ciphers(getCiphers(), getCiphersFilter()) .sessionTimeout(serverSslConfig.getSessionTimeout()) .sslProvider(sslProvider); if (serverSslConfig.getClientAuth() != null && isNotEmpty(trustedCerts)) { builder = builder .trustManager(trustedCerts.toArray(new X509Certificate[0])) .clientAuth(serverSslConfig.getClientAuth()); } return builder; } catch (Exception e) { throw new RuntimeException("Error configuring SslContext!", e); } }
private SslContext buildSslContext(AsyncHttpClientConfig config) throws SSLException { if (config.getSslContext() != null) { return config.getSslContext(); } SslContextBuilder sslContextBuilder = SslContextBuilder.forClient() .sslProvider(config.isUseOpenSsl() ? SslProvider.OPENSSL : SslProvider.JDK) .sessionCacheSize(config.getSslSessionCacheSize()) .sessionTimeout(config.getSslSessionTimeout()); if (isNonEmpty(config.getEnabledProtocols())) { sslContextBuilder.protocols(config.getEnabledProtocols()); } if (isNonEmpty(config.getEnabledCipherSuites())) { sslContextBuilder.ciphers(Arrays.asList(config.getEnabledCipherSuites())); } else if (!config.isFilterInsecureCipherSuites()) { sslContextBuilder.ciphers(null, IdentityCipherSuiteFilter.INSTANCE_DEFAULTING_TO_SUPPORTED_CIPHERS); } if (config.isUseInsecureTrustManager()) { sslContextBuilder.trustManager(InsecureTrustManagerFactory.INSTANCE); } return configureSslContextBuilder(sslContextBuilder).build(); }
@Override public SslContextBuilder createBuilderForServer() { try { ArrayList<X509Certificate> trustedCerts = getTrustedX509Certificates(); SslProvider sslProvider = chooseSslProvider(); LOG.warn("Using SslProvider of type - " + sslProvider.name() + " for certChainFile - " + serverSslConfig.getCertChainFile()); InputStream certChainInput = new FileInputStream(serverSslConfig.getCertChainFile()); InputStream keyInput = getKeyInputStream(); SslContextBuilder builder = SslContextBuilder.forServer(certChainInput, keyInput) .ciphers(getCiphers(), getCiphersFilter()) .sessionTimeout(serverSslConfig.getSessionTimeout()) .sslProvider(sslProvider); if (serverSslConfig.getClientAuth() != null && isNotEmpty(trustedCerts)) { builder = builder .trustManager(trustedCerts.toArray(new X509Certificate[0])) .clientAuth(serverSslConfig.getClientAuth()); } return builder; } catch (Exception e) { throw new RuntimeException("Error configuring SslContext!", e); } }
.trustManager(trustChain) .sessionCacheSize(sessionCacheSize) .sessionTimeout(sessionTimeout.roundTo(SECONDS)); if (!ciphers.isEmpty()) { sslContextBuilder.ciphers(ciphers);
.trustManager(trustChain) .sessionCacheSize(sessionCacheSize) .sessionTimeout(sessionTimeout.roundTo(SECONDS)); if (!ciphers.isEmpty()) { sslContextBuilder.ciphers(ciphers);
private SslContext buildSSLServerContext(final PrivateKey _key, final X509Certificate[] _cert, final X509Certificate[] _trustedCerts, final Iterable<String> ciphers, final SslProvider sslProvider, final ClientAuth authMode) throws SSLException { final SslContextBuilder _sslContextBuilder = SslContextBuilder.forServer(_key, _cert).ciphers(ciphers) .applicationProtocolConfig(ApplicationProtocolConfig.DISABLED) .clientAuth(Objects.requireNonNull(authMode)) // https://github.com/netty/netty/issues/4722 .sessionCacheSize(0).sessionTimeout(0).sslProvider(sslProvider); if (_trustedCerts != null && _trustedCerts.length > 0) { _sslContextBuilder.trustManager(_trustedCerts); } return buildSSLContext0(_sslContextBuilder); }
private SslContext buildSSLServerContext(final File _key, final File _cert, final File _trustedCerts, final String pwd, final Iterable<String> ciphers, final SslProvider sslProvider, final ClientAuth authMode) throws SSLException { final SslContextBuilder _sslContextBuilder = SslContextBuilder.forServer(_cert, _key, pwd).ciphers(ciphers) .applicationProtocolConfig(ApplicationProtocolConfig.DISABLED) .clientAuth(Objects.requireNonNull(authMode)) // https://github.com/netty/netty/issues/4722 .sessionCacheSize(0).sessionTimeout(0).sslProvider(sslProvider); if (_trustedCerts != null) { _sslContextBuilder.trustManager(_trustedCerts); } return buildSSLContext0(_sslContextBuilder); }
private static SslContextBuilder sslContextFromConfiguration(HttpsConnectorConfig httpsConnectorConfig) { return SslContextBuilder.forServer(new File(httpsConnectorConfig.certificateFile()), new File(httpsConnectorConfig.certificateKeyFile())) .sslProvider(SslProvider.valueOf(httpsConnectorConfig.sslProvider())) .ciphers(toCiphersOrDefault(httpsConnectorConfig.ciphers())) .sessionTimeout(MILLISECONDS.toSeconds(httpsConnectorConfig.sessionTimeoutMillis())) .sessionCacheSize(httpsConnectorConfig.sessionCacheSize()) .protocols(toProtocolsOrDefault(httpsConnectorConfig.protocols())); }
@Override public SslContextBuilder createBuilderForServer() { try { ArrayList<X509Certificate> trustedCerts = getTrustedX509Certificates(); SslProvider sslProvider = chooseSslProvider(); LOG.warn("Using SslProvider of type - " + sslProvider.name() + " for certChainFile - " + serverSslConfig.getCertChainFile()); InputStream certChainInput = new FileInputStream(serverSslConfig.getCertChainFile()); InputStream keyInput = getKeyInputStream(); SslContextBuilder builder = SslContextBuilder.forServer(certChainInput, keyInput) .ciphers(getCiphers(), getCiphersFilter()) .sessionTimeout(serverSslConfig.getSessionTimeout()) .sslProvider(sslProvider); if (serverSslConfig.getClientAuth() != null && isNotEmpty(trustedCerts)) { builder = builder .trustManager(trustedCerts.toArray(new X509Certificate[0])) .clientAuth(serverSslConfig.getClientAuth()); } return builder; } catch (Exception e) { throw new RuntimeException("Error configuring SslContext!", e); } }
private SslContext buildSSLClientContext(final File _key, final File _cert, final File _trustedCerts, final String pwd, final Iterable<String> ciphers, final SslProvider sslProvider) throws SSLException { final SslContextBuilder _sslClientContextBuilder = SslContextBuilder.forClient().ciphers(ciphers) .applicationProtocolConfig(ApplicationProtocolConfig.DISABLED).sessionCacheSize(0).sessionTimeout(0) .sslProvider(sslProvider).trustManager(_trustedCerts).keyManager(_cert, _key, pwd); return buildSSLContext0(_sslClientContextBuilder); }
private SslContext buildSSLClientContext(final PrivateKey _key, final X509Certificate[] _cert, final X509Certificate[] _trustedCerts, final Iterable<String> ciphers, final SslProvider sslProvider) throws SSLException { final SslContextBuilder _sslClientContextBuilder = SslContextBuilder.forClient().ciphers(ciphers) .applicationProtocolConfig(ApplicationProtocolConfig.DISABLED).sessionCacheSize(0).sessionTimeout(0) .sslProvider(sslProvider).trustManager(_trustedCerts).keyManager(_key, _cert); return buildSSLContext0(_sslClientContextBuilder); }
ServiceUnitUtil.getFile(handler.getInstallRoot(), key), passphrase) .sslProvider(SslProvider.JDK).ciphers(null, IdentityCipherSuiteFilter.INSTANCE).sessionCacheSize(0) .sessionTimeout(0); final SslContextBuilder builder = SslContextBuilder.forClient().sslProvider(SslProvider.JDK) .trustManager(ServiceUnitUtil.getFile(installRoot, remoteCertificate)) .ciphers(null, IdentityCipherSuiteFilter.INSTANCE).sessionCacheSize(0).sessionTimeout(0);
sslContextBuilder.sessionTimeout(sessionTimeout.toSeconds());
sslContextBuilder.sessionTimeout(sessionTimeout.toSeconds());
private static SslContextBuilder configure(TlsConfig config, SslContextBuilder builder) { return builder .applicationProtocolConfig(config.getAlpnConfig()) .ciphers(config.getCiphers(), SupportedCipherSuiteFilter.INSTANCE) .clientAuth(config.getClientAuth()) .enableOcsp(config.isEnableOcsp()) .protocols(config.getProtocols()) .sessionCacheSize(config.getSessionCacheSize()) .sessionTimeout(config.getSessionTimeout()) .sslProvider(config.getSslProvider()); }
.ciphers(null) .sessionCacheSize(0) .sessionTimeout(0) .sslProvider(provider) .clientAuth(ClientAuth.REQUIRE); .ciphers(null) .sessionCacheSize(0) .sessionTimeout(0) .sslProvider(provider) .clientAuth(ClientAuth.REQUIRE);
.ciphers(null) .sessionCacheSize(0) .sessionTimeout(0) .sslProvider(provider) .startTls(true); .ciphers(null) .sessionCacheSize(0) .sessionTimeout(0) .sslProvider(provider) .startTls(true);
.sslProvider(SslProvider.JDK) .sessionCacheSize(poolConfiguration.getSslSessionCacheSize()) .sessionTimeout(poolConfiguration.getSslSessionCacheTimeout()) .trustManager(InsecureTrustManagerFactory.INSTANCE) .clientAuth(ClientAuth.NONE)