public SSLHelper(NetServerOptions options, KeyCertOptions keyCertOptions, TrustOptions trustOptions) { SSLEngineOptions sslEngineOptions = resolveEngineOptions(options); this.ssl = options.isSsl(); this.keyCertOptions = keyCertOptions; this.trustOptions = trustOptions; this.clientAuth = options.getClientAuth(); this.crlPaths = options.getCrlPaths() != null ? new ArrayList<>(options.getCrlPaths()) : null; this.crlValues = options.getCrlValues() != null ? new ArrayList<>(options.getCrlValues()) : null; this.enabledCipherSuites = options.getEnabledCipherSuites(); this.openSsl = sslEngineOptions instanceof OpenSSLEngineOptions; this.client = false; this.useAlpn = false; this.enabledProtocols = options.getEnabledSecureTransportProtocols(); this.openSslSessionCacheEnabled = (options.getSslEngineOptions() instanceof OpenSSLEngineOptions) && ((OpenSSLEngineOptions) options.getSslEngineOptions()).isSessionCacheEnabled(); this.sni = options.isSni(); }
options.getEnabledSecureTransportProtocols().forEach(options::removeEnabledSecureTransportProtocol);
public SSLHelper(NetServerOptions options, KeyCertOptions keyCertOptions, TrustOptions trustOptions) { SSLEngineOptions sslEngineOptions = resolveEngineOptions(options); this.ssl = options.isSsl(); this.keyCertOptions = keyCertOptions; this.trustOptions = trustOptions; this.clientAuth = options.getClientAuth(); this.crlPaths = options.getCrlPaths() != null ? new ArrayList<>(options.getCrlPaths()) : null; this.crlValues = options.getCrlValues() != null ? new ArrayList<>(options.getCrlValues()) : null; this.enabledCipherSuites = options.getEnabledCipherSuites(); this.openSsl = sslEngineOptions instanceof OpenSSLEngineOptions; this.client = false; this.useAlpn = false; this.enabledProtocols = options.getEnabledSecureTransportProtocols(); this.openSslSessionCacheEnabled = (options.getSslEngineOptions() instanceof OpenSSLEngineOptions) && ((OpenSSLEngineOptions) options.getSslEngineOptions()).isSessionCacheEnabled(); this.sni = options.isSni(); }
options.getEnabledSecureTransportProtocols().forEach(options::removeEnabledSecureTransportProtocol);
serverOptions.getEnabledSecureTransportProtocols() .forEach(protocol -> serverOptions.removeEnabledSecureTransportProtocol(protocol)); getConfig().getSecureProtocols().forEach(protocol -> {
serverOptions.getEnabledSecureTransportProtocols() .forEach(protocol -> serverOptions.removeEnabledSecureTransportProtocol(protocol)); getConfig().getSecureProtocols().forEach(protocol -> {
/** * Verifies that only the configured TLS protocols are enabled. * */ @Test public void testAddTlsKeyCertOptionsDisablesTlsProtocolVersions() { // GIVEN a configuration with only TLS 1 and TLS 1.1 enabled final ServiceConfigProperties config = new ServiceConfigProperties(); config.setKeyStorePath(PREFIX_KEY_PATH + "/honoKeyStore.p12"); config.setSecureProtocols(Arrays.asList("TLSv1", "TLSv1.1")); // WHEN configuring a service using the configuration final AbstractServiceBase<ServiceConfigProperties> service = createService(config); final NetServerOptions options = new NetServerOptions(); service.addTlsKeyCertOptions(options); // THEN SSL is enabled and only TLSv1 and TLSv1.1 are supported assertTrue(options.isSsl()); assertTrue(options.getEnabledSecureTransportProtocols().size() == 2); assertTrue(options.getEnabledSecureTransportProtocols().contains("TLSv1")); assertTrue(options.getEnabledSecureTransportProtocols().contains("TLSv1.1")); } }
/** * Verifies that only TLSv1.2 is enabled by default. * */ @Test public void testAddTlsKeyCertOptionsDisablesAllProtocolVersionsButTls12() { // GIVEN a default configuration for TLS final ServiceConfigProperties config = new ServiceConfigProperties(); config.setKeyStorePath(PREFIX_KEY_PATH + "/honoKeyStore.p12"); // WHEN configuring a service using the configuration final AbstractServiceBase<ServiceConfigProperties> service = createService(config); final NetServerOptions options = new NetServerOptions(); service.addTlsKeyCertOptions(options); // THEN SSL is enabled and only TLSv1.2 is enabled assertTrue(options.isSsl()); assertTrue(options.getEnabledSecureTransportProtocols().contains("TLSv1.2")); assertTrue(options.getEnabledSecureTransportProtocols().size() == 1); }