@Override public String[] getEnabledProtocols() { return engine.getEnabledProtocols(); }
@Override public String[] getEnabledProtocols() { return delegate.getEnabledProtocols(); }
@Override public String[] getEnabledProtocols() { return delegate.getEnabledProtocols(); }
@Override public String[] getEnabledProtocols() { return engine.getEnabledProtocols(); }
public String[] getEnabledProtocols() { return delegate.getEnabledProtocols(); }
@Override public String[] getEnabledProtocols() { return engine.getEnabledProtocols(); }
public String[] getEnabledProtocols() { return currentRef.get().getEnabledProtocols(); }
public String[] getEnabledProtocols() { return currentRef.get().getEnabledProtocols(); }
public String[] getEnabledProtocols() { return currentRef.get().getEnabledProtocols(); }
/** * Returns the names of all encryption protocols that are enabled by default. * * @return An array of protocol names. Not expected to be empty. */ public static List<String> getDefaultProtocols() throws NoSuchAlgorithmException, KeyManagementException { // TODO Might want to cache the result. It's unlikely to change at runtime. final SSLContext context = SSLContext.getInstance( "TLSv1" ); context.init( null, null, null ); return Arrays.asList( context.createSSLEngine().getEnabledProtocols() ); }
private static String[] defaultProtocols(SSLEngine engine) { // Choose the sensible default list of protocols. final String[] supportedProtocols = engine.getSupportedProtocols(); Set<String> supportedProtocolsSet = new HashSet<String>(supportedProtocols.length); for (int i = 0; i < supportedProtocols.length; ++i) { supportedProtocolsSet.add(supportedProtocols[i]); } List<String> protocols = new ArrayList<String>(); addIfSupported( supportedProtocolsSet, protocols, // Do not include TLSv1.3 for now by default. SslUtils.PROTOCOL_TLS_V1_2, SslUtils.PROTOCOL_TLS_V1_1, SslUtils.PROTOCOL_TLS_V1); if (!protocols.isEmpty()) { return protocols.toArray(new String[0]); } return engine.getEnabledProtocols(); }
/** * Creates an SSL Engine that is configured to use client mode when handshaking. * * For Openfire, an engine of this mode is typically used when the server tries to connect to another server. * * These SSLEngines never send SSLV2 ClientHello messages. * * @return An initialized SSLEngine instance (never null). */ public SSLEngine createClientModeSSLEngine() throws UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException { final SSLEngine sslEngine = createSSLEngine(); sslEngine.setUseClientMode( true ); final Set<String> protocols = new LinkedHashSet<>( Arrays.asList( sslEngine.getEnabledProtocols() ) ); protocols.remove( "SSLv2Hello" ); sslEngine.setEnabledProtocols( protocols.toArray( new String[ protocols.size() ] ) ); return sslEngine; }
private Optional<SSLEngine> getSslEngine(boolean useClientMode) { return getSslContext().map(sslContext -> { SSLEngine sslEngine = sslContext.createSSLEngine(); sslEngine.setUseClientMode(useClientMode); sslEngine.setEnabledProtocols( getFilteredProtocols(sslEngine.getEnabledProtocols())); sslEngine.setEnabledCipherSuites( getFilteredCipherSuites(sslEngine.getEnabledCipherSuites())); return sslEngine; }); }
private void logSupportedParameters(SslContextFactory contextFactory) { if (LOGGED.compareAndSet(false, true)) { // When Jetty logs out which protocols are enabled / disabled they include tracing // information to detect if the protocol was disabled at the // JRE/lib/security/java.security level. Since we don't log this information we take the // SSLEngine from our context instead of a pristine version. // // For more info from Jetty: // https://github.com/eclipse/jetty.project/blob/93a8afcc6bd1a6e0af7bd9f967c97ae1bc3eb718/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java#L356-L360 final SSLEngine engine = contextFactory.getSslContext().createSSLEngine(); final Map<Boolean, List<String>> protocols = partitionSupport( engine.getSupportedProtocols(), engine.getEnabledProtocols(), contextFactory.getExcludeProtocols(), contextFactory.getIncludeProtocols() ); final Map<Boolean, List<String>> ciphers = partitionSupport( engine.getSupportedCipherSuites(), engine.getEnabledCipherSuites(), contextFactory.getExcludeCipherSuites(), contextFactory.getIncludeCipherSuites() ); LOGGER.info("Enabled protocols: {}", protocols.get(true)); LOGGER.info("Disabled protocols: {}", protocols.get(false)); LOGGER.info("Enabled cipher suites: {}", ciphers.get(true)); LOGGER.info("Disabled cipher suites: {}", ciphers.get(false)); } }
@Override public void configure(HttpsParameters params) { SSLContext context = getSSLContext(); SSLEngine engine = context.createSSLEngine(); params.setNeedClientAuth(false); params.setCipherSuites(engine.getEnabledCipherSuites()); params.setProtocols(engine.getEnabledProtocols()); params.setSSLParameters(context.getDefaultSSLParameters()); } });
@Override public void start() throws Exception { log.info("Starting Jetty Server..."); server.start(); if (node.isEnableTlsPort()) { // Perform validation Preconditions.checkNotNull(sslContextFactory); final SSLEngine sslEngine = sslContextFactory.newSSLEngine(); if (sslEngine.getEnabledCipherSuites() == null || sslEngine.getEnabledCipherSuites().length == 0) { throw new ISE( "No supported cipher suites found, supported suites [%s], configured suites include list: [%s] exclude list: [%s]", Arrays.toString(sslEngine.getSupportedCipherSuites()), tlsServerConfig.getIncludeCipherSuites(), tlsServerConfig.getExcludeCipherSuites() ); } if (sslEngine.getEnabledProtocols() == null || sslEngine.getEnabledProtocols().length == 0) { throw new ISE( "No supported protocols found, supported protocols [%s], configured protocols include list: [%s] exclude list: [%s]", Arrays.toString(sslEngine.getSupportedProtocols()), tlsServerConfig.getIncludeProtocols(), tlsServerConfig.getExcludeProtocols() ); } } }
LOG.debug("ssl protocols enabled: {}", String.join(", ", sslHandler.engine().getEnabledProtocols()));
public void configure(HttpsParameters params) { try { SSLContext c = SSLContext.getDefault(); SSLEngine engine = c.createSSLEngine(); params.setNeedClientAuth(false); params.setCipherSuites(engine.getEnabledCipherSuites()); params.setProtocols(engine.getEnabledProtocols()); SSLParameters defaultSSLParameters = c.getDefaultSSLParameters(); params.setSSLParameters(defaultSSLParameters); } catch (Exception ex) { throw new IllegalStateException(ex); } } });
/** * Returns a new SSLParameters based on this SSLSocket's current * cipher suites, protocols, and client authentication settings. * * @since 1.6 */ public SSLParameters getSSLParameters() { SSLParameters p = new SSLParameters(); p.setCipherSuites(getEnabledCipherSuites()); p.setProtocols(getEnabledProtocols()); p.setNeedClientAuth(getNeedClientAuth()); p.setWantClientAuth(getWantClientAuth()); return p; }
@Test public void testSslFactoryConfiguration() throws Exception { File trustStoreFile = File.createTempFile("truststore", ".jks"); Map<String, Object> serverSslConfig = TestSslUtils.createSslConfig(false, true, Mode.SERVER, trustStoreFile, "server"); SslFactory sslFactory = new SslFactory(Mode.SERVER); sslFactory.configure(serverSslConfig); //host and port are hints SSLEngine engine = sslFactory.createSslEngine("localhost", 0); assertNotNull(engine); String[] expectedProtocols = {"TLSv1.2"}; assertArrayEquals(expectedProtocols, engine.getEnabledProtocols()); assertEquals(false, engine.getUseClientMode()); }