@Override public String[] getSupportedCipherSuites() { return engine.getSupportedCipherSuites(); }
@Override public String[] getSupportedCipherSuites() { return engine.getSupportedCipherSuites(); }
@Override public String[] getSupportedCipherSuites() { return delegate.getSupportedCipherSuites(); }
@Override public String[] getSupportedCipherSuites() { return delegate.getSupportedCipherSuites(); }
public String[] getSupportedCipherSuites() { return delegate.getSupportedCipherSuites(); }
@Override public String[] getSupportedCipherSuites() { return engine.getSupportedCipherSuites(); }
public String[] getSupportedCipherSuites() { return currentRef.get().getSupportedCipherSuites(); }
public String[] getSupportedCipherSuites() { return currentRef.get().getSupportedCipherSuites(); }
public String[] getSupportedCipherSuites() { return currentRef.get().getSupportedCipherSuites(); }
/** * Returns the names of all encryption cipher suites that are supported (but not necessarily enabled). * * @return An array of cipher suite names. Not expected to be empty. */ public static List<String> getSupportedCipherSuites() throws NoSuchAlgorithmException, KeyManagementException { // TODO Might want to cache the result. It's unlikely to change at runtime. final SSLContext context = SSLContext.getInstance( "TLSv1" ); context.init( null, null, null ); return Arrays.asList( context.createSSLEngine().getSupportedCipherSuites() ); }
private static Set<String> supportedCiphers(SSLEngine engine) { // Choose the sensible default list of cipher suites. final String[] supportedCiphers = engine.getSupportedCipherSuites(); Set<String> supportedCiphersSet = new LinkedHashSet<String>(supportedCiphers.length); for (int i = 0; i < supportedCiphers.length; ++i) { String supportedCipher = supportedCiphers[i]; supportedCiphersSet.add(supportedCipher); // IBM's J9 JVM utilizes a custom naming scheme for ciphers and only returns ciphers with the "SSL_" // prefix instead of the "TLS_" prefix (as defined in the JSSE cipher suite names [1]). According to IBM's // documentation [2] the "SSL_" prefix is "interchangeable" with the "TLS_" prefix. // See the IBM forum discussion [3] and issue on IBM's JVM [4] for more details. //[1] http://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#ciphersuites //[2] https://www.ibm.com/support/knowledgecenter/en/SSYKE2_8.0.0/com.ibm.java.security.component.80.doc/ // security-component/jsse2Docs/ciphersuites.html //[3] https://www.ibm.com/developerworks/community/forums/html/topic?id=9b5a56a9-fa46-4031-b33b-df91e28d77c2 //[4] https://www.ibm.com/developerworks/rfe/execute?use_case=viewRfe&CR_ID=71770 if (supportedCipher.startsWith("SSL_")) { final String tlsPrefixedCipherName = "TLS_" + supportedCipher.substring("SSL_".length()); try { engine.setEnabledCipherSuites(new String[]{tlsPrefixedCipherName}); supportedCiphersSet.add(tlsPrefixedCipherName); } catch (IllegalArgumentException ignored) { // The cipher is not supported ... move on to the next cipher. } } } return supportedCiphersSet; }
final Sequence<String> cipherSuites = optionMap.get(Options.SSL_ENABLED_CIPHER_SUITES); if (cipherSuites != null) { final Set<String> supported = new HashSet<String>(Arrays.asList(engine.getSupportedCipherSuites())); final List<String> finalList = new ArrayList<String>(); for (String name : cipherSuites) {
public void configure(final SSLContext context, final SSLEngine sslEngine) { sslEngine.setUseClientMode(clientMode); final SSLParameters sslParameters = sslEngine.getSSLParameters(); configure(sslParameters, sslEngine.getSupportedProtocols(), sslEngine.getSupportedCipherSuites()); sslEngine.setSSLParameters(sslParameters); }
final Sequence<String> cipherSuites = optionMap.get(Options.SSL_ENABLED_CIPHER_SUITES); if (cipherSuites != null) { final Set<String> supported = new HashSet<String>(Arrays.asList(engine.getSupportedCipherSuites())); final List<String> finalList = new ArrayList<String>(); for (String name : cipherSuites) {
private void logSupportedParameters(SslContextFactory contextFactory) { if (LOGGED.compareAndSet(false, true)) { // When Jetty logs out which protocols are enabled / disabled they include tracing // information to detect if the protocol was disabled at the // JRE/lib/security/java.security level. Since we don't log this information we take the // SSLEngine from our context instead of a pristine version. // // For more info from Jetty: // https://github.com/eclipse/jetty.project/blob/93a8afcc6bd1a6e0af7bd9f967c97ae1bc3eb718/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java#L356-L360 final SSLEngine engine = contextFactory.getSslContext().createSSLEngine(); final Map<Boolean, List<String>> protocols = partitionSupport( engine.getSupportedProtocols(), engine.getEnabledProtocols(), contextFactory.getExcludeProtocols(), contextFactory.getIncludeProtocols() ); final Map<Boolean, List<String>> ciphers = partitionSupport( engine.getSupportedCipherSuites(), engine.getEnabledCipherSuites(), contextFactory.getExcludeCipherSuites(), contextFactory.getIncludeCipherSuites() ); LOGGER.info("Enabled protocols: {}", protocols.get(true)); LOGGER.info("Disabled protocols: {}", protocols.get(false)); LOGGER.info("Enabled cipher suites: {}", ciphers.get(true)); LOGGER.info("Disabled cipher suites: {}", ciphers.get(false)); } }
final String[] cipherSuites = AbstractAcceptingSslChannel.this.cipherSuites; if (cipherSuites != null) { final Set<String> supported = new HashSet<String>(Arrays.asList(engine.getSupportedCipherSuites())); final List<String> finalList = new ArrayList<String>(); for (String name : cipherSuites) {
public void setSSLParameters(final SSLContext sslContext, final SSLEngine sslEngine, final SSLParameters parameters) { sslEngine.setSSLParameters(redefine(parameters, sslEngine.getSupportedCipherSuites(), sslEngine.getSupportedProtocols())); }
LOG.debug("ssl protocols enabled: {}", String.join(", ", sslHandler.engine().getEnabledProtocols())); LOG.debug("ssl ciphers supported: {}", String.join(", ", sslHandler.engine().getSupportedCipherSuites())); LOG.debug("ssl ciphers enabled: {}", String.join(", ", sslHandler.engine().getEnabledCipherSuites()));
@Override public void start() throws Exception { log.info("Starting Jetty Server..."); server.start(); if (node.isEnableTlsPort()) { // Perform validation Preconditions.checkNotNull(sslContextFactory); final SSLEngine sslEngine = sslContextFactory.newSSLEngine(); if (sslEngine.getEnabledCipherSuites() == null || sslEngine.getEnabledCipherSuites().length == 0) { throw new ISE( "No supported cipher suites found, supported suites [%s], configured suites include list: [%s] exclude list: [%s]", Arrays.toString(sslEngine.getSupportedCipherSuites()), tlsServerConfig.getIncludeCipherSuites(), tlsServerConfig.getExcludeCipherSuites() ); } if (sslEngine.getEnabledProtocols() == null || sslEngine.getEnabledProtocols().length == 0) { throw new ISE( "No supported protocols found, supported protocols [%s], configured protocols include list: [%s] exclude list: [%s]", Arrays.toString(sslEngine.getSupportedProtocols()), tlsServerConfig.getIncludeProtocols(), tlsServerConfig.getExcludeProtocols() ); } } }
LOG.debug("ssl protocols enabled: {}", String.join(", ", sslHandler.engine().getEnabledProtocols())); LOG.debug("ssl ciphers supported: {}", String.join(", ", sslHandler.engine().getSupportedCipherSuites())); LOG.debug("ssl ciphers enabled: {}", String.join(", ", sslHandler.engine().getEnabledCipherSuites()));