@Override public String[] getSupportedProtocols() { return engine.getSupportedProtocols(); }
@Override public String[] getSupportedProtocols() { return delegate.getSupportedProtocols(); }
@Override public String[] getSupportedProtocols() { return delegate.getSupportedProtocols(); }
@Override public String[] getSupportedProtocols() { return engine.getSupportedProtocols(); }
public String[] getSupportedProtocols() { return delegate.getSupportedProtocols(); }
@Override public String[] getSupportedProtocols() { return engine.getSupportedProtocols(); }
public String[] getSupportedProtocols() { return currentRef.get().getSupportedProtocols(); }
public String[] getSupportedProtocols() { return currentRef.get().getSupportedProtocols(); }
public String[] getSupportedProtocols() { return currentRef.get().getSupportedProtocols(); }
/** * Returns the names of all encryption protocols that are supported (but not necessarily enabled). * * @return An array of protocol names. Not expected to be empty. */ public static List<String> getSupportedProtocols() throws NoSuchAlgorithmException, KeyManagementException { // TODO Might want to cache the result. It's unlikely to change at runtime. final SSLContext context = SSLContext.getInstance( "TLSv1" ); context.init( null, null, null ); return Arrays.asList( context.createSSLEngine().getSupportedProtocols() ); }
private static String[] defaultProtocols(SSLEngine engine) { // Choose the sensible default list of protocols. final String[] supportedProtocols = engine.getSupportedProtocols(); Set<String> supportedProtocolsSet = new HashSet<String>(supportedProtocols.length); for (int i = 0; i < supportedProtocols.length; ++i) { supportedProtocolsSet.add(supportedProtocols[i]); } List<String> protocols = new ArrayList<String>(); addIfSupported( supportedProtocolsSet, protocols, // Do not include TLSv1.3 for now by default. SslUtils.PROTOCOL_TLS_V1_2, SslUtils.PROTOCOL_TLS_V1_1, SslUtils.PROTOCOL_TLS_V1); if (!protocols.isEmpty()) { return protocols.toArray(new String[0]); } return engine.getEnabledProtocols(); }
supportedProtocols.addAll(Arrays.asList(SSLContext.getDefault().createSSLEngine().getSupportedProtocols())); } catch (NoSuchAlgorithmException e) {
protocols.retainAll(Arrays.asList(engine.getSupportedProtocols())); if (protocols.isEmpty()) { log.warn("no SSL/TLS protocols are enabled due to configuration restrictions");
final Set<String> supported = new HashSet<String>(Arrays.asList(engine.getSupportedProtocols())); final List<String> finalList = new ArrayList<String>(); for (String name : protocols) {
public void configure(final SSLContext context, final SSLEngine sslEngine) { sslEngine.setUseClientMode(clientMode); final SSLParameters sslParameters = sslEngine.getSSLParameters(); configure(sslParameters, sslEngine.getSupportedProtocols(), sslEngine.getSupportedCipherSuites()); sslEngine.setSSLParameters(sslParameters); }
private void logSupportedParameters(SslContextFactory contextFactory) { if (LOGGED.compareAndSet(false, true)) { // When Jetty logs out which protocols are enabled / disabled they include tracing // information to detect if the protocol was disabled at the // JRE/lib/security/java.security level. Since we don't log this information we take the // SSLEngine from our context instead of a pristine version. // // For more info from Jetty: // https://github.com/eclipse/jetty.project/blob/93a8afcc6bd1a6e0af7bd9f967c97ae1bc3eb718/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java#L356-L360 final SSLEngine engine = contextFactory.getSslContext().createSSLEngine(); final Map<Boolean, List<String>> protocols = partitionSupport( engine.getSupportedProtocols(), engine.getEnabledProtocols(), contextFactory.getExcludeProtocols(), contextFactory.getIncludeProtocols() ); final Map<Boolean, List<String>> ciphers = partitionSupport( engine.getSupportedCipherSuites(), engine.getEnabledCipherSuites(), contextFactory.getExcludeCipherSuites(), contextFactory.getIncludeCipherSuites() ); LOGGER.info("Enabled protocols: {}", protocols.get(true)); LOGGER.info("Disabled protocols: {}", protocols.get(false)); LOGGER.info("Enabled cipher suites: {}", ciphers.get(true)); LOGGER.info("Disabled cipher suites: {}", ciphers.get(false)); } }
public void setSSLParameters(final SSLContext sslContext, final SSLEngine sslEngine, final SSLParameters parameters) { sslEngine.setSSLParameters(redefine(parameters, sslEngine.getSupportedCipherSuites(), sslEngine.getSupportedProtocols())); }
LOG.debug("ssl protocols supported: {}", String.join(", ", sslHandler.engine().getSupportedProtocols())); LOG.debug("ssl protocols enabled: {}", String.join(", ", sslHandler.engine().getEnabledProtocols()));
@Override public void start() throws Exception { log.info("Starting Jetty Server..."); server.start(); if (node.isEnableTlsPort()) { // Perform validation Preconditions.checkNotNull(sslContextFactory); final SSLEngine sslEngine = sslContextFactory.newSSLEngine(); if (sslEngine.getEnabledCipherSuites() == null || sslEngine.getEnabledCipherSuites().length == 0) { throw new ISE( "No supported cipher suites found, supported suites [%s], configured suites include list: [%s] exclude list: [%s]", Arrays.toString(sslEngine.getSupportedCipherSuites()), tlsServerConfig.getIncludeCipherSuites(), tlsServerConfig.getExcludeCipherSuites() ); } if (sslEngine.getEnabledProtocols() == null || sslEngine.getEnabledProtocols().length == 0) { throw new ISE( "No supported protocols found, supported protocols [%s], configured protocols include list: [%s] exclude list: [%s]", Arrays.toString(sslEngine.getSupportedProtocols()), tlsServerConfig.getIncludeProtocols(), tlsServerConfig.getExcludeProtocols() ); } } }
LOG.debug("ssl protocols supported: {}", String.join(", ", sslHandler.engine().getSupportedProtocols())); LOG.debug("ssl protocols enabled: {}", String.join(", ", sslHandler.engine().getEnabledProtocols()));