/** * Apply engine modifications that will exist in any use-case of TLS * * @param sslEngine the ssl engine that will be used for the connections. Is mutated. * @return the updated sslEngine (should be the same as the original, but don't rely on that) */ @Override public SSLEngine apply( SSLEngine sslEngine ) { if ( tlsVersions != null ) { sslEngine.setEnabledProtocols( tlsVersions ); } sslEngine.setUseClientMode( isClient ); return sslEngine; } }
private SSLEngine createServerEngine() { SSLEngine engine = sslContext.createSSLEngine(); engine.setUseClientMode(false); return engine; }
@Override public ByteChannel wrapChannel(SocketChannel channel, SelectionKey key) throws IOException { SSLEngine e = sslcontext.createSSLEngine(); if (enabledProtocols != null) { e.setEnabledProtocols(enabledProtocols); } if (enabledCiphersuites != null) { e.setEnabledCipherSuites(enabledCiphersuites); } e.setUseClientMode(false); return new SSLSocketChannel2(channel, e, exec, key); }
private ChannelHandler createSslHandler(SSLContext sslContext, boolean needsClientAuth) { SSLEngine sslEngine = sslContext.createSSLEngine(); sslEngine.setUseClientMode(false); if (needsClientAuth) { sslEngine.setNeedClientAuth(true); } return new SslHandler(sslEngine); }
@Override public ByteChannel wrapChannel( SocketChannel channel, SelectionKey key ) throws IOException { SSLEngine e = sslcontext.createSSLEngine(); /* * See https://github.com/TooTallNate/Java-WebSocket/issues/466 * * We remove TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 from the enabled ciphers since it is just available when you patch your java installation directly. * E.g. firefox requests this cipher and this causes some dcs/instable connections */ List<String> ciphers = new ArrayList<String>( Arrays.asList(e.getEnabledCipherSuites())); ciphers.remove("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"); e.setEnabledCipherSuites( ciphers.toArray( new String[ciphers.size()] ) ); e.setUseClientMode( false ); return new SSLSocketChannel2( channel, e, exec, key ); }
SSLEngine sslEngine = sslContext.createSSLEngine(_host, _port); sslEngine.setUseClientMode(true); sslEngine.setEnabledProtocols(SSLUtils.getSupportedProtocols(sslEngine.getEnabledProtocols())); sslEngine.beginHandshake(); if (!Link.doHandshake(_clientConnection, sslEngine)) {
private ChannelHandler createSslHandler(SocketChannel channel, SslContext sslContext, boolean needsClientAuth) { SSLEngine sslEngine = sslContext.newEngine( channel.alloc(), channel.remoteAddress().getHostString(), channel.remoteAddress().getPort()); sslEngine.setUseClientMode(false); if (needsClientAuth) { sslEngine.setNeedClientAuth(true); } return new SslHandler(sslEngine); } }
engine.setUseClientMode(true); engine.setEnabledCipherSuites(SSLSupport.parseCommaSeparatedListIntoArray(enabledCipherSuites)); } catch (IllegalArgumentException e) { ActiveMQClientLogger.LOGGER.invalidCipherSuite(SSLSupport.parseArrayIntoCommandSeparatedList(engine.getSupportedCipherSuites())); engine.setEnabledProtocols(SSLSupport.parseCommaSeparatedListIntoArray(enabledProtocols)); } catch (IllegalArgumentException e) { ActiveMQClientLogger.LOGGER.invalidProtocol(SSLSupport.parseArrayIntoCommandSeparatedList(engine.getSupportedProtocols())); engine.setEnabledProtocols(originalProtocols);
private SSLEngine createSslEngine(SSLContext sslContext, String peerHost, int peerPort) { SSLEngine sslEngine = sslContext.createSSLEngine(peerHost, peerPort); if (cipherSuites != null) sslEngine.setEnabledCipherSuites(cipherSuites); if (enabledProtocols != null) sslEngine.setEnabledProtocols(enabledProtocols); // SSLParameters#setEndpointIdentificationAlgorithm enables endpoint validation // only in client mode. Hence, validation is enabled only for clients. if (mode == Mode.SERVER) { sslEngine.setUseClientMode(false); if (needClientAuth) sslEngine.setNeedClientAuth(needClientAuth); else sslEngine.setWantClientAuth(wantClientAuth); } else { sslEngine.setUseClientMode(true); SSLParameters sslParams = sslEngine.getSSLParameters(); sslParams.setEndpointIdentificationAlgorithm(endpointIdentification); sslEngine.setSSLParameters(sslParams); } return sslEngine; }
private PeerChannel createPeerChannel(final SocketChannel channel, final String peerDescription) { if (sslContext == null) { logger.debug("No SSL Context is available so will not perform SSL Handshake with Peer {}", peerDescription); return new PeerChannel(channel, null, peerDescription); } logger.debug("Performing SSL Handshake with Peer {}", peerDescription); final SSLEngine sslEngine = sslContext.createSSLEngine(); sslEngine.setUseClientMode(true); sslEngine.setNeedClientAuth(true); return new PeerChannel(channel, sslEngine, peerDescription); }
private static SSLEngine defaultSSLEngineFactory(final SSLContext sslContext) { SSLEngine engine = sslContext.createSSLEngine(); engine.setUseClientMode(true); return engine; }
/** * Creates an SSL engine each time a connection is established. * * <p> * * <p>You might want to override this if you need to fine-tune the engine's configuration (for * example enabling hostname verification). * * @param channel the Netty channel for that connection. * @return the engine. */ protected SSLEngine newSSLEngine(@SuppressWarnings("unused") SocketChannel channel) { SSLEngine engine = context.createSSLEngine(); engine.setUseClientMode(true); if (cipherSuites != null) engine.setEnabledCipherSuites(cipherSuites); return engine; }
try { SSLContext sslContext = Link.initManagementSSLContext(caService); sslEngine = sslContext.createSSLEngine(ip, port); sslEngine.setUseClientMode(true); sslEngine.setEnabledProtocols(SSLUtils.getSupportedProtocols(sslEngine.getEnabledProtocols())); sslEngine.beginHandshake(); if (!Link.doHandshake(ch1, sslEngine)) {
next.setUseClientMode(false); final int flagsVal = flags.get(); if ((flagsVal & FL_WANT_C_AUTH) != 0) { next.setWantClientAuth(true); } else if ((flagsVal & FL_NEED_C_AUTH) != 0) { next.setNeedClientAuth(true);
/** * Creates an SSL Engine that is configured to use client mode when handshaking. * * For Openfire, an engine of this mode is typically used when the server tries to connect to another server. * * These SSLEngines never send SSLV2 ClientHello messages. * * @return An initialized SSLEngine instance (never null). */ public SSLEngine createClientModeSSLEngine() throws UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException { final SSLEngine sslEngine = createSSLEngine(); sslEngine.setUseClientMode( true ); final Set<String> protocols = new LinkedHashSet<>( Arrays.asList( sslEngine.getEnabledProtocols() ) ); protocols.remove( "SSLv2Hello" ); sslEngine.setEnabledProtocols( protocols.toArray( new String[ protocols.size() ] ) ); return sslEngine; }
/** * Returns a configured SSLEngine. * * @return the configured SSLEngine. * @throws GeneralSecurityException thrown if the SSL engine could not * be initialized. * @throws IOException thrown if and IO error occurred while loading * the server keystore. */ public SSLEngine createSSLEngine() throws GeneralSecurityException, IOException { SSLEngine sslEngine = context.createSSLEngine(); if (mode == Mode.CLIENT) { sslEngine.setUseClientMode(true); } else { sslEngine.setUseClientMode(false); sslEngine.setNeedClientAuth(requireClientCert); disableExcludedCiphers(sslEngine); } sslEngine.setEnabledProtocols(enabledProtocols); return sslEngine; }
public SSLSocketChannel(final SSLContext sslContext, final String hostname, final int port, final InetAddress localAddress, final boolean client) throws IOException { this.socketAddress = new InetSocketAddress(hostname, port); this.channel = SocketChannel.open(); if (localAddress != null) { final SocketAddress localSocketAddress = new InetSocketAddress(localAddress, 0); this.channel.bind(localSocketAddress); } this.hostname = hostname; this.port = port; this.engine = sslContext.createSSLEngine(); this.engine.setUseClientMode(client); engine.setNeedClientAuth(true); streamInManager = new BufferStateManager(ByteBuffer.allocate(engine.getSession().getPacketBufferSize())); streamOutManager = new BufferStateManager(ByteBuffer.allocate(engine.getSession().getPacketBufferSize())); appDataManager = new BufferStateManager(ByteBuffer.allocate(engine.getSession().getApplicationBufferSize())); }
/** * Adds the ssl handler * * @param pipeline - channel pipeline */ protected void addSslHandler(ChannelPipeline pipeline) { if (sslContext != null) { SSLEngine engine = sslContext.createSSLEngine(); engine.setUseClientMode(false); pipeline.addLast(SSL_HANDLER, new SslHandler(engine)); } }
/** * Creates an SSL engine each time a connection is established. * * <p>You might want to override this if you need to fine-tune the engine's configuration (for * example enabling hostname verification). * * @param channel the Netty channel for that connection. * @param remoteEndpoint the remote endpoint we are connecting to. * @return the engine. * @since 3.2.0 */ protected SSLEngine newSSLEngine( @SuppressWarnings("unused") SocketChannel channel, InetSocketAddress remoteEndpoint) { SSLEngine engine = remoteEndpoint == null ? context.createSSLEngine() : context.createSSLEngine(remoteEndpoint.getHostName(), remoteEndpoint.getPort()); engine.setUseClientMode(true); if (cipherSuites != null) engine.setEnabledCipherSuites(cipherSuites); return engine; }
/** * Creates a new SSL Engine that is configured to use server mode when handshaking. * * For Openfire, an engine is of this mode used for most purposes (as Openfire is a server by nature). * * @return A new, initialized SSLEngine instance (never null). */ public SSLEngine createServerModeSSLEngine() throws UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException { final SSLEngine sslEngine = createSSLEngine( ); sslEngine.setUseClientMode( false ); switch ( configuration.getClientAuth() ) { case needed: sslEngine.setNeedClientAuth( true ); break; case wanted: sslEngine.setWantClientAuth( true ); break; case disabled: sslEngine.setWantClientAuth( false ); break; } return sslEngine; }