public String[] getCipherSuites() { return delegate.getCipherSuites(); }
protected String[] getFilteredCipherSuites(SSLParameters sslParameters) { return getFilteredCipherSuites(sslParameters.getCipherSuites()); }
public SSLParameters getDefaultSSLParameters(final SSLContext sslContext, final SSLParameters original) { final SSLParameters supportedSSLParameters = sslContext.getSupportedSSLParameters(); configure(original, supportedSSLParameters.getProtocols(), supportedSSLParameters.getCipherSuites()); return original; }
/** * Sets various SSL handshake parameters based on the SSLParameter * argument. Specifically, sets the SSLEngine's enabled cipher * suites if the parameter's cipher suites are non-null. Similarly * sets the enabled protocols. If the parameters specify the want * or need for client authentication, those requirements are set * on the SSLEngine, otherwise both are set to false. * @since 1.6 */ public void setSSLParameters(SSLParameters p) { String[] cipherSuites = p.getCipherSuites(); if (cipherSuites != null) { setEnabledCipherSuites(cipherSuites); } String[] protocols = p.getProtocols(); if (protocols != null) { setEnabledProtocols(protocols); } if (p.getNeedClientAuth()) { setNeedClientAuth(true); } else if (p.getWantClientAuth()) { setWantClientAuth(true); } else { setWantClientAuth(false); } } }
/** * Tests that connections cannot be made with unsupported TLS cipher suites */ @Test public void testUnsupportedCiphers() throws Exception { String node = "0"; SSLContext context = SSLContext.getInstance("TLSv1.2"); context.init(null, null, null); String[] cipherSuites = context.getDefaultSSLParameters().getCipherSuites(); sslServerConfigs.put(SslConfigs.SSL_CIPHER_SUITES_CONFIG, Arrays.asList(cipherSuites[0])); server = createEchoServer(SecurityProtocol.SSL); sslClientConfigs.put(SslConfigs.SSL_CIPHER_SUITES_CONFIG, Arrays.asList(cipherSuites[1])); createSelector(sslClientConfigs); InetSocketAddress addr = new InetSocketAddress("localhost", server.port()); selector.connect(node, addr, BUFFER_SIZE, BUFFER_SIZE); NetworkTestUtils.waitForChannelClose(selector, node, ChannelState.State.AUTHENTICATION_FAILED); server.verifyAuthenticationMetrics(0, 1); }
/** * Sets various SSL handshake parameters based on the SSLParameter * argument. Specifically, sets the SSLSocket's enabled cipher * suites if the parameter's cipher suites are non-null. Similarly * sets the enabled protocols. If the parameters specify the want * or need for client authentication, those requirements are set * on the SSLSocket, otherwise both are set to false. * @since 1.6 */ public void setSSLParameters(SSLParameters p) { String[] cipherSuites = p.getCipherSuites(); if (cipherSuites != null) { setEnabledCipherSuites(cipherSuites); } String[] protocols = p.getProtocols(); if (protocols != null) { setEnabledProtocols(protocols); } if (p.getNeedClientAuth()) { setNeedClientAuth(true); } else if (p.getWantClientAuth()) { setWantClientAuth(true); } else { setWantClientAuth(false); } } }
protected OptionMap getSSLOptions(SSLContext sslContext) { Builder builder = OptionMap.builder().addAll(commonOptions); builder.addAll(socketOptions); builder.set(Options.USE_DIRECT_BUFFERS, true); if (cipherSuites != null) { String[] cipherList = CipherSuiteSelector.fromString(cipherSuites).evaluate(sslContext.getSupportedSSLParameters().getCipherSuites()); builder.setSequence((Option<Sequence<String>>) HttpsListenerResourceDefinition.ENABLED_CIPHER_SUITES.getOption(), cipherList); } return builder.getMap(); }
sslCipherSuites = parameters.getCipherSuites(); } else { List<String> supportedCipherSuites = Arrays.asList(parameters.getCipherSuites()); List<String> sslCipherSuitesList = new ArrayList<String>(Arrays.asList(sslCipherSuites));
SSLParameters params = context.getSupportedSSLParameters(); List<String> enabledCiphers = new ArrayList<String>(); for (String cipher : params.getCipherSuites()) { boolean exclude = false; if (exludedCipherSuites != null) {
protected void secureConfigurationCheck() { if (isTrustAll()) LOG_CONFIG.warn("Trusting all certificates configured for {}",this); if (getEndpointIdentificationAlgorithm()==null) LOG_CONFIG.warn("No Client EndPointIdentificationAlgorithm configured for {}",this); SSLEngine engine = _factory._context.createSSLEngine(); customize(engine); SSLParameters supported = engine.getSSLParameters(); for (String protocol : supported.getProtocols()) { for (String excluded : DEFAULT_EXCLUDED_PROTOCOLS) { if (excluded.equals(protocol)) LOG_CONFIG.warn("Protocol {} not excluded for {}", protocol, this); } } for (String suite : supported.getCipherSuites()) { for (String excludedSuiteRegex : DEFAULT_EXCLUDED_CIPHER_SUITES) { if (suite.matches(excludedSuiteRegex)) LOG_CONFIG.warn("Weak cipher suite {} enabled for {}", suite, this); } } }
selectCipherSuites(enabled.getCipherSuites(), supported.getCipherSuites()); selectProtocols(enabled.getProtocols(), supported.getProtocols()); LOG.debug("Selected Ciphers {} of {}", Arrays.asList(_selectedCipherSuites), Arrays.asList(supported.getCipherSuites()));
private static String[] getDefaultCipherSuites() { try { return SSLContext.getDefault().getDefaultSSLParameters().getCipherSuites(); } catch (NoSuchAlgorithmException e) { throw new RuntimeException(e); } }
private static String[] getDefaultCipherSuites() { try { return SSLContext.getDefault().getDefaultSSLParameters().getCipherSuites(); } catch (NoSuchAlgorithmException e) { throw new RuntimeException(e); } } }
/** * Filter cipher suites. For internal use only. */ @Override public String[] filterCipherSuites(Iterable<String> ciphers, List<String> defaultCiphers, Set<String> supportedCiphers) { if (tlsPolicy.ciphers != null) { return tlsPolicy.ciphers; } return tlsPolicy.context.getSupportedSSLParameters().getCipherSuites(); }
@Override public String[] getSupportedCipherSuites() { if(factory == null) { return wrapped.wrapped.getSupportedSSLParameters().getCipherSuites(); } return factory.getSupportedCipherSuites(); }
@Override public String[] getDefaultCipherSuites() { if(factory == null) { return wrapped.wrapped.getDefaultSSLParameters().getCipherSuites(); } return factory.getDefaultCipherSuites(); }
@Override public String[] getSupportedCipherSuites() { if(factory == null) { return wrapped.wrapped.getSupportedSSLParameters().getCipherSuites(); } return factory.getSupportedCipherSuites(); }
@Override public String[] getSupportedCipherSuites() { if(factory == null) { return wrapped.wrapped.getSupportedSSLParameters().getCipherSuites(); } return factory.getSupportedCipherSuites(); }
public SSLParameters getDefaultSSLParameters(final SSLContext sslContext, final SSLParameters original) { final SSLParameters supportedSSLParameters = sslContext.getSupportedSSLParameters(); configure(original, supportedSSLParameters.getProtocols(), supportedSSLParameters.getCipherSuites()); return original; }
protected OptionMap getSSLOptions(SSLContext sslContext) { Builder builder = OptionMap.builder().addAll(commonOptions); builder.addAll(socketOptions); builder.set(Options.USE_DIRECT_BUFFERS, true); if (cipherSuites != null) { String[] cipherList = CipherSuiteSelector.fromString(cipherSuites).evaluate(sslContext.getSupportedSSLParameters().getCipherSuites()); builder.setSequence((Option<Sequence<String>>) HttpsListenerResourceDefinition.ENABLED_CIPHER_SUITES.getOption(), cipherList); } return builder.getMap(); }