@Override public String[] getEnabledCipherSuites() { return sock.getEnabledCipherSuites(); }
public String[] getEnabledCipherSuites() { return delegate.getEnabledCipherSuites(); }
for (String suite : socket.getEnabledCipherSuites()) { if ((includeCipherSuites.isEmpty() || includeCipherSuites.contains(suite)) && !excludeCipherSuites.contains(suite)) {
/** * Returns {@code true} if the socket, as currently configured, supports this connection spec. In * order for a socket to be compatible the enabled cipher suites and protocols must intersect. * * <p>For cipher suites, at least one of the {@link #cipherSuites() required cipher suites} must * match the socket's enabled cipher suites. If there are no required cipher suites the socket * must have at least one cipher suite enabled. * * <p>For protocols, at least one of the {@link #tlsVersions() required protocols} must match the * socket's enabled protocols. */ public boolean isCompatible(SSLSocket socket) { if (!tls) { return false; } if (tlsVersions != null && !nonEmptyIntersection( Util.NATURAL_ORDER, tlsVersions, socket.getEnabledProtocols())) { return false; } if (cipherSuites != null && !nonEmptyIntersection( CipherSuite.ORDER_BY_NAME, cipherSuites, socket.getEnabledCipherSuites())) { return false; } return true; }
private SSLSocket fixupSocket(Socket socket) throws IOException { SSLSocket sslSocket = (SSLSocket) socket; sslSocket.setEnabledProtocols( filter(sslSocket.getEnabledProtocols(), sslSocket.getSupportedProtocols())); sslSocket.setEnabledCipherSuites( filter(sslSocket.getEnabledCipherSuites(), sslSocket.getSupportedCipherSuites())); return sslSocket; }
Set<String> enabledCiphersSet = new HashSet<String>(Arrays.asList(enabledCiphers)); Set<String> supportedCiphersSet = new HashSet<String>( Arrays.asList(sslSocket.getEnabledCipherSuites())); Set<String> ciphersIntersection = new HashSet<String>(supportedCiphersSet); ciphersIntersection.retainAll(enabledCiphersSet);
/** * Returns {@code true} if the socket, as currently configured, supports this connection spec. In * order for a socket to be compatible the enabled cipher suites and protocols must intersect. * * <p>For cipher suites, at least one of the {@link #cipherSuites() required cipher suites} must * match the socket's enabled cipher suites. If there are no required cipher suites the socket * must have at least one cipher suite enabled. * * <p>For protocols, at least one of the {@link #tlsVersions() required protocols} must match the * socket's enabled protocols. */ public boolean isCompatible(SSLSocket socket) { if (!tls) { return false; } if (tlsVersions != null && !nonEmptyIntersection( Util.NATURAL_ORDER, tlsVersions, socket.getEnabledProtocols())) { return false; } if (cipherSuites != null && !nonEmptyIntersection( CipherSuite.ORDER_BY_NAME, cipherSuites, socket.getEnabledCipherSuites())) { return false; } return true; }
/** * Create a secure client socket that is connected to the given address and * port. * * @param address the address to connect to * @param port the port * @return the socket */ public static Socket createSocket(InetAddress address, int port) throws IOException { Socket socket = null; setKeystore(); SSLSocketFactory f = (SSLSocketFactory) SSLSocketFactory.getDefault(); SSLSocket secureSocket = (SSLSocket) f.createSocket(); secureSocket.connect(new InetSocketAddress(address, port), SysProperties.SOCKET_CONNECT_TIMEOUT); secureSocket.setEnabledProtocols( disableSSL(secureSocket.getEnabledProtocols())); if (SysProperties.ENABLE_ANONYMOUS_TLS) { String[] list = enableAnonymous( secureSocket.getEnabledCipherSuites(), secureSocket.getSupportedCipherSuites()); secureSocket.setEnabledCipherSuites(list); } socket = secureSocket; return socket; }
/** * Returns a copy of this that omits cipher suites and TLS versions not enabled by {@code * sslSocket}. */ private ConnectionSpec supportedSpec(SSLSocket sslSocket, boolean isFallback) { String[] cipherSuitesIntersection = cipherSuites != null ? intersect(CipherSuite.ORDER_BY_NAME, sslSocket.getEnabledCipherSuites(), cipherSuites) : sslSocket.getEnabledCipherSuites(); String[] tlsVersionsIntersection = tlsVersions != null ? intersect(Util.NATURAL_ORDER, sslSocket.getEnabledProtocols(), tlsVersions) : sslSocket.getEnabledProtocols(); // In accordance with https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00 // the SCSV cipher is added to signal that a protocol fallback has taken place. String[] supportedCipherSuites = sslSocket.getSupportedCipherSuites(); int indexOfFallbackScsv = indexOf( CipherSuite.ORDER_BY_NAME, supportedCipherSuites, "TLS_FALLBACK_SCSV"); if (isFallback && indexOfFallbackScsv != -1) { cipherSuitesIntersection = concat( cipherSuitesIntersection, supportedCipherSuites[indexOfFallbackScsv]); } return new Builder(this) .cipherSuites(cipherSuitesIntersection) .tlsVersions(tlsVersionsIntersection) .build(); }
/** * Returns {@code true} if the socket, as currently configured, supports this connection spec. In * order for a socket to be compatible the enabled cipher suites and protocols must intersect. * * <p>For cipher suites, at least one of the {@link #cipherSuites() required cipher suites} must * match the socket's enabled cipher suites. If there are no required cipher suites the socket * must have at least one cipher suite enabled. * * <p>For protocols, at least one of the {@link #tlsVersions() required protocols} must match the * socket's enabled protocols. */ public boolean isCompatible(SSLSocket socket) { if (!tls) { return false; } if (tlsVersions != null && !nonEmptyIntersection( Util.NATURAL_ORDER, tlsVersions, socket.getEnabledProtocols())) { return false; } if (cipherSuites != null && !nonEmptyIntersection( CipherSuite.ORDER_BY_NAME, cipherSuites, socket.getEnabledCipherSuites())) { return false; } return true; }
/** * Returns a copy of this that omits cipher suites and TLS versions not enabled by {@code * sslSocket}. */ private ConnectionSpec supportedSpec(SSLSocket sslSocket, boolean isFallback) { String[] cipherSuitesIntersection = cipherSuites != null ? intersect(CipherSuite.ORDER_BY_NAME, sslSocket.getEnabledCipherSuites(), cipherSuites) : sslSocket.getEnabledCipherSuites(); String[] tlsVersionsIntersection = tlsVersions != null ? intersect(Util.NATURAL_ORDER, sslSocket.getEnabledProtocols(), tlsVersions) : sslSocket.getEnabledProtocols(); // In accordance with https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00 // the SCSV cipher is added to signal that a protocol fallback has taken place. String[] supportedCipherSuites = sslSocket.getSupportedCipherSuites(); int indexOfFallbackScsv = indexOf( CipherSuite.ORDER_BY_NAME, supportedCipherSuites, "TLS_FALLBACK_SCSV"); if (isFallback && indexOfFallbackScsv != -1) { cipherSuitesIntersection = concat( cipherSuitesIntersection, supportedCipherSuites[indexOfFallbackScsv]); } return new Builder(this) .cipherSuites(cipherSuitesIntersection) .tlsVersions(tlsVersionsIntersection) .build(); }
@Test(timeout = 5000) public void testCreateSSLContextWithCustomCipherSuites() throws Exception { setCustomCipherSuites(); SSLSocket sslSocket = x509Util.createSSLSocket(); Assert.assertArrayEquals(customCipherSuites, sslSocket.getEnabledCipherSuites()); }
@Test(timeout = 5000) public void testCreateSSLSocket() throws Exception { setCustomCipherSuites(); SSLSocket sslSocket = x509Util.createSSLSocket(); Assert.assertArrayEquals(customCipherSuites, sslSocket.getEnabledCipherSuites()); }
/** * Returns a copy of this that omits cipher suites and TLS versions not enabled by {@code * sslSocket}. */ private ConnectionSpec supportedSpec(SSLSocket sslSocket, boolean isFallback) { String[] cipherSuitesIntersection = cipherSuites != null ? intersect(CipherSuite.ORDER_BY_NAME, sslSocket.getEnabledCipherSuites(), cipherSuites) : sslSocket.getEnabledCipherSuites(); String[] tlsVersionsIntersection = tlsVersions != null ? intersect(Util.NATURAL_ORDER, sslSocket.getEnabledProtocols(), tlsVersions) : sslSocket.getEnabledProtocols(); // In accordance with https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00 // the SCSV cipher is added to signal that a protocol fallback has taken place. String[] supportedCipherSuites = sslSocket.getSupportedCipherSuites(); int indexOfFallbackScsv = indexOf( CipherSuite.ORDER_BY_NAME, supportedCipherSuites, "TLS_FALLBACK_SCSV"); if (isFallback && indexOfFallbackScsv != -1) { cipherSuitesIntersection = concat( cipherSuitesIntersection, supportedCipherSuites[indexOfFallbackScsv]); } return new Builder(this) .cipherSuites(cipherSuitesIntersection) .tlsVersions(tlsVersionsIntersection) .build(); }
return delegate.getEnabledCipherSuites();
return delegate.getEnabledCipherSuites();
return delegate.getEnabledCipherSuites();
/** * Returns a new SSLParameters based on this SSLSocket's current * cipher suites, protocols, and client authentication settings. * * @since 1.6 */ public SSLParameters getSSLParameters() { SSLParameters p = new SSLParameters(); p.setCipherSuites(getEnabledCipherSuites()); p.setProtocols(getEnabledProtocols()); p.setNeedClientAuth(getNeedClientAuth()); p.setWantClientAuth(getWantClientAuth()); return p; }
private javax.net.ssl.SSLParameters createSSLParameters(boolean supported) { try { SSLSocket s = (SSLSocket) engineGetSocketFactory().createSocket(); javax.net.ssl.SSLParameters p = new javax.net.ssl.SSLParameters(); String[] cipherSuites; String[] protocols; if (supported) { cipherSuites = s.getSupportedCipherSuites(); protocols = s.getSupportedProtocols(); } else { cipherSuites = s.getEnabledCipherSuites(); protocols = s.getEnabledProtocols(); } p.setCipherSuites(cipherSuites); p.setProtocols(protocols); p.setNeedClientAuth(s.getNeedClientAuth()); p.setWantClientAuth(s.getWantClientAuth()); return p; } catch (IOException e) { /* * SSLContext.getDefaultSSLParameters specifies to throw * UnsupportedOperationException if there is a problem getting the * parameters */ throw new UnsupportedOperationException("Could not access supported SSL parameters"); } } }
/** * Returns the names of the cipher suites which could be enabled * for use on this connection. * When the underlying {@link Socket} is not an {@link SSLSocket} instance, returns null. * @return An array of cipher suite names, or <code>null</code> */ public String[] getEnabledCipherSuites() { if (_socket_ instanceof SSLSocket) { return ((SSLSocket)_socket_).getEnabledCipherSuites(); } return null; }