public boolean getUseServerCipherSuitesOrder() { registerDefaultSSLHostConfig(); return defaultSSLHostConfig.getHonorCipherOrder(); } public void setUseServerCipherSuitesOrder(boolean honorCipherOrder) {
public boolean getSSLHonorCipherOrder() { registerDefaultSSLHostConfig(); return defaultSSLHostConfig.getHonorCipherOrder(); } public void setSSLHonorCipherOrder(boolean honorCipherOrder) {
private SSLHostConfigCertificate selectCertificate( SSLHostConfig sslHostConfig, List<Cipher> clientCiphers) { Set<SSLHostConfigCertificate> certificates = sslHostConfig.getCertificates(true); if (certificates.size() == 1) { return certificates.iterator().next(); } LinkedHashSet<Cipher> serverCiphers = sslHostConfig.getCipherList(); List<Cipher> candidateCiphers = new ArrayList<>(); if (sslHostConfig.getHonorCipherOrder()) { candidateCiphers.addAll(serverCiphers); candidateCiphers.retainAll(clientCiphers); } else { candidateCiphers.addAll(clientCiphers); candidateCiphers.retainAll(serverCiphers); } for (Cipher candidate : candidateCiphers) { for (SSLHostConfigCertificate certificate : certificates) { if (certificate.getType().isCompatibleWith(candidate.getAu())) { return certificate; } } } // No matches. Just return the first certificate. The handshake will // then fail due to no matching ciphers. return certificates.iterator().next(); }
sslParameters.setUseCipherSuitesOrder(sslHostConfig.getHonorCipherOrder()); if (JreCompat.isJre9Available() && clientRequestedApplicationProtocols != null && clientRequestedApplicationProtocols.size() > 0
if (sslHostConfig.getHonorCipherOrder()) { SSLContext.setOptions(ctx, SSL.SSL_OP_CIPHER_SERVER_PREFERENCE); } else {
if (sslHostConfig.getHonorCipherOrder()) { SSLContext.setOptions(ctx, SSL.SSL_OP_CIPHER_SERVER_PREFERENCE); } else {