private static Supplier<WebSocketClient> createTestClientSupplier() { return () -> { SslContextFactory sslContextFactory = new SslContextFactory( /* trustall= */ true ); /* remove extra filters added by jetty on cipher suites */ sslContextFactory.setExcludeCipherSuites(); return new WebSocketClient( sslContextFactory ); }; } }
/** * Create ssl connector if https is used * @return */ private ServerConnector sslConnector() { HttpConfiguration http_config = new HttpConfiguration(); http_config.setSecureScheme("https"); http_config.setSecurePort(this.getPort()); HttpConfiguration https_config = new HttpConfiguration(http_config); https_config.addCustomizer(new SecureRequestCustomizer()); SslContextFactory sslContextFactory = new SslContextFactory(this.getCertKeyStorePath()); sslContextFactory.setKeyStorePassword(this.getCertKeyStorePassword()); //exclude weak ciphers sslContextFactory.setExcludeCipherSuites("^.*_(MD5|SHA|SHA1)$"); //only support tlsv1.2 sslContextFactory.addExcludeProtocols("SSL", "SSLv2", "SSLv2Hello", "SSLv3", "TLSv1", "TLSv1.1"); ServerConnector connector = new ServerConnector(jettyServer, new SslConnectionFactory(sslContextFactory, "http/1.1"), new HttpConnectionFactory(https_config)); connector.setPort(this.getPort()); connector.setIdleTimeout(50000); return connector; }
sslContextFactory.setExcludeCipherSuites();
factory.setExcludeCipherSuites(excludedCipherSuites.toArray(new String[0]));
if(systemEnvironment.get(SystemEnvironment.GO_SSL_CONFIG_CLEAR_JETTY_DEFAULT_EXCLUSIONS)){ sslContextFactory.setExcludeProtocols(); sslContextFactory.setExcludeCipherSuites(); if(!ArrayUtils.isEmpty(goSSLConfig.getCipherSuitesToBeExcluded())) sslContextFactory.setExcludeCipherSuites(goSSLConfig.getCipherSuitesToBeExcluded()); if(!ArrayUtils.isEmpty(goSSLConfig.getProtocolsToBeExcluded())) sslContextFactory.setExcludeProtocols(goSSLConfig.getProtocolsToBeExcluded()); if(!ArrayUtils.isEmpty(goSSLConfig.getProtocolsToBeIncluded())) sslContextFactory.setIncludeProtocols(goSSLConfig.getProtocolsToBeIncluded());
THRIFT_SSL_EXCLUDE_CIPHER_SUITES_KEY, ArrayUtils.EMPTY_STRING_ARRAY); if (excludeCiphers.length != 0) { sslCtxFactory.setExcludeCipherSuites(excludeCiphers);
Integer headerBufferSize) { SslContextFactory factory = new SslContextFactory(); factory.setExcludeCipherSuites("SSL_RSA_WITH_RC4_128_MD5", "SSL_RSA_WITH_RC4_128_SHA"); factory.setExcludeProtocols("SSLv3"); factory.setRenegotiationAllowed(false);
sslCtxFactory.setExcludeProtocols(getExcludeProtocols().toArray(new String[]{})); sslCtxFactory.setIncludeProtocols(getIncludeProtocols().toArray(new String[]{})); sslCtxFactory.setExcludeCipherSuites(getExcludeCipherSuites().toArray(new String[]{})); sslCtxFactory.setIncludeCipherSuites(getIncludeCipherSuites().toArray(new String[]{}));
REST_SSL_EXCLUDE_CIPHER_SUITES, ArrayUtils.EMPTY_STRING_ARRAY); if (excludeCiphers.length != 0) { sslCtxFactory.setExcludeCipherSuites(excludeCiphers);
factory.setExcludeCipherSuites(excludedCipherSuites.toArray(new String[0]));
sslContextFactory.setExcludeCipherSuites(); sslContextFactory.setIncludeCipherSuites(SSLUtil.readArray(sslConfig.getCiphers()));
private ServerConnector createHttpsChannelConnector( Server server, HttpConfiguration httpConfig) { httpConfig.setSecureScheme(HTTPS_SCHEME); httpConfig.addCustomizer(new SecureRequestCustomizer()); ServerConnector conn = createHttpChannelConnector(server, httpConfig); SslContextFactory sslContextFactory = new SslContextFactory(); sslContextFactory.setNeedClientAuth(needsClientAuth); sslContextFactory.setKeyManagerPassword(keyPassword); if (keyStore != null) { sslContextFactory.setKeyStorePath(keyStore); sslContextFactory.setKeyStoreType(keyStoreType); sslContextFactory.setKeyStorePassword(keyStorePassword); } if (trustStore != null) { sslContextFactory.setTrustStorePath(trustStore); sslContextFactory.setTrustStoreType(trustStoreType); sslContextFactory.setTrustStorePassword(trustStorePassword); } if(null != excludeCiphers && !excludeCiphers.isEmpty()) { sslContextFactory.setExcludeCipherSuites( StringUtils.getTrimmedStrings(excludeCiphers)); LOG.info("Excluded Cipher List:" + excludeCiphers); } conn.addFirstConnectionFactory(new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString())); return conn; } }
sslContextFactory.setExcludeCipherSuites( tlsServerConfig.getExcludeCipherSuites().toArray(new String[0]));
if (!ObjectUtils.isEmpty(ssl.getCiphers())) { factory.setIncludeCipherSuites(ssl.getCiphers()); factory.setExcludeCipherSuites();
private SslContextFactory(boolean trustAll, String keyStorePath) { setTrustAll(trustAll); setExcludeProtocols(DEFAULT_EXCLUDED_PROTOCOLS); setExcludeCipherSuites(DEFAULT_EXCLUDED_CIPHER_SUITES); if (keyStorePath != null) setKeyStorePath(keyStorePath); }
private HttpClient createHttpClient() { SslContextFactory sslContextFactory = new SslContextFactory(); sslContextFactory.setExcludeCipherSuites(""); HttpClient client = new HttpClient(sslContextFactory); client.setFollowRedirects(false); client.setMaxConnectionsPerDestination(2); //You can set more restrictive timeouts per request, but not less, so // we set the maximum timeout of 1 hour here. client.setIdleTimeout(60 * 60 * 1000); try { client.start(); } catch (Exception e) { logger.error("Error building http client", e); } return client; }
sslContextFactory.setExcludeCipherSuites(StringUtils.split(excludedCiphers, ','));
private HttpClient createHttpClient() { //Allow ssl by default SslContextFactory sslContextFactory = new SslContextFactory(); //Don't exclude RSA because Sixt needs them, dammit! sslContextFactory.setExcludeCipherSuites(""); HttpClient client = new HttpClient(sslContextFactory); client.setFollowRedirects(false); client.setMaxConnectionsPerDestination(16); client.setRequestBufferSize(65536); client.setConnectTimeout(FeatureFlags.getHttpConnectTimeout(serviceProperties)); client.setAddressResolutionTimeout(FeatureFlags.getHttpAddressResolutionTimeout(serviceProperties)); //You can set more restrictive timeouts per request, but not less, so // we set the maximum timeout of 1 hour here. client.setIdleTimeout(60 * 60 * 1000); try { client.start(); } catch (Exception e) { logger.error("Error building http client", e); } return client; }
/** * @see org.eclipse.jetty.server.ssl.SslConnector#setExcludeCipherSuites(java.lang.String[]) * @deprecated */ @Deprecated public void setExcludeCipherSuites(String[] cipherSuites) { _sslContextFactory.setExcludeCipherSuites(cipherSuites); }
/** * @see org.eclipse.jetty.server.ssl.SslConnector#setExcludeCipherSuites(java.lang.String[]) * @deprecated */ @Deprecated public void setExcludeCipherSuites(String[] cipherSuites) { _sslContextFactory.setExcludeCipherSuites(cipherSuites); }