private static Server createServer(Handler handler, int port, KeyStore keyStore, String keyPassword) throws Exception { Server server = new Server(); SslContextFactory sslContextFactory = new SslContextFactory(); sslContextFactory.setIncludeProtocols("TLSv1.2"); sslContextFactory.setKeyStore(keyStore); sslContextFactory.setKeyManagerPassword(keyPassword); HttpConfiguration httpsConfig = new HttpConfiguration(); httpsConfig.addCustomizer(new SecureRequestCustomizer()); ServerConnector sslConnector = new ServerConnector(server, new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(httpsConfig)); sslConnector.setPort(port); server.addConnector(sslConnector); server.setHandler(handler); return server; }
if ( protocols != null ) sslContextFactory.setIncludeProtocols( protocols ); sslContextFactory.setExcludeProtocols();
factory.setValidatePeerCerts(validatePeers); if (supportedProtocols != null) { factory.setIncludeProtocols(supportedProtocols.toArray(new String[0]));
THRIFT_SSL_INCLUDE_PROTOCOLS_KEY, ArrayUtils.EMPTY_STRING_ARRAY); if (includeProtocols.length != 0) { sslCtxFactory.setIncludeProtocols(includeProtocols);
private ServerConnector https(final Server server, final Config conf, final String path, final SSLContext sslContext, final boolean http2) { HttpConfiguration httpConf = conf(new HttpConfiguration(), conf.withoutPath(CONNECTOR), path); SslContextFactory sslContextFactory = new SslContextFactory(); sslContextFactory.setSslContext(sslContext); sslContextFactory.setIncludeProtocols("TLSv1.2"); sslContextFactory.setIncludeCipherSuites("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"); HttpConfiguration httpsConf = new HttpConfiguration(httpConf); httpsConf.addCustomizer(new SecureRequestCustomizer()); HttpConnectionFactory https11 = new HttpConnectionFactory(httpsConf); if (http2) { ALPNServerConnectionFactory alpn = new ALPNServerConnectionFactory(H2, H2_17, HTTP_1_1); alpn.setDefaultProtocol(HTTP_1_1); HTTP2ServerConnectionFactory https2 = new HTTP2ServerConnectionFactory(httpsConf); ServerConnector connector = new ServerConnector(server, new SslConnectionFactory(sslContextFactory, "alpn"), alpn, https2, https11); return conf(connector, conf.getConfig(CONNECTOR), path + ".connector"); } else { ServerConnector connector = new ServerConnector(server, new SslConnectionFactory(sslContextFactory, HTTP_1_1), https11); return conf(connector, conf.getConfig(CONNECTOR), path + ".connector"); } }
sslCtxFactory.setSslContext(sslContext); sslCtxFactory.setExcludeProtocols(getExcludeProtocols().toArray(new String[]{})); sslCtxFactory.setIncludeProtocols(getIncludeProtocols().toArray(new String[]{})); sslCtxFactory.setExcludeCipherSuites(getExcludeCipherSuites().toArray(new String[]{})); sslCtxFactory.setIncludeCipherSuites(getIncludeCipherSuites().toArray(new String[]{}));
REST_SSL_INCLUDE_PROTOCOLS, ArrayUtils.EMPTY_STRING_ARRAY); if (includeProtocols.length != 0) { sslCtxFactory.setIncludeProtocols(includeProtocols);
if(!ArrayUtils.isEmpty(goSSLConfig.getCipherSuitesToBeExcluded())) sslContextFactory.setExcludeCipherSuites(goSSLConfig.getCipherSuitesToBeExcluded()); if(!ArrayUtils.isEmpty(goSSLConfig.getProtocolsToBeExcluded())) sslContextFactory.setExcludeProtocols(goSSLConfig.getProtocolsToBeExcluded()); if(!ArrayUtils.isEmpty(goSSLConfig.getProtocolsToBeIncluded())) sslContextFactory.setIncludeProtocols(goSSLConfig.getProtocolsToBeIncluded()); sslContextFactory.setRenegotiationAllowed(goSSLConfig.isRenegotiationAllowed()); LOGGER.info("Included ciphers: {}", StringUtils.join(goSSLConfig.getCipherSuitesToBeIncluded(), ","));
sslContextFactory.setIncludeProtocols(m_protocols);
factory.setIncludeProtocols(supportedProtocols.toArray(new String[0]));
sslContextFactory.setIncludeProtocols(protocols.toArray(new String[protocols.size()]));
sslContextFactory.setIncludeProtocols( tlsServerConfig.getIncludeProtocols().toArray(new String[0]));
factory.setIncludeProtocols(ssl.getEnabledProtocols());
sslContextFactory.setIncludeProtocols(StringUtils.split(includeProtocols, ','));
/** * Configures Protocol, Algorithm and Provider related settings in SslContextFactory */ protected static void configureSslContextFactoryAlgorithms(SslContextFactory ssl, Map<String, Object> sslConfigValues) { List<String> sslEnabledProtocols = (List<String>) getOrDefault(sslConfigValues, SslConfigs.SSL_ENABLED_PROTOCOLS_CONFIG, Arrays.asList(COMMA_WITH_WHITESPACE.split(SslConfigs.DEFAULT_SSL_ENABLED_PROTOCOLS))); ssl.setIncludeProtocols(sslEnabledProtocols.toArray(new String[sslEnabledProtocols.size()])); String sslProvider = (String) sslConfigValues.get(SslConfigs.SSL_PROVIDER_CONFIG); if (sslProvider != null) ssl.setProvider(sslProvider); ssl.setProtocol((String) getOrDefault(sslConfigValues, SslConfigs.SSL_PROTOCOL_CONFIG, SslConfigs.DEFAULT_SSL_PROTOCOL)); List<String> sslCipherSuites = (List<String>) sslConfigValues.get(SslConfigs.SSL_CIPHER_SUITES_CONFIG); if (sslCipherSuites != null) ssl.setIncludeCipherSuites(sslCipherSuites.toArray(new String[sslCipherSuites.size()])); ssl.setKeyManagerFactoryAlgorithm((String) getOrDefault(sslConfigValues, SslConfigs.SSL_KEYMANAGER_ALGORITHM_CONFIG, SslConfigs.DEFAULT_SSL_KEYMANGER_ALGORITHM)); String sslSecureRandomImpl = (String) sslConfigValues.get(SslConfigs.SSL_SECURE_RANDOM_IMPLEMENTATION_CONFIG); if (sslSecureRandomImpl != null) ssl.setSecureRandomAlgorithm(sslSecureRandomImpl); ssl.setTrustManagerFactoryAlgorithm((String) getOrDefault(sslConfigValues, SslConfigs.SSL_TRUSTMANAGER_ALGORITHM_CONFIG, SslConfigs.DEFAULT_SSL_TRUSTMANAGER_ALGORITHM)); }
sslContextFactory.setTrustStorePath(trustStorePath); sslContextFactory.setTrustStorePassword(trustStorePassword); sslContextFactory.setIncludeProtocols(protocols); sslContextFactory.setIncludeCipherSuites(ciphers); switch(clientAuth) {
private ServerConnector https(final Server server, final Config conf, final String path, final SSLContext sslContext, final boolean http2) { HttpConfiguration httpConf = conf(new HttpConfiguration(), conf.withoutPath(CONNECTOR), path); SslContextFactory sslContextFactory = new SslContextFactory(); sslContextFactory.setSslContext(sslContext); sslContextFactory.setIncludeProtocols("TLSv1.2"); sslContextFactory.setIncludeCipherSuites("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"); HttpConfiguration httpsConf = new HttpConfiguration(httpConf); httpsConf.addCustomizer(new SecureRequestCustomizer()); HttpConnectionFactory https11 = new HttpConnectionFactory(httpsConf); if (http2) { ALPNServerConnectionFactory alpn = new ALPNServerConnectionFactory(H2, H2_17, HTTP_1_1); alpn.setDefaultProtocol(HTTP_1_1); HTTP2ServerConnectionFactory https2 = new HTTP2ServerConnectionFactory(httpsConf); ServerConnector connector = new ServerConnector(server, new SslConnectionFactory(sslContextFactory, "alpn"), alpn, https2, https11); return conf(connector, conf.getConfig(CONNECTOR), path + ".connector"); } else { ServerConnector connector = new ServerConnector(server, new SslConnectionFactory(sslContextFactory, HTTP_1_1), https11); return conf(connector, conf.getConfig(CONNECTOR), path + ".connector"); } }
sslContextFactory.setIncludeProtocols(StringUtils.split(includeProtocols, ','));
sslContextFactory.setKeyStorePassword(config.getKeystorePassword()); sslContextFactory.setExcludeProtocols(); sslContextFactory.setIncludeProtocols(ENABLED_PROTOCOLS); sslContextFactory.setExcludeCipherSuites(); sslContextFactory.setIncludeCipherSuites(ENABLED_CIPHERS);
sslContextFactory.setIncludeProtocols(tls.getEnabledProtocols());