List of usage examples for javax.net.ssl SSLEngine setEnabledCipherSuites
public abstract void setEnabledCipherSuites(String suites[]);
From source file:com.eucalyptus.crypto.util.SslSetup.java
public static SSLEngine getServerEngine() {//TODO:GRZE: @Configurability final SSLEngine engine = SERVER_CONTEXT.createSSLEngine(); engine.setUseClientMode(false);/*from w ww. jav a 2 s. c o m*/ engine.setWantClientAuth(false); engine.setNeedClientAuth(false); engine.setEnabledProtocols( SslUtils.getEnabledProtocols(SERVER_SSL_PROTOCOLS, engine.getSupportedProtocols())); engine.setEnabledCipherSuites( SslUtils.getEnabledCipherSuites(SERVER_SSL_CIPHERS, SERVER_SUPPORTED_CIPHERS)); return engine; }
From source file:com.floragunn.searchguard.ssl.SSLTest.java
@Test public void testAvailCiphers() throws Exception { final SSLContext serverContext = SSLContext.getInstance("TLS"); serverContext.init(null, null, null); final SSLEngine engine = serverContext.createSSLEngine(); final List<String> jdkSupportedCiphers = new ArrayList<>(Arrays.asList(engine.getSupportedCipherSuites())); jdkSupportedCiphers.retainAll(SSLConfigConstants.getSecureSSLCiphers(Settings.EMPTY, false)); engine.setEnabledCipherSuites(jdkSupportedCiphers.toArray(new String[0])); final List<String> jdkEnabledCiphers = Arrays.asList(engine.getEnabledCipherSuites()); // example//from w w w. ja va2 s. com // TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, // TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA System.out.println("JDK enabled ciphers: " + jdkEnabledCiphers); Assert.assertTrue(jdkEnabledCiphers.size() > 0); }
From source file:mitm.BouncyCastleSslEngineSource.java
private void filterWeakCipherSuites(SSLEngine sslEngine) { List<String> ciphers = new LinkedList<String>(); for (String each : sslEngine.getEnabledCipherSuites()) { if (each.equals(each.equals("TLS_DHE_RSA_WITH_AES_128_CBC_SHA") || each.equals("TLS_DHE_RSA_WITH_AES_256_CBC_SHA"))) { LOG.debug("Removed cipher {}", each); } else {/* w w w.j ava 2 s . c o m*/ ciphers.add(each); } } sslEngine.setEnabledCipherSuites(ciphers.toArray(new String[ciphers.size()])); if (LOG.isDebugEnabled()) { if (sslEngine.getUseClientMode()) { LOG.debug("Enabled server cipher suites:"); } else { String host = sslEngine.getPeerHost(); int port = sslEngine.getPeerPort(); LOG.debug("Enabled client {}:{} cipher suites:", host, port); } for (String each : ciphers) { LOG.debug(each); } } }
From source file:com.hypersocket.server.HypersocketServerImpl.java
public SSLEngine createSSLEngine(InetSocketAddress localAddress, InetSocketAddress remoteAddress) { SSLEngine engine = getSSLContext(localAddress, remoteAddress).createSSLEngine(); engine.setUseClientMode(false);//ww w . jav a2 s . co m engine.setWantClientAuth(false); if (enabledCipherSuites != null && enabledCipherSuites.length > 0) { engine.setEnabledCipherSuites(enabledCipherSuites); } if (enabledProtocols != null && enabledProtocols.length > 0) { engine.setEnabledProtocols(enabledProtocols); } return engine; }
From source file:com.chiorichan.http.ssl.SniNegotiator.java
@Override protected void decode(ChannelHandlerContext ctx, ByteBuf in, List<Object> out) throws Exception { if (!handshaken && in.readableBytes() >= 5) { String hostname = sniHostNameFromHandshakeInfo(in); if (hostname != null) hostname = IDN.toASCII(hostname, IDN.ALLOW_UNASSIGNED).toLowerCase(Locale.US); this.hostname = hostname; selectedContext = SslManager.instance().map(hostname); if (handshaken) { SSLEngine engine = selectedContext.newEngine(ctx.alloc()); List<String> supportedCipherSuites = Arrays.asList(engine.getSupportedCipherSuites()); if (!supportedCipherSuites.containsAll(enabledCipherSuites)) for (String cipher : enabledCipherSuites) if (!supportedCipherSuites.contains(cipher)) { NetworkManager.getLogger() .severe(String.format( "The SSL/TLS cipher suite '%s' is not supported by SSL Provider %s", cipher, SslContext.defaultServerProvider().name())); enabledCipherSuites.remove(cipher); }// w w w. j a v a2s .c o m engine.setUseClientMode(false); engine.setEnabledCipherSuites(enabledCipherSuites.toArray(new String[0])); ctx.pipeline().replace(this, ctx.name(), new SslExceptionHandler(engine)); } } }
From source file:org.apache.cxf.transport.http.asyncclient.AsyncHTTPConduit.java
public void initializeSSLEngine(SSLContext sslcontext, SSLEngine sslengine) { TLSClientParameters tlsClientParameters = getTlsClientParameters(); if (tlsClientParameters == null) { tlsClientParameters = new TLSClientParameters(); }//from w ww . jav a 2s . c o m String[] cipherSuites = SSLUtils.getCiphersuitesToInclude(tlsClientParameters.getCipherSuites(), tlsClientParameters.getCipherSuitesFilter(), sslcontext.getSocketFactory().getDefaultCipherSuites(), SSLUtils.getSupportedCipherSuites(sslcontext), LOG); sslengine.setEnabledCipherSuites(cipherSuites); String protocol = tlsClientParameters.getSecureSocketProtocol() != null ? tlsClientParameters.getSecureSocketProtocol() : "TLS"; String p[] = findProtocols(protocol, sslengine.getSupportedProtocols()); if (p != null) { sslengine.setEnabledProtocols(p); } }
From source file:org.opcfoundation.ua.transport.https.HttpsServer.java
protected void initReactor() throws ServiceResultException { boolean https = false, http = false; for (SocketHandle sh : socketHandles.values()) { https |= sh.scheme.equals(UriUtil.SCHEME_HTTPS); http |= sh.scheme.equals(UriUtil.SCHEME_HTTP); }//from w w w . j av a 2s . c om try { if (https && sslSetupHandler == null) { SSLContext sslcontext = SSLContext.getInstance("TLS"); sslcontext.init(application.getHttpsSettings().getKeyManagers(), application.getHttpsSettings().getTrustManagers(), null); // SSL Setup Handler sslSetupHandler = new SSLSetupHandler() { public void verify(IOSession iosession, SSLSession sslsession) throws SSLException { } public void initalize(SSLEngine sslengine) throws SSLException { //sslengine.setEnabledCipherSuites( calcCipherSuites() ); } }; // Create HTTP connection factory sslConnFactory = new SSLNHttpServerConnectionFactory(sslcontext, sslSetupHandler, getHttpParams()); // Create server-side I/O event dispatch sslIoEventDispatch = new DefaultHttpServerIODispatch(protocolHandler, sslConnFactory); // Create ssl engine sslEngine = sslcontext.createSSLEngine(); log.info("Enabled protocols in SSL Engine are {}", Arrays.toString(sslEngine.getEnabledProtocols())); enabledCipherSuites = sslEngine.getEnabledCipherSuites(); log.info("Enabled CipherSuites in SSL Engine are {}", Arrays.toString(enabledCipherSuites)); } if (https) { // Create list of cipher suites String[] oldCipherSuiteSelection = cipherSuites; cipherSuitePatterns = calcCipherSuitePatterns(); //securityPolicies = calcSecurityPolicies().toArray( new SecurityPolicy[0] ); cipherSuites = CryptoUtil.filterCipherSuiteList(enabledCipherSuites, cipherSuitePatterns); sslEngine.setEnabledCipherSuites(cipherSuites); if (oldCipherSuiteSelection == null || !Arrays.equals(oldCipherSuiteSelection, cipherSuites)) { log.info("CipherSuites for policies ({}) are {}", Arrays.toString(securityPolicies), Arrays.toString(cipherSuites)); } } if (http && plainConnFactory == null) { plainConnFactory = new DefaultNHttpServerConnectionFactory(getHttpParams()); // Create server-side I/O event dispatch plainIoEventDispatch = new DefaultHttpServerIODispatch(protocolHandler, plainConnFactory); } if (ioReactor == null) { // Create server-side I/O reactor ioReactor = new DefaultListeningIOReactor(ioConfig, null); } } catch (KeyManagementException e1) { throw new ServiceResultException(e1); } catch (NoSuchAlgorithmException e1) { throw new ServiceResultException(e1); } catch (IOReactorException e1) { throw new ServiceResultException(e1); } }
From source file:org.apache.hadoop.security.ssl.SSLFactory.java
private void disableExcludedCiphers(SSLEngine sslEngine) { String[] cipherSuites = sslEngine.getEnabledCipherSuites(); ArrayList<String> defaultEnabledCipherSuites = new ArrayList<String>(Arrays.asList(cipherSuites)); Iterator iterator = excludeCiphers.iterator(); while (iterator.hasNext()) { String cipherName = (String) iterator.next(); if (defaultEnabledCipherSuites.contains(cipherName)) { defaultEnabledCipherSuites.remove(cipherName); LOG.debug("Disabling cipher suite {}.", cipherName); }/* www . j a v a 2 s .c om*/ } cipherSuites = defaultEnabledCipherSuites.toArray(new String[defaultEnabledCipherSuites.size()]); sslEngine.setEnabledCipherSuites(cipherSuites); }
From source file:org.apache.http.HC4.nio.conn.ssl.SSLIOSessionStrategy.java
@Override public SSLIOSession upgrade(final HttpHost host, final IOSession iosession) throws IOException { Asserts.check(!(iosession instanceof SSLIOSession), "I/O session is already upgraded to TLS/SSL"); final SSLIOSession ssliosession = new SSLIOSession(iosession, SSLMode.CLIENT, this.sslContext, new SSLSetupHandler() { @Override// ww w . ja va 2 s .c o m public void initalize(final SSLEngine sslengine) throws SSLException { if (supportedProtocols != null) { sslengine.setEnabledProtocols(supportedProtocols); } if (supportedCipherSuites != null) { sslengine.setEnabledCipherSuites(supportedCipherSuites); } initializeEngine(sslengine); } @Override public void verify(final IOSession iosession, final SSLSession sslsession) throws SSLException { verifySession(host, iosession, sslsession); } }); iosession.setAttribute(SSLIOSession.SESSION_KEY, ssliosession); ssliosession.initialize(); return ssliosession; }