List of usage examples for javax.net.ssl SSLParameters setUseCipherSuitesOrder
public final void setUseCipherSuitesOrder(boolean honorOrder)
From source file:org.elasticsearch.xpack.core.ssl.SSLService.java
/** * Creates an {@link SSLEngine} based on the provided configuration. This SSLEngine can be used for a connection that requires * hostname verification assuming the provided * host and port are correct. The SSLEngine created by this method is most useful for clients with hostname verification enabled * @param configuration the ssl configuration * @param host the host of the remote endpoint. If using hostname verification, this should match what is in the remote endpoint's * certificate//from w ww. j a v a 2 s .c o m * @param port the port of the remote endpoint * @return {@link SSLEngine} * @see #sslConfiguration(Settings, Settings) */ public SSLEngine createSSLEngine(SSLConfiguration configuration, String host, int port) { SSLContext sslContext = sslContext(configuration); SSLEngine sslEngine = sslContext.createSSLEngine(host, port); String[] ciphers = supportedCiphers(sslEngine.getSupportedCipherSuites(), configuration.cipherSuites(), false); String[] supportedProtocols = configuration.supportedProtocols().toArray(Strings.EMPTY_ARRAY); SSLParameters parameters = new SSLParameters(ciphers, supportedProtocols); if (configuration.verificationMode().isHostnameVerificationEnabled() && host != null) { // By default, a SSLEngine will not perform hostname verification. In order to perform hostname verification // we need to specify a EndpointIdentificationAlgorithm. We use the HTTPS algorithm to prevent against // man in the middle attacks for all of our connections. parameters.setEndpointIdentificationAlgorithm("HTTPS"); } // we use the cipher suite order so that we can prefer the ciphers we set first in the list parameters.setUseCipherSuitesOrder(true); configuration.sslClientAuth().configure(parameters); // many SSLEngine options can be configured using either SSLParameters or direct methods on the engine itself, but there is one // tricky aspect; if you set a value directly on the engine and then later set the SSLParameters the value set directly on the // engine will be overwritten by the value in the SSLParameters sslEngine.setSSLParameters(parameters); return sslEngine; }