List of usage examples for javax.net.ssl SSLServerSocket getEnabledCipherSuites
public abstract String[] getEnabledCipherSuites();
From source file:net.i2p.util.I2PSSLSocketFactory.java
/** * Select protocols and cipher suites to be used * based on configured inclusion and exclusion lists * as well as enabled and supported protocols and cipher suites. * * Adapted from Jetty SslContextFactory.java * * @since 0.9.16//from w w w. j a v a2s . co m */ public static void setProtocolsAndCiphers(SSLServerSocket socket) { String[] p = selectProtocols(socket.getEnabledProtocols(), socket.getSupportedProtocols()); for (int i = 0; i < p.length; i++) { // if we left SSLv3 in there, we don't support TLS, // so we should't remove the SSL ciphers if (p[i].equals("SSLv3")) return; } socket.setEnabledProtocols(p); socket.setEnabledCipherSuites( selectCipherSuites(socket.getEnabledCipherSuites(), socket.getSupportedCipherSuites())); }
From source file:com.apporiented.hermesftp.server.impl.SecureFtpServer.java
/** * {@inheritDoc}/* w ww.ja v a2 s . c o m*/ */ protected ServerSocket createServerSocket() throws IOException { SSLContext sslContext = getOptions().getSslContext(); int sslPort = getOptions().getImplicitSslPort(); SSLServerSocketFactory factory = sslContext.getServerSocketFactory(); SSLServerSocket sslServerSocket = (SSLServerSocket) factory.createServerSocket(sslPort); enableCipherSuites(sslServerSocket); log.info("Enabled cipher suites (implicit SSL): " + StringUtils.arrayToCommaDelimitedString(sslServerSocket.getEnabledCipherSuites())); return sslServerSocket; }
From source file:com.adito.server.jetty.CustomJsseListener.java
protected ServerSocket newServerSocket(InetAddrPort p_address, int p_acceptQueueSize) throws IOException { SSLServerSocket serverSocket = (SSLServerSocket) super.newServerSocket(p_address, p_acceptQueueSize); if (serverSocket.getNeedClientAuth()) { serverSocket.setNeedClientAuth(require); setNeedClientAuth(require);/*from www. j av a 2 s . c o m*/ if (!require) serverSocket.setWantClientAuth(true); } String[] ciphers = serverSocket.getSupportedCipherSuites(); String[] protocols = serverSocket.getSupportedProtocols(); if (log.isInfoEnabled()) { log.info("The following protocols are supported:"); for (int i = 0; i < protocols.length; i++) { log.info(" " + protocols[i]); } } if (createAvailableCipherSuitesList) { File f = new File(ContextHolder.getContext().getTempDirectory(), "availableCipherSuites.txt"); BufferedWriter writer = null; try { writer = new BufferedWriter(new OutputStreamWriter(new FileOutputStream(f))); if (log.isInfoEnabled()) log.info("The following cipher suites are supported:"); for (int i = 0; i < ciphers.length; i++) { if (log.isInfoEnabled()) log.info(" " + ciphers[i]); writer.write(ciphers[i]); writer.newLine(); } } catch (Throwable e) { log.error("Could not create cipher list!", e); configureContext = false; } finally { if (writer != null) writer.close(); } createAvailableCipherSuitesList = false; } if (configureContext) { PropertyList list = ContextHolder.getContext().getConfig() .retrievePropertyList(new ContextKey("ssl.supportedProtocols")); if (!list.isEmpty()) { serverSocket.setEnabledProtocols(list.asArray()); } list = ContextHolder.getContext().getConfig() .retrievePropertyList(new ContextKey("ssl.supportedCiphers")); if (!list.isEmpty()) { serverSocket.setEnabledCipherSuites(list.asArray()); } } protocols = serverSocket.getEnabledProtocols(); if (log.isInfoEnabled()) { log.info("The following protocols are enabled:"); for (int i = 0; i < protocols.length; i++) { log.info(" " + protocols[i]); } } ciphers = serverSocket.getEnabledCipherSuites(); if (log.isInfoEnabled()) { log.info("The following cipher suites are enabled:"); for (int i = 0; i < ciphers.length; i++) { log.info(" " + ciphers[i]); } } return serverSocket; }
From source file:org.apache.hadoop.security.Krb5AndCertsSslSocketConnector.java
@Override protected ServerSocket newServerSocket(String host, int port, int backlog) throws IOException { logIfDebug("Creating new KrbServerSocket for: " + host); SSLServerSocket ss = null; if (useCerts) // Get the server socket from the SSL super impl ss = (SSLServerSocket) super.newServerSocket(host, port, backlog); else { // Create a default server socket try {/*from w w w.ja v a 2s .com*/ ss = (SSLServerSocket) (host == null ? createFactory().createServerSocket(port, backlog) : createFactory().createServerSocket(port, backlog, InetAddress.getByName(host))); } catch (Exception e) { LOG.warn("Could not create KRB5 Listener", e); throw new IOException("Could not create KRB5 Listener: " + e.toString()); } } // Add Kerberos ciphers to this socket server if needed. if (useKrb) { ss.setNeedClientAuth(true); String[] combined; if (useCerts) { // combine the cipher suites String[] certs = ss.getEnabledCipherSuites(); combined = new String[certs.length + KRB5_CIPHER_SUITES.size()]; System.arraycopy(certs, 0, combined, 0, certs.length); System.arraycopy(KRB5_CIPHER_SUITES.toArray(new String[0]), 0, combined, certs.length, KRB5_CIPHER_SUITES.size()); } else { // Just enable Kerberos auth combined = KRB5_CIPHER_SUITES.toArray(new String[0]); } ss.setEnabledCipherSuites(combined); } return ss; }
From source file:org.glite.security.trustmanager.tomcat.TMSSLServerSocketFactory.java
/** * Configures the given SSL server socket with the requested cipher suites, protocol versions, and need for client * authentication./*from www .ja v a2s . c o m*/ * * @param ssocket the server socket to initialize. */ private void initServerSocket(ServerSocket ssocket) { LOGGER.debug("TMSSLServerSocketFactory.initServerSocket:"); SSLServerSocket socket = (SSLServerSocket) ssocket; if (attributes.get("ciphers") != null) { socket.setEnabledCipherSuites(enabledCiphers); } else { String[] ciphers; ArrayList<String> newCiphers; int i; // disable RC4 ciphers (Java x Globus problems) ciphers = socket.getEnabledCipherSuites(); newCiphers = new ArrayList<String>(ciphers.length); for (i = 0; i < ciphers.length; i++) { if (ciphers[i].indexOf("RC4") == -1 && ciphers[i].indexOf("ECDH") == -1) { LOGGER.debug("Enabling cipher: " + ciphers[i]); newCiphers.add(ciphers[i]); } else { LOGGER.debug("Disabling cipher: " + ciphers[i]); } } socket.setEnabledCipherSuites(newCiphers.toArray(new String[] {})); } String requestedProtocols = (String) attributes.get("protocols"); setEnabledProtocols(socket, getEnabledProtocols(socket, requestedProtocols)); // we don't know if client auth is needed - // after parsing the request we may re-handshake configureClientAuth(socket); }