List of usage examples for javax.net.ssl SSLSocket getSupportedCipherSuites
public abstract String[] getSupportedCipherSuites();
From source file:com.digitalpebble.storm.crawler.protocol.http.HttpResponse.java
/** * Default public constructor.//from w w w.j a va2 s . c o m * * @param http * @param url * @param knownMetadata * @throws IOException * @throws HttpException */ public HttpResponse(HttpProtocol http, URL url, Metadata knownMetadata) throws IOException, HttpException { this.http = http; this.url = url; Scheme scheme = null; if ("http".equals(url.getProtocol())) { scheme = Scheme.HTTP; } else if ("https".equals(url.getProtocol())) { scheme = Scheme.HTTPS; } else { throw new IOException("Unknown scheme (not http/https) for url:" + url); } String path = "".equals(url.getFile()) ? "/" : url.getFile(); // some servers will redirect a request with a host line like // "Host: <hostname>:80" to "http://<hpstname>/<orig_path>"- they // don't want the :80... String host = url.getHost(); int port; String portString; if (url.getPort() == -1) { if (scheme == Scheme.HTTP) { port = 80; } else { port = 443; } portString = ""; } else { port = url.getPort(); portString = ":" + port; } Socket socket = null; try { socket = new Socket(); // create the socket socket.setSoTimeout(http.getTimeout()); // connect String sockHost = http.useProxy() ? http.getProxyHost() : host; int sockPort = http.useProxy() ? http.getProxyPort() : port; InetSocketAddress sockAddr = new InetSocketAddress(sockHost, sockPort); socket.connect(sockAddr, http.getTimeout()); if (scheme == Scheme.HTTPS) { SSLSocketFactory factory = (SSLSocketFactory) SSLSocketFactory.getDefault(); SSLSocket sslsocket = (SSLSocket) factory.createSocket(socket, sockHost, sockPort, true); sslsocket.setUseClientMode(true); // Get the protocols and ciphers supported by this JVM Set<String> protocols = new HashSet<String>(Arrays.asList(sslsocket.getSupportedProtocols())); Set<String> ciphers = new HashSet<String>(Arrays.asList(sslsocket.getSupportedCipherSuites())); // Intersect with preferred protocols and ciphers protocols.retainAll(http.getTlsPreferredProtocols()); ciphers.retainAll(http.getTlsPreferredCipherSuites()); sslsocket.setEnabledProtocols(protocols.toArray(new String[protocols.size()])); sslsocket.setEnabledCipherSuites(ciphers.toArray(new String[ciphers.size()])); sslsocket.startHandshake(); socket = sslsocket; } this.conf = http.getConf(); if (ConfUtils.getBoolean(conf, "store.ip.address", false) == true) { headers.setValue("_ip_", sockAddr.getAddress().getHostAddress()); } // make request OutputStream req = socket.getOutputStream(); StringBuffer reqStr = new StringBuffer("GET "); if (http.useProxy()) { reqStr.append(url.getProtocol() + "://" + host + portString + path); } else { reqStr.append(path); } reqStr.append(" HTTP/1.0\r\n"); reqStr.append("Host: "); reqStr.append(host); reqStr.append(portString); reqStr.append("\r\n"); reqStr.append("Accept-Encoding: x-gzip, gzip, deflate\r\n"); String userAgent = http.getUserAgent(); if ((userAgent == null) || (userAgent.length() == 0)) { if (HttpProtocol.LOGGER.isErrorEnabled()) { HttpProtocol.LOGGER.error("User-agent is not set!"); } } else { reqStr.append("User-Agent: "); reqStr.append(userAgent); reqStr.append("\r\n"); } reqStr.append("Accept-Language: "); reqStr.append(this.http.getAcceptLanguage()); reqStr.append("\r\n"); reqStr.append("Accept: "); reqStr.append(this.http.getAccept()); reqStr.append("\r\n"); if (knownMetadata != null) { String ifModifiedSince = knownMetadata.getFirstValue("cachedLastModified"); if (StringUtils.isNotBlank(ifModifiedSince)) { reqStr.append("If-Modified-Since: "); reqStr.append(ifModifiedSince); reqStr.append("\r\n"); } String ifNoneMatch = knownMetadata.getFirstValue("cachedEtag"); if (StringUtils.isNotBlank(ifNoneMatch)) { reqStr.append("If-None-Match: "); reqStr.append(ifNoneMatch); reqStr.append("\r\n"); } } reqStr.append("\r\n"); // @see http://www.w3.org/Protocols/rfc2068/rfc2068.txt for default // charset // TODO use UTF-8 and set a charset value explicitely byte[] reqBytes = reqStr.toString().getBytes(StandardCharsets.ISO_8859_1); req.write(reqBytes); req.flush(); PushbackInputStream in = // process response new PushbackInputStream( new BufferedInputStream(socket.getInputStream(), HttpProtocol.BUFFER_SIZE), HttpProtocol.BUFFER_SIZE); StringBuffer line = new StringBuffer(); boolean haveSeenNonContinueStatus = false; while (!haveSeenNonContinueStatus) { // parse status code line this.code = parseStatusLine(in, line); // parse headers parseHeaders(in, line); haveSeenNonContinueStatus = code != 100; // 100 is // "Continue" } String transferEncoding = getHeader(HttpHeaders.TRANSFER_ENCODING); if (transferEncoding != null && "chunked".equalsIgnoreCase(transferEncoding.trim())) { readChunkedContent(in, line); } else { readPlainContent(in); } String contentEncoding = getHeader(HttpHeaders.CONTENT_ENCODING); if ("gzip".equals(contentEncoding) || "x-gzip".equals(contentEncoding)) { content = http.processGzipEncoded(content, url); } else if ("deflate".equals(contentEncoding)) { content = http.processDeflateEncoded(content, url); } else { HttpProtocol.LOGGER.trace("fetched {} bytes from {}", content.length, url); } } finally { if (socket != null) socket.close(); } }
From source file:at.bitfire.davdroid.mirakel.webdav.TlsSniSocketFactory.java
@SuppressLint("DefaultLocale") private void setReasonableEncryption(SSLSocket ssl) { // set reasonable SSL/TLS settings before the handshake // Android 5.0+ (API level21) provides reasonable default settings // but it still allows SSLv3 // https://developer.android.com/about/versions/android-5.0-changes.html#ssl // - enable all supported protocols (enables TLSv1.1 and TLSv1.2 on Android <5.0, if available) // - remove all SSL versions (especially SSLv3) because they're insecure now List<String> protocols = new LinkedList<String>(); for (String protocol : ssl.getSupportedProtocols()) if (!protocol.toUpperCase().contains("SSL")) protocols.add(protocol);//from w w w . ja v a2 s . c om Log.v(TAG, "Setting allowed TLS protocols: " + StringUtils.join(protocols, ", ")); ssl.setEnabledProtocols(protocols.toArray(new String[0])); if (android.os.Build.VERSION.SDK_INT < 21) { // choose secure cipher suites List<String> allowedCiphers = Arrays.asList(// TLS 1.2 "TLS_RSA_WITH_AES_256_GCM_SHA384", "TLS_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "TLS_ECHDE_RSA_WITH_AES_128_GCM_SHA256", // maximum interoperability "TLS_RSA_WITH_3DES_EDE_CBC_SHA", "TLS_RSA_WITH_AES_128_CBC_SHA", // additionally "TLS_RSA_WITH_AES_256_CBC_SHA", "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"); List<String> availableCiphers = Arrays.asList(ssl.getSupportedCipherSuites()); // preferred ciphers = allowed Ciphers \ availableCiphers HashSet<String> preferredCiphers = new HashSet<String>(allowedCiphers); preferredCiphers.retainAll(availableCiphers); // add preferred ciphers to enabled ciphers // for maximum security, preferred ciphers should *replace* enabled ciphers, // but I guess for the security level of DAVdroid, disabling of insecure // ciphers should be a server-side task HashSet<String> enabledCiphers = preferredCiphers; enabledCiphers.addAll(new HashSet<String>(Arrays.asList(ssl.getEnabledCipherSuites()))); Log.v(TAG, "Setting allowed TLS ciphers: " + StringUtils.join(enabledCiphers, ", ")); ssl.setEnabledCipherSuites(enabledCiphers.toArray(new String[0])); } }
From source file:org.apache.cassandra.security.SSLFactory.java
/** Create a socket and connect */ public static SSLSocket getSocket(EncryptionOptions options, InetAddress address, int port, InetAddress localAddress, int localPort) throws IOException { SSLContext ctx = createSSLContext(options, true); SSLSocket socket = (SSLSocket) ctx.getSocketFactory().createSocket(address, port, localAddress, localPort); String[] suits = filterCipherSuites(socket.getSupportedCipherSuites(), options.cipher_suites); socket.setEnabledCipherSuites(suits); socket.setEnabledProtocols(ACCEPTED_PROTOCOLS); return socket; }
From source file:org.apache.cassandra.security.SSLFactory.java
/** Create a socket and connect, using any local address */ public static SSLSocket getSocket(EncryptionOptions options, InetAddress address, int port) throws IOException { SSLContext ctx = createSSLContext(options, true); SSLSocket socket = (SSLSocket) ctx.getSocketFactory().createSocket(address, port); String[] suits = filterCipherSuites(socket.getSupportedCipherSuites(), options.cipher_suites); socket.setEnabledCipherSuites(suits); socket.setEnabledProtocols(ACCEPTED_PROTOCOLS); return socket; }
From source file:org.apache.cassandra.security.SSLFactory.java
/** Just create a socket */ public static SSLSocket getSocket(EncryptionOptions options) throws IOException { SSLContext ctx = createSSLContext(options, true); SSLSocket socket = (SSLSocket) ctx.getSocketFactory().createSocket(); String[] suits = filterCipherSuites(socket.getSupportedCipherSuites(), options.cipher_suites); socket.setEnabledCipherSuites(suits); socket.setEnabledProtocols(ACCEPTED_PROTOCOLS); return socket; }
From source file:org.apache.ftpserver.ssl.Ssl.java
/** * Returns a socket layered over an existing socket. *//*from ww w . ja va2s.co m*/ public Socket createSocket(String protocol, Socket soc, boolean clientMode) throws Exception { // already wrapped - no need to do anything if (soc instanceof SSLSocket) { return soc; } // get socket factory SSLContext ctx = getSSLContext(protocol); SSLSocketFactory socFactory = ctx.getSocketFactory(); // create socket String host = soc.getInetAddress().getHostAddress(); int port = soc.getLocalPort(); SSLSocket ssoc = (SSLSocket) socFactory.createSocket(soc, host, port, true); ssoc.setUseClientMode(clientMode); // initialize socket String cipherSuites[] = ssoc.getSupportedCipherSuites(); ssoc.setEnabledCipherSuites(cipherSuites); ssoc.setNeedClientAuth(m_clientAuthReqd); return ssoc; }
From source file:org.apache.ftpserver.ssl.Ssl.java
/** * Create a secure socket.// www . ja v a 2s .com */ public Socket createSocket(String protocol, InetAddress addr, int port, boolean clientMode) throws Exception { // get socket factory SSLContext ctx = getSSLContext(protocol); SSLSocketFactory socFactory = ctx.getSocketFactory(); // create socket SSLSocket ssoc = (SSLSocket) socFactory.createSocket(addr, port); ssoc.setUseClientMode(clientMode); // initialize socket String cipherSuites[] = ssoc.getSupportedCipherSuites(); ssoc.setEnabledCipherSuites(cipherSuites); return ssoc; }
From source file:org.apache.nutch.protocol.http.HttpResponse.java
/** * Default public constructor./* w w w. j a va 2s. c om*/ * * @param http * @param url * @param datum * @throws ProtocolException * @throws IOException */ public HttpResponse(HttpBase http, URL url, CrawlDatum datum) throws ProtocolException, IOException { this.http = http; this.url = url; this.orig = url.toString(); this.base = url.toString(); Scheme scheme = null; if ("http".equals(url.getProtocol())) { scheme = Scheme.HTTP; } else if ("https".equals(url.getProtocol())) { scheme = Scheme.HTTPS; } else { throw new HttpException("Unknown scheme (not http/https) for url:" + url); } if (Http.LOG.isTraceEnabled()) { Http.LOG.trace("fetching " + url); } String path = "".equals(url.getFile()) ? "/" : url.getFile(); // some servers will redirect a request with a host line like // "Host: <hostname>:80" to "http://<hpstname>/<orig_path>"- they // don't want the :80... LOG.info("Fetching " + url.toString()); String host = url.getHost(); int port; String portString; if (url.getPort() == -1) { if (scheme == Scheme.HTTP) { port = 80; } else { port = 443; } portString = ""; } else { port = url.getPort(); portString = ":" + port; } Socket socket = null; try { socket = new Socket(); // create the socket socket.setSoTimeout(http.getTimeout()); // connect String sockHost = http.useProxy(url) ? http.getProxyHost() : host; int sockPort = http.useProxy(url) ? http.getProxyPort() : port; InetSocketAddress sockAddr = new InetSocketAddress(sockHost, sockPort); socket.connect(sockAddr, http.getTimeout()); if (scheme == Scheme.HTTPS) { SSLSocketFactory factory = (SSLSocketFactory) SSLSocketFactory.getDefault(); SSLSocket sslsocket = (SSLSocket) factory.createSocket(socket, sockHost, sockPort, true); sslsocket.setUseClientMode(true); // Get the protocols and ciphers supported by this JVM Set<String> protocols = new HashSet<String>(Arrays.asList(sslsocket.getSupportedProtocols())); Set<String> ciphers = new HashSet<String>(Arrays.asList(sslsocket.getSupportedCipherSuites())); // Intersect with preferred protocols and ciphers protocols.retainAll(http.getTlsPreferredProtocols()); ciphers.retainAll(http.getTlsPreferredCipherSuites()); sslsocket.setEnabledProtocols(protocols.toArray(new String[protocols.size()])); sslsocket.setEnabledCipherSuites(ciphers.toArray(new String[ciphers.size()])); sslsocket.startHandshake(); socket = sslsocket; } this.conf = http.getConf(); if (sockAddr != null && conf.getBoolean("store.ip.address", false) == true) { headers.add("_ip_", sockAddr.getAddress().getHostAddress()); } // make request OutputStream req = socket.getOutputStream(); StringBuffer reqStr = new StringBuffer("GET "); if (http.useProxy(url)) { reqStr.append(url.getProtocol() + "://" + host + portString + path); } else { reqStr.append(path); } reqStr.append(" HTTP/1.0\r\n"); reqStr.append("Host: "); reqStr.append(host); reqStr.append(portString); reqStr.append("\r\n"); reqStr.append("Accept-Encoding: x-gzip, gzip, deflate\r\n"); String userAgent = http.getUserAgent(); if ((userAgent == null) || (userAgent.length() == 0)) { if (Http.LOG.isErrorEnabled()) { Http.LOG.error("User-agent is not set!"); } } else { reqStr.append("User-Agent: "); reqStr.append(userAgent); reqStr.append("\r\n"); } reqStr.append("Accept-Language: "); reqStr.append(this.http.getAcceptLanguage()); reqStr.append("\r\n"); reqStr.append("Accept: "); reqStr.append(this.http.getAccept()); reqStr.append("\r\n"); if (http.isIfModifiedSinceEnabled() && datum.getModifiedTime() > 0) { reqStr.append("If-Modified-Since: " + HttpDateFormat.toString(datum.getModifiedTime())); reqStr.append("\r\n"); } reqStr.append("\r\n"); // store the request in the metadata? if (conf.getBoolean("store.http.request", false) == true) { headers.add("_request_", reqStr.toString()); } byte[] reqBytes = reqStr.toString().getBytes(); req.write(reqBytes); req.flush(); LOG.info("Processing response.."); PushbackInputStream in = // process response new PushbackInputStream(new BufferedInputStream(socket.getInputStream(), Http.BUFFER_SIZE), Http.BUFFER_SIZE); StringBuffer line = new StringBuffer(); // store the http headers verbatim if (conf.getBoolean("store.http.headers", false) == true) { httpHeaders = new StringBuffer(); } headers.add("nutch.fetch.time", Long.toString(System.currentTimeMillis())); boolean haveSeenNonContinueStatus = false; while (!haveSeenNonContinueStatus) { // parse status code line this.code = parseStatusLine(in, line); if (httpHeaders != null) httpHeaders.append(line).append("\n"); // parse headers parseHeaders(in, line, httpHeaders); haveSeenNonContinueStatus = code != 100; // 100 is "Continue" } if (httpHeaders != null) { headers.add("_response.headers_", httpHeaders.toString()); } String transferEncoding = getHeader(Response.TRANSFER_ENCODING); LOG.info("Transfer Encoding for " + url + ":" + transferEncoding); if (transferEncoding != null && "chunked".equalsIgnoreCase(transferEncoding.trim())) { readChunkedContent(in, line); } else { readPlainContent(in); } String contentEncoding = getHeader(Response.CONTENT_ENCODING); if ("gzip".equals(contentEncoding) || "x-gzip".equals(contentEncoding)) { content = http.processGzipEncoded(content, url); } else if ("deflate".equals(contentEncoding)) { content = http.processDeflateEncoded(content, url); } else { if (Http.LOG.isTraceEnabled()) { Http.LOG.trace("fetched " + content.length + " bytes from " + url); } } LOG.info("Checking URL:" + url.toString()); //check if url contains google drive string if (url.toString().toLowerCase().contains("https://drive.google.com/")) { //split into two string separated by '=' to get the article id LOG.info("Google Drive URL Detected!"); String[] parts = url.toString().split("="); url = new URL("http://drive.google.com/uc?export=download&id=" + parts[1]); LOG.info("New URL:" + url.toString()); this.http = http; this.url = url; this.orig = url.toString(); this.base = url.toString(); HttpClient client = new HttpClient(); GetMethod method = new GetMethod(url.toString()); int statusCode = client.executeMethod(method); content = method.getResponseBody(); LOG.info("File Size on Drive: " + content.length); // return; } LOG.info("Fetch Bytes: " + content.length + " bytes from " + url); } finally { if (socket != null) socket.close(); } }
From source file:org.apache.nutch.protocol.s2jh.HttpResponse.java
public HttpResponse(HttpBase http, URL url, WebPage page) throws ProtocolException, IOException { conf = http.getConf();//from w w w . j a v a 2s. c om this.http = http; this.url = url; Scheme scheme = null; if ("http".equals(url.getProtocol())) { scheme = Scheme.HTTP; } else if ("https".equals(url.getProtocol())) { scheme = Scheme.HTTPS; } else { throw new HttpException("Unknown scheme (not http/https) for url:" + url); } if (Http.LOG.isTraceEnabled()) { Http.LOG.trace("fetching " + url); } String path = "".equals(url.getFile()) ? "/" : url.getFile(); // some servers will redirect a request with a host line like // "Host: <hostname>:80" to "http://<hpstname>/<orig_path>"- they // don't want the :80... String host = url.getHost(); int port; String portString; if (url.getPort() == -1) { if (scheme == Scheme.HTTP) { port = 80; } else { port = 443; } portString = ""; } else { port = url.getPort(); portString = ":" + port; } Socket socket = null; try { socket = new Socket(); // create the socket socket.setSoTimeout(http.getTimeout()); // connect String sockHost = http.useProxy() ? http.getProxyHost() : host; int sockPort = http.useProxy() ? http.getProxyPort() : port; InetSocketAddress sockAddr = new InetSocketAddress(sockHost, sockPort); socket.connect(sockAddr, http.getTimeout()); if (scheme == Scheme.HTTPS) { SSLSocketFactory factory = (SSLSocketFactory) SSLSocketFactory.getDefault(); SSLSocket sslsocket = (SSLSocket) factory.createSocket(socket, sockHost, sockPort, true); sslsocket.setUseClientMode(true); // Get the protocols and ciphers supported by this JVM Set<String> protocols = new HashSet<String>(Arrays.asList(sslsocket.getSupportedProtocols())); Set<String> ciphers = new HashSet<String>(Arrays.asList(sslsocket.getSupportedCipherSuites())); // Intersect with preferred protocols and ciphers protocols.retainAll(http.getTlsPreferredProtocols()); ciphers.retainAll(http.getTlsPreferredCipherSuites()); sslsocket.setEnabledProtocols(protocols.toArray(new String[protocols.size()])); sslsocket.setEnabledCipherSuites(ciphers.toArray(new String[ciphers.size()])); sslsocket.startHandshake(); socket = sslsocket; } if (sockAddr != null && conf.getBoolean("store.ip.address", false) == true) { String ipString = sockAddr.getAddress().getHostAddress(); // get the ip // address page.getMetadata().put(new Utf8("_ip_"), ByteBuffer.wrap(ipString.getBytes())); } Http.LOG.debug("HTTP fetching: " + url); // make request OutputStream req = socket.getOutputStream(); StringBuffer reqStr = new StringBuffer("GET "); if (http.useProxy()) { reqStr.append(url.getProtocol() + "://" + host + portString + path); } else { reqStr.append(path); } reqStr.append(" HTTP/1.0\r\n"); reqStr.append("Host: "); reqStr.append(host); reqStr.append(portString); reqStr.append("\r\n"); reqStr.append("Accept-Encoding: x-gzip, gzip\r\n"); reqStr.append("Accept: "); reqStr.append(this.http.getAccept()); reqStr.append("\r\n"); String userAgent = http.getUserAgent(); if ((userAgent == null) || (userAgent.length() == 0)) { if (Http.LOG.isErrorEnabled()) { Http.LOG.error("User-agent is not set!"); } } else { reqStr.append("User-Agent: "); reqStr.append(userAgent); reqStr.append("\r\n"); } // if (page.isReadable(WebPage.Field.MODIFIED_TIME.getIndex())) { reqStr.append("If-Modified-Since: " + HttpDateFormat.toString(page.getModifiedTime())); reqStr.append("\r\n"); // } reqStr.append("\r\n"); byte[] reqBytes = reqStr.toString().getBytes(); req.write(reqBytes); req.flush(); PushbackInputStream in = // process response new PushbackInputStream(new BufferedInputStream(socket.getInputStream(), Http.BUFFER_SIZE), Http.BUFFER_SIZE); StringBuffer line = new StringBuffer(); boolean haveSeenNonContinueStatus = false; while (!haveSeenNonContinueStatus) { // parse status code line this.code = parseStatusLine(in, line); // parse headers parseHeaders(in, line); haveSeenNonContinueStatus = code != 100; // 100 is "Continue" } if (!url.toString().endsWith("robots.txt")) { if (readPlainContent(url.toString(), in)) { } else if (readPlainContentByHtmlunit(url)) { } else { readPlainContentByWebDriver(url); } } if (content != null && content.length > 0) { String html = charset == null ? new String(content) : new String(content, charset); //System.out.println("URL: " + url + ", CharsetName: " + charset + " , Page HTML=\n" + html); Http.LOG_HTML.trace("URL: " + url + ", CharsetName: " + charset + " , Page HTML=\n" + html); } // add headers in metadata to row if (page.getHeaders() != null) { page.getHeaders().clear(); } for (String key : headers.names()) { page.getHeaders().put(new Utf8(key), new Utf8(headers.get(key))); } } catch (Exception e) { Http.LOG.error(e.getMessage(), e); } finally { if (socket != null) socket.close(); } }
From source file:org.beepcore.beep.profile.tls.jsse.TLSProfileJSSE.java
public void receiveMSG(MessageMSG msg) { Channel channel = msg.getChannel(); InputDataStreamAdapter is = msg.getDataStream().getInputStream(); BufferedReader reader = new BufferedReader(new InputStreamReader(is)); String data;//from w w w . ja v a 2 s.c o m try { try { data = reader.readLine(); } catch (IOException e) { msg.sendERR(BEEPError.CODE_PARAMETER_ERROR, "Error reading data"); return; } if (data.equals(READY1) == false && data.equals(READY2) == false) { msg.sendERR(BEEPError.CODE_PARAMETER_INVALID, "Expected READY element"); } this.begin(channel); msg.sendRPY(new StringOutputDataStream(PROCEED2)); } catch (BEEPException e1) { channel.getSession().terminate("unable to send ERR"); return; } try { Socket oldSocket = ((TCPSession) channel.getSession()).getSocket(); /** @TODO add support for serverName */ SSLSocket newSocket = (SSLSocket) socketFactory.createSocket(oldSocket, oldSocket.getInetAddress().getHostName(), oldSocket.getPort(), true); BeepListenerHCL l = new BeepListenerHCL(channel); newSocket.addHandshakeCompletedListener(l); newSocket.setUseClientMode(false); newSocket.setNeedClientAuth(needClientAuth); newSocket.setEnabledCipherSuites(newSocket.getSupportedCipherSuites()); if (sslProtocols != null) { newSocket.setEnabledProtocols(sslProtocols); } newSocket.startHandshake(); } catch (IOException e) { channel.getSession().terminate("TLS error: " + e.getMessage()); return; } }