List of usage examples for io.netty.handler.ssl OpenSsl isCipherSuiteAvailable
public static boolean isCipherSuiteAvailable(String cipherSuite)
From source file:ch.uninbf.mcs.tomcatopenssl.net.ssl.open.OpenSslEngine.java
License:Apache License
@Override public void setEnabledCipherSuites(String[] cipherSuites) { // List<String> lists = new ArrayList<>(); // lists.addAll(Arrays.asList(cipherSuites)); // String convertedCiphers = CipherSuiteConverter.toOpenSsl(lists); // logger.error(convertedCiphers); if (cipherSuites == null) { throw new NullPointerException("cipherSuites"); }/*w w w .j ava2s .c o m*/ final StringBuilder buf = new StringBuilder(); for (String c : cipherSuites) { if (c == null) { break; } String converted = CipherSuiteConverter.toOpenSsl(c); if (converted == null) { converted = c; } if (!OpenSsl.isCipherSuiteAvailable(converted)) { logger.debug("unsupported cipher suite: " + c + '(' + converted + ')'); } buf.append(converted); buf.append(':'); } if (buf.length() == 0) { throw new IllegalArgumentException("empty cipher suites"); } buf.setLength(buf.length() - 1); final String cipherSuiteSpec = buf.toString(); try { SSL.setCipherSuites(ssl, cipherSuiteSpec); } catch (Exception e) { throw new IllegalStateException("failed to enable cipher suites: " + cipherSuiteSpec, e); } }
From source file:com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore.java
License:Apache License
private void initEnabledSSLCiphers() { List<String> secureSSLCiphers = SSLConfigConstants.getSecureSSLCiphers(settings, true); if (OpenSsl.isAvailable()) { final Set<String> openSSLSecureCiphers = new HashSet<>(); for (final String secure : secureSSLCiphers) { if (OpenSsl.isCipherSuiteAvailable(secure)) { openSSLSecureCiphers.add(secure); }//from w w w . j a va 2 s. c o m } enabledHttpCiphersOpenSSLProvider = Collections .unmodifiableList(new ArrayList<String>(openSSLSecureCiphers)); } else { enabledHttpCiphersOpenSSLProvider = Collections.emptyList(); } SSLEngine engine = null; try { final SSLContext serverContext = SSLContext.getInstance("TLS"); serverContext.init(null, null, null); engine = serverContext.createSSLEngine(); final List<String> jdkSupportedCiphers = new ArrayList<>( Arrays.asList(engine.getSupportedCipherSuites())); log.info("JVM supports the following {} ciphers for https {}", jdkSupportedCiphers.size(), jdkSupportedCiphers); jdkSupportedCiphers.retainAll(secureSSLCiphers); engine.setEnabledCipherSuites(jdkSupportedCiphers.toArray(new String[0])); enabledHttpCiphersJDKProvider = Collections .unmodifiableList(Arrays.asList(engine.getEnabledCipherSuites())); } catch (final Throwable e) { log.error("Unable to determine supported ciphers due to " + ExceptionsHelper.stackTrace(e)); enabledHttpCiphersJDKProvider = secureSSLCiphers; } finally { if (engine != null) { try { engine.closeInbound(); } catch (SSLException e) { // TODO Auto-generated catch block e.printStackTrace(); } engine.closeOutbound(); } } secureSSLCiphers = SSLConfigConstants.getSecureSSLCiphers(settings, false); if (OpenSsl.isAvailable()) { final Set<String> openSSLSecureCiphers = new HashSet<>(); for (final String secure : secureSSLCiphers) { if (OpenSsl.isCipherSuiteAvailable(secure)) { openSSLSecureCiphers.add(secure); } } enabledTransportCiphersOpenSSLProvider = Collections .unmodifiableList(new ArrayList<String>(openSSLSecureCiphers)); } else { enabledTransportCiphersOpenSSLProvider = Collections.emptyList(); } try { final SSLContext serverContext = SSLContext.getInstance("TLS"); serverContext.init(null, null, null); engine = serverContext.createSSLEngine(); final List<String> jdkSupportedCiphers = new ArrayList<>( Arrays.asList(engine.getSupportedCipherSuites())); log.info("JVM supports the following {} ciphers for transport {}", jdkSupportedCiphers.size(), jdkSupportedCiphers); jdkSupportedCiphers.retainAll(secureSSLCiphers); engine.setEnabledCipherSuites(jdkSupportedCiphers.toArray(new String[0])); enabledTransportCiphersJDKProvider = Collections .unmodifiableList(Arrays.asList(engine.getEnabledCipherSuites())); } catch (final Throwable e) { log.error("Unable to determine supported ciphers due to " + ExceptionsHelper.stackTrace(e)); enabledTransportCiphersJDKProvider = secureSSLCiphers; } finally { if (engine != null) { try { engine.closeInbound(); } catch (SSLException e) { // TODO Auto-generated catch block e.printStackTrace(); } engine.closeOutbound(); } } }
From source file:com.floragunn.searchguard.ssl.OpenSSLTest.java
License:Apache License
@Test public void testAvailCiphersOpenSSL() throws Exception { Assume.assumeTrue(OpenSsl.isAvailable()); // Set<String> openSSLAvailCiphers = new // HashSet<>(OpenSsl.availableCipherSuites()); // System.out.println("OpenSSL available ciphers: "+openSSLAvailCiphers); // ECDHE-RSA-AES256-SHA, ECDH-ECDSA-AES256-SHA, DH-DSS-DES-CBC-SHA, // ADH-AES256-SHA256, ADH-CAMELLIA128-SHA final Set<String> openSSLSecureCiphers = new HashSet<>(); for (final String secure : SSLConfigConstants.getSecureSSLCiphers(Settings.EMPTY, false)) { if (OpenSsl.isCipherSuiteAvailable(secure)) { openSSLSecureCiphers.add(secure); }//from w w w . jav a2 s .c o m } System.out.println("OpenSSL secure ciphers: " + openSSLSecureCiphers); Assert.assertTrue(openSSLSecureCiphers.size() > 0); }
From source file:com.floragunn.searchguard.ssl.SearchGuardKeyStore.java
License:Apache License
private void initEnabledSSLCiphers() { List<String> secureSSLCiphers = SSLConfigConstants.getSecureSSLCiphers(settings, true); if (OpenSsl.isAvailable()) { final Set<String> openSSLSecureCiphers = new HashSet<>(); for (final String secure : secureSSLCiphers) { if (OpenSsl.isCipherSuiteAvailable(secure)) { openSSLSecureCiphers.add(secure); }/* w w w .j a v a 2 s .co m*/ } enabledHttpCiphersOpenSSLProvider = Collections .unmodifiableList(new ArrayList<String>(openSSLSecureCiphers)); } else { enabledHttpCiphersOpenSSLProvider = Collections.emptyList(); } SSLEngine engine = null; try { final SSLContext serverContext = SSLContext.getInstance("TLS"); serverContext.init(null, null, null); engine = serverContext.createSSLEngine(); final List<String> jdkSupportedCiphers = new ArrayList<>( Arrays.asList(engine.getSupportedCipherSuites())); jdkSupportedCiphers.retainAll(secureSSLCiphers); engine.setEnabledCipherSuites(jdkSupportedCiphers.toArray(new String[0])); enabledHttpCiphersJDKProvider = Collections .unmodifiableList(Arrays.asList(engine.getEnabledCipherSuites())); } catch (final Exception e) { enabledHttpCiphersJDKProvider = Collections.emptyList(); } finally { if (engine != null) { try { engine.closeInbound(); } catch (SSLException e) { // TODO Auto-generated catch block e.printStackTrace(); } engine.closeOutbound(); } } secureSSLCiphers = SSLConfigConstants.getSecureSSLCiphers(settings, false); if (OpenSsl.isAvailable()) { final Set<String> openSSLSecureCiphers = new HashSet<>(); for (final String secure : secureSSLCiphers) { if (OpenSsl.isCipherSuiteAvailable(secure)) { openSSLSecureCiphers.add(secure); } } enabledTransportCiphersOpenSSLProvider = Collections .unmodifiableList(new ArrayList<String>(openSSLSecureCiphers)); } else { enabledTransportCiphersOpenSSLProvider = Collections.emptyList(); } try { final SSLContext serverContext = SSLContext.getInstance("TLS"); serverContext.init(null, null, null); engine = serverContext.createSSLEngine(); final List<String> jdkSupportedCiphers = new ArrayList<>( Arrays.asList(engine.getSupportedCipherSuites())); jdkSupportedCiphers.retainAll(secureSSLCiphers); engine.setEnabledCipherSuites(jdkSupportedCiphers.toArray(new String[0])); enabledTransportCiphersJDKProvider = Collections .unmodifiableList(Arrays.asList(engine.getEnabledCipherSuites())); } catch (final Exception e) { enabledTransportCiphersJDKProvider = Collections.emptyList(); } finally { if (engine != null) { try { engine.closeInbound(); } catch (SSLException e) { // TODO Auto-generated catch block e.printStackTrace(); } engine.closeOutbound(); } } }