List of usage examples for javax.net.ssl SSLEngine getSupportedCipherSuites
public abstract String[] getSupportedCipherSuites();
From source file:com.chiorichan.http.ssl.SniNegotiator.java
@Override protected void decode(ChannelHandlerContext ctx, ByteBuf in, List<Object> out) throws Exception { if (!handshaken && in.readableBytes() >= 5) { String hostname = sniHostNameFromHandshakeInfo(in); if (hostname != null) hostname = IDN.toASCII(hostname, IDN.ALLOW_UNASSIGNED).toLowerCase(Locale.US); this.hostname = hostname; selectedContext = SslManager.instance().map(hostname); if (handshaken) { SSLEngine engine = selectedContext.newEngine(ctx.alloc()); List<String> supportedCipherSuites = Arrays.asList(engine.getSupportedCipherSuites()); if (!supportedCipherSuites.containsAll(enabledCipherSuites)) for (String cipher : enabledCipherSuites) if (!supportedCipherSuites.contains(cipher)) { NetworkManager.getLogger() .severe(String.format( "The SSL/TLS cipher suite '%s' is not supported by SSL Provider %s", cipher, SslContext.defaultServerProvider().name())); enabledCipherSuites.remove(cipher); }// w w w . j a v a2s . co m engine.setUseClientMode(false); engine.setEnabledCipherSuites(enabledCipherSuites.toArray(new String[0])); ctx.pipeline().replace(this, ctx.name(), new SslExceptionHandler(engine)); } } }
From source file:com.hypersocket.server.HypersocketServerImpl.java
@Override public String[] getSSLCiphers() { SSLEngine engine = defaultSSLContext.createSSLEngine(); return engine.getSupportedCipherSuites(); }
From source file:com.floragunn.searchguard.ssl.SSLTest.java
@Test public void testAvailCiphers() throws Exception { final SSLContext serverContext = SSLContext.getInstance("TLS"); serverContext.init(null, null, null); final SSLEngine engine = serverContext.createSSLEngine(); final List<String> jdkSupportedCiphers = new ArrayList<>(Arrays.asList(engine.getSupportedCipherSuites())); jdkSupportedCiphers.retainAll(SSLConfigConstants.getSecureSSLCiphers(Settings.EMPTY, false)); engine.setEnabledCipherSuites(jdkSupportedCiphers.toArray(new String[0])); final List<String> jdkEnabledCiphers = Arrays.asList(engine.getEnabledCipherSuites()); // example/*from w w w .j a va 2 s . c om*/ // TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, // TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA System.out.println("JDK enabled ciphers: " + jdkEnabledCiphers); Assert.assertTrue(jdkEnabledCiphers.size() > 0); }
From source file:org.elasticsearch.xpack.core.ssl.SSLService.java
/** * Creates an {@link SSLEngine} based on the provided configuration. This SSLEngine can be used for a connection that requires * hostname verification assuming the provided * host and port are correct. The SSLEngine created by this method is most useful for clients with hostname verification enabled * @param configuration the ssl configuration * @param host the host of the remote endpoint. If using hostname verification, this should match what is in the remote endpoint's * certificate//from www. j a v a 2s.c o m * @param port the port of the remote endpoint * @return {@link SSLEngine} * @see #sslConfiguration(Settings, Settings) */ public SSLEngine createSSLEngine(SSLConfiguration configuration, String host, int port) { SSLContext sslContext = sslContext(configuration); SSLEngine sslEngine = sslContext.createSSLEngine(host, port); String[] ciphers = supportedCiphers(sslEngine.getSupportedCipherSuites(), configuration.cipherSuites(), false); String[] supportedProtocols = configuration.supportedProtocols().toArray(Strings.EMPTY_ARRAY); SSLParameters parameters = new SSLParameters(ciphers, supportedProtocols); if (configuration.verificationMode().isHostnameVerificationEnabled() && host != null) { // By default, a SSLEngine will not perform hostname verification. In order to perform hostname verification // we need to specify a EndpointIdentificationAlgorithm. We use the HTTPS algorithm to prevent against // man in the middle attacks for all of our connections. parameters.setEndpointIdentificationAlgorithm("HTTPS"); } // we use the cipher suite order so that we can prefer the ciphers we set first in the list parameters.setUseCipherSuitesOrder(true); configuration.sslClientAuth().configure(parameters); // many SSLEngine options can be configured using either SSLParameters or direct methods on the engine itself, but there is one // tricky aspect; if you set a value directly on the engine and then later set the SSLParameters the value set directly on the // engine will be overwritten by the value in the SSLParameters sslEngine.setSSLParameters(parameters); return sslEngine; }
From source file:org.elasticsearch.xpack.core.ssl.SSLServiceTests.java
public void testThatSSLEngineHasProperCiphersAndProtocols() throws Exception { MockSecureSettings secureSettings = new MockSecureSettings(); secureSettings.setString("xpack.ssl.keystore.secure_password", "testnode"); Settings settings = Settings.builder().put("xpack.ssl.keystore.path", testnodeStore) .put("xpack.ssl.keystore.type", testnodeStoreType).setSecureSettings(secureSettings).build(); SSLService sslService = new SSLService(settings, env); SSLEngine engine = sslService.createSSLEngine(Settings.EMPTY, Settings.EMPTY); SSLConfiguration config = sslService.sslConfiguration(Settings.EMPTY); final String[] ciphers = sslService.supportedCiphers(engine.getSupportedCipherSuites(), config.cipherSuites(), false); final String[] supportedProtocols = config.supportedProtocols().toArray(Strings.EMPTY_ARRAY); assertThat(engine.getEnabledCipherSuites(), is(ciphers)); assertArrayEquals(ciphers, engine.getSSLParameters().getCipherSuites()); // the order we set the protocols in is not going to be what is returned as internally the JDK may sort the versions assertThat(engine.getEnabledProtocols(), arrayContainingInAnyOrder(supportedProtocols)); assertThat(engine.getSSLParameters().getProtocols(), arrayContainingInAnyOrder(supportedProtocols)); }