Example usage for javax.net.ssl SSLParameters setEndpointIdentificationAlgorithm

List of usage examples for javax.net.ssl SSLParameters setEndpointIdentificationAlgorithm

Introduction

In this page you can find the example usage for javax.net.ssl SSLParameters setEndpointIdentificationAlgorithm.

Prototype

public void setEndpointIdentificationAlgorithm(String algorithm) 

Source Link

Document

Sets the endpoint identification algorithm.

Usage

From source file:io.jenkins.docker.client.NettyDockerCmdExecFactory.java

public SSLParameters enableHostNameVerification(SSLParameters sslParameters) {
    sslParameters.setEndpointIdentificationAlgorithm("HTTPS");
    return sslParameters;
}

From source file:org.elasticsearch.xpack.core.ssl.SSLService.java

/**
 * Creates an {@link SSLEngine} based on the provided configuration. This SSLEngine can be used for a connection that requires
 * hostname verification assuming the provided
 * host and port are correct. The SSLEngine created by this method is most useful for clients with hostname verification enabled
 * @param configuration the ssl configuration
 * @param host the host of the remote endpoint. If using hostname verification, this should match what is in the remote endpoint's
 *             certificate/*from  w ww.j  a  v  a 2  s  .  co m*/
 * @param port the port of the remote endpoint
 * @return {@link SSLEngine}
 * @see #sslConfiguration(Settings, Settings)
 */
public SSLEngine createSSLEngine(SSLConfiguration configuration, String host, int port) {
    SSLContext sslContext = sslContext(configuration);
    SSLEngine sslEngine = sslContext.createSSLEngine(host, port);
    String[] ciphers = supportedCiphers(sslEngine.getSupportedCipherSuites(), configuration.cipherSuites(),
            false);
    String[] supportedProtocols = configuration.supportedProtocols().toArray(Strings.EMPTY_ARRAY);
    SSLParameters parameters = new SSLParameters(ciphers, supportedProtocols);
    if (configuration.verificationMode().isHostnameVerificationEnabled() && host != null) {
        // By default, a SSLEngine will not perform hostname verification. In order to perform hostname verification
        // we need to specify a EndpointIdentificationAlgorithm. We use the HTTPS algorithm to prevent against
        // man in the middle attacks for all of our connections.
        parameters.setEndpointIdentificationAlgorithm("HTTPS");
    }
    // we use the cipher suite order so that we can prefer the ciphers we set first in the list
    parameters.setUseCipherSuitesOrder(true);
    configuration.sslClientAuth().configure(parameters);

    // many SSLEngine options can be configured using either SSLParameters or direct methods on the engine itself, but there is one
    // tricky aspect; if you set a value directly on the engine and then later set the SSLParameters the value set directly on the
    // engine will be overwritten by the value in the SSLParameters
    sslEngine.setSSLParameters(parameters);
    return sslEngine;
}