List of usage examples for javax.net.ssl SSLSocketFactory getDefaultCipherSuites
public abstract String[] getDefaultCipherSuites();
From source file:com.github.kpavlov.ssl.DynamicSSLSocketFactory.java
public DynamicSSLSocketFactory(KeyStoreProvider keyStoreProvider, KeyPasswordProvider keyPasswordProvider) { Objects.requireNonNull(keyStoreProvider, "KeyStoreProvider is required"); Objects.requireNonNull(keyPasswordProvider, "KeyPasswordProvider is required"); this.keyPasswordProvider = keyPasswordProvider; this.keyStoreProvider = keyStoreProvider; SSLSocketFactory systemDefaultFactory = SSLContexts.createSystemDefault().getSocketFactory(); defaultCipherSuites = systemDefaultFactory.getDefaultCipherSuites(); supportedCipherSuites = systemDefaultFactory.getSupportedCipherSuites(); }
From source file:org.elasticsearch.xpack.core.ssl.SSLServiceTests.java
public void testThatSSLSocketFactoryHasProperCiphersAndProtocols() throws Exception { MockSecureSettings secureSettings = new MockSecureSettings(); secureSettings.setString("xpack.ssl.keystore.secure_password", "testnode"); Settings settings = Settings.builder().put("xpack.ssl.keystore.path", testnodeStore) .put("xpack.ssl.keystore.type", testnodeStoreType).setSecureSettings(secureSettings).build(); SSLService sslService = new SSLService(settings, env); SSLSocketFactory factory = sslService.sslSocketFactory(Settings.EMPTY); SSLConfiguration config = sslService.sslConfiguration(Settings.EMPTY); final String[] ciphers = sslService.supportedCiphers(factory.getSupportedCipherSuites(), config.cipherSuites(), false); assertThat(factory.getDefaultCipherSuites(), is(ciphers)); final String[] supportedProtocols = config.supportedProtocols().toArray(Strings.EMPTY_ARRAY); try (SSLSocket socket = (SSLSocket) factory.createSocket()) { assertThat(socket.getEnabledCipherSuites(), is(ciphers)); // the order we set the protocols in is not going to be what is returned as internally the JDK may sort the versions assertThat(socket.getEnabledProtocols(), arrayContainingInAnyOrder(supportedProtocols)); assertArrayEquals(ciphers, socket.getSSLParameters().getCipherSuites()); assertThat(socket.getSSLParameters().getProtocols(), arrayContainingInAnyOrder(supportedProtocols)); assertTrue(socket.getSSLParameters().getUseCipherSuitesOrder()); }/*from w ww. j a va 2 s.c o m*/ }
From source file:org.pixmob.fm2.util.HttpUtils.java
/** * Setup SSL connection.//from w ww .jav a2 s . co m */ private static void setupSecureConnection(Context context, HttpsURLConnection conn) throws IOException { if (DEBUG) { Log.d(TAG, "Load custom SSL certificates"); } final SSLContext sslContext; try { // Load SSL certificates: // http://nelenkov.blogspot.com/2011/12/using-custom-certificate-trust-store-on.html // Earlier Android versions do not have updated root CA // certificates, resulting in connection errors. final KeyStore keyStore = loadCertificates(context); final CustomTrustManager customTrustManager = new CustomTrustManager(keyStore); final TrustManager[] tms = new TrustManager[] { customTrustManager }; // Init SSL connection with custom certificates. // The same SecureRandom instance is used for every connection to // speed up initialization. sslContext = SSLContext.getInstance("TLS"); sslContext.init(null, tms, SECURE_RANDOM); } catch (GeneralSecurityException e) { final IOException ioe = new IOException("Failed to initialize SSL engine"); ioe.initCause(e); throw ioe; } if (Build.VERSION.SDK_INT < Build.VERSION_CODES.ICE_CREAM_SANDWICH) { // Fix slow read: // http://code.google.com/p/android/issues/detail?id=13117 // Prior to ICS, the host name is still resolved even if we already // know its IP address, for each connection. final SSLSocketFactory delegate = sslContext.getSocketFactory(); final SSLSocketFactory socketFactory = new SSLSocketFactory() { @Override public Socket createSocket(String host, int port) throws IOException, UnknownHostException { InetAddress addr = InetAddress.getByName(host); injectHostname(addr, host); return delegate.createSocket(addr, port); } @Override public Socket createSocket(InetAddress host, int port) throws IOException { return delegate.createSocket(host, port); } @Override public Socket createSocket(String host, int port, InetAddress localHost, int localPort) throws IOException, UnknownHostException { return delegate.createSocket(host, port, localHost, localPort); } @Override public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort) throws IOException { return delegate.createSocket(address, port, localAddress, localPort); } private void injectHostname(InetAddress address, String host) { try { Field field = InetAddress.class.getDeclaredField("hostName"); field.setAccessible(true); field.set(address, host); } catch (Exception ignored) { } } @Override public Socket createSocket(Socket s, String host, int port, boolean autoClose) throws IOException { injectHostname(s.getInetAddress(), host); return delegate.createSocket(s, host, port, autoClose); } @Override public String[] getDefaultCipherSuites() { return delegate.getDefaultCipherSuites(); } @Override public String[] getSupportedCipherSuites() { return delegate.getSupportedCipherSuites(); } }; conn.setSSLSocketFactory(socketFactory); } else { conn.setSSLSocketFactory(sslContext.getSocketFactory()); } conn.setHostnameVerifier(new BrowserCompatHostnameVerifier()); }
From source file:org.kymjs.kjframe.http.httpclient.HttpRequestBuilder.java
/** * Setup SSL connection./* www .j ava2s. c o m*/ */ private static void setupSecureConnection(Context context, HttpsURLConnection conn) throws IOException { final SSLContext sslContext; try { // SSL certificates are provided by the Guardian Project: // https://github.com/guardianproject/cacert if (trustManagers == null) { // Load SSL certificates: // http://nelenkov.blogspot.com/2011/12/using-custom-certificate-trust-store-on.html // Earlier Android versions do not have updated root CA // certificates, resulting in connection errors. final KeyStore keyStore = loadCertificates(context); final CustomTrustManager customTrustManager = new CustomTrustManager(keyStore); trustManagers = new TrustManager[] { customTrustManager }; } // Init SSL connection with custom certificates. // The same SecureRandom instance is used for every connection to // speed up initialization. sslContext = SSLContext.getInstance("TLS"); sslContext.init(null, trustManagers, SECURE_RANDOM); } catch (GeneralSecurityException e) { final IOException ioe = new IOException("Failed to initialize SSL engine"); ioe.initCause(e); throw ioe; } if (Build.VERSION.SDK_INT < Build.VERSION_CODES.ICE_CREAM_SANDWICH) { // Fix slow read: // http://code.google.com/p/android/issues/detail?id=13117 // Prior to ICS, the host name is still resolved even if we already // know its IP address, for each connection. final SSLSocketFactory delegate = sslContext.getSocketFactory(); final SSLSocketFactory socketFactory = new SSLSocketFactory() { @Override public Socket createSocket(String host, int port) throws IOException, UnknownHostException { InetAddress addr = InetAddress.getByName(host); injectHostname(addr, host); return delegate.createSocket(addr, port); } @Override public Socket createSocket(InetAddress host, int port) throws IOException { return delegate.createSocket(host, port); } @Override public Socket createSocket(String host, int port, InetAddress localHost, int localPort) throws IOException, UnknownHostException { return delegate.createSocket(host, port, localHost, localPort); } @Override public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort) throws IOException { return delegate.createSocket(address, port, localAddress, localPort); } private void injectHostname(InetAddress address, String host) { try { Field field = InetAddress.class.getDeclaredField("hostName"); field.setAccessible(true); field.set(address, host); } catch (Exception ignored) { } } @Override public Socket createSocket(Socket s, String host, int port, boolean autoClose) throws IOException { injectHostname(s.getInetAddress(), host); return delegate.createSocket(s, host, port, autoClose); } @Override public String[] getDefaultCipherSuites() { return delegate.getDefaultCipherSuites(); } @Override public String[] getSupportedCipherSuites() { return delegate.getSupportedCipherSuites(); } }; conn.setSSLSocketFactory(socketFactory); } else { conn.setSSLSocketFactory(sslContext.getSocketFactory()); } conn.setHostnameVerifier(new BrowserCompatHostnameVerifier()); }
From source file:org.apache.jmeter.util.HttpSSLProtocolSocketFactory.java
@Override public String[] getDefaultCipherSuites() { try {//from w ww . ja v a2 s. co m SSLSocketFactory sslfac = getSSLSocketFactory(); return sslfac.getDefaultCipherSuites(); } catch (IOException ex) { return new String[] {}; } }