Java Code Examples for javax.net.ssl.SSLEngine.setEnabledCipherSuites()

The following are Jave code examples for showing how to use setEnabledCipherSuites() of the javax.net.ssl.SSLEngine class. You can vote up the examples you like. Your votes will be used in our system to get more good examples.
Example 1
Project: tomcat7   File: NioEndpoint.java   Source Code and License Vote up 7 votes
protected SSLEngine createSSLEngine() {
    SSLEngine engine = sslContext.createSSLEngine();
    if ("false".equals(getClientAuth())) {
        engine.setNeedClientAuth(false);
        engine.setWantClientAuth(false);
    } else if ("true".equals(getClientAuth()) || "yes".equals(getClientAuth())){
        engine.setNeedClientAuth(true);
    } else if ("want".equals(getClientAuth())) {
        engine.setWantClientAuth(true);
    }
    engine.setUseClientMode(false);
    engine.setEnabledCipherSuites(enabledCiphers);
    engine.setEnabledProtocols(enabledProtocols);

    configureUseServerCipherSuitesOrder(engine);

    return engine;
}
 
Example 2
Project: lazycat   File: NioEndpoint.java   Source Code and License Vote up 7 votes
protected SSLEngine createSSLEngine() {
	SSLEngine engine = sslContext.createSSLEngine();
	if ("false".equals(getClientAuth())) {
		engine.setNeedClientAuth(false);
		engine.setWantClientAuth(false);
	} else if ("true".equals(getClientAuth()) || "yes".equals(getClientAuth())) {
		engine.setNeedClientAuth(true);
	} else if ("want".equals(getClientAuth())) {
		engine.setWantClientAuth(true);
	}
	engine.setUseClientMode(false);
	engine.setEnabledCipherSuites(enabledCiphers);
	engine.setEnabledProtocols(enabledProtocols);

	configureUseServerCipherSuitesOrder(engine);

	return engine;
}
 
Example 3
Project: openjdk-jdk10   File: DTLSIncorrectAppDataTest.java   Source Code and License Vote up 6 votes
@Override
protected void testOneCipher(String cipher) {
    SSLContext context = getContext();
    int maxPacketSize = getMaxPacketSize();
    boolean useSNI = !TEST_MODE.equals("norm");
    SSLEngine clientEngine = getClientSSLEngine(context, useSNI);
    SSLEngine serverEngine = getServerSSLEngine(context, useSNI);
    clientEngine.setEnabledCipherSuites(new String[]{cipher});
    serverEngine.setEnabledCipherSuites(new String[]{cipher});
    serverEngine.setNeedClientAuth(!cipher.contains("anon"));
    try {
        doHandshake(clientEngine, serverEngine, maxPacketSize,
                HandshakeMode.INITIAL_HANDSHAKE);
        checkIncorrectAppDataUnwrap(clientEngine, serverEngine);
        checkIncorrectAppDataUnwrap(serverEngine, clientEngine);
    } catch (SSLException ssle) {
        throw new AssertionError("Error during handshake or sending app data",
                ssle);
    }
}
 
Example 4
Project: apache-tomcat-7.0.73-with-comment   File: NioEndpoint.java   Source Code and License Vote up 6 votes
protected SSLEngine createSSLEngine() {
    SSLEngine engine = sslContext.createSSLEngine();
    if ("false".equals(getClientAuth())) {
        engine.setNeedClientAuth(false);
        engine.setWantClientAuth(false);
    } else if ("true".equals(getClientAuth()) || "yes".equals(getClientAuth())){
        engine.setNeedClientAuth(true);
    } else if ("want".equals(getClientAuth())) {
        engine.setWantClientAuth(true);
    }
    engine.setUseClientMode(false);
    engine.setEnabledCipherSuites(enabledCiphers);
    engine.setEnabledProtocols(enabledProtocols);

    configureUseServerCipherSuitesOrder(engine);

    return engine;
}
 
Example 5
Project: kafka-0.11.0.0-src-with-comment   File: SslFactory.java   Source Code and License Vote up 6 votes
public SSLEngine createSslEngine(String peerHost, int peerPort) {
    SSLEngine sslEngine = sslContext.createSSLEngine(peerHost, peerPort);
    if (cipherSuites != null) sslEngine.setEnabledCipherSuites(cipherSuites);
    if (enabledProtocols != null) sslEngine.setEnabledProtocols(enabledProtocols);

    // SSLParameters#setEndpointIdentificationAlgorithm enables endpoint validation
    // only in client mode. Hence, validation is enabled only for clients.
    if (mode == Mode.SERVER) {
        sslEngine.setUseClientMode(false);
        if (needClientAuth)
            sslEngine.setNeedClientAuth(needClientAuth);
        else
            sslEngine.setWantClientAuth(wantClientAuth);
    } else {
        sslEngine.setUseClientMode(true);
        SSLParameters sslParams = sslEngine.getSSLParameters();
        sslParams.setEndpointIdentificationAlgorithm(endpointIdentification);
        sslEngine.setSSLParameters(sslParams);
    }
    return sslEngine;
}
 
Example 6
Project: openjdk-jdk10   File: BufferOverflowUnderflowTest.java   Source Code and License Vote up 6 votes
@Override
protected void testOneCipher(String cipher) throws SSLException {
    SSLContext context = getContext();
    int maxPacketSize = getMaxPacketSize();
    boolean useSNI = !TEST_MODE.equals("norm");
    SSLEngine clientEngine = getClientSSLEngine(context, useSNI);
    SSLEngine serverEngine = getServerSSLEngine(context, useSNI);
    clientEngine.setEnabledCipherSuites(new String[]{cipher});
    serverEngine.setEnabledCipherSuites(new String[]{cipher});
    serverEngine.setNeedClientAuth(!cipher.contains("anon"));
    doHandshake(clientEngine, serverEngine, maxPacketSize,
            HandshakeMode.INITIAL_HANDSHAKE);
    checkBufferOverflowOnWrap(clientEngine);
    checkBufferOverflowOnWrap(serverEngine);
    checkBufferOverflowOnUnWrap(clientEngine, serverEngine);
    checkBufferOverflowOnUnWrap(serverEngine, clientEngine);
    checkBufferUnderflowOnUnWrap(serverEngine, clientEngine);
    checkBufferUnderflowOnUnWrap(clientEngine, serverEngine);
}
 
Example 7
Project: openjdk-jdk10   File: EnginesClosureTest.java   Source Code and License Vote up 6 votes
private void closingTest(String cipher, boolean clientCloses)
        throws SSLException {
    SSLContext context = getContext();
    int maxPacketSize = getMaxPacketSize();
    boolean useSNI = !TEST_MODE.equals("norm");
    SSLEngine clientEngine = getClientSSLEngine(context, useSNI);
    SSLEngine serverEngine = getServerSSLEngine(context, useSNI);
    clientEngine.setEnabledCipherSuites(new String[]{cipher});
    serverEngine.setEnabledCipherSuites(new String[]{cipher});
    serverEngine.setNeedClientAuth(!cipher.contains("anon"));
    doHandshake(clientEngine, serverEngine, maxPacketSize,
            HandshakeMode.INITIAL_HANDSHAKE);
    if (clientCloses) {
        closeEngines(clientEngine, serverEngine);
    } else {
        closeEngines(serverEngine, clientEngine);
    }
}
 
Example 8
Project: openjdk-jdk10   File: RehandshakeTest.java   Source Code and License Vote up 6 votes
@Override
protected void testOneCipher(String cipher) throws SSLException {
    SSLContext context = getContext();
    int maxPacketSize = getMaxPacketSize();
    boolean useSNI = !TEST_MODE.equals("norm");
    SSLEngine clientEngine = getClientSSLEngine(context, useSNI);
    SSLEngine serverEngine = getServerSSLEngine(context, useSNI);
    clientEngine.setEnabledCipherSuites(new String[]{cipher});
    serverEngine.setEnabledCipherSuites(new String[]{cipher});
    serverEngine.setNeedClientAuth(!cipher.contains("anon"));
    doHandshake(clientEngine, serverEngine, maxPacketSize,
            HandshakeMode.INITIAL_HANDSHAKE);
    doHandshake(clientEngine, serverEngine, maxPacketSize,
            HandshakeMode.REHANDSHAKE_BEGIN_CLIENT);
    doHandshake(clientEngine, serverEngine, maxPacketSize,
            HandshakeMode.REHANDSHAKE_BEGIN_SERVER);
}
 
Example 9
Project: incubator-servicecomb-java-chassis   File: SSLManager.java   Source Code and License Vote up 5 votes
public static SSLEngine createSSLEngine(SSLOption option, SSLCustom custom, String peerHost, int peerPort) {
  SSLContext context = createSSLContext(option, custom);
  SSLEngine engine =
      context.createSSLEngine(peerHost, peerPort);
  engine.setEnabledProtocols(option.getProtocols().split(","));
  String[] supported = engine.getSupportedCipherSuites();
  String[] eanbled = option.getCiphers().split(",");
  engine.setEnabledCipherSuites(getEnabledCiphers(supported, eanbled));
  engine.setNeedClientAuth(option.isAuthPeer());
  return engine;
}
 
Example 10
Project: iothub   File: MqttSslHandlerProvider.java   Source Code and License Vote up 5 votes
public SslHandler getSslHandler() {
    try {
        URL ksUrl = Resources.getResource(keyStoreFile);
        File ksFile = new File(ksUrl.toURI());
        URL tsUrl = Resources.getResource(keyStoreFile);
        File tsFile = new File(tsUrl.toURI());

        TrustManagerFactory tmFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        KeyStore trustStore = KeyStore.getInstance(keyStoreType);
        trustStore.load(new FileInputStream(tsFile), keyStorePassword.toCharArray());
        tmFactory.init(trustStore);

        KeyStore ks = KeyStore.getInstance(keyStoreType);

        ks.load(new FileInputStream(ksFile), keyStorePassword.toCharArray());
        KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        kmf.init(ks, keyPassword.toCharArray());

        KeyManager[] km = kmf.getKeyManagers();
        TrustManager x509wrapped = getX509TrustManager(tmFactory);
        TrustManager[] tm = {x509wrapped};
        SSLContext sslContext = SSLContext.getInstance(TLS);
        sslContext.init(km, tm, null);
        SSLEngine sslEngine = sslContext.createSSLEngine();
        sslEngine.setUseClientMode(false);
        sslEngine.setNeedClientAuth(false);
        sslEngine.setWantClientAuth(true);
        sslEngine.setEnabledProtocols(sslEngine.getSupportedProtocols());
        sslEngine.setEnabledCipherSuites(sslEngine.getSupportedCipherSuites());
        sslEngine.setEnableSessionCreation(true);
        return new SslHandler(sslEngine);
    } catch (Exception e) {
        log.error("Unable to set up SSL context. Reason: " + e.getMessage(), e);
        throw new RuntimeException("Failed to get SSL handler", e);
    }
}
 
Example 11
Project: athena   File: OpenflowPipelineFactory.java   Source Code and License Vote up 5 votes
@Override
public ChannelPipeline getPipeline() throws Exception {
    OFChannelHandler handler = new OFChannelHandler(controller);

    ChannelPipeline pipeline = Channels.pipeline();
    if (sslContext != null) {
        log.debug("OpenFlow SSL enabled.");
        SSLEngine sslEngine = sslContext.createSSLEngine();

        sslEngine.setNeedClientAuth(true);
        sslEngine.setUseClientMode(false);
        sslEngine.setEnabledProtocols(sslEngine.getSupportedProtocols());
        sslEngine.setEnabledCipherSuites(sslEngine.getSupportedCipherSuites());
        sslEngine.setEnableSessionCreation(true);

        SslHandler sslHandler = new SslHandler(sslEngine);
        pipeline.addLast("ssl", sslHandler);
    } else {
        log.debug("OpenFlow SSL disabled.");
    }
    pipeline.addLast("ofmessagedecoder", new OFMessageDecoder());
    pipeline.addLast("ofmessageencoder", new OFMessageEncoder());
    pipeline.addLast("idle", idleHandler);
    pipeline.addLast("timeout", readTimeoutHandler);
    // XXX S ONOS: was 15 increased it to fix Issue #296
    pipeline.addLast("handshaketimeout",
                     new HandshakeTimeoutHandler(handler, timer, 60));
    if (pipelineExecutor != null) {
        pipeline.addLast("pipelineExecutor",
                         new ExecutionHandler(pipelineExecutor));
    }
    pipeline.addLast("handler", handler);
    return pipeline;
}
 
Example 12
Project: athena   File: NettyMessagingManager.java   Source Code and License Vote up 5 votes
@Override
protected void initChannel(SocketChannel channel) throws Exception {
    TrustManagerFactory tmFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
    KeyStore ts = KeyStore.getInstance("JKS");
    ts.load(new FileInputStream(tsLocation), tsPwd);
    tmFactory.init(ts);

    KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
    KeyStore ks = KeyStore.getInstance("JKS");
    ks.load(new FileInputStream(ksLocation), ksPwd);
    kmf.init(ks, ksPwd);

    SSLContext serverContext = SSLContext.getInstance("TLS");
    serverContext.init(kmf.getKeyManagers(), tmFactory.getTrustManagers(), null);

    SSLEngine serverSslEngine = serverContext.createSSLEngine();

    serverSslEngine.setNeedClientAuth(true);
    serverSslEngine.setUseClientMode(false);
    serverSslEngine.setEnabledProtocols(serverSslEngine.getSupportedProtocols());
    serverSslEngine.setEnabledCipherSuites(serverSslEngine.getSupportedCipherSuites());
    serverSslEngine.setEnableSessionCreation(true);

    channel.pipeline().addLast("ssl", new io.netty.handler.ssl.SslHandler(serverSslEngine))
            .addLast("encoder", encoder)
            .addLast("decoder", new MessageDecoder())
            .addLast("handler", dispatcher);
}
 
Example 13
Project: athena   File: NettyMessagingManager.java   Source Code and License Vote up 5 votes
@Override
protected void initChannel(SocketChannel channel) throws Exception {
    TrustManagerFactory tmFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
    KeyStore ts = KeyStore.getInstance("JKS");
    ts.load(new FileInputStream(tsLocation), tsPwd);
    tmFactory.init(ts);

    KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
    KeyStore ks = KeyStore.getInstance("JKS");
    ks.load(new FileInputStream(ksLocation), ksPwd);
    kmf.init(ks, ksPwd);

    SSLContext clientContext = SSLContext.getInstance("TLS");
    clientContext.init(kmf.getKeyManagers(), tmFactory.getTrustManagers(), null);

    SSLEngine clientSslEngine = clientContext.createSSLEngine();

    clientSslEngine.setUseClientMode(true);
    clientSslEngine.setEnabledProtocols(clientSslEngine.getSupportedProtocols());
    clientSslEngine.setEnabledCipherSuites(clientSslEngine.getSupportedCipherSuites());
    clientSslEngine.setEnableSessionCreation(true);

    channel.pipeline().addLast("ssl", new io.netty.handler.ssl.SslHandler(clientSslEngine))
            .addLast("encoder", encoder)
            .addLast("decoder", new MessageDecoder())
            .addLast("handler", dispatcher);
}
 
Example 14
Project: openjdk-jdk10   File: HandshakeTest.java   Source Code and License Vote up 5 votes
@Override
protected void testOneCipher(String cipher) throws SSLException {
    SSLContext context = getContext();
    int maxPacketSize = getMaxPacketSize();
    boolean useSNI = !TEST_MODE.equals("norm");
    SSLEngine clientEngine = getClientSSLEngine(context, useSNI);
    SSLEngine serverEngine = getServerSSLEngine(context, useSNI);
    clientEngine.setEnabledCipherSuites(new String[]{cipher});
    serverEngine.setEnabledCipherSuites(new String[]{cipher});
    serverEngine.setNeedClientAuth(!cipher.contains("anon"));
    doHandshake(clientEngine, serverEngine, maxPacketSize,
            HandshakeMode.INITIAL_HANDSHAKE);
}
 
Example 15
Project: openjdk-jdk10   File: UnsupportedCiphersTest.java   Source Code and License Vote up 5 votes
private void unsupTest(String cipher, boolean clientTest) {
    SSLContext context = getContext();
    SSLEngine clientEngine = context.createSSLEngine();
    clientEngine.setUseClientMode(true);
    SSLEngine serverEngine = context.createSSLEngine();
    serverEngine.setUseClientMode(false);
    if (clientTest) {
        clientEngine.setEnabledCipherSuites(new String[]{cipher});
    } else {
        serverEngine.setEnabledCipherSuites(new String[]{cipher});
    }
}
 
Example 16
Project: fresco_floodlight   File: OFChannelInitializer.java   Source Code and License Vote up 5 votes
@Override
protected void initChannel(Channel ch) throws Exception {
	ChannelPipeline pipeline = ch.pipeline();
	OFChannelHandler handler = new OFChannelHandler(
			switchManager,
			connectionListener,
			pipeline,
			debugCounters,
			timer,
			ofBitmaps,
			defaultFactory);

	if (keyStore != null && keyStorePassword != null) {
		try {
			/* Set up factories and stores. */
			TrustManagerFactory tmFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
			KeyStore tmpKS = null;
			tmFactory.init(tmpKS);

			/* Use keystore/pass defined in properties file. */
			KeyStore ks = KeyStore.getInstance("JKS");
			ks.load(new FileInputStream(keyStore), keyStorePassword.toCharArray());

			KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
			kmf.init(ks, keyStorePassword.toCharArray());

			KeyManager[] km = kmf.getKeyManagers();
			TrustManager[] tm = tmFactory.getTrustManagers();

			/* Set up SSL prereqs for Netty. */
			SSLContext sslContext = SSLContext.getInstance("TLS");
			sslContext.init(km, tm, null);
			SSLEngine sslEngine = sslContext.createSSLEngine();

			/* We are the server and we will create secure sessions. */
			sslEngine.setUseClientMode(false);
			sslEngine.setEnableSessionCreation(true);

			/* These are redundant (default), but for clarity... */
			sslEngine.setEnabledProtocols(sslEngine.getSupportedProtocols()); 
			sslEngine.setEnabledCipherSuites(sslEngine.getSupportedCipherSuites());
			
			/* First, decrypt w/handler+engine; then, proceed with rest of handlers. */
			pipeline.addLast(PipelineHandler.SSL_TLS_ENCODER_DECODER, new SslHandler(sslEngine));
			log.info("SSL OpenFlow socket initialized and handler ready for switch.");
		} catch (Exception e) { /* There are lots of possible exceptions to catch, so this should get them all. */
			log.error("Exception initializing SSL OpenFlow socket: {}", e.getMessage());
			throw e; /* If we wanted secure but didn't get it, we should bail. */
		}
	}
	
	pipeline.addLast(PipelineHandler.OF_MESSAGE_DECODER,
			new OFMessageDecoder());
	pipeline.addLast(PipelineHandler.OF_MESSAGE_ENCODER,
			new OFMessageEncoder());
	pipeline.addLast(PipelineHandler.MAIN_IDLE,
			new IdleStateHandler(PipelineIdleReadTimeout.MAIN,
					PipelineIdleWriteTimeout.MAIN,
					0));
	pipeline.addLast(PipelineHandler.READ_TIMEOUT, new ReadTimeoutHandler(30));
	pipeline.addLast(PipelineHandler.CHANNEL_HANDSHAKE_TIMEOUT,
			new HandshakeTimeoutHandler(
					handler,
					timer,
					PipelineHandshakeTimeout.CHANNEL));

	pipeline.addLast(PipelineHandler.CHANNEL_HANDLER, handler);
}
 
Example 17
Project: openjdk-jdk10   File: DataExchangeTest.java   Source Code and License Vote up 5 votes
@Override
protected void testOneCipher(String cipher) throws SSLException {
    SSLContext context = getContext();
    int maxPacketSize = getMaxPacketSize();
    boolean useSNI = !TEST_MODE.equals("norm");
    SSLEngine clientEngine = getClientSSLEngine(context, useSNI);
    SSLEngine serverEngine = getServerSSLEngine(context, useSNI);
    clientEngine.setEnabledCipherSuites(new String[]{cipher});
    serverEngine.setEnabledCipherSuites(new String[]{cipher});
    serverEngine.setNeedClientAuth(!cipher.contains("anon"));
    doHandshake(clientEngine, serverEngine, maxPacketSize,
            HandshakeMode.INITIAL_HANDSHAKE);
    sendApplicationData(clientEngine, serverEngine);
    sendApplicationData(serverEngine, clientEngine);
}
 
Example 18
Project: iotplatform   File: MqttSslHandlerProvider.java   Source Code and License Vote up 5 votes
public SslHandler getSslHandler() {
    try {
        URL ksUrl = Resources.getResource(keyStoreFile);
        File ksFile = new File(ksUrl.toURI());
        URL tsUrl = Resources.getResource(keyStoreFile);
        File tsFile = new File(tsUrl.toURI());

        TrustManagerFactory tmFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        KeyStore trustStore = KeyStore.getInstance(keyStoreType);
        trustStore.load(new FileInputStream(tsFile), keyStorePassword.toCharArray());
        tmFactory.init(trustStore);

        KeyStore ks = KeyStore.getInstance(keyStoreType);

        ks.load(new FileInputStream(ksFile), keyStorePassword.toCharArray());
        KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        kmf.init(ks, keyPassword.toCharArray());

        KeyManager[] km = kmf.getKeyManagers();
        TrustManager x509wrapped = getX509TrustManager(tmFactory);
        TrustManager[] tm = {x509wrapped};
        SSLContext sslContext = SSLContext.getInstance(TLS);
        sslContext.init(km, tm, null);
        SSLEngine sslEngine = sslContext.createSSLEngine();
        sslEngine.setUseClientMode(false);
        sslEngine.setNeedClientAuth(false);
        sslEngine.setWantClientAuth(true);
        sslEngine.setEnabledProtocols(sslEngine.getSupportedProtocols());
        sslEngine.setEnabledCipherSuites(sslEngine.getSupportedCipherSuites());
        sslEngine.setEnableSessionCreation(true);
        return new SslHandler(sslEngine);
    } catch (Exception e) {
        log.error("Unable to set up SSL context. Reason: " + e.getMessage(), e);
        throw new RuntimeException("Failed to get SSL handler", e);
    }
}
 
Example 19
Project: openjdk-jdk10   File: WeakCipherSuite.java   Source Code and License Vote up 5 votes
@Override
SSLEngine createSSLEngine(boolean isClient) throws Exception {
    SSLEngine engine = super.createSSLEngine(isClient);
    engine.setEnabledCipherSuites(new String[]{cipherSuite});

    return engine;
}
 
Example 20
Project: openjdk-jdk10   File: RehandshakeWithCipherChangeTest.java   Source Code and License Vote up 4 votes
@Override
protected void testOneCipher(String cipher) throws SSLException {
    SSLContext context = getContext();
    int maxPacketSize = getMaxPacketSize();
    SSLEngine clientEngine = context.createSSLEngine();
    clientEngine.setUseClientMode(true);
    SSLEngine serverEngine = context.createSSLEngine();
    serverEngine.setUseClientMode(false);
    clientEngine.setEnabledCipherSuites(new String[]{cipher});
    serverEngine.setEnabledCipherSuites(
            Ciphers.ENABLED_NON_KRB_NOT_ANON_CIPHERS.ciphers);
    String randomCipher;
    serverEngine.setNeedClientAuth(true);
    long initialEpoch = 0;
    long secondEpoch = 0;
    SSLEngineResult r;
    doHandshake(clientEngine, serverEngine, maxPacketSize,
            HandshakeMode.INITIAL_HANDSHAKE);
    sendApplicationData(clientEngine, serverEngine);
    r = sendApplicationData(serverEngine, clientEngine);
    if (TESTED_SECURITY_PROTOCOL.contains("DTLS")) {
        initialEpoch = r.sequenceNumber() >> 48;
    }
    final Random RNG = RandomFactory.getRandom();
    randomCipher = Ciphers.ENABLED_NON_KRB_NOT_ANON_CIPHERS.ciphers[RNG
            .nextInt(Ciphers.ENABLED_NON_KRB_NOT_ANON_CIPHERS.ciphers.length)];
    clientEngine.setEnabledCipherSuites(new String[]{randomCipher});
    doHandshake(clientEngine, serverEngine, maxPacketSize,
            HandshakeMode.REHANDSHAKE_BEGIN_CLIENT);
    sendApplicationData(clientEngine, serverEngine);
    r = sendApplicationData(serverEngine, clientEngine);
    if (TESTED_SECURITY_PROTOCOL.contains("DTLS")) {
        secondEpoch = r.sequenceNumber() >> 48;
        AssertionError epochError = new AssertionError("Epoch number"
                + " did not grow after re-handshake! "
                + " Was " + initialEpoch + ", now " + secondEpoch + ".");
        if (Long.compareUnsigned(secondEpoch, initialEpoch) <= 0) {
            throw epochError;
        }
    }
    closeEngines(clientEngine, serverEngine);
}