Java Code Examples for javax.net.ssl.SSLSocket#getEnabledCipherSuites()
The following examples show how to use
javax.net.ssl.SSLSocket#getEnabledCipherSuites() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: CipherTestUtils.java From jdk8u-jdk with GNU General Public License v2.0 | 6 votes |
|
public static void printInfo(SSLSocket socket) {
System.out.println();
System.out.println("--- SSL Socket Info ---");
System.out.print(" SupportedProtocols : ");
printStringArray(socket.getSupportedProtocols());
System.out.println(" EnabledProtocols : "
+ socket.getEnabledProtocols()[0]);
System.out.print(" SupportedCipherSuites : ");
String[] supportedCipherSuites = socket.getEnabledCipherSuites();
Arrays.sort(supportedCipherSuites);
printStringArray(supportedCipherSuites);
System.out.println(" EnabledCipherSuites : "
+ socket.getEnabledCipherSuites()[0]);
System.out.println(" NeedClientAuth : "
+ socket.getNeedClientAuth());
System.out.println(" WantClientAuth : "
+ socket.getWantClientAuth());
System.out.println("-----------------------");
}
Example 2
| Source File: ConnectionSpec.java From grpc-java with Apache License 2.0 | 6 votes |
|
/**
* Returns {@code true} if the socket, as currently configured, supports this ConnectionSpec.
* In order for a socket to be compatible the enabled cipher suites and protocols must intersect.
*
* <p>For cipher suites, at least one of the {@link #cipherSuites() required cipher suites} must
* match the socket's enabled cipher suites. If there are no required cipher suites the socket
* must have at least one cipher suite enabled.
*
* <p>For protocols, at least one of the {@link #tlsVersions() required protocols} must match the
* socket's enabled protocols.
*/
public boolean isCompatible(SSLSocket socket) {
if (!tls) {
return false;
}
String[] enabledProtocols = socket.getEnabledProtocols();
boolean requiredProtocolsEnabled = nonEmptyIntersection(tlsVersions, enabledProtocols);
if (!requiredProtocolsEnabled) {
return false;
}
boolean requiredCiphersEnabled;
if (cipherSuites == null) {
requiredCiphersEnabled = socket.getEnabledCipherSuites().length > 0;
} else {
String[] enabledCipherSuites = socket.getEnabledCipherSuites();
requiredCiphersEnabled = nonEmptyIntersection(cipherSuites, enabledCipherSuites);
}
return requiredCiphersEnabled;
}
Example 3
| Source File: CipherTestUtils.java From jdk8u_jdk with GNU General Public License v2.0 | 6 votes |
|
public static void printInfo(SSLSocket socket) {
System.out.println();
System.out.println("--- SSL Socket Info ---");
System.out.print(" SupportedProtocols : ");
printStringArray(socket.getSupportedProtocols());
System.out.println(" EnabledProtocols : "
+ socket.getEnabledProtocols()[0]);
System.out.print(" SupportedCipherSuites : ");
String[] supportedCipherSuites = socket.getEnabledCipherSuites();
Arrays.sort(supportedCipherSuites);
printStringArray(supportedCipherSuites);
System.out.println(" EnabledCipherSuites : "
+ socket.getEnabledCipherSuites()[0]);
System.out.println(" NeedClientAuth : "
+ socket.getNeedClientAuth());
System.out.println(" WantClientAuth : "
+ socket.getWantClientAuth());
System.out.println("-----------------------");
}
Example 4
| Source File: ConnectionSpec.java From AndroidProjects with MIT License | 6 votes |
|
/**
* Returns a copy of this that omits cipher suites and TLS versions not enabled by {@code
* sslSocket}.
*/
private ConnectionSpec supportedSpec(SSLSocket sslSocket, boolean isFallback) {
String[] cipherSuitesIntersection = cipherSuites != null
? intersect(CipherSuite.ORDER_BY_NAME, sslSocket.getEnabledCipherSuites(), cipherSuites)
: sslSocket.getEnabledCipherSuites();
String[] tlsVersionsIntersection = tlsVersions != null
? intersect(Util.NATURAL_ORDER, sslSocket.getEnabledProtocols(), tlsVersions)
: sslSocket.getEnabledProtocols();
// In accordance with https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00
// the SCSV cipher is added to signal that a protocol fallback has taken place.
String[] supportedCipherSuites = sslSocket.getSupportedCipherSuites();
int indexOfFallbackScsv = indexOf(
CipherSuite.ORDER_BY_NAME, supportedCipherSuites, "TLS_FALLBACK_SCSV");
if (isFallback && indexOfFallbackScsv != -1) {
cipherSuitesIntersection = concat(
cipherSuitesIntersection, supportedCipherSuites[indexOfFallbackScsv]);
}
return new Builder(this)
.cipherSuites(cipherSuitesIntersection)
.tlsVersions(tlsVersionsIntersection)
.build();
}
Example 5
| Source File: CipherTestUtils.java From hottub with GNU General Public License v2.0 | 6 votes |
|
public static void printInfo(SSLSocket socket) {
System.out.println();
System.out.println("--- SSL Socket Info ---");
System.out.print(" SupportedProtocols : ");
printStringArray(socket.getSupportedProtocols());
System.out.println(" EnabledProtocols : "
+ socket.getEnabledProtocols()[0]);
System.out.print(" SupportedCipherSuites : ");
String[] supportedCipherSuites = socket.getEnabledCipherSuites();
Arrays.sort(supportedCipherSuites);
printStringArray(supportedCipherSuites);
System.out.println(" EnabledCipherSuites : "
+ socket.getEnabledCipherSuites()[0]);
System.out.println(" NeedClientAuth : "
+ socket.getNeedClientAuth());
System.out.println(" WantClientAuth : "
+ socket.getWantClientAuth());
System.out.println("-----------------------");
}
Example 6
| Source File: CipherTestUtils.java From openjdk-jdk9 with GNU General Public License v2.0 | 6 votes |
|
public static void printInfo(SSLSocket socket) {
System.out.println();
System.out.println("--- SSL Socket Info ---");
System.out.print(" SupportedProtocols : ");
printStringArray(socket.getSupportedProtocols());
System.out.println(" EnabledProtocols : "
+ socket.getEnabledProtocols()[0]);
System.out.print(" SupportedCipherSuites : ");
String[] supportedCipherSuites = socket.getEnabledCipherSuites();
Arrays.sort(supportedCipherSuites);
printStringArray(supportedCipherSuites);
System.out.println(" EnabledCipherSuites : "
+ socket.getEnabledCipherSuites()[0]);
System.out.println(" NeedClientAuth : "
+ socket.getNeedClientAuth());
System.out.println(" WantClientAuth : "
+ socket.getWantClientAuth());
System.out.println("-----------------------");
}
Example 7
| Source File: CipherTestUtils.java From openjdk-jdk8u-backup with GNU General Public License v2.0 | 6 votes |
|
public static void printInfo(SSLSocket socket) {
System.out.println();
System.out.println("--- SSL Socket Info ---");
System.out.print(" SupportedProtocols : ");
printStringArray(socket.getSupportedProtocols());
System.out.println(" EnabledProtocols : "
+ socket.getEnabledProtocols()[0]);
System.out.print(" SupportedCipherSuites : ");
String[] supportedCipherSuites = socket.getEnabledCipherSuites();
Arrays.sort(supportedCipherSuites);
printStringArray(supportedCipherSuites);
System.out.println(" EnabledCipherSuites : "
+ socket.getEnabledCipherSuites()[0]);
System.out.println(" NeedClientAuth : "
+ socket.getNeedClientAuth());
System.out.println(" WantClientAuth : "
+ socket.getWantClientAuth());
System.out.println("-----------------------");
}
Example 8
| Source File: CipherTestUtils.java From openjdk-jdk8u with GNU General Public License v2.0 | 6 votes |
|
public static void printInfo(SSLSocket socket) {
System.out.println();
System.out.println("--- SSL Socket Info ---");
System.out.print(" SupportedProtocols : ");
printStringArray(socket.getSupportedProtocols());
System.out.println(" EnabledProtocols : "
+ socket.getEnabledProtocols()[0]);
System.out.print(" SupportedCipherSuites : ");
String[] supportedCipherSuites = socket.getEnabledCipherSuites();
Arrays.sort(supportedCipherSuites);
printStringArray(supportedCipherSuites);
System.out.println(" EnabledCipherSuites : "
+ socket.getEnabledCipherSuites()[0]);
System.out.println(" NeedClientAuth : "
+ socket.getNeedClientAuth());
System.out.println(" WantClientAuth : "
+ socket.getWantClientAuth());
System.out.println("-----------------------");
}
Example 9
| Source File: ConnectionSpec.java From styT with Apache License 2.0 | 6 votes |
|
/**
* Returns a copy of this that omits cipher suites and TLS versions not enabled by {@code
* sslSocket}.
*/
private ConnectionSpec supportedSpec(SSLSocket sslSocket, boolean isFallback) {
String[] cipherSuitesIntersection = cipherSuites != null
? intersect(CipherSuite.ORDER_BY_NAME, sslSocket.getEnabledCipherSuites(), cipherSuites)
: sslSocket.getEnabledCipherSuites();
String[] tlsVersionsIntersection = tlsVersions != null
? intersect(Util.NATURAL_ORDER, sslSocket.getEnabledProtocols(), tlsVersions)
: sslSocket.getEnabledProtocols();
// In accordance with https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00
// the SCSV cipher is added to signal that a protocol fallback has taken place.
String[] supportedCipherSuites = sslSocket.getSupportedCipherSuites();
int indexOfFallbackScsv = indexOf(
CipherSuite.ORDER_BY_NAME, supportedCipherSuites, "TLS_FALLBACK_SCSV");
if (isFallback && indexOfFallbackScsv != -1) {
cipherSuitesIntersection = concat(
cipherSuitesIntersection, supportedCipherSuites[indexOfFallbackScsv]);
}
return new Builder(this)
.cipherSuites(cipherSuitesIntersection)
.tlsVersions(tlsVersionsIntersection)
.build();
}
Example 10
| Source File: CipherTestUtils.java From TencentKona-8 with GNU General Public License v2.0 | 6 votes |
|
public static void printInfo(SSLSocket socket) {
System.out.println();
System.out.println("--- SSL Socket Info ---");
System.out.print(" SupportedProtocols : ");
printStringArray(socket.getSupportedProtocols());
System.out.println(" EnabledProtocols : "
+ socket.getEnabledProtocols()[0]);
System.out.print(" SupportedCipherSuites : ");
String[] supportedCipherSuites = socket.getEnabledCipherSuites();
Arrays.sort(supportedCipherSuites);
printStringArray(supportedCipherSuites);
System.out.println(" EnabledCipherSuites : "
+ socket.getEnabledCipherSuites()[0]);
System.out.println(" NeedClientAuth : "
+ socket.getNeedClientAuth());
System.out.println(" WantClientAuth : "
+ socket.getWantClientAuth());
System.out.println("-----------------------");
}
Example 11
| Source File: CipherTestUtils.java From dragonwell8_jdk with GNU General Public License v2.0 | 6 votes |
|
public static void printInfo(SSLSocket socket) {
System.out.println();
System.out.println("--- SSL Socket Info ---");
System.out.print(" SupportedProtocols : ");
printStringArray(socket.getSupportedProtocols());
System.out.println(" EnabledProtocols : "
+ socket.getEnabledProtocols()[0]);
System.out.print(" SupportedCipherSuites : ");
String[] supportedCipherSuites = socket.getEnabledCipherSuites();
Arrays.sort(supportedCipherSuites);
printStringArray(supportedCipherSuites);
System.out.println(" EnabledCipherSuites : "
+ socket.getEnabledCipherSuites()[0]);
System.out.println(" NeedClientAuth : "
+ socket.getNeedClientAuth());
System.out.println(" WantClientAuth : "
+ socket.getWantClientAuth());
System.out.println("-----------------------");
}
Example 12
| Source File: ConnectionSpec.java From grpc-nebula-java with Apache License 2.0 | 6 votes |
|
/**
* Returns {@code true} if the socket, as currently configured, supports this ConnectionSpec.
* In order for a socket to be compatible the enabled cipher suites and protocols must intersect.
*
* <p>For cipher suites, at least one of the {@link #cipherSuites() required cipher suites} must
* match the socket's enabled cipher suites. If there are no required cipher suites the socket
* must have at least one cipher suite enabled.
*
* <p>For protocols, at least one of the {@link #tlsVersions() required protocols} must match the
* socket's enabled protocols.
*/
public boolean isCompatible(SSLSocket socket) {
if (!tls) {
return false;
}
String[] enabledProtocols = socket.getEnabledProtocols();
boolean requiredProtocolsEnabled = nonEmptyIntersection(tlsVersions, enabledProtocols);
if (!requiredProtocolsEnabled) {
return false;
}
boolean requiredCiphersEnabled;
if (cipherSuites == null) {
requiredCiphersEnabled = socket.getEnabledCipherSuites().length > 0;
} else {
String[] enabledCipherSuites = socket.getEnabledCipherSuites();
requiredCiphersEnabled = nonEmptyIntersection(cipherSuites, enabledCipherSuites);
}
return requiredCiphersEnabled;
}
Example 13
| Source File: SSLManager.java From servicecomb-java-chassis with Apache License 2.0 | 5 votes |
|
public static String[] getEnalbedCiphers(String enabledCiphers) {
SSLOption option = new SSLOption();
option.setProtocols("TLSv1.2");
option.setCiphers(enabledCiphers);
SSLCustom custom = SSLCustom.defaultSSLCustom();
SSLSocket socket = createSSLSocket(option, custom);
return socket.getEnabledCipherSuites();
}
Example 14
| Source File: ConnectionSpec.java From grpc-nebula-java with Apache License 2.0 | 5 votes |
|
/**
* Returns a copy of this that omits cipher suites and TLS versions not enabled by
* {@code sslSocket}.
*/
private ConnectionSpec supportedSpec(SSLSocket sslSocket, boolean isFallback) {
String[] cipherSuitesToEnable = null;
if (cipherSuites != null) {
String[] cipherSuitesToSelectFrom = sslSocket.getEnabledCipherSuites();
cipherSuitesToEnable =
Util.intersect(String.class, cipherSuites, cipherSuitesToSelectFrom);
}
if (isFallback) {
// In accordance with https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00
// the SCSV cipher is added to signal that a protocol fallback has taken place.
final String fallbackScsv = "TLS_FALLBACK_SCSV";
boolean socketSupportsFallbackScsv =
Arrays.asList(sslSocket.getSupportedCipherSuites()).contains(fallbackScsv);
if (socketSupportsFallbackScsv) {
// Add the SCSV cipher to the set of enabled cipher suites iff it is supported.
String[] oldEnabledCipherSuites = cipherSuitesToEnable != null
? cipherSuitesToEnable
: sslSocket.getEnabledCipherSuites();
String[] newEnabledCipherSuites = new String[oldEnabledCipherSuites.length + 1];
System.arraycopy(oldEnabledCipherSuites, 0,
newEnabledCipherSuites, 0, oldEnabledCipherSuites.length);
newEnabledCipherSuites[newEnabledCipherSuites.length - 1] = fallbackScsv;
cipherSuitesToEnable = newEnabledCipherSuites;
}
}
String[] protocolsToSelectFrom = sslSocket.getEnabledProtocols();
String[] protocolsToEnable = Util.intersect(String.class, tlsVersions, protocolsToSelectFrom);
return new Builder(this)
.cipherSuites(cipherSuitesToEnable)
.tlsVersions(protocolsToEnable)
.build();
}
Example 15
| Source File: SSLSocketFactory.java From Popeens-DSub with GNU General Public License v3.0 | 5 votes |
|
private String[] getCiphers(SSLSocket sslSocket) {
String[] ciphers = sslSocket.getEnabledCipherSuites();
List<String> enabledCiphers = new ArrayList(Arrays.asList(ciphers));
// On Android 5.0 release, Jetty doesn't seem to play nice with these ciphers
// Issue seems to have been fixed in M, and now won't work without them. Because Google
if(Build.VERSION.SDK_INT >= Build.VERSION_CODES.LOLLIPOP && Build.VERSION.SDK_INT <= Build.VERSION_CODES.LOLLIPOP_MR1) {
enabledCiphers.remove("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA");
enabledCiphers.remove("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA");
}
ciphers = enabledCiphers.toArray(new String[enabledCiphers.size()]);
return ciphers;
}
Example 16
| Source File: SSLSocketTest.java From j2objc with Apache License 2.0 | 5 votes |
|
public void test_SSLSocket_setEnabledCipherSuites_storesCopy() throws Exception {
SSLSocketFactory sf = (SSLSocketFactory) SSLSocketFactory.getDefault();
SSLSocket ssl = (SSLSocket) sf.createSocket();
String[] array = new String[] {ssl.getEnabledCipherSuites()[0]};
String originalFirstElement = array[0];
ssl.setEnabledCipherSuites(array);
array[0] = "Modified after having been set";
assertEquals(originalFirstElement, ssl.getEnabledCipherSuites()[0]);
}
Example 17
| Source File: SSLSocketTest.java From j2objc with Apache License 2.0 | 5 votes |
|
public void test_SSLSocket_sendsTlsFallbackScsv_Fallback_Success() throws Exception {
TestSSLContext context = TestSSLContext.create();
final SSLSocket client = (SSLSocket)
context.clientContext.getSocketFactory().createSocket(context.host, context.port);
final SSLSocket server = (SSLSocket) context.serverSocket.accept();
final String[] serverCipherSuites = server.getEnabledCipherSuites();
final String[] clientCipherSuites = new String[serverCipherSuites.length + 1];
System.arraycopy(serverCipherSuites, 0, clientCipherSuites, 0, serverCipherSuites.length);
clientCipherSuites[serverCipherSuites.length] = StandardNames.CIPHER_SUITE_FALLBACK;
ExecutorService executor = Executors.newFixedThreadPool(2);
Future<Void> s = executor.submit(new Callable<Void>() {
public Void call() throws Exception {
server.setEnabledProtocols(new String[] { "TLSv1.2" });
server.setEnabledCipherSuites(serverCipherSuites);
server.startHandshake();
return null;
}
});
Future<Void> c = executor.submit(new Callable<Void>() {
public Void call() throws Exception {
client.setEnabledProtocols(new String[] { "TLSv1.2" });
client.setEnabledCipherSuites(clientCipherSuites);
client.startHandshake();
return null;
}
});
executor.shutdown();
s.get();
c.get();
client.close();
server.close();
context.close();
}
Example 18
| Source File: ConnectionSpec.java From grpc-java with Apache License 2.0 | 5 votes |
|
/**
* Returns a copy of this that omits cipher suites and TLS versions not enabled by
* {@code sslSocket}.
*/
private ConnectionSpec supportedSpec(SSLSocket sslSocket, boolean isFallback) {
String[] cipherSuitesToEnable = null;
if (cipherSuites != null) {
String[] cipherSuitesToSelectFrom = sslSocket.getEnabledCipherSuites();
cipherSuitesToEnable =
Util.intersect(String.class, cipherSuites, cipherSuitesToSelectFrom);
}
if (isFallback) {
// In accordance with https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00
// the SCSV cipher is added to signal that a protocol fallback has taken place.
final String fallbackScsv = "TLS_FALLBACK_SCSV";
boolean socketSupportsFallbackScsv =
Arrays.asList(sslSocket.getSupportedCipherSuites()).contains(fallbackScsv);
if (socketSupportsFallbackScsv) {
// Add the SCSV cipher to the set of enabled cipher suites iff it is supported.
String[] oldEnabledCipherSuites = cipherSuitesToEnable != null
? cipherSuitesToEnable
: sslSocket.getEnabledCipherSuites();
String[] newEnabledCipherSuites = new String[oldEnabledCipherSuites.length + 1];
System.arraycopy(oldEnabledCipherSuites, 0,
newEnabledCipherSuites, 0, oldEnabledCipherSuites.length);
newEnabledCipherSuites[newEnabledCipherSuites.length - 1] = fallbackScsv;
cipherSuitesToEnable = newEnabledCipherSuites;
}
}
String[] protocolsToSelectFrom = sslSocket.getEnabledProtocols();
String[] protocolsToEnable = Util.intersect(String.class, tlsVersions, protocolsToSelectFrom);
return new Builder(this)
.cipherSuites(cipherSuitesToEnable)
.tlsVersions(protocolsToEnable)
.build();
}
