Java Code Examples for javax.net.ssl.SSLSocket#setEnabledCipherSuites()
The following examples show how to use
javax.net.ssl.SSLSocket#setEnabledCipherSuites() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: FTPSClient.java From Aria with Apache License 2.0 | 6 votes |
|
/**
* Returns a socket of the data connection.
* Wrapped as an {@link SSLSocket}, which carries out handshake processing.
*
* @param command The textual representation of the FTP command to send.
* @param arg The arguments to the FTP command.
* If this parameter is set to null, then the command is sent with
* no arguments.
* @return corresponding to the established data connection.
* Null is returned if an FTP protocol error is reported at any point
* during the establishment and initialization of the connection.
* @throws IOException If there is any problem with the connection.
* @see FTPClient#_openDataConnection_(int, String)
* @since 3.2
*/
@Override protected Socket _openDataConnection_(String command, String arg) throws IOException {
Socket socket = super._openDataConnection_(command, arg);
_prepareDataSocket_(socket);
if (socket instanceof SSLSocket) {
SSLSocket sslSocket = (SSLSocket) socket;
sslSocket.setUseClientMode(isClientMode);
sslSocket.setEnableSessionCreation(isCreation);
// server mode
if (!isClientMode) {
sslSocket.setNeedClientAuth(isNeedClientAuth);
sslSocket.setWantClientAuth(isWantClientAuth);
}
if (suites != null) {
sslSocket.setEnabledCipherSuites(suites);
}
if (protocols != null) {
sslSocket.setEnabledProtocols(protocols);
}
sslSocket.startHandshake();
}
return socket;
}
Example 2
| Source File: SSLSocketFactory.java From Popeens-DSub with GNU General Public License v3.0 | 6 votes |
|
/**
* @since 4.1
*/
public Socket createLayeredSocket(
final Socket socket,
final String host,
final int port,
final boolean autoClose) throws IOException, UnknownHostException {
SSLSocket sslSocket = (SSLSocket) this.socketfactory.createSocket(
socket,
host,
port,
autoClose
);
sslSocket.setEnabledProtocols(getProtocols(sslSocket));
sslSocket.setEnabledCipherSuites(getCiphers(sslSocket));
if (this.hostnameVerifier != null) {
this.hostnameVerifier.verify(host, sslSocket);
}
// verifyHostName() didn't blowup - good!
return sslSocket;
}
Example 3
| Source File: SslRMIServerSocketFactory.java From jdk8u-jdk with GNU General Public License v2.0 | 6 votes |
|
/**
* <p>Creates a server socket that accepts SSL connections
* configured according to this factory's SSL socket configuration
* parameters.</p>
*/
public ServerSocket createServerSocket(int port) throws IOException {
final SSLSocketFactory sslSocketFactory =
context == null ?
getDefaultSSLSocketFactory() : context.getSocketFactory();
return new ServerSocket(port) {
public Socket accept() throws IOException {
Socket socket = super.accept();
SSLSocket sslSocket = (SSLSocket) sslSocketFactory.createSocket(
socket, socket.getInetAddress().getHostName(),
socket.getPort(), true);
sslSocket.setUseClientMode(false);
if (enabledCipherSuites != null) {
sslSocket.setEnabledCipherSuites(enabledCipherSuites);
}
if (enabledProtocols != null) {
sslSocket.setEnabledProtocols(enabledProtocols);
}
sslSocket.setNeedClientAuth(needClientAuth);
return sslSocket;
}
};
}
Example 4
| Source File: TLSSocketFactory.java From line-sdk-android with Apache License 2.0 | 6 votes |
|
public Socket wrapSocket(Socket socket) {
if (socket instanceof SSLSocket) {
if (BuildConfig.DEBUG) {
Log.v(TAG, "create wrapped socket", new Throwable("This is not Error."));
}
SSLSocket sslSock = (SSLSocket) socket;
sslSock.setEnabledProtocols(getProtocols());
if (removeUnsafeCiphers) {
String[] safeCiphers = removeUnsafeCiphers(sslSock.getEnabledCipherSuites());
sslSock.setEnabledCipherSuites(safeCiphers);
}
socket = new NoSSLv3SSLSocket(sslSock);
if (BuildConfig.DEBUG) {
((SSLSocket) socket).addHandshakeCompletedListener(new LoggingHandshakeCompletedListener());
}
}
return socket;
}
Example 5
| Source File: OpenAS2Servlet.java From OpenAs2App with BSD 2-Clause "Simplified" License | 5 votes |
|
public String remoteCommandCall(String command) throws UnknownHostException, IOException {
final InetAddress hostAddress = InetAddress.getByName(commandHostID);
SSLSocket s = (SSLSocket) SSLSocketFactory.getDefault()
.createSocket(hostAddress, commandPort);
final String cmdCipher = "TLS_DH_anon_WITH_AES_256_CBC_SHA";
String cipherSuites = System.getProperty("CmdProcessorSocketCipher", cmdCipher);
final String[] enabledCipherSuites = {cipherSuites};
try {
s.setEnabledCipherSuites(enabledCipherSuites);
} catch (IllegalArgumentException e) {
e.printStackTrace();
System.out.println("Cipher is not supported. " +
"Try using the command line switch -DCmdProcessorSocketCipher=<some cipher suite> " +
"to use one supported by your version of java security."
);
}
String cmd = new StringBuilder().append("<command id=\"")
.append(commandUserID)
.append("\" password=\"")
.append(commandPWD)
.append("\">")
.append(command)
.append("</command>\n")
.toString();
s.getOutputStream().write(cmd.getBytes());
s.getOutputStream().flush();
CharArrayWriter caw = new CharArrayWriter();
BufferedReader rdr = new BufferedReader(new InputStreamReader(s.getInputStream()));
String r;
while ((r = rdr.readLine()) != null) {
caw.write(r.toCharArray());
caw.write("\n");
}
s.close();
return caw.toString();
}
Example 6
| Source File: SSLSocketTest.java From j2objc with Apache License 2.0 | 5 votes |
|
public void test_SSLSocket_setEnabledCipherSuites_storesCopy() throws Exception {
SSLSocketFactory sf = (SSLSocketFactory) SSLSocketFactory.getDefault();
SSLSocket ssl = (SSLSocket) sf.createSocket();
String[] array = new String[] {ssl.getEnabledCipherSuites()[0]};
String originalFirstElement = array[0];
ssl.setEnabledCipherSuites(array);
array[0] = "Modified after having been set";
assertEquals(originalFirstElement, ssl.getEnabledCipherSuites()[0]);
}
Example 7
| Source File: SocketFactory.java From dacapobench with Apache License 2.0 | 5 votes |
|
/**
* Create an SSL client socket using the IOR-encoded
* security characteristics.
* Setting want/need client auth on a client socket has no effect so all we can do is use the right host, port, ciphers
*
* @param host The target host name.
* @param port The target connection port.
*
* @return An appropriately configured client SSLSocket.
* @exception IOException if ssl socket can't be obtained and configured.
*/
private Socket createSSLSocket(String host, int port, int requires, int supports) throws IOException {
SSLSocketFactory factory = getSocketFactory();
SSLSocket socket = (SSLSocket) factory.createSocket(host, port);
socket.setSoTimeout(SOCKET_TIMEOUT_MS);
// get a set of cipher suites appropriate for this connections requirements.
// We request this for each connection, since the outgoing IOR's requirements may be different from
// our server listener requirements.
String[] iorSuites = SSLCipherSuiteDatabase.getCipherSuites(requires, supports, factory.getSupportedCipherSuites());
socket.setEnabledCipherSuites(iorSuites);
if (log.isDebugEnabled()) {
log.debug("Created SSL socket to " + host + ":" + port);
log.debug(" cipher suites:");
for (int i = 0; i < iorSuites.length; i++) {
log.debug(" " + iorSuites[i]);
}
socket.addHandshakeCompletedListener(new HandshakeCompletedListener() {
public void handshakeCompleted(HandshakeCompletedEvent handshakeCompletedEvent) {
Certificate[] certs = handshakeCompletedEvent.getLocalCertificates();
if (certs != null) {
log.debug("handshake returned local certs count: " + certs.length);
for (int i = 0; i < certs.length; i++) {
Certificate cert = certs[i];
log.debug("cert: " + cert.toString());
}
} else {
log.debug("handshake returned no local certs");
}
}
});
}
return socket;
}
Example 8
| Source File: SSLSocketHelper.java From Pix-Art-Messenger with GNU General Public License v3.0 | 5 votes |
|
public static void setSecurity(final SSLSocket sslSocket) {
final String[] supportProtocols;
final Collection<String> supportedProtocols = new LinkedList<>(
Arrays.asList(sslSocket.getSupportedProtocols()));
supportedProtocols.remove("SSLv3");
supportProtocols = supportedProtocols.toArray(new String[supportedProtocols.size()]);
sslSocket.setEnabledProtocols(supportProtocols);
final String[] cipherSuites = CryptoHelper.getOrderedCipherSuites(
sslSocket.getSupportedCipherSuites());
if (cipherSuites.length > 0) {
sslSocket.setEnabledCipherSuites(cipherSuites);
}
}
Example 9
| Source File: HandshakeHashCloneExhaustion.java From jdk8u_jdk with GNU General Public License v2.0 | 5 votes |
|
@Override
protected void runServerApplication(SSLSocket socket) throws Exception {
socket.setNeedClientAuth(true);
socket.setEnabledProtocols(protocol);
socket.setEnabledCipherSuites(ciphersuite);
// here comes the test logic
InputStream sslIS = socket.getInputStream();
OutputStream sslOS = socket.getOutputStream();
sslIS.read();
sslOS.write(85);
sslOS.flush();
}
Example 10
| Source File: DisabledAlgorithms.java From openjdk-jdk8u-backup with GNU General Public License v2.0 | 5 votes |
|
static SSLClient init(int port, String ciphersuite)
throws NoSuchAlgorithmException, IOException {
SSLContext context = SSLContext.getDefault();
SSLSocketFactory ssf = (SSLSocketFactory)
context.getSocketFactory();
SSLSocket socket = (SSLSocket) ssf.createSocket("localhost", port);
if (ciphersuite != null) {
System.out.println("Client: enable cipher suite: "
+ ciphersuite);
socket.setEnabledCipherSuites(new String[] { ciphersuite });
}
return new SSLClient(socket);
}
Example 11
| Source File: GenericBlockCipher.java From openjdk-jdk9 with GNU General Public License v2.0 | 5 votes |
|
void doClientSide() throws Exception {
/*
* Wait for server to get started.
*/
while (!serverReady) {
Thread.sleep(50);
}
SSLSocketFactory sslsf =
(SSLSocketFactory) SSLSocketFactory.getDefault();
SSLSocket sslSocket = (SSLSocket)
sslsf.createSocket("localhost", serverPort);
// enable TLSv1.1 only
sslSocket.setEnabledProtocols(new String[] {"TLSv1.1"});
// enable a block cipher
sslSocket.setEnabledCipherSuites(
new String[] {"TLS_RSA_WITH_AES_128_CBC_SHA"});
InputStream sslIS = sslSocket.getInputStream();
OutputStream sslOS = sslSocket.getOutputStream();
sslOS.write('B');
sslOS.flush();
sslIS.read();
sslSocket.close();
}
Example 12
| Source File: DisabledAlgorithms.java From jdk8u_jdk with GNU General Public License v2.0 | 5 votes |
|
static SSLClient init(int port, String ciphersuite)
throws NoSuchAlgorithmException, IOException {
SSLContext context = SSLContext.getDefault();
SSLSocketFactory ssf = (SSLSocketFactory)
context.getSocketFactory();
SSLSocket socket = (SSLSocket) ssf.createSocket("localhost", port);
if (ciphersuite != null) {
System.out.println("Client: enable cipher suite: "
+ ciphersuite);
socket.setEnabledCipherSuites(new String[] { ciphersuite });
}
return new SSLClient(socket);
}
Example 13
| Source File: SSLUtils.java From ssltest with Apache License 2.0 | 5 votes |
|
private SSLSocket customize(Socket s)
{
SSLSocket socket = (SSLSocket)s;
if(null != _sslEnabledProtocols)
socket.setEnabledProtocols(_sslEnabledProtocols);
socket.setEnabledCipherSuites(_sslCipherSuites);
return socket;
}
Example 14
| Source File: StartTlsResponseImpl.java From openjdk-8 with GNU General Public License v2.0 | 4 votes |
|
private SSLSocket startHandshake(SSLSocketFactory factory)
throws IOException {
if (ldapConnection == null) {
throw new IllegalStateException("LDAP connection has not been set."
+ " TLS requires an existing LDAP connection.");
}
if (factory != currentFactory) {
// Create SSL socket layered over the existing connection
sslSocket = (SSLSocket) factory.createSocket(ldapConnection.sock,
ldapConnection.host, ldapConnection.port, false);
currentFactory = factory;
if (debug) {
System.out.println("StartTLS: Created socket : " + sslSocket);
}
}
if (suites != null) {
sslSocket.setEnabledCipherSuites(suites);
if (debug) {
System.out.println("StartTLS: Enabled cipher suites");
}
}
// Connection must be quite for handshake to proceed
try {
if (debug) {
System.out.println(
"StartTLS: Calling sslSocket.startHandshake");
}
sslSocket.startHandshake();
if (debug) {
System.out.println(
"StartTLS: + Finished sslSocket.startHandshake");
}
// Replace original streams with the new SSL streams
ldapConnection.replaceStreams(sslSocket.getInputStream(),
sslSocket.getOutputStream());
if (debug) {
System.out.println("StartTLS: Replaced IO Streams");
}
} catch (IOException e) {
if (debug) {
System.out.println("StartTLS: Got IO error during handshake");
e.printStackTrace();
}
sslSocket.close();
isClosed = true;
throw e; // pass up exception
}
return sslSocket;
}
Example 15
| Source File: SSLConfig.java From dropbox-sdk-java with MIT License | 4 votes |
|
private static void limitProtocolsAndCiphers(SSLSocket socket) throws SSLException {
socket.setEnabledProtocols(getFilteredProtocols(socket.getEnabledProtocols()));
socket.setEnabledCipherSuites(getFilteredCipherSuites(socket.getEnabledCipherSuites()));
}
Example 16
| Source File: ExportableBlockCipher.java From openjdk-jdk9 with GNU General Public License v2.0 | 4 votes |
|
void doClientSide() throws Exception {
/*
* Wait for server to get started.
*/
while (!serverReady) {
Thread.sleep(50);
}
SSLSocketFactory sslsf =
(SSLSocketFactory) SSLSocketFactory.getDefault();
SSLSocket sslSocket = (SSLSocket)
sslsf.createSocket("localhost", serverPort);
// enable TLSv1.1 only
sslSocket.setEnabledProtocols(new String[] {"TLSv1.1"});
// enable a exportable block cipher
sslSocket.setEnabledCipherSuites(
new String[] {"SSL_RSA_EXPORT_WITH_DES40_CBC_SHA"});
InputStream sslIS = sslSocket.getInputStream();
OutputStream sslOS = sslSocket.getOutputStream();
boolean interrupted = false;
try {
sslOS.write('B');
sslOS.flush();
sslIS.read();
} catch (SSLException ssle) {
// get the expected exception
interrupted = true;
} finally {
sslSocket.close();
}
if (!interrupted) {
throw new SSLHandshakeException(
"A weak cipher suite is negotiated, " +
"TLSv1.1 must not negotiate the exportable cipher suites.");
}
}
Example 17
| Source File: StartTlsResponseImpl.java From TencentKona-8 with GNU General Public License v2.0 | 4 votes |
|
private SSLSocket startHandshake(SSLSocketFactory factory)
throws IOException {
if (ldapConnection == null) {
throw new IllegalStateException("LDAP connection has not been set."
+ " TLS requires an existing LDAP connection.");
}
if (factory != currentFactory) {
// Create SSL socket layered over the existing connection
sslSocket = (SSLSocket) factory.createSocket(ldapConnection.sock,
ldapConnection.host, ldapConnection.port, false);
currentFactory = factory;
if (debug) {
System.out.println("StartTLS: Created socket : " + sslSocket);
}
}
if (suites != null) {
sslSocket.setEnabledCipherSuites(suites);
if (debug) {
System.out.println("StartTLS: Enabled cipher suites");
}
}
// Connection must be quite for handshake to proceed
try {
if (debug) {
System.out.println(
"StartTLS: Calling sslSocket.startHandshake");
}
sslSocket.startHandshake();
if (debug) {
System.out.println(
"StartTLS: + Finished sslSocket.startHandshake");
}
// Replace original streams with the new SSL streams
ldapConnection.replaceStreams(sslSocket.getInputStream(),
sslSocket.getOutputStream());
if (debug) {
System.out.println("StartTLS: Replaced IO Streams");
}
} catch (IOException e) {
if (debug) {
System.out.println("StartTLS: Got IO error during handshake");
e.printStackTrace();
}
sslSocket.close();
isClosed = true;
throw e; // pass up exception
}
return sslSocket;
}
Example 18
| Source File: StartTlsResponseImpl.java From jdk8u60 with GNU General Public License v2.0 | 4 votes |
|
private SSLSocket startHandshake(SSLSocketFactory factory)
throws IOException {
if (ldapConnection == null) {
throw new IllegalStateException("LDAP connection has not been set."
+ " TLS requires an existing LDAP connection.");
}
if (factory != currentFactory) {
// Create SSL socket layered over the existing connection
sslSocket = (SSLSocket) factory.createSocket(ldapConnection.sock,
ldapConnection.host, ldapConnection.port, false);
currentFactory = factory;
if (debug) {
System.out.println("StartTLS: Created socket : " + sslSocket);
}
}
if (suites != null) {
sslSocket.setEnabledCipherSuites(suites);
if (debug) {
System.out.println("StartTLS: Enabled cipher suites");
}
}
// Connection must be quite for handshake to proceed
try {
if (debug) {
System.out.println(
"StartTLS: Calling sslSocket.startHandshake");
}
sslSocket.startHandshake();
if (debug) {
System.out.println(
"StartTLS: + Finished sslSocket.startHandshake");
}
// Replace original streams with the new SSL streams
ldapConnection.replaceStreams(sslSocket.getInputStream(),
sslSocket.getOutputStream());
if (debug) {
System.out.println("StartTLS: Replaced IO Streams");
}
} catch (IOException e) {
if (debug) {
System.out.println("StartTLS: Got IO error during handshake");
e.printStackTrace();
}
sslSocket.close();
isClosed = true;
throw e; // pass up exception
}
return sslSocket;
}
Example 19
| Source File: StartTlsResponseImpl.java From jdk8u-jdk with GNU General Public License v2.0 | 4 votes |
|
private SSLSocket startHandshake(SSLSocketFactory factory)
throws IOException {
if (ldapConnection == null) {
throw new IllegalStateException("LDAP connection has not been set."
+ " TLS requires an existing LDAP connection.");
}
if (factory != currentFactory) {
// Create SSL socket layered over the existing connection
sslSocket = (SSLSocket) factory.createSocket(ldapConnection.sock,
ldapConnection.host, ldapConnection.port, false);
currentFactory = factory;
if (debug) {
System.out.println("StartTLS: Created socket : " + sslSocket);
}
}
if (suites != null) {
sslSocket.setEnabledCipherSuites(suites);
if (debug) {
System.out.println("StartTLS: Enabled cipher suites");
}
}
// Connection must be quite for handshake to proceed
try {
if (debug) {
System.out.println(
"StartTLS: Calling sslSocket.startHandshake");
}
sslSocket.startHandshake();
if (debug) {
System.out.println(
"StartTLS: + Finished sslSocket.startHandshake");
}
// Replace original streams with the new SSL streams
ldapConnection.replaceStreams(sslSocket.getInputStream(),
sslSocket.getOutputStream());
if (debug) {
System.out.println("StartTLS: Replaced IO Streams");
}
} catch (IOException e) {
if (debug) {
System.out.println("StartTLS: Got IO error during handshake");
e.printStackTrace();
}
sslSocket.close();
isClosed = true;
throw e; // pass up exception
}
return sslSocket;
}
Example 20
| Source File: StartTlsResponseImpl.java From jdk8u-dev-jdk with GNU General Public License v2.0 | 4 votes |
|
private SSLSocket startHandshake(SSLSocketFactory factory)
throws IOException {
if (ldapConnection == null) {
throw new IllegalStateException("LDAP connection has not been set."
+ " TLS requires an existing LDAP connection.");
}
if (factory != currentFactory) {
// Create SSL socket layered over the existing connection
sslSocket = (SSLSocket) factory.createSocket(ldapConnection.sock,
ldapConnection.host, ldapConnection.port, false);
currentFactory = factory;
if (debug) {
System.out.println("StartTLS: Created socket : " + sslSocket);
}
}
if (suites != null) {
sslSocket.setEnabledCipherSuites(suites);
if (debug) {
System.out.println("StartTLS: Enabled cipher suites");
}
}
// Connection must be quite for handshake to proceed
try {
if (debug) {
System.out.println(
"StartTLS: Calling sslSocket.startHandshake");
}
sslSocket.startHandshake();
if (debug) {
System.out.println(
"StartTLS: + Finished sslSocket.startHandshake");
}
// Replace original streams with the new SSL streams
ldapConnection.replaceStreams(sslSocket.getInputStream(),
sslSocket.getOutputStream());
if (debug) {
System.out.println("StartTLS: Replaced IO Streams");
}
} catch (IOException e) {
if (debug) {
System.out.println("StartTLS: Got IO error during handshake");
e.printStackTrace();
}
sslSocket.close();
isClosed = true;
throw e; // pass up exception
}
return sslSocket;
}
