Java Code Examples for javax.net.ssl.SSLSocket#setEnabledCipherSuites()

The following examples show how to use javax.net.ssl.SSLSocket#setEnabledCipherSuites() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: FTPSClient.java    From Aria with Apache License 2.0 6 votes vote down vote up
/**
 * Returns a socket of the data connection.
 * Wrapped as an {@link SSLSocket}, which carries out handshake processing.
 *
 * @param command The textual representation of the FTP command to send.
 * @param arg The arguments to the FTP command.
 * If this parameter is set to null, then the command is sent with
 * no arguments.
 * @return corresponding to the established data connection.
 * Null is returned if an FTP protocol error is reported at any point
 * during the establishment and initialization of the connection.
 * @throws IOException If there is any problem with the connection.
 * @see FTPClient#_openDataConnection_(int, String)
 * @since 3.2
 */
@Override protected Socket _openDataConnection_(String command, String arg) throws IOException {
  Socket socket = super._openDataConnection_(command, arg);
  _prepareDataSocket_(socket);
  if (socket instanceof SSLSocket) {
    SSLSocket sslSocket = (SSLSocket) socket;

    sslSocket.setUseClientMode(isClientMode);
    sslSocket.setEnableSessionCreation(isCreation);

    // server mode
    if (!isClientMode) {
      sslSocket.setNeedClientAuth(isNeedClientAuth);
      sslSocket.setWantClientAuth(isWantClientAuth);
    }
    if (suites != null) {
      sslSocket.setEnabledCipherSuites(suites);
    }
    if (protocols != null) {
      sslSocket.setEnabledProtocols(protocols);
    }
    sslSocket.startHandshake();
  }

  return socket;
}
 
Example 2
Source File: SSLSocketFactory.java    From Popeens-DSub with GNU General Public License v3.0 6 votes vote down vote up
/**
   * @since 4.1
   */
  public Socket createLayeredSocket(
      final Socket socket,
      final String host,
      final int port,
      final boolean autoClose) throws IOException, UnknownHostException {
      SSLSocket sslSocket = (SSLSocket) this.socketfactory.createSocket(
            socket,
            host,
            port,
            autoClose
      );
sslSocket.setEnabledProtocols(getProtocols(sslSocket));
sslSocket.setEnabledCipherSuites(getCiphers(sslSocket));
      if (this.hostnameVerifier != null) {
          this.hostnameVerifier.verify(host, sslSocket);
      }
      // verifyHostName() didn't blowup - good!
      return sslSocket;
  }
 
Example 3
Source File: SslRMIServerSocketFactory.java    From jdk8u-jdk with GNU General Public License v2.0 6 votes vote down vote up
/**
 * <p>Creates a server socket that accepts SSL connections
 * configured according to this factory's SSL socket configuration
 * parameters.</p>
 */
public ServerSocket createServerSocket(int port) throws IOException {
    final SSLSocketFactory sslSocketFactory =
            context == null ?
                getDefaultSSLSocketFactory() : context.getSocketFactory();
    return new ServerSocket(port) {
        public Socket accept() throws IOException {
            Socket socket = super.accept();
            SSLSocket sslSocket = (SSLSocket) sslSocketFactory.createSocket(
                    socket, socket.getInetAddress().getHostName(),
                    socket.getPort(), true);
            sslSocket.setUseClientMode(false);
            if (enabledCipherSuites != null) {
                sslSocket.setEnabledCipherSuites(enabledCipherSuites);
            }
            if (enabledProtocols != null) {
                sslSocket.setEnabledProtocols(enabledProtocols);
            }
            sslSocket.setNeedClientAuth(needClientAuth);
            return sslSocket;
        }
    };
}
 
Example 4
Source File: TLSSocketFactory.java    From line-sdk-android with Apache License 2.0 6 votes vote down vote up
public Socket wrapSocket(Socket socket) {
    if (socket instanceof SSLSocket) {
        if (BuildConfig.DEBUG) {
            Log.v(TAG, "create wrapped socket", new Throwable("This is not Error."));
        }

        SSLSocket sslSock = (SSLSocket) socket;
        sslSock.setEnabledProtocols(getProtocols());
        if (removeUnsafeCiphers) {
            String[] safeCiphers = removeUnsafeCiphers(sslSock.getEnabledCipherSuites());
            sslSock.setEnabledCipherSuites(safeCiphers);
        }
        socket = new NoSSLv3SSLSocket(sslSock);

        if (BuildConfig.DEBUG) {
            ((SSLSocket) socket).addHandshakeCompletedListener(new LoggingHandshakeCompletedListener());
        }
    }

    return socket;
}
 
Example 5
Source File: OpenAS2Servlet.java    From OpenAs2App with BSD 2-Clause "Simplified" License 5 votes vote down vote up
public String remoteCommandCall(String command) throws UnknownHostException, IOException {
    final InetAddress hostAddress = InetAddress.getByName(commandHostID);
    SSLSocket s = (SSLSocket) SSLSocketFactory.getDefault()
                                              .createSocket(hostAddress, commandPort);
    final String cmdCipher = "TLS_DH_anon_WITH_AES_256_CBC_SHA";
    String cipherSuites = System.getProperty("CmdProcessorSocketCipher", cmdCipher);
    final String[] enabledCipherSuites = {cipherSuites};
    try {
        s.setEnabledCipherSuites(enabledCipherSuites);
    } catch (IllegalArgumentException e) {
        e.printStackTrace();
        System.out.println("Cipher is not supported. " +
            "Try using the command line switch -DCmdProcessorSocketCipher=<some cipher suite> " +
            "to use one supported by your version of java security."
        );
    }
    String cmd = new StringBuilder().append("<command id=\"")
                                    .append(commandUserID)
                                    .append("\" password=\"")
                                    .append(commandPWD)
                                    .append("\">")
                                    .append(command)
                                    .append("</command>\n")
                                    .toString();
    s.getOutputStream().write(cmd.getBytes());
    s.getOutputStream().flush();
    CharArrayWriter caw = new CharArrayWriter();
    BufferedReader rdr = new BufferedReader(new InputStreamReader(s.getInputStream()));
    String r;
    while ((r = rdr.readLine()) != null) {
        caw.write(r.toCharArray());
        caw.write("\n");
    }
    s.close();
    return caw.toString();
}
 
Example 6
Source File: SSLSocketTest.java    From j2objc with Apache License 2.0 5 votes vote down vote up
public void test_SSLSocket_setEnabledCipherSuites_storesCopy() throws Exception {
    SSLSocketFactory sf = (SSLSocketFactory) SSLSocketFactory.getDefault();
    SSLSocket ssl = (SSLSocket) sf.createSocket();
    String[] array = new String[] {ssl.getEnabledCipherSuites()[0]};
    String originalFirstElement = array[0];
    ssl.setEnabledCipherSuites(array);
    array[0] = "Modified after having been set";
    assertEquals(originalFirstElement, ssl.getEnabledCipherSuites()[0]);
}
 
Example 7
Source File: SocketFactory.java    From dacapobench with Apache License 2.0 5 votes vote down vote up
/**
 * Create an SSL client socket using the IOR-encoded
 * security characteristics.
 * Setting want/need client auth on a client socket has no effect so all we can do is use the right host, port, ciphers
 *
 * @param host     The target host name.
 * @param port     The target connection port.
 *
 * @return An appropriately configured client SSLSocket.
 * @exception IOException if ssl socket can't be obtained and configured.
 */
private Socket createSSLSocket(String host, int port, int requires, int supports) throws IOException {
    SSLSocketFactory factory = getSocketFactory();
    SSLSocket socket = (SSLSocket) factory.createSocket(host, port);

    socket.setSoTimeout(SOCKET_TIMEOUT_MS);

    // get a set of cipher suites appropriate for this connections requirements.
    // We request this for each connection, since the outgoing IOR's requirements may be different from
    // our server listener requirements.
    String[] iorSuites = SSLCipherSuiteDatabase.getCipherSuites(requires, supports, factory.getSupportedCipherSuites());
    socket.setEnabledCipherSuites(iorSuites);
    if (log.isDebugEnabled()) {
        log.debug("Created SSL socket to " + host + ":" + port);
        log.debug("    cipher suites:");

        for (int i = 0; i < iorSuites.length; i++) {
            log.debug("    " + iorSuites[i]);
        }
        socket.addHandshakeCompletedListener(new HandshakeCompletedListener() {

            public void handshakeCompleted(HandshakeCompletedEvent handshakeCompletedEvent) {
                Certificate[] certs = handshakeCompletedEvent.getLocalCertificates();
                if (certs != null) {
                    log.debug("handshake returned local certs count: " + certs.length);
                    for (int i = 0; i < certs.length; i++) {
                        Certificate cert = certs[i];
                        log.debug("cert: " + cert.toString());
                    }
                } else {
                    log.debug("handshake returned no local certs");
                }
            }
        });
    }
    return socket;
}
 
Example 8
Source File: SSLSocketHelper.java    From Pix-Art-Messenger with GNU General Public License v3.0 5 votes vote down vote up
public static void setSecurity(final SSLSocket sslSocket) {
    final String[] supportProtocols;
    final Collection<String> supportedProtocols = new LinkedList<>(
            Arrays.asList(sslSocket.getSupportedProtocols()));
    supportedProtocols.remove("SSLv3");
    supportProtocols = supportedProtocols.toArray(new String[supportedProtocols.size()]);

    sslSocket.setEnabledProtocols(supportProtocols);

    final String[] cipherSuites = CryptoHelper.getOrderedCipherSuites(
            sslSocket.getSupportedCipherSuites());
    if (cipherSuites.length > 0) {
        sslSocket.setEnabledCipherSuites(cipherSuites);
    }
}
 
Example 9
Source File: HandshakeHashCloneExhaustion.java    From jdk8u_jdk with GNU General Public License v2.0 5 votes vote down vote up
@Override
protected void runServerApplication(SSLSocket socket) throws Exception {
    socket.setNeedClientAuth(true);
    socket.setEnabledProtocols(protocol);
    socket.setEnabledCipherSuites(ciphersuite);

    // here comes the test logic
    InputStream sslIS = socket.getInputStream();
    OutputStream sslOS = socket.getOutputStream();

    sslIS.read();
    sslOS.write(85);
    sslOS.flush();
}
 
Example 10
Source File: DisabledAlgorithms.java    From openjdk-jdk8u-backup with GNU General Public License v2.0 5 votes vote down vote up
static SSLClient init(int port, String ciphersuite)
        throws NoSuchAlgorithmException, IOException {
    SSLContext context = SSLContext.getDefault();
    SSLSocketFactory ssf = (SSLSocketFactory)
            context.getSocketFactory();
    SSLSocket socket = (SSLSocket) ssf.createSocket("localhost", port);

    if (ciphersuite != null) {
        System.out.println("Client: enable cipher suite: "
                + ciphersuite);
        socket.setEnabledCipherSuites(new String[] { ciphersuite });
    }

    return new SSLClient(socket);
}
 
Example 11
Source File: GenericBlockCipher.java    From openjdk-jdk9 with GNU General Public License v2.0 5 votes vote down vote up
void doClientSide() throws Exception {

        /*
         * Wait for server to get started.
         */
        while (!serverReady) {
            Thread.sleep(50);
        }

        SSLSocketFactory sslsf =
            (SSLSocketFactory) SSLSocketFactory.getDefault();
        SSLSocket sslSocket = (SSLSocket)
            sslsf.createSocket("localhost", serverPort);

        // enable TLSv1.1 only
        sslSocket.setEnabledProtocols(new String[] {"TLSv1.1"});

        // enable a block cipher
        sslSocket.setEnabledCipherSuites(
            new String[] {"TLS_RSA_WITH_AES_128_CBC_SHA"});

        InputStream sslIS = sslSocket.getInputStream();
        OutputStream sslOS = sslSocket.getOutputStream();

        sslOS.write('B');
        sslOS.flush();
        sslIS.read();

        sslSocket.close();
    }
 
Example 12
Source File: DisabledAlgorithms.java    From jdk8u_jdk with GNU General Public License v2.0 5 votes vote down vote up
static SSLClient init(int port, String ciphersuite)
        throws NoSuchAlgorithmException, IOException {
    SSLContext context = SSLContext.getDefault();
    SSLSocketFactory ssf = (SSLSocketFactory)
            context.getSocketFactory();
    SSLSocket socket = (SSLSocket) ssf.createSocket("localhost", port);

    if (ciphersuite != null) {
        System.out.println("Client: enable cipher suite: "
                + ciphersuite);
        socket.setEnabledCipherSuites(new String[] { ciphersuite });
    }

    return new SSLClient(socket);
}
 
Example 13
Source File: SSLUtils.java    From ssltest with Apache License 2.0 5 votes vote down vote up
private SSLSocket customize(Socket s)
{
    SSLSocket socket = (SSLSocket)s;

    if(null != _sslEnabledProtocols)
        socket.setEnabledProtocols(_sslEnabledProtocols);

    socket.setEnabledCipherSuites(_sslCipherSuites);

    return socket;
}
 
Example 14
Source File: StartTlsResponseImpl.java    From openjdk-8 with GNU General Public License v2.0 4 votes vote down vote up
private SSLSocket startHandshake(SSLSocketFactory factory)
    throws IOException {

    if (ldapConnection == null) {
        throw new IllegalStateException("LDAP connection has not been set."
            + " TLS requires an existing LDAP connection.");
    }

    if (factory != currentFactory) {
        // Create SSL socket layered over the existing connection
        sslSocket = (SSLSocket) factory.createSocket(ldapConnection.sock,
            ldapConnection.host, ldapConnection.port, false);
        currentFactory = factory;

        if (debug) {
            System.out.println("StartTLS: Created socket : " + sslSocket);
        }
    }

    if (suites != null) {
        sslSocket.setEnabledCipherSuites(suites);
        if (debug) {
            System.out.println("StartTLS: Enabled cipher suites");
        }
    }

    // Connection must be quite for handshake to proceed

    try {
        if (debug) {
            System.out.println(
                    "StartTLS: Calling sslSocket.startHandshake");
        }
        sslSocket.startHandshake();
        if (debug) {
            System.out.println(
                    "StartTLS: + Finished sslSocket.startHandshake");
        }

        // Replace original streams with the new SSL streams
        ldapConnection.replaceStreams(sslSocket.getInputStream(),
            sslSocket.getOutputStream());
        if (debug) {
            System.out.println("StartTLS: Replaced IO Streams");
        }

    } catch (IOException e) {
        if (debug) {
            System.out.println("StartTLS: Got IO error during handshake");
            e.printStackTrace();
        }

        sslSocket.close();
        isClosed = true;
        throw e;   // pass up exception
    }

    return sslSocket;
}
 
Example 15
Source File: SSLConfig.java    From dropbox-sdk-java with MIT License 4 votes vote down vote up
private static void limitProtocolsAndCiphers(SSLSocket socket) throws SSLException {
    socket.setEnabledProtocols(getFilteredProtocols(socket.getEnabledProtocols()));
    socket.setEnabledCipherSuites(getFilteredCipherSuites(socket.getEnabledCipherSuites()));
}
 
Example 16
Source File: ExportableBlockCipher.java    From openjdk-jdk9 with GNU General Public License v2.0 4 votes vote down vote up
void doClientSide() throws Exception {

        /*
         * Wait for server to get started.
         */
        while (!serverReady) {
            Thread.sleep(50);
        }

        SSLSocketFactory sslsf =
            (SSLSocketFactory) SSLSocketFactory.getDefault();
        SSLSocket sslSocket = (SSLSocket)
            sslsf.createSocket("localhost", serverPort);

        // enable TLSv1.1 only
        sslSocket.setEnabledProtocols(new String[] {"TLSv1.1"});

        // enable a exportable block cipher
        sslSocket.setEnabledCipherSuites(
            new String[] {"SSL_RSA_EXPORT_WITH_DES40_CBC_SHA"});

        InputStream sslIS = sslSocket.getInputStream();
        OutputStream sslOS = sslSocket.getOutputStream();

        boolean interrupted = false;
        try {
            sslOS.write('B');
            sslOS.flush();
            sslIS.read();
        } catch (SSLException ssle) {
            // get the expected exception
            interrupted = true;
        } finally {
            sslSocket.close();
        }

        if (!interrupted) {
            throw new SSLHandshakeException(
                "A weak cipher suite is negotiated, " +
                "TLSv1.1 must not negotiate the exportable cipher suites.");
        }
    }
 
Example 17
Source File: StartTlsResponseImpl.java    From TencentKona-8 with GNU General Public License v2.0 4 votes vote down vote up
private SSLSocket startHandshake(SSLSocketFactory factory)
    throws IOException {

    if (ldapConnection == null) {
        throw new IllegalStateException("LDAP connection has not been set."
            + " TLS requires an existing LDAP connection.");
    }

    if (factory != currentFactory) {
        // Create SSL socket layered over the existing connection
        sslSocket = (SSLSocket) factory.createSocket(ldapConnection.sock,
            ldapConnection.host, ldapConnection.port, false);
        currentFactory = factory;

        if (debug) {
            System.out.println("StartTLS: Created socket : " + sslSocket);
        }
    }

    if (suites != null) {
        sslSocket.setEnabledCipherSuites(suites);
        if (debug) {
            System.out.println("StartTLS: Enabled cipher suites");
        }
    }

    // Connection must be quite for handshake to proceed

    try {
        if (debug) {
            System.out.println(
                    "StartTLS: Calling sslSocket.startHandshake");
        }
        sslSocket.startHandshake();
        if (debug) {
            System.out.println(
                    "StartTLS: + Finished sslSocket.startHandshake");
        }

        // Replace original streams with the new SSL streams
        ldapConnection.replaceStreams(sslSocket.getInputStream(),
            sslSocket.getOutputStream());
        if (debug) {
            System.out.println("StartTLS: Replaced IO Streams");
        }

    } catch (IOException e) {
        if (debug) {
            System.out.println("StartTLS: Got IO error during handshake");
            e.printStackTrace();
        }

        sslSocket.close();
        isClosed = true;
        throw e;   // pass up exception
    }

    return sslSocket;
}
 
Example 18
Source File: StartTlsResponseImpl.java    From jdk8u60 with GNU General Public License v2.0 4 votes vote down vote up
private SSLSocket startHandshake(SSLSocketFactory factory)
    throws IOException {

    if (ldapConnection == null) {
        throw new IllegalStateException("LDAP connection has not been set."
            + " TLS requires an existing LDAP connection.");
    }

    if (factory != currentFactory) {
        // Create SSL socket layered over the existing connection
        sslSocket = (SSLSocket) factory.createSocket(ldapConnection.sock,
            ldapConnection.host, ldapConnection.port, false);
        currentFactory = factory;

        if (debug) {
            System.out.println("StartTLS: Created socket : " + sslSocket);
        }
    }

    if (suites != null) {
        sslSocket.setEnabledCipherSuites(suites);
        if (debug) {
            System.out.println("StartTLS: Enabled cipher suites");
        }
    }

    // Connection must be quite for handshake to proceed

    try {
        if (debug) {
            System.out.println(
                    "StartTLS: Calling sslSocket.startHandshake");
        }
        sslSocket.startHandshake();
        if (debug) {
            System.out.println(
                    "StartTLS: + Finished sslSocket.startHandshake");
        }

        // Replace original streams with the new SSL streams
        ldapConnection.replaceStreams(sslSocket.getInputStream(),
            sslSocket.getOutputStream());
        if (debug) {
            System.out.println("StartTLS: Replaced IO Streams");
        }

    } catch (IOException e) {
        if (debug) {
            System.out.println("StartTLS: Got IO error during handshake");
            e.printStackTrace();
        }

        sslSocket.close();
        isClosed = true;
        throw e;   // pass up exception
    }

    return sslSocket;
}
 
Example 19
Source File: StartTlsResponseImpl.java    From jdk8u-jdk with GNU General Public License v2.0 4 votes vote down vote up
private SSLSocket startHandshake(SSLSocketFactory factory)
    throws IOException {

    if (ldapConnection == null) {
        throw new IllegalStateException("LDAP connection has not been set."
            + " TLS requires an existing LDAP connection.");
    }

    if (factory != currentFactory) {
        // Create SSL socket layered over the existing connection
        sslSocket = (SSLSocket) factory.createSocket(ldapConnection.sock,
            ldapConnection.host, ldapConnection.port, false);
        currentFactory = factory;

        if (debug) {
            System.out.println("StartTLS: Created socket : " + sslSocket);
        }
    }

    if (suites != null) {
        sslSocket.setEnabledCipherSuites(suites);
        if (debug) {
            System.out.println("StartTLS: Enabled cipher suites");
        }
    }

    // Connection must be quite for handshake to proceed

    try {
        if (debug) {
            System.out.println(
                    "StartTLS: Calling sslSocket.startHandshake");
        }
        sslSocket.startHandshake();
        if (debug) {
            System.out.println(
                    "StartTLS: + Finished sslSocket.startHandshake");
        }

        // Replace original streams with the new SSL streams
        ldapConnection.replaceStreams(sslSocket.getInputStream(),
            sslSocket.getOutputStream());
        if (debug) {
            System.out.println("StartTLS: Replaced IO Streams");
        }

    } catch (IOException e) {
        if (debug) {
            System.out.println("StartTLS: Got IO error during handshake");
            e.printStackTrace();
        }

        sslSocket.close();
        isClosed = true;
        throw e;   // pass up exception
    }

    return sslSocket;
}
 
Example 20
Source File: StartTlsResponseImpl.java    From jdk8u-dev-jdk with GNU General Public License v2.0 4 votes vote down vote up
private SSLSocket startHandshake(SSLSocketFactory factory)
    throws IOException {

    if (ldapConnection == null) {
        throw new IllegalStateException("LDAP connection has not been set."
            + " TLS requires an existing LDAP connection.");
    }

    if (factory != currentFactory) {
        // Create SSL socket layered over the existing connection
        sslSocket = (SSLSocket) factory.createSocket(ldapConnection.sock,
            ldapConnection.host, ldapConnection.port, false);
        currentFactory = factory;

        if (debug) {
            System.out.println("StartTLS: Created socket : " + sslSocket);
        }
    }

    if (suites != null) {
        sslSocket.setEnabledCipherSuites(suites);
        if (debug) {
            System.out.println("StartTLS: Enabled cipher suites");
        }
    }

    // Connection must be quite for handshake to proceed

    try {
        if (debug) {
            System.out.println(
                    "StartTLS: Calling sslSocket.startHandshake");
        }
        sslSocket.startHandshake();
        if (debug) {
            System.out.println(
                    "StartTLS: + Finished sslSocket.startHandshake");
        }

        // Replace original streams with the new SSL streams
        ldapConnection.replaceStreams(sslSocket.getInputStream(),
            sslSocket.getOutputStream());
        if (debug) {
            System.out.println("StartTLS: Replaced IO Streams");
        }

    } catch (IOException e) {
        if (debug) {
            System.out.println("StartTLS: Got IO error during handshake");
            e.printStackTrace();
        }

        sslSocket.close();
        isClosed = true;
        throw e;   // pass up exception
    }

    return sslSocket;
}