Java Code Examples for javax.net.ssl.SSLServerSocket#setEnabledProtocols()
The following examples show how to use
javax.net.ssl.SSLServerSocket#setEnabledProtocols() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: Connection.java From deskcon-android with GNU General Public License v3.0 | 6 votes |
|
public static SSLServerSocket createSSLServerSocket(Context context, int port) throws IOException {
// get ssl context
SSLContext sslcontext = null;
try {
sslcontext = initSSLContext(context);
} catch (Exception e) {
e.printStackTrace();
}
// make secure Connection
SSLServerSocketFactory factory = (SSLServerSocketFactory) sslcontext.getServerSocketFactory();
SSLServerSocket sslServerSocket = (SSLServerSocket) factory.createServerSocket(port);
if( Build.VERSION.SDK_INT >= Build.VERSION_CODES.JELLY_BEAN ) {
sslServerSocket.setEnabledProtocols(new String[] {"TLSv1","TLSv1.1","TLSv1.2"});
}
else {
sslServerSocket.setEnabledProtocols(new String[] {"TLSv1"});
}
sslServerSocket.setReuseAddress(true);
return sslServerSocket;
}
Example 2
| Source File: JSSEServer.java From jdk8u_jdk with GNU General Public License v2.0 | 6 votes |
|
JSSEServer(CipherTestUtils cipherTest, int serverPort,
String protocol, String cipherSuite) throws Exception {
super(cipherTest);
this.serverPort = serverPort;
SSLContext serverContext = SSLContext.getInstance("TLS");
serverContext.init(new KeyManager[]{cipherTest.getServerKeyManager()},
new TrustManager[]{cipherTest.getServerTrustManager()},
CipherTestUtils.secureRandom);
SSLServerSocketFactory factory =
(SSLServerSocketFactory)serverContext.getServerSocketFactory();
serverSocket =
(SSLServerSocket) factory.createServerSocket(serverPort);
serverSocket.setEnabledProtocols(protocol.split(","));
serverSocket.setEnabledCipherSuites(cipherSuite.split(","));
CipherTestUtils.printInfo(serverSocket);
}
Example 3
| Source File: SslContextFactory.java From cloudhopper-commons with Apache License 2.0 | 6 votes |
|
public SSLServerSocket newSslServerSocket(String host,int port,int backlog) throws IOException {
SSLServerSocketFactory factory = sslContext.getServerSocketFactory();
SSLServerSocket socket =
(SSLServerSocket) (host==null ?
factory.createServerSocket(port, backlog):
factory.createServerSocket(port, backlog, InetAddress.getByName(host)));
if (sslConfig.getWantClientAuth())
socket.setWantClientAuth(sslConfig.getWantClientAuth());
if (sslConfig.getNeedClientAuth())
socket.setNeedClientAuth(sslConfig.getNeedClientAuth());
socket.setEnabledCipherSuites(selectCipherSuites(socket.getEnabledCipherSuites(),
socket.getSupportedCipherSuites()));
socket.setEnabledProtocols(selectProtocols(socket.getEnabledProtocols(),socket.getSupportedProtocols()));
return socket;
}
Example 4
| Source File: JSSEServer.java From hottub with GNU General Public License v2.0 | 6 votes |
|
JSSEServer(CipherTestUtils cipherTest, int serverPort,
String protocol, String cipherSuite) throws Exception {
super(cipherTest);
this.serverPort = serverPort;
SSLContext serverContext = SSLContext.getInstance("TLS");
serverContext.init(new KeyManager[]{cipherTest.getServerKeyManager()},
new TrustManager[]{cipherTest.getServerTrustManager()},
CipherTestUtils.secureRandom);
SSLServerSocketFactory factory =
(SSLServerSocketFactory)serverContext.getServerSocketFactory();
serverSocket =
(SSLServerSocket) factory.createServerSocket(serverPort);
serverSocket.setEnabledProtocols(protocol.split(","));
serverSocket.setEnabledCipherSuites(cipherSuite.split(","));
CipherTestUtils.printInfo(serverSocket);
}
Example 5
| Source File: JSSEServer.java From jdk8u-jdk with GNU General Public License v2.0 | 6 votes |
|
JSSEServer(CipherTestUtils cipherTest, int serverPort,
String protocol, String cipherSuite) throws Exception {
super(cipherTest);
this.serverPort = serverPort;
SSLContext serverContext = SSLContext.getInstance("TLS");
serverContext.init(new KeyManager[]{cipherTest.getServerKeyManager()},
new TrustManager[]{cipherTest.getServerTrustManager()},
CipherTestUtils.secureRandom);
SSLServerSocketFactory factory =
(SSLServerSocketFactory)serverContext.getServerSocketFactory();
serverSocket =
(SSLServerSocket) factory.createServerSocket(serverPort);
serverSocket.setEnabledProtocols(protocol.split(","));
serverSocket.setEnabledCipherSuites(cipherSuite.split(","));
CipherTestUtils.printInfo(serverSocket);
}
Example 6
| Source File: Http2TestServer.java From openjdk-jdk9 with GNU General Public License v2.0 | 6 votes |
|
final ServerSocket initSecure(int port) throws Exception {
ServerSocketFactory fac;
if (sslContext != null) {
fac = sslContext.getServerSocketFactory();
} else {
fac = SSLServerSocketFactory.getDefault();
}
SSLServerSocket se = (SSLServerSocket) fac.createServerSocket(port);
SSLParameters sslp = se.getSSLParameters();
sslp.setApplicationProtocols(new String[]{"h2"});
se.setSSLParameters(sslp);
se.setEnabledCipherSuites(se.getSupportedCipherSuites());
se.setEnabledProtocols(se.getSupportedProtocols());
// other initialisation here
return se;
}
Example 7
| Source File: SslContextFactory.java From IoTgo_Android_App with MIT License | 6 votes |
|
public SSLServerSocket newSslServerSocket(String host,int port,int backlog) throws IOException
{
SSLServerSocketFactory factory = _context.getServerSocketFactory();
SSLServerSocket socket =
(SSLServerSocket) (host==null ?
factory.createServerSocket(port,backlog):
factory.createServerSocket(port,backlog,InetAddress.getByName(host)));
if (getWantClientAuth())
socket.setWantClientAuth(getWantClientAuth());
if (getNeedClientAuth())
socket.setNeedClientAuth(getNeedClientAuth());
socket.setEnabledCipherSuites(selectCipherSuites(
socket.getEnabledCipherSuites(),
socket.getSupportedCipherSuites()));
socket.setEnabledProtocols(selectProtocols(socket.getEnabledProtocols(),socket.getSupportedProtocols()));
return socket;
}
Example 8
| Source File: JSSEServer.java From TencentKona-8 with GNU General Public License v2.0 | 6 votes |
|
JSSEServer(CipherTestUtils cipherTest, int serverPort,
String protocol, String cipherSuite) throws Exception {
super(cipherTest);
this.serverPort = serverPort;
SSLContext serverContext = SSLContext.getInstance("TLS");
serverContext.init(new KeyManager[]{cipherTest.getServerKeyManager()},
new TrustManager[]{cipherTest.getServerTrustManager()},
CipherTestUtils.secureRandom);
SSLServerSocketFactory factory =
(SSLServerSocketFactory)serverContext.getServerSocketFactory();
serverSocket =
(SSLServerSocket) factory.createServerSocket(serverPort);
serverSocket.setEnabledProtocols(protocol.split(","));
serverSocket.setEnabledCipherSuites(cipherSuite.split(","));
CipherTestUtils.printInfo(serverSocket);
}
Example 9
| Source File: JSSEServer.java From dragonwell8_jdk with GNU General Public License v2.0 | 6 votes |
|
JSSEServer(CipherTestUtils cipherTest, int serverPort,
String protocol, String cipherSuite) throws Exception {
super(cipherTest);
this.serverPort = serverPort;
SSLContext serverContext = SSLContext.getInstance("TLS");
serverContext.init(new KeyManager[]{cipherTest.getServerKeyManager()},
new TrustManager[]{cipherTest.getServerTrustManager()},
CipherTestUtils.secureRandom);
SSLServerSocketFactory factory =
(SSLServerSocketFactory)serverContext.getServerSocketFactory();
serverSocket =
(SSLServerSocket) factory.createServerSocket(serverPort);
serverSocket.setEnabledProtocols(protocol.split(","));
serverSocket.setEnabledCipherSuites(cipherSuite.split(","));
CipherTestUtils.printInfo(serverSocket);
}
Example 10
| Source File: JmxRemoteLifecycleListener.java From Tomcat7.0.67 with Apache License 2.0 | 5 votes |
|
@Override
public ServerSocket createServerSocket(int port) throws IOException {
SSLServerSocket sslServerSocket =
(SSLServerSocket) sslServerSocketFactory.createServerSocket(port, 0, bindAddress);
if (getEnabledCipherSuites() != null) {
sslServerSocket.setEnabledCipherSuites(getEnabledCipherSuites());
}
if (getEnabledProtocols() == null) {
sslServerSocket.setEnabledProtocols(defaultProtocols);
} else {
sslServerSocket.setEnabledProtocols(getEnabledProtocols());
}
sslServerSocket.setNeedClientAuth(getNeedClientAuth());
return sslServerSocket;
}
Example 11
| Source File: JSSESocketFactory.java From Tomcat7.0.67 with Apache License 2.0 | 5 votes |
|
/**
* Configures the given SSL server socket with the requested cipher suites,
* protocol versions, and need for client authentication
*/
private void initServerSocket(ServerSocket ssocket) {
SSLServerSocket socket = (SSLServerSocket) ssocket;
socket.setEnabledCipherSuites(enabledCiphers);
socket.setEnabledProtocols(enabledProtocols);
// we don't know if client auth is needed -
// after parsing the request we may re-handshake
configureClientAuth(socket);
configureUseServerCipherSuitesOrder(socket);
}
Example 12
| Source File: WrapperSSLContext.java From wildfly-core with GNU Lesser General Public License v2.1 | 5 votes |
|
private void setSslParams(final ServerSocket socket) {
if (socket instanceof SSLServerSocket) {
SSLServerSocket sslSocket = (SSLServerSocket) socket;
if (enabledCipherSuites.length > 0) {
sslSocket.setEnabledCipherSuites(enabledCipherSuites);
}
if (enabledProtocols.length > 0) {
sslSocket.setEnabledProtocols(enabledProtocols);
}
}
}
Example 13
| Source File: ConnectionLoadBalanceServer.java From nifi with Apache License 2.0 | 5 votes |
|
private ServerSocket createServerSocket() throws IOException {
final InetAddress inetAddress = hostname == null ? null : InetAddress.getByName(hostname);
if (sslContext == null) {
return new ServerSocket(port, 50, InetAddress.getByName(hostname));
} else {
final SSLServerSocket serverSocket = (SSLServerSocket) sslContext.getServerSocketFactory().createServerSocket(port, 50, inetAddress);
serverSocket.setNeedClientAuth(true);
// Enforce custom protocols on socket
serverSocket.setEnabledProtocols(CertificateUtils.getCurrentSupportedTlsProtocolVersions());
return serverSocket;
}
}
Example 14
| Source File: SslSocketConnectorSecure.java From hadoop with Apache License 2.0 | 5 votes |
|
/**
* Create a new ServerSocket that will not accept SSLv3 connections,
* but will accept TLSv1.x connections.
*/
protected ServerSocket newServerSocket(String host, int port,int backlog)
throws IOException {
SSLServerSocket socket = (SSLServerSocket)
super.newServerSocket(host, port, backlog);
ArrayList<String> nonSSLProtocols = new ArrayList<String>();
for (String p : socket.getEnabledProtocols()) {
if (!p.contains("SSLv3")) {
nonSSLProtocols.add(p);
}
}
socket.setEnabledProtocols(nonSSLProtocols.toArray(
new String[nonSSLProtocols.size()]));
return socket;
}
Example 15
| Source File: SslSocketConnectorSecure.java From big-c with Apache License 2.0 | 5 votes |
|
/**
* Create a new ServerSocket that will not accept SSLv3 connections,
* but will accept TLSv1.x connections.
*/
protected ServerSocket newServerSocket(String host, int port,int backlog)
throws IOException {
SSLServerSocket socket = (SSLServerSocket)
super.newServerSocket(host, port, backlog);
ArrayList<String> nonSSLProtocols = new ArrayList<String>();
for (String p : socket.getEnabledProtocols()) {
if (!p.contains("SSLv3")) {
nonSSLProtocols.add(p);
}
}
socket.setEnabledProtocols(nonSSLProtocols.toArray(
new String[nonSSLProtocols.size()]));
return socket;
}
Example 16
| Source File: TCPThriftAuthenticationService.java From carbon-identity-framework with Apache License 2.0 | 4 votes |
|
public void start() throws TTransportException, UnknownHostException {
InetAddress inetAddress = InetAddress.getByName(hostName);
TSSLTransportFactory.TSSLTransportParameters params =
new TSSLTransportFactory.TSSLTransportParameters();
params.setKeyStore(keyStore, keyStorePassword);
TServerSocket serverTransport;
serverTransport = TSSLTransportFactory.getServerSocket(port, clientTimeout, inetAddress, params);
SSLServerSocket sslServerSocket = (javax.net.ssl.SSLServerSocket) serverTransport.getServerSocket();
OMElement sslEnabledProtocolsElement = ThriftAuthenticationConfigParser.getInstance()
.getConfigElement(ThriftAuthenticationConstants.CONFIG_SSL_ENABLED_PROTOCOLS);
if (sslEnabledProtocolsElement != null) {
String sslEnabledProtocols = sslEnabledProtocolsElement.getText();
if (StringUtils.isNotBlank(sslEnabledProtocols)) {
String[] sslProtocolsArray = sslEnabledProtocols.split(",");
sslServerSocket.setEnabledProtocols(sslProtocolsArray);
}
}
OMElement ciphersElement = ThriftAuthenticationConfigParser.getInstance()
.getConfigElement(ThriftAuthenticationConstants.CONFIG_CIPHERS);
if (ciphersElement != null) {
String ciphers = ciphersElement.getText();
if (StringUtils.isNotBlank(ciphers)) {
String[] ciphersArray = ciphers.split(",");
sslServerSocket.setEnabledCipherSuites(ciphersArray);
}
}
AuthenticatorService.Processor<AuthenticatorServiceImpl> processor =
new AuthenticatorService.Processor<AuthenticatorServiceImpl>(
new AuthenticatorServiceImpl(thriftAuthenticatorService));
authenticationServer = new TThreadPoolServer(
new TThreadPoolServer.Args(serverTransport).processor(processor));
Thread thread = new Thread(new ServerRunnable(authenticationServer));
if (log.isDebugEnabled()) {
log.debug("Thrift Authentication Service started at ssl://" + hostName + ":" + port);
}
thread.start();
}
Example 17
| Source File: CustomTThreadPoolServer.java From stratio-cassandra with Apache License 2.0 | 4 votes |
|
public TServer buildTServer(Args args)
{
final InetSocketAddress addr = args.addr;
TServerTransport serverTransport;
try
{
final ClientEncryptionOptions clientEnc = DatabaseDescriptor.getClientEncryptionOptions();
if (clientEnc.enabled)
{
logger.info("enabling encrypted thrift connections between client and server");
TSSLTransportParameters params = new TSSLTransportParameters(clientEnc.protocol, clientEnc.cipher_suites);
params.setKeyStore(clientEnc.keystore, clientEnc.keystore_password);
if (clientEnc.require_client_auth)
{
params.setTrustStore(clientEnc.truststore, clientEnc.truststore_password);
params.requireClientAuth(true);
}
TServerSocket sslServer = TSSLTransportFactory.getServerSocket(addr.getPort(), 0, addr.getAddress(), params);
SSLServerSocket sslServerSocket = (SSLServerSocket) sslServer.getServerSocket();
sslServerSocket.setEnabledProtocols(SSLFactory.ACCEPTED_PROTOCOLS);
serverTransport = new TCustomServerSocket(sslServer.getServerSocket(), args.keepAlive, args.sendBufferSize, args.recvBufferSize);
}
else
{
serverTransport = new TCustomServerSocket(addr, args.keepAlive, args.sendBufferSize, args.recvBufferSize, args.listenBacklog);
}
}
catch (TTransportException e)
{
throw new RuntimeException(String.format("Unable to create thrift socket to %s:%s", addr.getAddress(), addr.getPort()), e);
}
// ThreadPool Server and will be invocation per connection basis...
TThreadPoolServer.Args serverArgs = new TThreadPoolServer.Args(serverTransport)
.minWorkerThreads(DatabaseDescriptor.getRpcMinThreads())
.maxWorkerThreads(DatabaseDescriptor.getRpcMaxThreads())
.inputTransportFactory(args.inTransportFactory)
.outputTransportFactory(args.outTransportFactory)
.inputProtocolFactory(args.tProtocolFactory)
.outputProtocolFactory(args.tProtocolFactory)
.processor(args.processor);
ExecutorService executorService = new ThreadPoolExecutor(serverArgs.minWorkerThreads,
serverArgs.maxWorkerThreads,
60,
TimeUnit.SECONDS,
new SynchronousQueue<Runnable>(),
new NamedThreadFactory("Thrift"));
return new CustomTThreadPoolServer(serverArgs, executorService);
}
Example 18
| Source File: SSLFactoryJsse.java From baratine with GNU General Public License v2.0 | 4 votes |
|
/**
* Creates the SSL ServerSocket.
*/
public ServerSocketBar create(InetAddress host, int port)
throws IOException, GeneralSecurityException
{
SSLServerSocketFactory ssFactory = null;
if (_keyStore != null) {
SSLContext sslContext = SSLContext.getInstance(_sslContext);
KeyManagerFactory kmf
= KeyManagerFactory.getInstance(keyManagerFactory());
kmf.init(_keyStore, keyStorePassword().toCharArray());
sslContext.init(kmf.getKeyManagers(), null, null);
/*
if (_cipherSuites != null)
sslContext.createSSLEngine().setEnabledCipherSuites(_cipherSuites);
if (_protocols != null)
sslContext.createSSLEngine().setEnabledProtocols(_protocols);
*/
SSLEngine engine = sslContext.createSSLEngine();
engine.setEnabledProtocols(enabledProtocols(engine.getSupportedProtocols()));
ssFactory = sslContext.getServerSocketFactory();
}
else {
ssFactory = createAnonymousServerFactory(host, port);
}
ServerSocket serverSocket;
int listen = 100;
if (host == null)
serverSocket = ssFactory.createServerSocket(port, listen);
else
serverSocket = ssFactory.createServerSocket(port, listen, host);
SSLServerSocket sslServerSocket = (SSLServerSocket) serverSocket;
if (_cipherSuites != null) {
sslServerSocket.setEnabledCipherSuites(_cipherSuites);
}
if (_cipherSuitesForbidden != null) {
String []cipherSuites = sslServerSocket.getEnabledCipherSuites();
if (cipherSuites == null)
cipherSuites = sslServerSocket.getSupportedCipherSuites();
ArrayList<String> cipherList = new ArrayList<String>();
for (String cipher : cipherSuites) {
if (! isCipherForbidden(cipher, _cipherSuitesForbidden)) {
cipherList.add(cipher);
}
}
cipherSuites = new String[cipherList.size()];
cipherList.toArray(cipherSuites);
sslServerSocket.setEnabledCipherSuites(cipherSuites);
}
sslServerSocket.setEnabledProtocols(enabledProtocols(sslServerSocket.getSupportedProtocols()));
if ("required".equals(_verifyClient))
sslServerSocket.setNeedClientAuth(true);
else if ("optional".equals(_verifyClient))
sslServerSocket.setWantClientAuth(true);
return new ServerSocketWrapper(serverSocket);
}
Example 19
| Source File: SSLUtils.java From flink with Apache License 2.0 | 4 votes |
|
private void configureServerSocket(SSLServerSocket socket) {
socket.setEnabledProtocols(protocols);
socket.setEnabledCipherSuites(cipherSuites);
socket.setNeedClientAuth(true);
}
Example 20
| Source File: SSLUtils.java From Flink-CEPplus with Apache License 2.0 | 4 votes |
|
private void configureServerSocket(SSLServerSocket socket) {
socket.setEnabledProtocols(protocols);
socket.setEnabledCipherSuites(cipherSuites);
socket.setNeedClientAuth(true);
}
