Java Code Examples for javax.net.ssl.SSLSocket#getEnabledProtocols()
The following examples show how to use
javax.net.ssl.SSLSocket#getEnabledProtocols() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: ConnectionSpec.java From grpc-nebula-java with Apache License 2.0 | 6 votes |
/** * Returns {@code true} if the socket, as currently configured, supports this ConnectionSpec. * In order for a socket to be compatible the enabled cipher suites and protocols must intersect. * * <p>For cipher suites, at least one of the {@link #cipherSuites() required cipher suites} must * match the socket's enabled cipher suites. If there are no required cipher suites the socket * must have at least one cipher suite enabled. * * <p>For protocols, at least one of the {@link #tlsVersions() required protocols} must match the * socket's enabled protocols. */ public boolean isCompatible(SSLSocket socket) { if (!tls) { return false; } String[] enabledProtocols = socket.getEnabledProtocols(); boolean requiredProtocolsEnabled = nonEmptyIntersection(tlsVersions, enabledProtocols); if (!requiredProtocolsEnabled) { return false; } boolean requiredCiphersEnabled; if (cipherSuites == null) { requiredCiphersEnabled = socket.getEnabledCipherSuites().length > 0; } else { String[] enabledCipherSuites = socket.getEnabledCipherSuites(); requiredCiphersEnabled = nonEmptyIntersection(cipherSuites, enabledCipherSuites); } return requiredCiphersEnabled; }
Example 2
Source File: ConnectionSpec.java From styT with Apache License 2.0 | 6 votes |
/** * Returns a copy of this that omits cipher suites and TLS versions not enabled by {@code * sslSocket}. */ private ConnectionSpec supportedSpec(SSLSocket sslSocket, boolean isFallback) { String[] cipherSuitesIntersection = cipherSuites != null ? intersect(CipherSuite.ORDER_BY_NAME, sslSocket.getEnabledCipherSuites(), cipherSuites) : sslSocket.getEnabledCipherSuites(); String[] tlsVersionsIntersection = tlsVersions != null ? intersect(Util.NATURAL_ORDER, sslSocket.getEnabledProtocols(), tlsVersions) : sslSocket.getEnabledProtocols(); // In accordance with https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00 // the SCSV cipher is added to signal that a protocol fallback has taken place. String[] supportedCipherSuites = sslSocket.getSupportedCipherSuites(); int indexOfFallbackScsv = indexOf( CipherSuite.ORDER_BY_NAME, supportedCipherSuites, "TLS_FALLBACK_SCSV"); if (isFallback && indexOfFallbackScsv != -1) { cipherSuitesIntersection = concat( cipherSuitesIntersection, supportedCipherSuites[indexOfFallbackScsv]); } return new Builder(this) .cipherSuites(cipherSuitesIntersection) .tlsVersions(tlsVersionsIntersection) .build(); }
Example 3
Source File: ConnectionSpec.java From AndroidProjects with MIT License | 6 votes |
/** * Returns a copy of this that omits cipher suites and TLS versions not enabled by {@code * sslSocket}. */ private ConnectionSpec supportedSpec(SSLSocket sslSocket, boolean isFallback) { String[] cipherSuitesIntersection = cipherSuites != null ? intersect(CipherSuite.ORDER_BY_NAME, sslSocket.getEnabledCipherSuites(), cipherSuites) : sslSocket.getEnabledCipherSuites(); String[] tlsVersionsIntersection = tlsVersions != null ? intersect(Util.NATURAL_ORDER, sslSocket.getEnabledProtocols(), tlsVersions) : sslSocket.getEnabledProtocols(); // In accordance with https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00 // the SCSV cipher is added to signal that a protocol fallback has taken place. String[] supportedCipherSuites = sslSocket.getSupportedCipherSuites(); int indexOfFallbackScsv = indexOf( CipherSuite.ORDER_BY_NAME, supportedCipherSuites, "TLS_FALLBACK_SCSV"); if (isFallback && indexOfFallbackScsv != -1) { cipherSuitesIntersection = concat( cipherSuitesIntersection, supportedCipherSuites[indexOfFallbackScsv]); } return new Builder(this) .cipherSuites(cipherSuitesIntersection) .tlsVersions(tlsVersionsIntersection) .build(); }
Example 4
Source File: SslRMIServerSocketFactorySecure.java From hbase with Apache License 2.0 | 6 votes |
@Override public ServerSocket createServerSocket(int port) throws IOException { return new ServerSocket(port) { @Override public Socket accept() throws IOException { Socket socket = super.accept(); SSLSocketFactory sslSocketFactory = (SSLSocketFactory) SSLSocketFactory.getDefault(); SSLSocket sslSocket = (SSLSocket) sslSocketFactory.createSocket(socket, socket.getInetAddress().getHostName(), socket.getPort(), true); sslSocket.setUseClientMode(false); sslSocket.setNeedClientAuth(false); ArrayList<String> secureProtocols = new ArrayList<>(); for (String p : sslSocket.getEnabledProtocols()) { if (!p.contains("SSLv3")) { secureProtocols.add(p); } } sslSocket.setEnabledProtocols(secureProtocols.toArray(new String[secureProtocols.size()])); return sslSocket; } }; }
Example 5
Source File: ConnectionSpec.java From grpc-java with Apache License 2.0 | 6 votes |
/** * Returns {@code true} if the socket, as currently configured, supports this ConnectionSpec. * In order for a socket to be compatible the enabled cipher suites and protocols must intersect. * * <p>For cipher suites, at least one of the {@link #cipherSuites() required cipher suites} must * match the socket's enabled cipher suites. If there are no required cipher suites the socket * must have at least one cipher suite enabled. * * <p>For protocols, at least one of the {@link #tlsVersions() required protocols} must match the * socket's enabled protocols. */ public boolean isCompatible(SSLSocket socket) { if (!tls) { return false; } String[] enabledProtocols = socket.getEnabledProtocols(); boolean requiredProtocolsEnabled = nonEmptyIntersection(tlsVersions, enabledProtocols); if (!requiredProtocolsEnabled) { return false; } boolean requiredCiphersEnabled; if (cipherSuites == null) { requiredCiphersEnabled = socket.getEnabledCipherSuites().length > 0; } else { String[] enabledCipherSuites = socket.getEnabledCipherSuites(); requiredCiphersEnabled = nonEmptyIntersection(cipherSuites, enabledCipherSuites); } return requiredCiphersEnabled; }
Example 6
Source File: ConnectionSpec.java From grpc-nebula-java with Apache License 2.0 | 5 votes |
/** * Returns a copy of this that omits cipher suites and TLS versions not enabled by * {@code sslSocket}. */ private ConnectionSpec supportedSpec(SSLSocket sslSocket, boolean isFallback) { String[] cipherSuitesToEnable = null; if (cipherSuites != null) { String[] cipherSuitesToSelectFrom = sslSocket.getEnabledCipherSuites(); cipherSuitesToEnable = Util.intersect(String.class, cipherSuites, cipherSuitesToSelectFrom); } if (isFallback) { // In accordance with https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00 // the SCSV cipher is added to signal that a protocol fallback has taken place. final String fallbackScsv = "TLS_FALLBACK_SCSV"; boolean socketSupportsFallbackScsv = Arrays.asList(sslSocket.getSupportedCipherSuites()).contains(fallbackScsv); if (socketSupportsFallbackScsv) { // Add the SCSV cipher to the set of enabled cipher suites iff it is supported. String[] oldEnabledCipherSuites = cipherSuitesToEnable != null ? cipherSuitesToEnable : sslSocket.getEnabledCipherSuites(); String[] newEnabledCipherSuites = new String[oldEnabledCipherSuites.length + 1]; System.arraycopy(oldEnabledCipherSuites, 0, newEnabledCipherSuites, 0, oldEnabledCipherSuites.length); newEnabledCipherSuites[newEnabledCipherSuites.length - 1] = fallbackScsv; cipherSuitesToEnable = newEnabledCipherSuites; } } String[] protocolsToSelectFrom = sslSocket.getEnabledProtocols(); String[] protocolsToEnable = Util.intersect(String.class, tlsVersions, protocolsToSelectFrom); return new Builder(this) .cipherSuites(cipherSuitesToEnable) .tlsVersions(protocolsToEnable) .build(); }
Example 7
Source File: SSLSocketFactory.java From Popeens-DSub with GNU General Public License v3.0 | 5 votes |
private String[] getProtocols(SSLSocket sslSocket) { String[] protocols = sslSocket.getEnabledProtocols(); // Remove SSLv3 if it is not the only option if(protocols.length > 1) { List<String> protocolList = new ArrayList(Arrays.asList(protocols)); protocolList.remove("SSLv3"); protocols = protocolList.toArray(new String[protocolList.size()]); } return protocols; }
Example 8
Source File: SSLSocketTest.java From j2objc with Apache License 2.0 | 5 votes |
public void test_SSLSocket_setEnabledProtocols_storesCopy() throws Exception { SSLSocketFactory sf = (SSLSocketFactory) SSLSocketFactory.getDefault(); SSLSocket ssl = (SSLSocket) sf.createSocket(); String[] array = new String[] {ssl.getEnabledProtocols()[0]}; String originalFirstElement = array[0]; ssl.setEnabledProtocols(array); array[0] = "Modified after having been set"; assertEquals(originalFirstElement, ssl.getEnabledProtocols()[0]); }
Example 9
Source File: SslRMIClientSocketFactorySecure.java From hbase with Apache License 2.0 | 5 votes |
@Override public Socket createSocket(String host, int port) throws IOException { SSLSocket socket = (SSLSocket) super.createSocket(host, port); ArrayList<String> secureProtocols = new ArrayList<>(); for (String p : socket.getEnabledProtocols()) { if (!p.contains("SSLv3")) { secureProtocols.add(p); } } socket.setEnabledProtocols(secureProtocols.toArray( new String[secureProtocols.size()])); return socket; }
Example 10
Source File: TileDownloader.java From osmdroid with Apache License 2.0 | 5 votes |
private SSLSocket upgradeTlsAndRemoveSsl(SSLSocket socket) { String[] supportedProtocols = socket.getSupportedProtocols(); String[] enabledProtocols = socket.getEnabledProtocols(); String[] newEnabledProtocols; int sslEnabled = Arrays.binarySearch(enabledProtocols, "SSLv3"); if (Arrays.binarySearch(supportedProtocols, "TLSv1.2") >= 0 && Arrays.binarySearch(enabledProtocols, "TLSv1.2") < 0) { if (sslEnabled >= 0) { enabledProtocols[sslEnabled] = "TLSv1.2"; newEnabledProtocols = enabledProtocols; } else { newEnabledProtocols = new String[enabledProtocols.length + 1]; System.arraycopy( enabledProtocols, 0, newEnabledProtocols, 0, enabledProtocols.length); newEnabledProtocols[newEnabledProtocols.length - 1] = "TLSv1.2"; } } else if (sslEnabled >= 0) { newEnabledProtocols = new String[enabledProtocols.length-1]; System.arraycopy(enabledProtocols, 0, newEnabledProtocols, 0, sslEnabled); if (newEnabledProtocols.length > sslEnabled) { System.arraycopy( enabledProtocols, sslEnabled + 1, newEnabledProtocols, sslEnabled, newEnabledProtocols.length - sslEnabled); } } else { newEnabledProtocols = enabledProtocols; } socket.setEnabledProtocols(newEnabledProtocols); return socket; }
Example 11
Source File: ConnectionSpec.java From grpc-java with Apache License 2.0 | 5 votes |
/** * Returns a copy of this that omits cipher suites and TLS versions not enabled by * {@code sslSocket}. */ private ConnectionSpec supportedSpec(SSLSocket sslSocket, boolean isFallback) { String[] cipherSuitesToEnable = null; if (cipherSuites != null) { String[] cipherSuitesToSelectFrom = sslSocket.getEnabledCipherSuites(); cipherSuitesToEnable = Util.intersect(String.class, cipherSuites, cipherSuitesToSelectFrom); } if (isFallback) { // In accordance with https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00 // the SCSV cipher is added to signal that a protocol fallback has taken place. final String fallbackScsv = "TLS_FALLBACK_SCSV"; boolean socketSupportsFallbackScsv = Arrays.asList(sslSocket.getSupportedCipherSuites()).contains(fallbackScsv); if (socketSupportsFallbackScsv) { // Add the SCSV cipher to the set of enabled cipher suites iff it is supported. String[] oldEnabledCipherSuites = cipherSuitesToEnable != null ? cipherSuitesToEnable : sslSocket.getEnabledCipherSuites(); String[] newEnabledCipherSuites = new String[oldEnabledCipherSuites.length + 1]; System.arraycopy(oldEnabledCipherSuites, 0, newEnabledCipherSuites, 0, oldEnabledCipherSuites.length); newEnabledCipherSuites[newEnabledCipherSuites.length - 1] = fallbackScsv; cipherSuitesToEnable = newEnabledCipherSuites; } } String[] protocolsToSelectFrom = sslSocket.getEnabledProtocols(); String[] protocolsToEnable = Util.intersect(String.class, tlsVersions, protocolsToSelectFrom); return new Builder(this) .cipherSuites(cipherSuitesToEnable) .tlsVersions(protocolsToEnable) .build(); }