Java Code Examples for javax.net.ssl.SSLParameters#setUseCipherSuitesOrder()
The following examples show how to use
javax.net.ssl.SSLParameters#setUseCipherSuitesOrder() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: NonBlockingConnectionTLSDelegate.java From qpid-broker-j with Apache License 2.0 | 6 votes |
|
private SSLEngine createSSLEngine(AmqpPort<?> port)
{
SSLEngine sslEngine = port.getSSLContext().createSSLEngine();
sslEngine.setUseClientMode(false);
SSLUtil.updateEnabledTlsProtocols(sslEngine, port.getTlsProtocolWhiteList(), port.getTlsProtocolBlackList());
SSLUtil.updateEnabledCipherSuites(sslEngine, port.getTlsCipherSuiteWhiteList(), port.getTlsCipherSuiteBlackList());
if(port.getTlsCipherSuiteWhiteList() != null && !port.getTlsCipherSuiteWhiteList().isEmpty())
{
SSLParameters sslParameters = sslEngine.getSSLParameters();
sslParameters.setUseCipherSuitesOrder(true);
sslEngine.setSSLParameters(sslParameters);
}
if(port.getNeedClientAuth())
{
sslEngine.setNeedClientAuth(true);
}
else if(port.getWantClientAuth())
{
sslEngine.setWantClientAuth(true);
}
return sslEngine;
}
Example 2
| Source File: Utils.java From openjdk-jdk9 with GNU General Public License v2.0 | 6 votes |
|
public static SSLParameters copySSLParameters(SSLParameters p) {
SSLParameters p1 = new SSLParameters();
p1.setAlgorithmConstraints(p.getAlgorithmConstraints());
p1.setCipherSuites(p.getCipherSuites());
// JDK 8 EXCL START
p1.setEnableRetransmissions(p.getEnableRetransmissions());
p1.setMaximumPacketSize(p.getMaximumPacketSize());
// JDK 8 EXCL END
p1.setEndpointIdentificationAlgorithm(p.getEndpointIdentificationAlgorithm());
p1.setNeedClientAuth(p.getNeedClientAuth());
String[] protocols = p.getProtocols();
if (protocols != null) {
p1.setProtocols(protocols.clone());
}
p1.setSNIMatchers(p.getSNIMatchers());
p1.setServerNames(p.getServerNames());
p1.setUseCipherSuitesOrder(p.getUseCipherSuitesOrder());
p1.setWantClientAuth(p.getWantClientAuth());
return p1;
}
Example 3
| Source File: SSLServerSocketImpl.java From jdk8u-jdk with GNU General Public License v2.0 | 5 votes |
|
/**
* Returns the SSLParameters in effect for newly accepted connections.
*/
@Override
synchronized public SSLParameters getSSLParameters() {
SSLParameters params = super.getSSLParameters();
// the super implementation does not handle the following parameters
params.setEndpointIdentificationAlgorithm(identificationProtocol);
params.setAlgorithmConstraints(algorithmConstraints);
params.setSNIMatchers(sniMatchers);
params.setUseCipherSuitesOrder(preferLocalCipherSuites);
return params;
}
Example 4
| Source File: SSLServerSocketImpl.java From jdk8u-dev-jdk with GNU General Public License v2.0 | 5 votes |
|
/**
* Returns the SSLParameters in effect for newly accepted connections.
*/
@Override
synchronized public SSLParameters getSSLParameters() {
SSLParameters params = super.getSSLParameters();
// the super implementation does not handle the following parameters
params.setEndpointIdentificationAlgorithm(identificationProtocol);
params.setAlgorithmConstraints(algorithmConstraints);
params.setSNIMatchers(sniMatchers);
params.setUseCipherSuitesOrder(preferLocalCipherSuites);
return params;
}
Example 5
| Source File: SSLServerSocketImpl.java From jdk8u-jdk with GNU General Public License v2.0 | 5 votes |
|
/**
* Returns the SSLParameters in effect for newly accepted connections.
*/
@Override
synchronized public SSLParameters getSSLParameters() {
SSLParameters params = super.getSSLParameters();
// the super implementation does not handle the following parameters
params.setEndpointIdentificationAlgorithm(identificationProtocol);
params.setAlgorithmConstraints(algorithmConstraints);
params.setSNIMatchers(sniMatchers);
params.setUseCipherSuitesOrder(preferLocalCipherSuites);
return params;
}
Example 6
| Source File: SSLServerSocketImpl.java From jdk8u_jdk with GNU General Public License v2.0 | 5 votes |
|
/**
* Returns the SSLParameters in effect for newly accepted connections.
*/
@Override
synchronized public SSLParameters getSSLParameters() {
SSLParameters params = super.getSSLParameters();
// the super implementation does not handle the following parameters
params.setEndpointIdentificationAlgorithm(identificationProtocol);
params.setAlgorithmConstraints(algorithmConstraints);
params.setSNIMatchers(sniMatchers);
params.setUseCipherSuitesOrder(preferLocalCipherSuites);
params.setApplicationProtocols(applicationProtocols);
return params;
}
Example 7
| Source File: SSLServerSocketImpl.java From openjdk-8 with GNU General Public License v2.0 | 5 votes |
|
/**
* Returns the SSLParameters in effect for newly accepted connections.
*/
@Override
synchronized public SSLParameters getSSLParameters() {
SSLParameters params = super.getSSLParameters();
// the super implementation does not handle the following parameters
params.setEndpointIdentificationAlgorithm(identificationProtocol);
params.setAlgorithmConstraints(algorithmConstraints);
params.setSNIMatchers(sniMatchers);
params.setUseCipherSuitesOrder(preferLocalCipherSuites);
return params;
}
Example 8
| Source File: SSLServerSocketImpl.java From openjdk-8-source with GNU General Public License v2.0 | 5 votes |
|
/**
* Returns the SSLParameters in effect for newly accepted connections.
*/
@Override
synchronized public SSLParameters getSSLParameters() {
SSLParameters params = super.getSSLParameters();
// the super implementation does not handle the following parameters
params.setEndpointIdentificationAlgorithm(identificationProtocol);
params.setAlgorithmConstraints(algorithmConstraints);
params.setSNIMatchers(sniMatchers);
params.setUseCipherSuitesOrder(preferLocalCipherSuites);
return params;
}
Example 9
| Source File: SSLServerSocketImpl.java From hottub with GNU General Public License v2.0 | 5 votes |
|
/**
* Returns the SSLParameters in effect for newly accepted connections.
*/
@Override
synchronized public SSLParameters getSSLParameters() {
SSLParameters params = super.getSSLParameters();
// the super implementation does not handle the following parameters
params.setEndpointIdentificationAlgorithm(identificationProtocol);
params.setAlgorithmConstraints(algorithmConstraints);
params.setSNIMatchers(sniMatchers);
params.setUseCipherSuitesOrder(preferLocalCipherSuites);
return params;
}
Example 10
| Source File: HttpManagement.java From qpid-broker-j with Apache License 2.0 | 5 votes |
|
private SslContextFactory createSslContextFactory(final HttpPort<?> port)
{
SslContextFactory.Server factory = new SslContextFactory.Server()
{
@Override
public void customize(final SSLEngine sslEngine)
{
super.customize(sslEngine);
if (port.getTlsCipherSuiteWhiteList() != null
&& !port.getTlsCipherSuiteWhiteList().isEmpty())
{
SSLParameters sslParameters = sslEngine.getSSLParameters();
sslParameters.setUseCipherSuitesOrder(true);
sslEngine.setSSLParameters(sslParameters);
}
SSLUtil.updateEnabledCipherSuites(sslEngine,
port.getTlsCipherSuiteWhiteList(),
port.getTlsCipherSuiteBlackList());
SSLUtil.updateEnabledTlsProtocols(sslEngine,
port.getTlsProtocolWhiteList(),
port.getTlsProtocolBlackList());
}
};
factory.setSslContext(createSslContext(port));
if (port.getNeedClientAuth())
{
factory.setNeedClientAuth(true);
}
else if (port.getWantClientAuth())
{
factory.setWantClientAuth(true);
}
return factory;
}
Example 11
| Source File: WebSocketProvider.java From qpid-broker-j with Apache License 2.0 | 5 votes |
|
private SslContextFactory createSslContextFactory(final AmqpPort<?> port)
{
SslContextFactory.Server sslContextFactory = new SslContextFactory.Server()
{
@Override
public void customize(final SSLEngine sslEngine)
{
super.customize(sslEngine);
SSLUtil.updateEnabledCipherSuites(sslEngine,
port.getTlsCipherSuiteWhiteList(),
port.getTlsCipherSuiteBlackList());
SSLUtil.updateEnabledTlsProtocols(sslEngine,
port.getTlsProtocolWhiteList(),
port.getTlsProtocolBlackList());
if (port.getTlsCipherSuiteWhiteList() != null
&& !port.getTlsCipherSuiteWhiteList().isEmpty())
{
SSLParameters sslParameters = sslEngine.getSSLParameters();
sslParameters.setUseCipherSuitesOrder(true);
sslEngine.setSSLParameters(sslParameters);
}
}
};
sslContextFactory.setSslContext(port.getSSLContext());
sslContextFactory.setNeedClientAuth(port.getNeedClientAuth());
sslContextFactory.setWantClientAuth(port.getWantClientAuth());
return sslContextFactory;
}
Example 12
| Source File: SSLServerSocketImpl.java From dragonwell8_jdk with GNU General Public License v2.0 | 5 votes |
|
/**
* Returns the SSLParameters in effect for newly accepted connections.
*/
@Override
synchronized public SSLParameters getSSLParameters() {
SSLParameters params = super.getSSLParameters();
// the super implementation does not handle the following parameters
params.setEndpointIdentificationAlgorithm(identificationProtocol);
params.setAlgorithmConstraints(algorithmConstraints);
params.setSNIMatchers(sniMatchers);
params.setUseCipherSuitesOrder(preferLocalCipherSuites);
return params;
}
Example 13
| Source File: SSLServerSocketImpl.java From openjdk-jdk9 with GNU General Public License v2.0 | 5 votes |
|
/**
* Returns the SSLParameters in effect for newly accepted connections.
*/
@Override
public synchronized SSLParameters getSSLParameters() {
SSLParameters params = super.getSSLParameters();
// the super implementation does not handle the following parameters
params.setEndpointIdentificationAlgorithm(identificationProtocol);
params.setAlgorithmConstraints(algorithmConstraints);
params.setSNIMatchers(sniMatchers);
params.setUseCipherSuitesOrder(preferLocalCipherSuites);
params.setApplicationProtocols(applicationProtocols);
return params;
}
Example 14
| Source File: SSLConfiguration.java From Bytecoder with Apache License 2.0 | 5 votes |
|
SSLParameters getSSLParameters() {
SSLParameters params = new SSLParameters();
params.setAlgorithmConstraints(this.algorithmConstraints);
params.setProtocols(ProtocolVersion.toStringArray(enabledProtocols));
params.setCipherSuites(CipherSuite.namesOf(enabledCipherSuites));
switch (this.clientAuthType) {
case CLIENT_AUTH_REQUIRED:
params.setNeedClientAuth(true);
break;
case CLIENT_AUTH_REQUESTED:
params.setWantClientAuth(true);
break;
default:
params.setWantClientAuth(false);
}
params.setEndpointIdentificationAlgorithm(this.identificationProtocol);
if (serverNames.isEmpty() && !noSniExtension) {
// 'null' indicates none has been set
params.setServerNames(null);
} else {
params.setServerNames(this.serverNames);
}
if (sniMatchers.isEmpty() && !noSniMatcher) {
// 'null' indicates none has been set
params.setSNIMatchers(null);
} else {
params.setSNIMatchers(this.sniMatchers);
}
params.setApplicationProtocols(this.applicationProtocols);
params.setUseCipherSuitesOrder(this.preferLocalCipherSuites);
params.setEnableRetransmissions(this.enableRetransmissions);
params.setMaximumPacketSize(this.maximumPacketSize);
return params;
}
Example 15
| Source File: SSLServerSocketImpl.java From openjdk-jdk8u-backup with GNU General Public License v2.0 | 5 votes |
|
/**
* Returns the SSLParameters in effect for newly accepted connections.
*/
@Override
synchronized public SSLParameters getSSLParameters() {
SSLParameters params = super.getSSLParameters();
// the super implementation does not handle the following parameters
params.setEndpointIdentificationAlgorithm(identificationProtocol);
params.setAlgorithmConstraints(algorithmConstraints);
params.setSNIMatchers(sniMatchers);
params.setUseCipherSuitesOrder(preferLocalCipherSuites);
return params;
}
Example 16
| Source File: SSLServerSocketImpl.java From openjdk-jdk8u with GNU General Public License v2.0 | 5 votes |
|
/**
* Returns the SSLParameters in effect for newly accepted connections.
*/
@Override
synchronized public SSLParameters getSSLParameters() {
SSLParameters params = super.getSSLParameters();
// the super implementation does not handle the following parameters
params.setEndpointIdentificationAlgorithm(identificationProtocol);
params.setAlgorithmConstraints(algorithmConstraints);
params.setSNIMatchers(sniMatchers);
params.setUseCipherSuitesOrder(preferLocalCipherSuites);
params.setApplicationProtocols(applicationProtocols);
return params;
}
Example 17
| Source File: SSLServerSocketImpl.java From jdk8u60 with GNU General Public License v2.0 | 5 votes |
|
/**
* Returns the SSLParameters in effect for newly accepted connections.
*/
@Override
synchronized public SSLParameters getSSLParameters() {
SSLParameters params = super.getSSLParameters();
// the super implementation does not handle the following parameters
params.setEndpointIdentificationAlgorithm(identificationProtocol);
params.setAlgorithmConstraints(algorithmConstraints);
params.setSNIMatchers(sniMatchers);
params.setUseCipherSuitesOrder(preferLocalCipherSuites);
return params;
}
Example 18
| Source File: SSLServerSocketImpl.java From TencentKona-8 with GNU General Public License v2.0 | 5 votes |
|
/**
* Returns the SSLParameters in effect for newly accepted connections.
*/
@Override
synchronized public SSLParameters getSSLParameters() {
SSLParameters params = super.getSSLParameters();
// the super implementation does not handle the following parameters
params.setEndpointIdentificationAlgorithm(identificationProtocol);
params.setAlgorithmConstraints(algorithmConstraints);
params.setSNIMatchers(sniMatchers);
params.setUseCipherSuitesOrder(preferLocalCipherSuites);
return params;
}
Example 19
| Source File: Java8SslUtils.java From netty-4.1.22 with Apache License 2.0 | 4 votes |
|
static void setUseCipherSuitesOrder(SSLParameters sslParameters, boolean useOrder) {
sslParameters.setUseCipherSuitesOrder(useOrder);
}
Example 20
| Source File: Bridge10ChannelInitializer.java From arcusplatform with Apache License 2.0 | 4 votes |
|
@Override
protected void initChannel(SocketChannel ch) throws Exception {
ChannelPipeline pipeline = ch.pipeline();
pipeline.addLast(inboundIpTracking);
TrafficHandler trafficHandler = trafficHandlerProvider.get();
if (trafficHandler != null) {
pipeline.addLast(trafficHandler);
}
if (serverTlsContext != null && serverTlsContext.useTls()) {
metrics.onAccepted();
final long startTimeNs = metrics.startTime();
SslContext sslCtx = serverTlsContext.getContext();
final SSLEngine engine = SslMetrics.instrument(sslCtx.newEngine(ch.alloc()));
if (ciphers.length > 0) {
engine.setEnabledCipherSuites(ciphers);
} else {
engine.setEnabledCipherSuites(engine.getSupportedCipherSuites());
}
if (protocols.length > 0) {
engine.setEnabledProtocols(protocols);
} else {
engine.setEnabledProtocols(engine.getSupportedProtocols());
}
SSLParameters params = engine.getSSLParameters();
params.setUseCipherSuitesOrder(true);
engine.setSSLParameters(params);
SslHandler handler = new SslHandler(engine);
handler.setHandshakeTimeout(serverConfig.getTlsHandshakeTimeoutSec(), TimeUnit.SECONDS);
handler.setCloseNotifyTimeout(serverConfig.getTlsCloseNotifyTimeoutSec(), TimeUnit.SECONDS);
handler.handshakeFuture().addListener(new GenericFutureListener<Future<Channel>>() {
@Override
public void operationComplete(Future<Channel> future) throws Exception {
if(future.isSuccess()) {
metrics.onHandshakeSuccess(startTimeNs);
SSLSession session = engine.getSession();
logger.info("ssl handler finished: protocol={}, cipher={}", session.getProtocol(), session.getCipherSuite());
}
else {
metrics.onHandshakeFailure(startTimeNs);
}
}
});
pipeline.addLast(FILTER_SSL, handler);
}
pipeline.addLast(FILTER_ENCODER, new HttpResponseEncoder());
pipeline.addLast(FILTER_DECODER, new HttpRequestDecoder());
pipeline.addLast(FILTER_HTTP_AGGREGATOR, new HttpObjectAggregator(65536));
if (bindClientHandler != null) {
pipeline.addLast("bind-client-context", bindClientHandler);
}
pipeline.addLast("clear-client-context", clearClientHandler);
pipeline.addLast(IDLE_STATE_HANDLER, new IdleStateHandler(serverConfig.getWebSocketPongTimeout(), serverConfig.getWebSocketPingRate(), 0));
pipeline.addLast(CHUNKED_WRITE_HANDLER, new ChunkedWriteHandler());
pipeline.addLast(FILTER_HANDLER, channelInboundProvider.get());
pipeline.addLast(outboundIpTracking);
}
