//
// ========================================================================
-// Copyright (c) 1995-2014 Mort Bay Consulting Pty. Ltd.
+// Copyright (c) 1995-2016 Mort Bay Consulting Pty. Ltd.
// ------------------------------------------------------------------------
// All rights reserved. This program and the accompanying materials
// are made available under the terms of the Eclipse Public License v1.0
private final Set<String> _excludeProtocols = new LinkedHashSet<>();
/** Included protocols. */
- private Set<String> _includeProtocols = null;
+ private final Set<String> _includeProtocols = new LinkedHashSet<>();
/** Excluded cipher suites. */
private final Set<String> _excludeCipherSuites = new LinkedHashSet<>();
+
/** Included cipher suites. */
- private Set<String> _includeCipherSuites = null;
+ private final Set<String> _includeCipherSuites = new LinkedHashSet<>();
/** Keystore path. */
private String _keyStorePath;
public SslContextFactory(boolean trustAll)
{
setTrustAll(trustAll);
+ addExcludeProtocols("SSL", "SSLv2", "SSLv2Hello", "SSLv3");
}
/**
if (_trustAll)
{
- LOG.debug("No keystore or trust store configured. ACCEPTING UNTRUSTED CERTIFICATES!!!!!");
+ if (LOG.isDebugEnabled())
+ LOG.debug("No keystore or trust store configured. ACCEPTING UNTRUSTED CERTIFICATES!!!!!");
// Create a trust manager that does not validate certificate chains
trust_managers = TRUST_ALL_CERTS;
}
SecureRandom secureRandom = (_secureRandomAlgorithm == null)?null:SecureRandom.getInstance(_secureRandomAlgorithm);
- SSLContext context = SSLContext.getInstance(_sslProtocol);
+ SSLContext context = _sslProvider == null ? SSLContext.getInstance(_sslProtocol) : SSLContext.getInstance(_sslProtocol, _sslProvider);
context.init(null, trust_managers, secureRandom);
_context = context;
}
TrustManager[] trustManagers = getTrustManagers(trustStore,crls);
SecureRandom secureRandom = (_secureRandomAlgorithm == null)?null:SecureRandom.getInstance(_secureRandomAlgorithm);
- SSLContext context = _sslProvider == null ? SSLContext.getInstance(_sslProtocol) : SSLContext.getInstance(_sslProtocol,_sslProvider);
+ SSLContext context = _sslProvider == null ? SSLContext.getInstance(_sslProtocol) : SSLContext.getInstance(_sslProtocol, _sslProvider);
context.init(keyManagers,trustManagers,secureRandom);
_context = context;
}
SSLEngine engine = newSSLEngine();
- LOG.debug("Enabled Protocols {} of {}",Arrays.asList(engine.getEnabledProtocols()),Arrays.asList(engine.getSupportedProtocols()));
if (LOG.isDebugEnabled())
+ {
+ LOG.debug("Enabled Protocols {} of {}",Arrays.asList(engine.getEnabledProtocols()),Arrays.asList(engine.getSupportedProtocols()));
LOG.debug("Enabled Ciphers {} of {}",Arrays.asList(engine.getEnabledCipherSuites()),Arrays.asList(engine.getSupportedCipherSuites()));
+ }
}
}
public void setIncludeProtocols(String... protocols)
{
checkNotStarted();
- _includeProtocols = new LinkedHashSet<>(Arrays.asList(protocols));
+ _includeProtocols.clear();
+ _includeProtocols.addAll(Arrays.asList(protocols));
}
/**
public void setIncludeCipherSuites(String... cipherSuites)
{
checkNotStarted();
- _includeCipherSuites = new LinkedHashSet<>(Arrays.asList(cipherSuites));
+ _includeCipherSuites.clear();
+ _includeCipherSuites.addAll(Arrays.asList(cipherSuites));
}
/**
Set<String> selected_protocols = new LinkedHashSet<>();
// Set the starting protocols - either from the included or enabled list
- if (_includeProtocols!=null)
+ if (!_includeProtocols.isEmpty())
{
// Use only the supported included protocols
for (String protocol : _includeProtocols)
Set<String> selected_ciphers = new CopyOnWriteArraySet<>();
// Set the starting ciphers - either from the included or enabled list
- if (_includeCipherSuites!=null)
- processIncludeCipherSuites(supportedCipherSuites, selected_ciphers);
- else
+ if (_includeCipherSuites.isEmpty())
selected_ciphers.addAll(Arrays.asList(enabledCipherSuites));
+ else
+ processIncludeCipherSuites(supportedCipherSuites, selected_ciphers);
removeExcludedCipherSuites(selected_ciphers);
return selected_ciphers.toArray(new String[selected_ciphers.size()]);
}
- private void processIncludeCipherSuites(String[] supportedCipherSuites, Set<String> selected_ciphers)
+ protected void processIncludeCipherSuites(String[] supportedCipherSuites, Set<String> selected_ciphers)
{
for (String cipherSuite : _includeCipherSuites)
{
}
}
- private void removeExcludedCipherSuites(Set<String> selected_ciphers)
+ protected void removeExcludedCipherSuites(Set<String> selected_ciphers)
{
for (String excludeCipherSuite : _excludeCipherSuites)
{