andreacavalli/netty5
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add SslProtocols and Cipher suites constants (#11457)

Browse Source 
Motivation:
Protocols and Cipher suites constants to prevent typos in protocol and cipher suites names and ease of use.

Modification:
Added Protocols and Cipher suites as constants in their respective classes.

Result:
Fixes #11393
This commit is contained in:
Aayush Atharva 2021-07-08 00:45:43 +05:30 committed by Norman Maurer
parent 93d428eb23
commit 04cb23626d
19 changed files with 1033 additions and 224 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

758
handler/src/main/java/io/netty/handler/ssl/Ciphers.java Normal file
View File

@ -0,0 +1,758 @@
/*
* Copyright 2021 The Netty Project
*
* The Netty Project licenses this file to you under the Apache License,
* version 2.0 (the "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at:
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations
* under the License.
*/
package io.netty.handler.ssl;
import io.netty.util.internal.ObjectUtil;
import java.util.Arrays;
/**
* Cipher suites
*/
public final class Ciphers {
/**
* TLS_AES_256_GCM_SHA384
*/
public static final String TLS_AES_256_GCM_SHA384 = "TLS_AES_256_GCM_SHA384";
/**
* TLS_CHACHA20_POLY1305_SHA256
*/
public static final String TLS_CHACHA20_POLY1305_SHA256 = "TLS_CHACHA20_POLY1305_SHA256";
/**
* TLS_AES_128_GCM_SHA256
*/
public static final String TLS_AES_128_GCM_SHA256 = "TLS_AES_128_GCM_SHA256";
/**
* TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
*/
public static final String TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384";
/**
* TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
*/
public static final String TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384";
/**
* TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
*/
public static final String TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 = "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384";
/**
* TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
*/
public static final String TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384";
/**
* TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
*/
public static final String TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 =
"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256";
/**
* TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
*/
public static final String TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 =
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256";
/**
* TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
*/
public static final String TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256";
/**
* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_CCM8
*/
public static final String TLS_ECDHE_ECDSA_WITH_AES_256_CBC_CCM8 = "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_CCM8";
/**
* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_CCM
*/
public static final String TLS_ECDHE_ECDSA_WITH_AES_256_CBC_CCM = "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_CCM";
/**
* TLS_DHE_RSA_WITH_AES_256_CBC_CCM8
*/
public static final String TLS_DHE_RSA_WITH_AES_256_CBC_CCM8 = "TLS_DHE_RSA_WITH_AES_256_CBC_CCM8";
/**
* TLS_DHE_RSA_WITH_AES_256_CBC_CCM
*/
public static final String TLS_DHE_RSA_WITH_AES_256_CBC_CCM = "TLS_DHE_RSA_WITH_AES_256_CBC_CCM";
/**
* TLS_ECDHE_ECDSA_WITH_ARIA256_GCM_SHA384
*/
public static final String TLS_ECDHE_ECDSA_WITH_ARIA256_GCM_SHA384 = "TLS_ECDHE_ECDSA_WITH_ARIA256_GCM_SHA384";
/**
* TLS_RSA_WITH_ECDHE_ARIA256_GCM_SHA384
*/
public static final String TLS_RSA_WITH_ECDHE_ARIA256_GCM_SHA384 = "TLS_RSA_WITH_ECDHE_ARIA256_GCM_SHA384";
/**
* TLS_DHE_DSS_WITH_ARIA256_GCM_SHA384
*/
public static final String TLS_DHE_DSS_WITH_ARIA256_GCM_SHA384 = "TLS_DHE_DSS_WITH_ARIA256_GCM_SHA384";
/**
* TLS_DHE_RSA_WITH_ARIA256_GCM_SHA384
*/
public static final String TLS_DHE_RSA_WITH_ARIA256_GCM_SHA384 = "TLS_DHE_RSA_WITH_ARIA256_GCM_SHA384";
/**
* TLS_DH_anon_WITH_AES_256_GCM_SHA384
*/
public static final String TLS_DH_anon_WITH_AES_256_GCM_SHA384 = "TLS_DH_anon_WITH_AES_256_GCM_SHA384";
/**
* TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
*/
public static final String TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256";
/**
* TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
*/
public static final String TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256";
/**
* TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
*/
public static final String TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 = "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256";
/**
* TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
*/
public static final String TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256";
/**
* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_CCM8
*/
public static final String TLS_ECDHE_ECDSA_WITH_AES_128_CBC_CCM8 = "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_CCM8";
/**
* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_CCM
*/
public static final String TLS_ECDHE_ECDSA_WITH_AES_128_CBC_CCM = "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_CCM";
/**
* TLS_DHE_RSA_WITH_AES_128_CBC_CCM8
*/
public static final String TLS_DHE_RSA_WITH_AES_128_CBC_CCM8 = "TLS_DHE_RSA_WITH_AES_128_CBC_CCM8";
/**
* TLS_DHE_RSA_WITH_AES_128_CBC_CCM
*/
public static final String TLS_DHE_RSA_WITH_AES_128_CBC_CCM = "TLS_DHE_RSA_WITH_AES_128_CBC_CCM";
/**
* TLS_ECDHE_ECDSA_WITH_ARIA128_GCM_SHA256
*/
public static final String TLS_ECDHE_ECDSA_WITH_ARIA128_GCM_SHA256 = "TLS_ECDHE_ECDSA_WITH_ARIA128_GCM_SHA256";
/**
* TLS_RSA_WITH_ECDHE_ARIA128_GCM_SHA256
*/
public static final String TLS_RSA_WITH_ECDHE_ARIA128_GCM_SHA256 = "TLS_RSA_WITH_ECDHE_ARIA128_GCM_SHA256";
/**
* TLS_DHE_DSS_WITH_ARIA128_GCM_SHA256
*/
public static final String TLS_DHE_DSS_WITH_ARIA128_GCM_SHA256 = "TLS_DHE_DSS_WITH_ARIA128_GCM_SHA256";
/**
* TLS_DHE_RSA_WITH_ARIA128_GCM_SHA256
*/
public static final String TLS_DHE_RSA_WITH_ARIA128_GCM_SHA256 = "TLS_DHE_RSA_WITH_ARIA128_GCM_SHA256";
/**
* TLS_DH_anon_WITH_AES_128_GCM_SHA256
*/
public static final String TLS_DH_anon_WITH_AES_128_GCM_SHA256 = "TLS_DH_anon_WITH_AES_128_GCM_SHA256";
/**
* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
*/
public static final String TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 = "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384";
/**
* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
*/
public static final String TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 = "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384";
/**
* TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
*/
public static final String TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256";
/**
* TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
*/
public static final String TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 = "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256";
/**
* TLS_ECDHE_ECDSA_WITH_CAMELLIA256_SHA384
*/
public static final String TLS_ECDHE_ECDSA_WITH_CAMELLIA256_SHA384 = "TLS_ECDHE_ECDSA_WITH_CAMELLIA256_SHA384";
/**
* TLS_ECDHE_RSA_WITH_CAMELLIA256_SHA384
*/
public static final String TLS_ECDHE_RSA_WITH_CAMELLIA256_SHA384 = "TLS_ECDHE_RSA_WITH_CAMELLIA256_SHA384";
/**
* TLS_DHE_RSA_WITH_CAMELLIA256_SHA256
*/
public static final String TLS_DHE_RSA_WITH_CAMELLIA256_SHA256 = "TLS_DHE_RSA_WITH_CAMELLIA256_SHA256";
/**
* TLS_DHE_DSS_WITH_CAMELLIA256_SHA256
*/
public static final String TLS_DHE_DSS_WITH_CAMELLIA256_SHA256 = "TLS_DHE_DSS_WITH_CAMELLIA256_SHA256";
/**
* TLS_DH_anon_WITH_AES_256_CBC_SHA256
*/
public static final String TLS_DH_anon_WITH_AES_256_CBC_SHA256 = "TLS_DH_anon_WITH_AES_256_CBC_SHA256";
/**
* TLS_DH_anon_WITH_CAMELLIA256_SHA256
*/
public static final String TLS_DH_anon_WITH_CAMELLIA256_SHA256 = "TLS_DH_anon_WITH_CAMELLIA256_SHA256";
/**
* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
*/
public static final String TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256";
/**
* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
*/
public static final String TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256";
/**
* TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
*/
public static final String TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256";
/**
* TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
*/
public static final String TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 = "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256";
/**
* TLS_ECDHE_ECDSA_WITH_CAMELLIA128_SHA256
*/
public static final String TLS_ECDHE_ECDSA_WITH_CAMELLIA128_SHA256 = "TLS_ECDHE_ECDSA_WITH_CAMELLIA128_SHA256";
/**
* TLS_ECDHE_RSA_WITH_CAMELLIA128_SHA256
*/
public static final String TLS_ECDHE_RSA_WITH_CAMELLIA128_SHA256 = "TLS_ECDHE_RSA_WITH_CAMELLIA128_SHA256";
/**
* TLS_DHE_RSA_WITH_CAMELLIA128_SHA256
*/
public static final String TLS_DHE_RSA_WITH_CAMELLIA128_SHA256 = "TLS_DHE_RSA_WITH_CAMELLIA128_SHA256";
/**
* TLS_DHE_DSS_WITH_CAMELLIA128_SHA256
*/
public static final String TLS_DHE_DSS_WITH_CAMELLIA128_SHA256 = "TLS_DHE_DSS_WITH_CAMELLIA128_SHA256";
/**
* TLS_DH_anon_WITH_AES_128_CBC_SHA256
*/
public static final String TLS_DH_anon_WITH_AES_128_CBC_SHA256 = "TLS_DH_anon_WITH_AES_128_CBC_SHA256";
/**
* TLS_DH_anon_WITH_CAMELLIA128_SHA256
*/
public static final String TLS_DH_anon_WITH_CAMELLIA128_SHA256 = "TLS_DH_anon_WITH_CAMELLIA128_SHA256";
/**
* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
*/
public static final String TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA";
/**
* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
*/
public static final String TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA";
/**
* TLS_DHE_RSA_WITH_AES_256_CBC_SHA
*/
public static final String TLS_DHE_RSA_WITH_AES_256_CBC_SHA = "TLS_DHE_RSA_WITH_AES_256_CBC_SHA";
/**
* TLS_DHE_DSS_WITH_AES_256_CBC_SHA
*/
public static final String TLS_DHE_DSS_WITH_AES_256_CBC_SHA = "TLS_DHE_DSS_WITH_AES_256_CBC_SHA";
/**
* TLS_DHE_RSA_WITH_CAMELLIA256_SHA
*/
public static final String TLS_DHE_RSA_WITH_CAMELLIA256_SHA = "TLS_DHE_RSA_WITH_CAMELLIA256_SHA";
/**
* TLS_DHE_DSS_WITH_CAMELLIA256_SHA
*/
public static final String TLS_DHE_DSS_WITH_CAMELLIA256_SHA = "TLS_DHE_DSS_WITH_CAMELLIA256_SHA";
/**
* TLS_ECDH_anon_WITH_AES_256_CBC_SHA
*/
public static final String TLS_ECDH_anon_WITH_AES_256_CBC_SHA = "TLS_ECDH_anon_WITH_AES_256_CBC_SHA";
/**
* TLS_DH_anon_WITH_AES_256_CBC_SHA
*/
public static final String TLS_DH_anon_WITH_AES_256_CBC_SHA = "TLS_DH_anon_WITH_AES_256_CBC_SHA";
/**
* TLS_DH_anon_WITH_CAMELLIA256_SHA
*/
public static final String TLS_DH_anon_WITH_CAMELLIA256_SHA = "TLS_DH_anon_WITH_CAMELLIA256_SHA";
/**
* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
*/
public static final String TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA = "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA";
/**
* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
*/
public static final String TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA";
/**
* TLS_DHE_RSA_WITH_AES_128_CBC_SHA
*/
public static final String TLS_DHE_RSA_WITH_AES_128_CBC_SHA = "TLS_DHE_RSA_WITH_AES_128_CBC_SHA";
/**
* TLS_DHE_DSS_WITH_AES_128_CBC_SHA
*/
public static final String TLS_DHE_DSS_WITH_AES_128_CBC_SHA = "TLS_DHE_DSS_WITH_AES_128_CBC_SHA";
/**
* TLS_DHE_RSA_WITH_SEED_SHA
*/
public static final String TLS_DHE_RSA_WITH_SEED_SHA = "TLS_DHE_RSA_WITH_SEED_SHA";
/**
* TLS_DHE_DSS_WITH_SEED_SHA
*/
public static final String TLS_DHE_DSS_WITH_SEED_SHA = "TLS_DHE_DSS_WITH_SEED_SHA";
/**
* TLS_DHE_RSA_WITH_CAMELLIA128_SHA
*/
public static final String TLS_DHE_RSA_WITH_CAMELLIA128_SHA = "TLS_DHE_RSA_WITH_CAMELLIA128_SHA";
/**
* TLS_DHE_DSS_WITH_CAMELLIA128_SHA
*/
public static final String TLS_DHE_DSS_WITH_CAMELLIA128_SHA = "TLS_DHE_DSS_WITH_CAMELLIA128_SHA";
/**
* TLS_ECDH_anon_WITH_AES_128_CBC_SHA
*/
public static final String TLS_ECDH_anon_WITH_AES_128_CBC_SHA = "TLS_ECDH_anon_WITH_AES_128_CBC_SHA";
/**
* TLS_DH_anon_WITH_AES_128_CBC_SHA
*/
public static final String TLS_DH_anon_WITH_AES_128_CBC_SHA = "TLS_DH_anon_WITH_AES_128_CBC_SHA";
/**
* TLS_DH_anon_WITH_SEED_SHA
*/
public static final String TLS_DH_anon_WITH_SEED_SHA = "TLS_DH_anon_WITH_SEED_SHA";
/**
* TLS_DH_anon_WITH_CAMELLIA128_SHA
*/
public static final String TLS_DH_anon_WITH_CAMELLIA128_SHA = "TLS_DH_anon_WITH_CAMELLIA128_SHA";
/**
* TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
*/
public static final String TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 = "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384";
/**
* TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
*/
public static final String TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 = "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384";
/**
* TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256
*/
public static final String TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256 = "TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256";
/**
* TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256
*/
public static final String TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 = "TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256";
/**
* TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256
*/
public static final String TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 =
"TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256";
/**
* TLS_DHE_PSK_WITH_AES_256_CBC_CCM8
*/
public static final String TLS_DHE_PSK_WITH_AES_256_CBC_CCM8 = "TLS_DHE_PSK_WITH_AES_256_CBC_CCM8";
/**
* TLS_DHE_PSK_WITH_AES_256_CBC_CCM
*/
public static final String TLS_DHE_PSK_WITH_AES_256_CBC_CCM = "TLS_DHE_PSK_WITH_AES_256_CBC_CCM";
/**
* TLS_RSA_PSK_WITH_ARIA256_GCM_SHA384
*/
public static final String TLS_RSA_PSK_WITH_ARIA256_GCM_SHA384 = "TLS_RSA_PSK_WITH_ARIA256_GCM_SHA384";
/**
* TLS_DHE_PSK_WITH_ARIA256_GCM_SHA384
*/
public static final String TLS_DHE_PSK_WITH_ARIA256_GCM_SHA384 = "TLS_DHE_PSK_WITH_ARIA256_GCM_SHA384";
/**
* TLS_RSA_WITH_AES_256_GCM_SHA384
*/
public static final String TLS_RSA_WITH_AES_256_GCM_SHA384 = "TLS_RSA_WITH_AES_256_GCM_SHA384";
/**
* TLS_RSA_WITH_AES_256_CBC_CCM8
*/
public static final String TLS_RSA_WITH_AES_256_CBC_CCM8 = "TLS_RSA_WITH_AES_256_CBC_CCM8";
/**
* TLS_RSA_WITH_AES_256_CBC_CCM
*/
public static final String TLS_RSA_WITH_AES_256_CBC_CCM = "TLS_RSA_WITH_AES_256_CBC_CCM";
/**
* TLS_RSA_WITH_ARIA256_GCM_SHA384
*/
public static final String TLS_RSA_WITH_ARIA256_GCM_SHA384 = "TLS_RSA_WITH_ARIA256_GCM_SHA384";
/**
* TLS_PSK_WITH_AES_256_GCM_SHA384
*/
public static final String TLS_PSK_WITH_AES_256_GCM_SHA384 = "TLS_PSK_WITH_AES_256_GCM_SHA384";
/**
* TLS_PSK_WITH_CHACHA20_POLY1305_SHA256
*/
public static final String TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 = "TLS_PSK_WITH_CHACHA20_POLY1305_SHA256";
/**
* TLS_PSK_WITH_AES_256_CBC_CCM8
*/
public static final String TLS_PSK_WITH_AES_256_CBC_CCM8 = "TLS_PSK_WITH_AES_256_CBC_CCM8";
/**
* TLS_PSK_WITH_AES_256_CBC_CCM
*/
public static final String TLS_PSK_WITH_AES_256_CBC_CCM = "TLS_PSK_WITH_AES_256_CBC_CCM";
/**
* TLS_PSK_WITH_ARIA256_GCM_SHA384
*/
public static final String TLS_PSK_WITH_ARIA256_GCM_SHA384 = "TLS_PSK_WITH_ARIA256_GCM_SHA384";
/**
* TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
*/
public static final String TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 = "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256";
/**
* TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
*/
public static final String TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 = "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256";
/**
* TLS_DHE_PSK_WITH_AES_128_CBC_CCM8
*/
public static final String TLS_DHE_PSK_WITH_AES_128_CBC_CCM8 = "TLS_DHE_PSK_WITH_AES_128_CBC_CCM8";
/**
* TLS_DHE_PSK_WITH_AES_128_CBC_CCM
*/
public static final String TLS_DHE_PSK_WITH_AES_128_CBC_CCM = "TLS_DHE_PSK_WITH_AES_128_CBC_CCM";
/**
* TLS_RSA_PSK_WITH_ARIA128_GCM_SHA256
*/
public static final String TLS_RSA_PSK_WITH_ARIA128_GCM_SHA256 = "TLS_RSA_PSK_WITH_ARIA128_GCM_SHA256";
/**
* TLS_DHE_PSK_WITH_ARIA128_GCM_SHA256
*/
public static final String TLS_DHE_PSK_WITH_ARIA128_GCM_SHA256 = "TLS_DHE_PSK_WITH_ARIA128_GCM_SHA256";
/**
* TLS_RSA_WITH_AES_128_GCM_SHA256
*/
public static final String TLS_RSA_WITH_AES_128_GCM_SHA256 = "TLS_RSA_WITH_AES_128_GCM_SHA256";
/**
* TLS_RSA_WITH_AES_128_CBC_CCM8
*/
public static final String TLS_RSA_WITH_AES_128_CBC_CCM8 = "TLS_RSA_WITH_AES_128_CBC_CCM8";
/**
* TLS_RSA_WITH_AES_128_CBC_CCM
*/
public static final String TLS_RSA_WITH_AES_128_CBC_CCM = "TLS_RSA_WITH_AES_128_CBC_CCM";
/**
* TLS_RSA_WITH_ARIA128_GCM_SHA256
*/
public static final String TLS_RSA_WITH_ARIA128_GCM_SHA256 = "TLS_RSA_WITH_ARIA128_GCM_SHA256";
/**
* TLS_PSK_WITH_AES_128_GCM_SHA256
*/
public static final String TLS_PSK_WITH_AES_128_GCM_SHA256 = "TLS_PSK_WITH_AES_128_GCM_SHA256";
/**
* TLS_PSK_WITH_AES_128_CBC_CCM8
*/
public static final String TLS_PSK_WITH_AES_128_CBC_CCM8 = "TLS_PSK_WITH_AES_128_CBC_CCM8";
/**
* TLS_PSK_WITH_AES_128_CBC_CCM
*/
public static final String TLS_PSK_WITH_AES_128_CBC_CCM = "TLS_PSK_WITH_AES_128_CBC_CCM";
/**
* TLS_PSK_WITH_ARIA128_GCM_SHA256
*/
public static final String TLS_PSK_WITH_ARIA128_GCM_SHA256 = "TLS_PSK_WITH_ARIA128_GCM_SHA256";
/**
* TLS_RSA_WITH_AES_256_CBC_SHA256
*/
public static final String TLS_RSA_WITH_AES_256_CBC_SHA256 = "TLS_RSA_WITH_AES_256_CBC_SHA256";
/**
* TLS_RSA_WITH_CAMELLIA256_SHA256
*/
public static final String TLS_RSA_WITH_CAMELLIA256_SHA256 = "TLS_RSA_WITH_CAMELLIA256_SHA256";
/**
* TLS_RSA_WITH_AES_128_CBC_SHA256
*/
public static final String TLS_RSA_WITH_AES_128_CBC_SHA256 = "TLS_RSA_WITH_AES_128_CBC_SHA256";
/**
* TLS_RSA_WITH_CAMELLIA128_SHA256
*/
public static final String TLS_RSA_WITH_CAMELLIA128_SHA256 = "TLS_RSA_WITH_CAMELLIA128_SHA256";
/**
* TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
*/
public static final String TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 = "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384";
/**
* TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
*/
public static final String TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA = "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA";
/**
* TLS_SRP_DSS_WITH_AES_256_CBC_SHA
*/
public static final String TLS_SRP_DSS_WITH_AES_256_CBC_SHA = "TLS_SRP_DSS_WITH_AES_256_CBC_SHA";
/**
* TLS_SRP_RSA_WITH_AES_256_CBC_SHA
*/
public static final String TLS_SRP_RSA_WITH_AES_256_CBC_SHA = "TLS_SRP_RSA_WITH_AES_256_CBC_SHA";
/**
* TLS_SRP_WITH_AES_256_CBC_SHA
*/
public static final String TLS_SRP_WITH_AES_256_CBC_SHA = "TLS_SRP_WITH_AES_256_CBC_SHA";
/**
* TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
*/
public static final String TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 = "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384";
/**
* TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
*/
public static final String TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 = "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384";
/**
* TLS_RSA_PSK_WITH_AES_256_CBC_SHA
*/
public static final String TLS_RSA_PSK_WITH_AES_256_CBC_SHA = "TLS_RSA_PSK_WITH_AES_256_CBC_SHA";
/**
* TLS_DHE_PSK_WITH_AES_256_CBC_SHA
*/
public static final String TLS_DHE_PSK_WITH_AES_256_CBC_SHA = "TLS_DHE_PSK_WITH_AES_256_CBC_SHA";
/**
* TLS_ECDHE_PSK_WITH_CAMELLIA256_SHA384
*/
public static final String TLS_ECDHE_PSK_WITH_CAMELLIA256_SHA384 = "TLS_ECDHE_PSK_WITH_CAMELLIA256_SHA384";
/**
* TLS_RSA_PSK_WITH_CAMELLIA256_SHA384
*/
public static final String TLS_RSA_PSK_WITH_CAMELLIA256_SHA384 = "TLS_RSA_PSK_WITH_CAMELLIA256_SHA384";
/**
* TLS_DHE_PSK_WITH_CAMELLIA256_SHA384
*/
public static final String TLS_DHE_PSK_WITH_CAMELLIA256_SHA384 = "TLS_DHE_PSK_WITH_CAMELLIA256_SHA384";
/**
* TLS_RSA_WITH_AES_256_CBC_SHA
*/
public static final String TLS_RSA_WITH_AES_256_CBC_SHA = "TLS_RSA_WITH_AES_256_CBC_SHA";
/**
* TLS_RSA_WITH_CAMELLIA256_SHA
*/
public static final String TLS_RSA_WITH_CAMELLIA256_SHA = "TLS_RSA_WITH_CAMELLIA256_SHA";
/**
* TLS_PSK_WITH_AES_256_CBC_SHA384
*/
public static final String TLS_PSK_WITH_AES_256_CBC_SHA384 = "TLS_PSK_WITH_AES_256_CBC_SHA384";
/**
* TLS_PSK_WITH_AES_256_CBC_SHA
*/
public static final String TLS_PSK_WITH_AES_256_CBC_SHA = "TLS_PSK_WITH_AES_256_CBC_SHA";
/**
* TLS_PSK_WITH_CAMELLIA256_SHA384
*/
public static final String TLS_PSK_WITH_CAMELLIA256_SHA384 = "TLS_PSK_WITH_CAMELLIA256_SHA384";
/**
* TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
*/
public static final String TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 = "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256";
/**
* TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
*/
public static final String TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA = "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA";
/**
* TLS_SRP_DSS_WITH_AES_128_CBC_SHA
*/
public static final String TLS_SRP_DSS_WITH_AES_128_CBC_SHA = "TLS_SRP_DSS_WITH_AES_128_CBC_SHA";
/**
* TLS_SRP_RSA_WITH_AES_128_CBC_SHA
*/
public static final String TLS_SRP_RSA_WITH_AES_128_CBC_SHA = "TLS_SRP_RSA_WITH_AES_128_CBC_SHA";
/**
* TLS_SRP_WITH_AES_128_CBC_SHA
*/
public static final String TLS_SRP_WITH_AES_128_CBC_SHA = "TLS_SRP_WITH_AES_128_CBC_SHA";
/**
* TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
*/
public static final String TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 = "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256";
/**
* TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
*/
public static final String TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 = "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256";
/**
* TLS_RSA_PSK_WITH_AES_128_CBC_SHA
*/
public static final String TLS_RSA_PSK_WITH_AES_128_CBC_SHA = "TLS_RSA_PSK_WITH_AES_128_CBC_SHA";
/**
* TLS_DHE_PSK_WITH_AES_128_CBC_SHA
*/
public static final String TLS_DHE_PSK_WITH_AES_128_CBC_SHA = "TLS_DHE_PSK_WITH_AES_128_CBC_SHA";
/**
* TLS_ECDHE_PSK_WITH_CAMELLIA128_SHA256
*/
public static final String TLS_ECDHE_PSK_WITH_CAMELLIA128_SHA256 = "TLS_ECDHE_PSK_WITH_CAMELLIA128_SHA256";
/**
* TLS_RSA_PSK_WITH_CAMELLIA128_SHA256
*/
public static final String TLS_RSA_PSK_WITH_CAMELLIA128_SHA256 = "TLS_RSA_PSK_WITH_CAMELLIA128_SHA256";
/**
* TLS_DHE_PSK_WITH_CAMELLIA128_SHA256
*/
public static final String TLS_DHE_PSK_WITH_CAMELLIA128_SHA256 = "TLS_DHE_PSK_WITH_CAMELLIA128_SHA256";
/**
* TLS_RSA_WITH_AES_128_CBC_SHA
*/
public static final String TLS_RSA_WITH_AES_128_CBC_SHA = "TLS_RSA_WITH_AES_128_CBC_SHA";
/**
* TLS_RSA_WITH_SEED_SHA
*/
public static final String TLS_RSA_WITH_SEED_SHA = "TLS_RSA_WITH_SEED_SHA";
/**
* TLS_RSA_WITH_CAMELLIA128_SHA
*/
public static final String TLS_RSA_WITH_CAMELLIA128_SHA = "TLS_RSA_WITH_CAMELLIA128_SHA";
/**
* TLS_RSA_WITH_IDEA_CBC_SHA
*/
public static final String TLS_RSA_WITH_IDEA_CBC_SHA = "TLS_RSA_WITH_IDEA_CBC_SHA";
/**
* TLS_PSK_WITH_AES_128_CBC_SHA256
*/
public static final String TLS_PSK_WITH_AES_128_CBC_SHA256 = "TLS_PSK_WITH_AES_128_CBC_SHA256";
/**
* TLS_PSK_WITH_AES_128_CBC_SHA
*/
public static final String TLS_PSK_WITH_AES_128_CBC_SHA = "TLS_PSK_WITH_AES_128_CBC_SHA";
/**
* TLS_PSK_WITH_CAMELLIA128_SHA256
*/
public static final String TLS_PSK_WITH_CAMELLIA128_SHA256 = "TLS_PSK_WITH_CAMELLIA128_SHA256";
private Ciphers() {
// Prevent outside initialization
}
}

6
handler/src/main/java/io/netty/handler/ssl/JdkSslContext.java
View File

@ -107,8 +107,8 @@ public class JdkSslContext extends SslContext {
List<String> protocols = new ArrayList<>();
addIfSupported(
supportedProtocolsSet, protocols,
SslUtils.PROTOCOL_TLS_V1_3, SslUtils.PROTOCOL_TLS_V1_2,
SslUtils.PROTOCOL_TLS_V1_1, SslUtils.PROTOCOL_TLS_V1);
SslProtocols.TLS_v1_3, SslProtocols.TLS_v1_2,
SslProtocols.TLS_v1_1, SslProtocols.TLS_v1);
if (!protocols.isEmpty()) {
return protocols.toArray(EmptyArrays.EMPTY_STRINGS);
@ -154,7 +154,7 @@ public class JdkSslContext extends SslContext {
private static boolean isTlsV13Supported(String[] protocols) {
for (String protocol: protocols) {
if (SslUtils.PROTOCOL_TLS_V1_3.equals(protocol)) {
if (SslProtocols.TLS_v1_3.equals(protocol)) {
return true;
}
}

14
handler/src/main/java/io/netty/handler/ssl/OpenSsl.java
View File

@ -323,26 +323,26 @@ public final class OpenSsl {
Set<String> protocols = new LinkedHashSet<>(6);
// Seems like there is no way to explicitly disable SSLv2Hello in openssl so it is always enabled
protocols.add(PROTOCOL_SSL_V2_HELLO);
protocols.add(SslProtocols.SSL_v2_HELLO);
if (doesSupportProtocol(SSL.SSL_PROTOCOL_SSLV2, SSL.SSL_OP_NO_SSLv2)) {
protocols.add(PROTOCOL_SSL_V2);
protocols.add(SslProtocols.SSL_v2);
}
if (doesSupportProtocol(SSL.SSL_PROTOCOL_SSLV3, SSL.SSL_OP_NO_SSLv3)) {
protocols.add(PROTOCOL_SSL_V3);
protocols.add(SslProtocols.SSL_v3);
}
if (doesSupportProtocol(SSL.SSL_PROTOCOL_TLSV1, SSL.SSL_OP_NO_TLSv1)) {
protocols.add(PROTOCOL_TLS_V1);
protocols.add(SslProtocols.TLS_v1);
}
if (doesSupportProtocol(SSL.SSL_PROTOCOL_TLSV1_1, SSL.SSL_OP_NO_TLSv1_1)) {
protocols.add(PROTOCOL_TLS_V1_1);
protocols.add(SslProtocols.TLS_v1_1);
}
if (doesSupportProtocol(SSL.SSL_PROTOCOL_TLSV1_2, SSL.SSL_OP_NO_TLSv1_2)) {
protocols.add(PROTOCOL_TLS_V1_2);
protocols.add(SslProtocols.TLS_v1_2);
}
// This is only supported by java11 and later.
if (tlsv13Supported && doesSupportProtocol(SSL.SSL_PROTOCOL_TLSV1_3, SSL.SSL_OP_NO_TLSv1_3)) {
protocols.add(PROTOCOL_TLS_V1_3);
protocols.add(SslProtocols.TLS_v1_3);
TLSV13_SUPPORTED = true;
} else {
TLSV13_SUPPORTED = false;

6
handler/src/main/java/io/netty/handler/ssl/OpenSslTlsv13X509ExtendedTrustManager.java
View File

@ -64,7 +64,7 @@ final class OpenSslTlsv13X509ExtendedTrustManager extends X509ExtendedTrustManag
private static SSLEngine wrapEngine(final SSLEngine engine) {
final SSLSession session = engine.getHandshakeSession();
if (session != null && SslUtils.PROTOCOL_TLS_V1_3.equals(session.getProtocol())) {
if (session != null && SslProtocols.TLS_v1_3.equals(session.getProtocol())) {
return new JdkSslEngine(engine) {
@Override
public String getNegotiatedApplicationProtocol() {
@ -91,7 +91,7 @@ final class OpenSslTlsv13X509ExtendedTrustManager extends X509ExtendedTrustManag
@Override
public String getProtocol() {
return SslUtils.PROTOCOL_TLS_V1_2;
return SslProtocols.TLS_v1_2;
}
};
} else {
@ -179,7 +179,7 @@ final class OpenSslTlsv13X509ExtendedTrustManager extends X509ExtendedTrustManag
@Override
public String getProtocol() {
return SslUtils.PROTOCOL_TLS_V1_2;
return SslProtocols.TLS_v1_2;
}
@Override

65
handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslEngine.java
View File

@ -62,13 +62,6 @@ import java.util.Set;
import java.util.concurrent.locks.Lock;
import static io.netty.handler.ssl.OpenSsl.memoryAddress;
import static io.netty.handler.ssl.SslUtils.PROTOCOL_SSL_V2;
import static io.netty.handler.ssl.SslUtils.PROTOCOL_SSL_V2_HELLO;
import static io.netty.handler.ssl.SslUtils.PROTOCOL_SSL_V3;
import static io.netty.handler.ssl.SslUtils.PROTOCOL_TLS_V1;
import static io.netty.handler.ssl.SslUtils.PROTOCOL_TLS_V1_1;
import static io.netty.handler.ssl.SslUtils.PROTOCOL_TLS_V1_2;
import static io.netty.handler.ssl.SslUtils.PROTOCOL_TLS_V1_3;
import static io.netty.handler.ssl.SslUtils.SSL_RECORD_HEADER_LENGTH;
import static io.netty.util.internal.ObjectUtil.checkNotNullArrayParam;
import static io.netty.util.internal.ObjectUtil.checkNotNullWithIAE;
@ -352,7 +345,7 @@ public class ReferenceCountedOpenSslEngine extends SSLEngine implements Referenc
SSL.setMode(ssl, SSL.getMode(ssl) | SSL.SSL_MODE_ENABLE_PARTIAL_WRITE);
}
if (isProtocolEnabled(SSL.getOptions(ssl), SSL.SSL_OP_NO_TLSv1_3, PROTOCOL_TLS_V1_3)) {
if (isProtocolEnabled(SSL.getOptions(ssl), SSL.SSL_OP_NO_TLSv1_3, SslProtocols.TLS_v1_3)) {
final boolean enableTickets = clientMode ?
ReferenceCountedOpenSslContext.CLIENT_ENABLE_SESSION_TICKET_TLSV13 :
ReferenceCountedOpenSslContext.SERVER_ENABLE_SESSION_TICKET_TLSV13;
@ -1359,7 +1352,7 @@ public class ReferenceCountedOpenSslEngine extends SSLEngine implements Referenc
if (!isDestroyed() && SSL.getHandshakeCount(ssl) > 1 &&
// As we may count multiple handshakes when TLSv1.3 is used we should just ignore this here as
// renegotiation is not supported in TLSv1.3 as per spec.
!SslUtils.PROTOCOL_TLS_V1_3.equals(session.getProtocol()) && handshakeState == HandshakeState.FINISHED) {
!SslProtocols.TLS_v1_3.equals(session.getProtocol()) && handshakeState == HandshakeState.FINISHED) {
// TODO: In future versions me may also want to send a fatal_alert to the client and so notify it
// that the renegotiation failed.
shutdown();
@ -1544,7 +1537,7 @@ public class ReferenceCountedOpenSslEngine extends SSLEngine implements Referenc
if (!isDestroyed()) {
enabled = SSL.getCiphers(ssl);
int opts = SSL.getOptions(ssl);
if (isProtocolEnabled(opts, SSL.SSL_OP_NO_TLSv1_3, PROTOCOL_TLS_V1_3)) {
if (isProtocolEnabled(opts, SSL.SSL_OP_NO_TLSv1_3, SslProtocols.TLS_v1_3)) {
extraCiphers = OpenSsl.EXTRA_SUPPORTED_TLS_1_3_CIPHERS;
tls13Enabled = true;
} else {
@ -1606,16 +1599,16 @@ public class ReferenceCountedOpenSslEngine extends SSLEngine implements Referenc
// We have no ciphers that are compatible with none-TLSv1.3, let us explicit disable all other
// protocols.
if (cipherSuiteSpec.isEmpty()) {
protocols.remove(PROTOCOL_TLS_V1);
protocols.remove(PROTOCOL_TLS_V1_1);
protocols.remove(PROTOCOL_TLS_V1_2);
protocols.remove(PROTOCOL_SSL_V3);
protocols.remove(PROTOCOL_SSL_V2);
protocols.remove(PROTOCOL_SSL_V2_HELLO);
protocols.remove(SslProtocols.TLS_v1);
protocols.remove(SslProtocols.TLS_v1_1);
protocols.remove(SslProtocols.TLS_v1_2);
protocols.remove(SslProtocols.SSL_v3);
protocols.remove(SslProtocols.SSL_v2);
protocols.remove(SslProtocols.SSL_v2_HELLO);
}
// We have no ciphers that are compatible with TLSv1.3, let us explicit disable it.
if (cipherSuiteSpecTLSv13.isEmpty()) {
protocols.remove(PROTOCOL_TLS_V1_3);
protocols.remove(SslProtocols.TLS_v1_3);
}
// Update the protocols but not cache the value. We only cache when we call it from the user
// code or when we construct the engine.
@ -1638,7 +1631,7 @@ public class ReferenceCountedOpenSslEngine extends SSLEngine implements Referenc
public final String[] getEnabledProtocols() {
List<String> enabled = new ArrayList<>(6);
// Seems like there is no way to explicit disable SSLv2Hello in openssl so it is always enabled
enabled.add(PROTOCOL_SSL_V2_HELLO);
enabled.add(SslProtocols.SSL_v2_HELLO);
int opts;
synchronized (this) {
@ -1648,23 +1641,23 @@ public class ReferenceCountedOpenSslEngine extends SSLEngine implements Referenc
return enabled.toArray(new String[0]);
}
}
if (isProtocolEnabled(opts, SSL.SSL_OP_NO_TLSv1, PROTOCOL_TLS_V1)) {
enabled.add(PROTOCOL_TLS_V1);
if (isProtocolEnabled(opts, SSL.SSL_OP_NO_TLSv1, SslProtocols.TLS_v1)) {
enabled.add(SslProtocols.TLS_v1);
}
if (isProtocolEnabled(opts, SSL.SSL_OP_NO_TLSv1_1, PROTOCOL_TLS_V1_1)) {
enabled.add(PROTOCOL_TLS_V1_1);
if (isProtocolEnabled(opts, SSL.SSL_OP_NO_TLSv1_1, SslProtocols.TLS_v1_1)) {
enabled.add(SslProtocols.TLS_v1_1);
}
if (isProtocolEnabled(opts, SSL.SSL_OP_NO_TLSv1_2, PROTOCOL_TLS_V1_2)) {
enabled.add(PROTOCOL_TLS_V1_2);
if (isProtocolEnabled(opts, SSL.SSL_OP_NO_TLSv1_2, SslProtocols.TLS_v1_2)) {
enabled.add(SslProtocols.TLS_v1_2);
}
if (isProtocolEnabled(opts, SSL.SSL_OP_NO_TLSv1_3, PROTOCOL_TLS_V1_3)) {
enabled.add(PROTOCOL_TLS_V1_3);
if (isProtocolEnabled(opts, SSL.SSL_OP_NO_TLSv1_3, SslProtocols.TLS_v1_3)) {
enabled.add(SslProtocols.TLS_v1_3);
}
if (isProtocolEnabled(opts, SSL.SSL_OP_NO_SSLv2, PROTOCOL_SSL_V2)) {
enabled.add(PROTOCOL_SSL_V2);
if (isProtocolEnabled(opts, SSL.SSL_OP_NO_SSLv2, SslProtocols.SSL_v2)) {
enabled.add(SslProtocols.SSL_v2);
}
if (isProtocolEnabled(opts, SSL.SSL_OP_NO_SSLv3, PROTOCOL_SSL_V3)) {
enabled.add(PROTOCOL_SSL_V3);
if (isProtocolEnabled(opts, SSL.SSL_OP_NO_SSLv3, SslProtocols.SSL_v3)) {
enabled.add(SslProtocols.SSL_v3);
}
return enabled.toArray(new String[0]);
}
@ -1699,7 +1692,7 @@ public class ReferenceCountedOpenSslEngine extends SSLEngine implements Referenc
throw new IllegalArgumentException("Protocol " + p + " is not supported.");
}
switch (p) {
case PROTOCOL_SSL_V2:
case SslProtocols.SSL_v2:
if (minProtocolIndex > OPENSSL_OP_NO_PROTOCOL_INDEX_SSLV2) {
minProtocolIndex = OPENSSL_OP_NO_PROTOCOL_INDEX_SSLV2;
}
@ -1707,7 +1700,7 @@ public class ReferenceCountedOpenSslEngine extends SSLEngine implements Referenc
maxProtocolIndex = OPENSSL_OP_NO_PROTOCOL_INDEX_SSLV2;
}
break;
case PROTOCOL_SSL_V3:
case SslProtocols.SSL_v3:
if (minProtocolIndex > OPENSSL_OP_NO_PROTOCOL_INDEX_SSLV3) {
minProtocolIndex = OPENSSL_OP_NO_PROTOCOL_INDEX_SSLV3;
}
@ -1715,7 +1708,7 @@ public class ReferenceCountedOpenSslEngine extends SSLEngine implements Referenc
maxProtocolIndex = OPENSSL_OP_NO_PROTOCOL_INDEX_SSLV3;
}
break;
case PROTOCOL_TLS_V1:
case SslProtocols.TLS_v1:
if (minProtocolIndex > OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1) {
minProtocolIndex = OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1;
}
@ -1723,7 +1716,7 @@ public class ReferenceCountedOpenSslEngine extends SSLEngine implements Referenc
maxProtocolIndex = OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1;
}
break;
case PROTOCOL_TLS_V1_1:
case SslProtocols.TLS_v1_1:
if (minProtocolIndex > OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1_1) {
minProtocolIndex = OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1_1;
}
@ -1731,7 +1724,7 @@ public class ReferenceCountedOpenSslEngine extends SSLEngine implements Referenc
maxProtocolIndex = OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1_1;
}
break;
case PROTOCOL_TLS_V1_2:
case SslProtocols.TLS_v1_2:
if (minProtocolIndex > OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1_2) {
minProtocolIndex = OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1_2;
}
@ -1739,7 +1732,7 @@ public class ReferenceCountedOpenSslEngine extends SSLEngine implements Referenc
maxProtocolIndex = OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1_2;
}
break;
case PROTOCOL_TLS_V1_3:
case SslProtocols.TLS_v1_3:
if (minProtocolIndex > OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1_3) {
minProtocolIndex = OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1_3;
}

76
handler/src/main/java/io/netty/handler/ssl/SslProtocols.java Normal file
View File

@ -0,0 +1,76 @@
/*
* Copyright 2021 The Netty Project
*
* The Netty Project licenses this file to you under the Apache License,
* version 2.0 (the "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at:
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations
* under the License.
*/
package io.netty.handler.ssl;
/**
* SSL/TLS protocols
*/
public final class SslProtocols {
/**
* SSL v2 Hello
*
* @deprecated SSLv2Hello is no longer secure. Consider using {@link #TLS_v1_2} or {@link #TLS_v1_3}
*/
@Deprecated
public static final String SSL_v2_HELLO = "SSLv2Hello";
/**
* SSL v2
*
* @deprecated SSLv2 is no longer secure. Consider using {@link #TLS_v1_2} or {@link #TLS_v1_3}
*/
@Deprecated
public static final String SSL_v2 = "SSLv2";
/**
* SSLv3
*
* @deprecated SSLv3 is no longer secure. Consider using {@link #TLS_v1_2} or {@link #TLS_v1_3}
*/
@Deprecated
public static final String SSL_v3 = "SSLv3";
/**
* TLS v1
*
* @deprecated TLSv1 is no longer secure. Consider using {@link #TLS_v1_2} or {@link #TLS_v1_3}
*/
@Deprecated
public static final String TLS_v1 = "TLSv1";
/**
* TLS v1.1
*
* @deprecated TLSv1.1 is no longer secure. Consider using {@link #TLS_v1_2} or {@link #TLS_v1_3}
*/
@Deprecated
public static final String TLS_v1_1 = "TLSv1.1";
/**
* TLS v1.2
*/
public static final String TLS_v1_2 = "TLSv1.2";
/**
* TLS v1.3
*/
public static final String TLS_v1_3 = "TLSv1.3";
private SslProtocols() {
// Prevent outside initialization
}
}

22
handler/src/main/java/io/netty/handler/ssl/SslUtils.java
View File

@ -54,16 +54,12 @@ final class SslUtils {
// See https://tools.ietf.org/html/rfc8446#appendix-B.4
static final Set<String> TLSV13_CIPHERS = Collections.unmodifiableSet(new LinkedHashSet<>(
asList("TLS_AES_256_GCM_SHA384", "TLS_CHACHA20_POLY1305_SHA256",
"TLS_AES_128_GCM_SHA256", "TLS_AES_128_CCM_8_SHA256",
"TLS_AES_128_CCM_SHA256")));
// Protocols
static final String PROTOCOL_SSL_V2_HELLO = "SSLv2Hello";
static final String PROTOCOL_SSL_V2 = "SSLv2";
static final String PROTOCOL_SSL_V3 = "SSLv3";
static final String PROTOCOL_TLS_V1 = "TLSv1";
static final String PROTOCOL_TLS_V1_1 = "TLSv1.1";
static final String PROTOCOL_TLS_V1_2 = "TLSv1.2";
static final String PROTOCOL_TLS_V1_3 = "TLSv1.3";
"TLS_AES_128_GCM_SHA256", "TLS_AES_128_CCM_8_SHA256",
"TLS_AES_128_CCM_SHA256")));
/**
* GMSSL Protocol Version
*/
static final int GMSSL_PROTOCOL_VERSION = 0x101;
static final String INVALID_CIPHER = "SSL_NULL_WITH_NULL_NULL";
@ -157,7 +153,7 @@ final class SslUtils {
private static boolean isTLSv13SupportedByJDK0(Provider provider) {
try {
return arrayContains(newInitContext(provider)
.getSupportedSSLParameters().getProtocols(), PROTOCOL_TLS_V1_3);
.getSupportedSSLParameters().getProtocols(), SslProtocols.TLS_v1_3);
} catch (Throwable cause) {
logger.debug("Unable to detect if JDK SSLEngine with provider {} supports TLSv1.3, assuming no",
provider, cause);
@ -178,7 +174,7 @@ final class SslUtils {
private static boolean isTLSv13EnabledByJDK0(Provider provider) {
try {
return arrayContains(newInitContext(provider)
.getDefaultSSLParameters().getProtocols(), PROTOCOL_TLS_V1_3);
.getDefaultSSLParameters().getProtocols(), SslProtocols.TLS_v1_3);
} catch (Throwable cause) {
logger.debug("Unable to detect if JDK SSLEngine with provider {} enables TLSv1.3 by default," +
" assuming no", provider, cause);
@ -211,7 +207,7 @@ final class SslUtils {
}
private static String getTlsVersion() {
return TLSV1_3_JDK_SUPPORTED ? PROTOCOL_TLS_V1_3 : PROTOCOL_TLS_V1_2;
return TLSV1_3_JDK_SUPPORTED ? SslProtocols.TLS_v1_3 : SslProtocols.TLS_v1_2;
}
static boolean arrayContains(String[] array, String value) {

4
handler/src/test/java/io/netty/handler/ssl/CipherSuiteCanaryTest.java
View File

@ -125,7 +125,7 @@ public class CipherSuiteCanaryTest {
.sslProvider(serverSslProvider)
.ciphers(ciphers)
// As this is not a TLSv1.3 cipher we should ensure we talk something else.
.protocols(SslUtils.PROTOCOL_TLS_V1_2)
.protocols(SslProtocols.TLS_v1_2)
.build();
final ExecutorService executorService = delegate ? Executors.newCachedThreadPool() : null;
@ -135,7 +135,7 @@ public class CipherSuiteCanaryTest {
.sslProvider(clientSslProvider)
.ciphers(ciphers)
// As this is not a TLSv1.3 cipher we should ensure we talk something else.
.protocols(SslUtils.PROTOCOL_TLS_V1_2)
.protocols(SslProtocols.TLS_v1_2)
.trustManager(InsecureTrustManagerFactory.INSTANCE)
.build();

14
handler/src/test/java/io/netty/handler/ssl/CloseNotifyTest.java
View File

@ -37,8 +37,6 @@ import javax.net.ssl.SSLSession;
import static io.netty.buffer.ByteBufUtil.writeAscii;
import static io.netty.buffer.Unpooled.EMPTY_BUFFER;
import static io.netty.handler.codec.ByteToMessageDecoder.MERGE_CUMULATOR;
import static io.netty.handler.ssl.SslUtils.PROTOCOL_TLS_V1_2;
import static io.netty.handler.ssl.SslUtils.PROTOCOL_TLS_V1_3;
import static java.nio.charset.StandardCharsets.US_ASCII;
import static java.util.Arrays.asList;
import static org.hamcrest.MatcherAssert.assertThat;
@ -62,10 +60,10 @@ public class CloseNotifyTest {
static Collection<Object[]> data() {
return asList(new Object[][] {
{ SslProvider.JDK, PROTOCOL_TLS_V1_2 },
{ SslProvider.JDK, PROTOCOL_TLS_V1_3 },
{ SslProvider.OPENSSL, PROTOCOL_TLS_V1_2 },
{ SslProvider.OPENSSL, PROTOCOL_TLS_V1_3 },
{ SslProvider.JDK, SslProtocols.TLS_v1_2 },
{ SslProvider.JDK, SslProtocols.TLS_v1_3 },
{ SslProvider.OPENSSL, SslProtocols.TLS_v1_2 },
{ SslProvider.OPENSSL, SslProtocols.TLS_v1_3 },
});
}
@ -75,7 +73,7 @@ public class CloseNotifyTest {
public void eventsOrder(SslProvider provider, String protocol) throws Exception {
assumeTrue(provider != SslProvider.OPENSSL || OpenSsl.isAvailable(), "OpenSSL is not available");
if (PROTOCOL_TLS_V1_3.equals(protocol)) {
if (SslProtocols.TLS_v1_3.equals(protocol)) {
// Ensure we support TLSv1.3
assumeTrue(SslProvider.isTlsv13Supported(provider));
}
@ -144,7 +142,7 @@ public class CloseNotifyTest {
}
private static boolean jdkTls13(SslProvider provider, String protocol) {
return provider == SslProvider.JDK && PROTOCOL_TLS_V1_3.equals(protocol);
return provider == SslProvider.JDK && SslProtocols.TLS_v1_3.equals(protocol);
}
private static EmbeddedChannel initChannel(SslProvider provider, String protocol, final boolean useClientMode,

2
handler/src/test/java/io/netty/handler/ssl/DelegatingSslContextTest.java
View File

@ -25,7 +25,7 @@ import javax.net.ssl.SSLEngine;
import static org.junit.jupiter.api.Assertions.assertArrayEquals;
public class DelegatingSslContextTest {
private static final String[] EXPECTED_PROTOCOLS = { SslUtils.PROTOCOL_TLS_V1_1 };
private static final String[] EXPECTED_PROTOCOLS = { SslProtocols.TLS_v1_1 };
@Test
public void testInitEngineOnNewEngine() throws Exception {

2
handler/src/test/java/io/netty/handler/ssl/JdkSslEngineTest.java
View File

@ -292,7 +292,7 @@ public class JdkSslEngineTest extends SSLEngineTest {
@Test
public void testEnablingAnAlreadyDisabledSslProtocol() throws Exception {
testEnablingAnAlreadyDisabledSslProtocol(new String[]{}, new String[]{ SslUtils.PROTOCOL_TLS_V1_2 });
testEnablingAnAlreadyDisabledSslProtocol(new String[]{}, new String[]{ SslProtocols.TLS_v1_2 });
}
@Ignore /* Does the JDK support a "max certificate chain length"? */

183
handler/src/test/java/io/netty/handler/ssl/OpenSslEngineTest.java
View File

@ -59,11 +59,6 @@ import java.util.concurrent.ThreadLocalRandom;
import static io.netty.handler.ssl.OpenSslTestUtils.checkShouldUseKeyManagerFactory;
import static io.netty.handler.ssl.ReferenceCountedOpenSslEngine.MAX_PLAINTEXT_LENGTH;
import static io.netty.handler.ssl.SslUtils.PROTOCOL_SSL_V2_HELLO;
import static io.netty.handler.ssl.SslUtils.PROTOCOL_SSL_V3;
import static io.netty.handler.ssl.SslUtils.PROTOCOL_TLS_V1;
import static io.netty.handler.ssl.SslUtils.PROTOCOL_TLS_V1_1;
import static io.netty.handler.ssl.SslUtils.PROTOCOL_TLS_V1_2;
import static io.netty.internal.tcnative.SSL.SSL_CVERIFY_IGNORED;
import static java.lang.Integer.MAX_VALUE;
import static org.junit.Assert.assertArrayEquals;
@ -242,8 +237,8 @@ public class OpenSslEngineTest extends SSLEngineTest {
@Test
public void testEnablingAnAlreadyDisabledSslProtocol() throws Exception {
testEnablingAnAlreadyDisabledSslProtocol(new String[]{PROTOCOL_SSL_V2_HELLO},
new String[]{PROTOCOL_SSL_V2_HELLO, PROTOCOL_TLS_V1_2});
testEnablingAnAlreadyDisabledSslProtocol(new String[]{SslProtocols.SSL_v2_HELLO},
new String[]{SslProtocols.SSL_v2_HELLO, SslProtocols.TLS_v1_2});
}
@Test
public void testWrapBuffersNoWritePendingError() throws Exception {
@ -547,24 +542,24 @@ public class OpenSslEngineTest extends SSLEngineTest {
.sslProvider(sslServerProvider())
.build());
testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "AES128-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "ECDHE-RSA-AES128-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "DES-CBC3-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "AECDH-DES-CBC3-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "CAMELLIA128-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "SEED-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "RC4-MD5");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "AES256-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "ADH-DES-CBC3-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "EDH-RSA-DES-CBC3-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "ADH-RC4-MD5");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "IDEA-CBC-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "RC4-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "CAMELLIA256-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "AECDH-RC4-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "ECDHE-RSA-DES-CBC3-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "ECDHE-RSA-AES256-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "ECDHE-RSA-RC4-SHA");
testWrapWithDifferentSizes(SslProtocols.TLS_v1, "AES128-SHA");
testWrapWithDifferentSizes(SslProtocols.TLS_v1, "ECDHE-RSA-AES128-SHA");
testWrapWithDifferentSizes(SslProtocols.TLS_v1, "DES-CBC3-SHA");
testWrapWithDifferentSizes(SslProtocols.TLS_v1, "AECDH-DES-CBC3-SHA");
testWrapWithDifferentSizes(SslProtocols.TLS_v1, "CAMELLIA128-SHA");
testWrapWithDifferentSizes(SslProtocols.TLS_v1, "SEED-SHA");
testWrapWithDifferentSizes(SslProtocols.TLS_v1, "RC4-MD5");
testWrapWithDifferentSizes(SslProtocols.TLS_v1, "AES256-SHA");
testWrapWithDifferentSizes(SslProtocols.TLS_v1, "ADH-DES-CBC3-SHA");
testWrapWithDifferentSizes(SslProtocols.TLS_v1, "EDH-RSA-DES-CBC3-SHA");
testWrapWithDifferentSizes(SslProtocols.TLS_v1, "ADH-RC4-MD5");
testWrapWithDifferentSizes(SslProtocols.TLS_v1, "IDEA-CBC-SHA");
testWrapWithDifferentSizes(SslProtocols.TLS_v1, "RC4-SHA");
testWrapWithDifferentSizes(SslProtocols.TLS_v1, "CAMELLIA256-SHA");
testWrapWithDifferentSizes(SslProtocols.TLS_v1, "AECDH-RC4-SHA");
testWrapWithDifferentSizes(SslProtocols.TLS_v1, "ECDHE-RSA-DES-CBC3-SHA");
testWrapWithDifferentSizes(SslProtocols.TLS_v1, "ECDHE-RSA-AES256-SHA");
testWrapWithDifferentSizes(SslProtocols.TLS_v1, "ECDHE-RSA-RC4-SHA");
}
@Test
@ -578,21 +573,21 @@ public class OpenSslEngineTest extends SSLEngineTest {
.sslProvider(sslServerProvider())
.build());
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_1, "ECDHE-RSA-AES256-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_1, "AES256-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_1, "CAMELLIA256-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_1, "ECDHE-RSA-AES256-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_1, "SEED-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_1, "CAMELLIA128-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_1, "IDEA-CBC-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_1, "AECDH-RC4-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_1, "ADH-RC4-MD5");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_1, "RC4-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_1, "ECDHE-RSA-DES-CBC3-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_1, "EDH-RSA-DES-CBC3-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_1, "AECDH-DES-CBC3-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_1, "ADH-DES-CBC3-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_1, "DES-CBC3-SHA");
testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "ECDHE-RSA-AES256-SHA");
testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "AES256-SHA");
testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "CAMELLIA256-SHA");
testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "ECDHE-RSA-AES256-SHA");
testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "SEED-SHA");
testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "CAMELLIA128-SHA");
testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "IDEA-CBC-SHA");
testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "AECDH-RC4-SHA");
testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "ADH-RC4-MD5");
testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "RC4-SHA");
testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "ECDHE-RSA-DES-CBC3-SHA");
testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "EDH-RSA-DES-CBC3-SHA");
testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "AECDH-DES-CBC3-SHA");
testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "ADH-DES-CBC3-SHA");
testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "DES-CBC3-SHA");
}
@Test
@ -606,31 +601,31 @@ public class OpenSslEngineTest extends SSLEngineTest {
.sslProvider(sslServerProvider())
.build());
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "AES128-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "ECDHE-RSA-AES128-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "DES-CBC3-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "AES128-GCM-SHA256");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "ECDHE-RSA-AES256-SHA384");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "AECDH-DES-CBC3-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "AES256-GCM-SHA384");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "AES256-SHA256");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "ECDHE-RSA-AES128-GCM-SHA256");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "ECDHE-RSA-AES128-SHA256");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "CAMELLIA128-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "SEED-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "RC4-MD5");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "AES256-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "ADH-DES-CBC3-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "EDH-RSA-DES-CBC3-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "ADH-RC4-MD5");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "RC4-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "CAMELLIA256-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "AES128-SHA256");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "AECDH-RC4-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "ECDHE-RSA-DES-CBC3-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "ECDHE-RSA-AES256-GCM-SHA384");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "ECDHE-RSA-AES256-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "ECDHE-RSA-RC4-SHA");
testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "AES128-SHA");
testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "ECDHE-RSA-AES128-SHA");
testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "DES-CBC3-SHA");
testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "AES128-GCM-SHA256");
testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "ECDHE-RSA-AES256-SHA384");
testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "AECDH-DES-CBC3-SHA");
testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "AES256-GCM-SHA384");
testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "AES256-SHA256");
testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "ECDHE-RSA-AES128-GCM-SHA256");
testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "ECDHE-RSA-AES128-SHA256");
testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "CAMELLIA128-SHA");
testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "SEED-SHA");
testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "RC4-MD5");
testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "AES256-SHA");
testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "ADH-DES-CBC3-SHA");
testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "EDH-RSA-DES-CBC3-SHA");
testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "ADH-RC4-MD5");
testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "RC4-SHA");
testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "CAMELLIA256-SHA");
testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "AES128-SHA256");
testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "AECDH-RC4-SHA");
testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "ECDHE-RSA-DES-CBC3-SHA");
testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "ECDHE-RSA-AES256-GCM-SHA384");
testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "ECDHE-RSA-AES256-SHA");
testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "ECDHE-RSA-RC4-SHA");
}
@Test
@ -644,31 +639,31 @@ public class OpenSslEngineTest extends SSLEngineTest {
.sslProvider(sslServerProvider())
.build());
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "ADH-AES128-SHA");
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "ADH-CAMELLIA128-SHA");
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "AECDH-AES128-SHA");
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "AECDH-DES-CBC3-SHA");
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "CAMELLIA128-SHA");
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "DHE-RSA-AES256-SHA");
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "SEED-SHA");
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "RC4-MD5");
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "ADH-AES256-SHA");
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "ADH-SEED-SHA");
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "ADH-DES-CBC3-SHA");
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "EDH-RSA-DES-CBC3-SHA");
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "ADH-RC4-MD5");
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "IDEA-CBC-SHA");
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "DHE-RSA-AES128-SHA");
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "RC4-SHA");
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "CAMELLIA256-SHA");
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "AECDH-RC4-SHA");
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "DHE-RSA-SEED-SHA");
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "AECDH-AES256-SHA");
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "ECDHE-RSA-DES-CBC3-SHA");
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "ADH-CAMELLIA256-SHA");
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "DHE-RSA-CAMELLIA256-SHA");
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "DHE-RSA-CAMELLIA128-SHA");
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "ECDHE-RSA-RC4-SHA");
testWrapWithDifferentSizes(SslProtocols.SSL_v3, "ADH-AES128-SHA");
testWrapWithDifferentSizes(SslProtocols.SSL_v3, "ADH-CAMELLIA128-SHA");
testWrapWithDifferentSizes(SslProtocols.SSL_v3, "AECDH-AES128-SHA");
testWrapWithDifferentSizes(SslProtocols.SSL_v3, "AECDH-DES-CBC3-SHA");
testWrapWithDifferentSizes(SslProtocols.SSL_v3, "CAMELLIA128-SHA");
testWrapWithDifferentSizes(SslProtocols.SSL_v3, "DHE-RSA-AES256-SHA");
testWrapWithDifferentSizes(SslProtocols.SSL_v3, "SEED-SHA");
testWrapWithDifferentSizes(SslProtocols.SSL_v3, "RC4-MD5");
testWrapWithDifferentSizes(SslProtocols.SSL_v3, "ADH-AES256-SHA");
testWrapWithDifferentSizes(SslProtocols.SSL_v3, "ADH-SEED-SHA");
testWrapWithDifferentSizes(SslProtocols.SSL_v3, "ADH-DES-CBC3-SHA");
testWrapWithDifferentSizes(SslProtocols.SSL_v3, "EDH-RSA-DES-CBC3-SHA");
testWrapWithDifferentSizes(SslProtocols.SSL_v3, "ADH-RC4-MD5");
testWrapWithDifferentSizes(SslProtocols.SSL_v3, "IDEA-CBC-SHA");
testWrapWithDifferentSizes(SslProtocols.SSL_v3, "DHE-RSA-AES128-SHA");
testWrapWithDifferentSizes(SslProtocols.SSL_v3, "RC4-SHA");
testWrapWithDifferentSizes(SslProtocols.SSL_v3, "CAMELLIA256-SHA");
testWrapWithDifferentSizes(SslProtocols.SSL_v3, "AECDH-RC4-SHA");
testWrapWithDifferentSizes(SslProtocols.SSL_v3, "DHE-RSA-SEED-SHA");
testWrapWithDifferentSizes(SslProtocols.SSL_v3, "AECDH-AES256-SHA");
testWrapWithDifferentSizes(SslProtocols.SSL_v3, "ECDHE-RSA-DES-CBC3-SHA");
testWrapWithDifferentSizes(SslProtocols.SSL_v3, "ADH-CAMELLIA256-SHA");
testWrapWithDifferentSizes(SslProtocols.SSL_v3, "DHE-RSA-CAMELLIA256-SHA");
testWrapWithDifferentSizes(SslProtocols.SSL_v3, "DHE-RSA-CAMELLIA128-SHA");
testWrapWithDifferentSizes(SslProtocols.SSL_v3, "ECDHE-RSA-RC4-SHA");
}
@Test
@ -1393,22 +1388,22 @@ public class OpenSslEngineTest extends SSLEngineTest {
@Test
public void testDefaultTLS1NotAcceptedByDefaultServer() throws Exception {
testDefaultTLS1NotAcceptedByDefault(null, PROTOCOL_TLS_V1);
testDefaultTLS1NotAcceptedByDefault(null, SslProtocols.TLS_v1);
}
@Test
public void testDefaultTLS11NotAcceptedByDefaultServer() throws Exception {
testDefaultTLS1NotAcceptedByDefault(null, PROTOCOL_TLS_V1_1);
testDefaultTLS1NotAcceptedByDefault(null, SslProtocols.TLS_v1_1);
}
@Test
public void testDefaultTLS1NotAcceptedByDefaultClient() throws Exception {
testDefaultTLS1NotAcceptedByDefault(PROTOCOL_TLS_V1, null);
testDefaultTLS1NotAcceptedByDefault(SslProtocols.TLS_v1, null);
}
@Test
public void testDefaultTLS11NotAcceptedByDefaultClient() throws Exception {
testDefaultTLS1NotAcceptedByDefault(PROTOCOL_TLS_V1_1, null);
testDefaultTLS1NotAcceptedByDefault(SslProtocols.TLS_v1_1, null);
}
private void testDefaultTLS1NotAcceptedByDefault(String clientProtocol, String serverProtocol) throws Exception {

18
handler/src/test/java/io/netty/handler/ssl/OpenSslPrivateKeyMethodTest.java
View File

@ -112,10 +112,10 @@ public class OpenSslPrivateKeyMethodTest {
if (provider == SslProvider.JDK) {
SSLEngine engine = SSLContext.getDefault().createSSLEngine();
for (String c: engine.getSupportedCipherSuites()) {
if (RFC_CIPHER_NAME.equals(c)) {
cipherSupported = true;
break;
}
if (RFC_CIPHER_NAME.equals(c)) {
cipherSupported = true;
break;
}
}
} else {
cipherSupported = OpenSsl.isCipherSuiteAvailable(RFC_CIPHER_NAME);
@ -136,11 +136,11 @@ public class OpenSslPrivateKeyMethodTest {
final KeyManagerFactory kmf = OpenSslX509KeyManagerFactory.newKeyless(CERT.cert());
return SslContextBuilder.forServer(kmf)
return SslContextBuilder.forServer(kmf)
.sslProvider(SslProvider.OPENSSL)
.ciphers(ciphers)
// As this is not a TLSv1.3 cipher we should ensure we talk something else.
.protocols(SslUtils.PROTOCOL_TLS_V1_2)
.protocols(SslProtocols.TLS_v1_2)
.option(OpenSslContextOption.PRIVATE_KEY_METHOD, method)
.build();
}
@ -150,13 +150,13 @@ public class OpenSslPrivateKeyMethodTest {
.sslProvider(SslProvider.JDK)
.ciphers(Collections.singletonList(RFC_CIPHER_NAME))
// As this is not a TLSv1.3 cipher we should ensure we talk something else.
.protocols(SslUtils.PROTOCOL_TLS_V1_2)
.protocols(SslProtocols.TLS_v1_2)
.trustManager(InsecureTrustManagerFactory.INSTANCE)
.build();
}
private static Executor delegateExecutor(boolean delegate) {
return delegate ? EXECUTOR : null;
return delegate ? EXECUTOR : null;
}
private static void assertThread(boolean delegate) {
@ -277,7 +277,7 @@ public class OpenSslPrivateKeyMethodTest {
Channel client = client(server, clientHandler);
try {
client.writeAndFlush(Unpooled.wrappedBuffer(new byte[] {'P', 'I', 'N', 'G'}))
.syncUninterruptibly();
.syncUninterruptibly();
assertTrue(clientPromise.await(5L, TimeUnit.SECONDS), "client timeout");
assertTrue(serverPromise.await(5L, TimeUnit.SECONDS), "server timeout");

1
handler/src/test/java/io/netty/handler/ssl/OpenSslServerContextTest.java
View File

@ -13,7 +13,6 @@
* License for the specific language governing permissions and limitations
* under the License.
*/
package io.netty.handler.ssl;
import org.junit.BeforeClass;

4
handler/src/test/java/io/netty/handler/ssl/ParameterizedSslHandlerTest.java
View File

@ -401,7 +401,7 @@ public class ParameterizedSslHandlerTest {
// Use TLSv1.2 as we depend on the fact that the handshake
// is done in an extra round trip in the test which
// is not true in TLSv1.3
.protocols(SslUtils.PROTOCOL_TLS_V1_2)
.protocols(SslProtocols.TLS_v1_2)
.build();
final SslContext sslClientCtx = SslContextBuilder.forClient()
@ -410,7 +410,7 @@ public class ParameterizedSslHandlerTest {
// Use TLSv1.2 as we depend on the fact that the handshake
// is done in an extra round trip in the test which
// is not true in TLSv1.3
.protocols(SslUtils.PROTOCOL_TLS_V1_2)
.protocols(SslProtocols.TLS_v1_2)
.build();
EventLoopGroup group = new MultithreadEventLoopGroup(NioHandler.newFactory());

4
handler/src/test/java/io/netty/handler/ssl/RenegotiateTest.java
View File

@ -50,7 +50,7 @@ public abstract class RenegotiateTest {
try {
final SslContext context = SslContextBuilder.forServer(cert.key(), cert.cert())
.sslProvider(serverSslProvider())
.protocols(SslUtils.PROTOCOL_TLS_V1_2)
.protocols(SslProtocols.TLS_v1_2)
.build();
ServerBootstrap sb = new ServerBootstrap();
@ -103,7 +103,7 @@ public abstract class RenegotiateTest {
final SslContext clientContext = SslContextBuilder.forClient()
.trustManager(InsecureTrustManagerFactory.INSTANCE)
.sslProvider(SslProvider.JDK)
.protocols(SslUtils.PROTOCOL_TLS_V1_2)
.protocols(SslProtocols.TLS_v1_2)
.build();
Bootstrap bootstrap = new Bootstrap();

50
handler/src/test/java/io/netty/handler/ssl/SSLEngineTest.java
View File

@ -124,13 +124,6 @@ import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.TimeUnit;
import static io.netty.handler.ssl.SslUtils.PROTOCOL_SSL_V2;
import static io.netty.handler.ssl.SslUtils.PROTOCOL_SSL_V2_HELLO;
import static io.netty.handler.ssl.SslUtils.PROTOCOL_SSL_V3;
import static io.netty.handler.ssl.SslUtils.PROTOCOL_TLS_V1;
import static io.netty.handler.ssl.SslUtils.PROTOCOL_TLS_V1_1;
import static io.netty.handler.ssl.SslUtils.PROTOCOL_TLS_V1_2;
import static io.netty.handler.ssl.SslUtils.PROTOCOL_TLS_V1_3;
import static io.netty.handler.ssl.SslUtils.SSL_RECORD_HEADER_LENGTH;
import static org.junit.Assert.assertArrayEquals;
@ -195,9 +188,9 @@ public abstract class SSLEngineTest {
static final class ProtocolCipherCombo {
private static final ProtocolCipherCombo TLSV12 = new ProtocolCipherCombo(
PROTOCOL_TLS_V1_2, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256");
SslProtocols.TLS_v1_2, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256");
private static final ProtocolCipherCombo TLSV13 = new ProtocolCipherCombo(
PROTOCOL_TLS_V1_3, "TLS_AES_128_GCM_SHA256");
SslProtocols.TLS_v1_3, "TLS_AES_128_GCM_SHA256");
final String protocol;
final String cipher;
@ -543,13 +536,13 @@ public abstract class SSLEngineTest {
// due to no shared/supported cipher.
clientSslCtx = wrapContext(SslContextBuilder.forClient()
.trustManager(InsecureTrustManagerFactory.INSTANCE)
.protocols(PROTOCOL_TLS_V1_3, PROTOCOL_TLS_V1_2, PROTOCOL_TLS_V1)
.protocols(SslProtocols.TLS_v1_3, SslProtocols.TLS_v1_2, SslProtocols.TLS_v1)
.sslContextProvider(clientSslContextProvider())
.sslProvider(sslClientProvider())
.build());
serverSslCtx = wrapContext(SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
.protocols(PROTOCOL_TLS_V1_3, PROTOCOL_TLS_V1_2, PROTOCOL_TLS_V1)
.protocols(SslProtocols.TLS_v1_3, SslProtocols.TLS_v1_2, SslProtocols.TLS_v1)
.sslContextProvider(serverSslContextProvider())
.sslProvider(sslServerProvider())
.build());
@ -1524,7 +1517,7 @@ public abstract class SSLEngineTest {
assertArrayEquals(protocols1, enabledProtocols);
// Enable a protocol that is currently disabled
sslEngine.setEnabledProtocols(new String[]{ PROTOCOL_TLS_V1_2 });
sslEngine.setEnabledProtocols(new String[]{ SslProtocols.TLS_v1_2 });
// The protocol that was just enabled should be returned
enabledProtocols = sslEngine.getEnabledProtocols();
@ -1595,7 +1588,7 @@ public abstract class SSLEngineTest {
if (!clientHandshakeFinished ||
// After the handshake completes it is possible we have more data that was send by the server as
// the server will send session updates after the handshake. In this case continue to unwrap.
SslUtils.PROTOCOL_TLS_V1_3.equals(clientEngine.getSession().getProtocol())) {
SslProtocols.TLS_v1_3.equals(clientEngine.getSession().getProtocol())) {
int clientAppReadBufferPos = clientAppReadBuffer.position();
clientResult = clientEngine.unwrap(sTOc, clientAppReadBuffer);
@ -1711,7 +1704,7 @@ public abstract class SSLEngineTest {
if (serverApn.protocol() == Protocol.NPN || serverApn.protocol() == Protocol.NPN_AND_ALPN) {
// NPN is not really well supported with TLSv1.3 so force to use TLSv1.2
// See https://github.com/openssl/openssl/issues/3665
serverCtxBuilder.protocols(PROTOCOL_TLS_V1_2);
serverCtxBuilder.protocols(SslProtocols.TLS_v1_2);
}
SslContextBuilder clientCtxBuilder = SslContextBuilder.forClient()
@ -1726,7 +1719,7 @@ public abstract class SSLEngineTest {
if (clientApn.protocol() == Protocol.NPN || clientApn.protocol() == Protocol.NPN_AND_ALPN) {
// NPN is not really well supported with TLSv1.3 so force to use TLSv1.2
// See https://github.com/openssl/openssl/issues/3665
clientCtxBuilder.protocols(PROTOCOL_TLS_V1_2);
clientCtxBuilder.protocols(SslProtocols.TLS_v1_2);
}
setupHandlers(wrapContext(serverCtxBuilder.build()), wrapContext(clientCtxBuilder.build()));
@ -2056,9 +2049,9 @@ public abstract class SSLEngineTest {
if (provider != null) {
// conscrypt not correctly filters out TLSv1 and TLSv1.1 which is required now by the JDK.
// https://github.com/google/conscrypt/issues/1013
return new String[] { PROTOCOL_TLS_V1_2 };
return new String[] { SslProtocols.TLS_v1_2 };
}
return new String[] {PROTOCOL_TLS_V1_2, PROTOCOL_TLS_V1};
return new String[] {SslProtocols.TLS_v1_2, SslProtocols.TLS_v1};
}
@Test
@ -2346,7 +2339,7 @@ public abstract class SSLEngineTest {
.sslContextProvider(clientSslContextProvider())
.sslProvider(sslClientProvider())
// This test only works for non TLSv1.3 for now
.protocols(PROTOCOL_TLS_V1_2)
.protocols(SslProtocols.TLS_v1_2)
.build());
SSLEngine client = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
@ -2355,7 +2348,7 @@ public abstract class SSLEngineTest {
.sslContextProvider(serverSslContextProvider())
.sslProvider(sslServerProvider())
// This test only works for non TLSv1.3 for now
.protocols(PROTOCOL_TLS_V1_2)
.protocols(SslProtocols.TLS_v1_2)
.build());
SSLEngine server = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
@ -2816,12 +2809,13 @@ public abstract class SSLEngineTest {
@Test
public void testDisableProtocols() throws Exception {
testDisableProtocols(PROTOCOL_SSL_V2, PROTOCOL_SSL_V2);
testDisableProtocols(PROTOCOL_SSL_V3, PROTOCOL_SSL_V2, PROTOCOL_SSL_V3);
testDisableProtocols(PROTOCOL_TLS_V1, PROTOCOL_SSL_V2, PROTOCOL_SSL_V3, PROTOCOL_TLS_V1);
testDisableProtocols(PROTOCOL_TLS_V1_1, PROTOCOL_SSL_V2, PROTOCOL_SSL_V3, PROTOCOL_TLS_V1, PROTOCOL_TLS_V1_1);
testDisableProtocols(PROTOCOL_TLS_V1_2, PROTOCOL_SSL_V2,
PROTOCOL_SSL_V3, PROTOCOL_TLS_V1, PROTOCOL_TLS_V1_1, PROTOCOL_TLS_V1_2);
testDisableProtocols(SslProtocols.SSL_v2, SslProtocols.SSL_v2);
testDisableProtocols(SslProtocols.SSL_v3, SslProtocols.SSL_v2, SslProtocols.SSL_v3);
testDisableProtocols(SslProtocols.TLS_v1, SslProtocols.SSL_v2, SslProtocols.SSL_v3, SslProtocols.TLS_v1);
testDisableProtocols(SslProtocols.TLS_v1_1, SslProtocols.SSL_v2, SslProtocols.SSL_v3, SslProtocols.TLS_v1,
SslProtocols.TLS_v1_1);
testDisableProtocols(SslProtocols.TLS_v1_2, SslProtocols.SSL_v2,
SslProtocols.SSL_v3, SslProtocols.TLS_v1, SslProtocols.TLS_v1_1, SslProtocols.TLS_v1_2);
}
private void testDisableProtocols(String protocol, String... disabledProtocols) throws Exception {
@ -2845,7 +2839,7 @@ public abstract class SSLEngineTest {
for (String disabled : disabledProtocols) {
supported.remove(disabled);
}
if (supported.contains(PROTOCOL_SSL_V2_HELLO) && supported.size() == 1) {
if (supported.contains(SslProtocols.SSL_v2_HELLO) && supported.size() == 1) {
// It's not allowed to set only PROTOCOL_SSL_V2_HELLO if using JDK SSLEngine.
return;
}
@ -4024,9 +4018,9 @@ public abstract class SSLEngineTest {
}
assertEquals(SslProvider.isTlsv13EnabledByDefault(sslClientProvider(), clientSslContextProvider()),
SslUtils.arrayContains(clientProtocols, PROTOCOL_TLS_V1_3));
SslUtils.arrayContains(clientProtocols, SslProtocols.TLS_v1_3));
assertEquals(SslProvider.isTlsv13EnabledByDefault(sslServerProvider(), serverSslContextProvider()),
SslUtils.arrayContains(serverProtocols, PROTOCOL_TLS_V1_3));
SslUtils.arrayContains(serverProtocols, SslProtocols.TLS_v1_3));
}
protected SSLEngine wrapEngine(SSLEngine engine) {

2
handler/src/test/java/io/netty/handler/ssl/SniHandlerTest.java
View File

@ -608,7 +608,7 @@ public class SniHandlerTest {
* This is a {@link SslHandler} that will call {@code release()} on the {@link SslContext} when
* the client disconnects.
*
* @see SniHandlerTest#testReplaceHandler()
* @see SniHandlerTest#testReplaceHandler(SslProvider)
*/
private static class CustomSslHandler extends SslHandler {
private final SslContext sslContext;

26
handler/src/test/java/io/netty/handler/ssl/SslHandlerTest.java
View File

@ -830,7 +830,7 @@ public class SslHandlerTest {
@Timeout(value = 10000, unit = TimeUnit.MILLISECONDS)
public void testHandshakeFailedByWriteBeforeChannelActive() throws Exception {
final SslContext sslClientCtx = SslContextBuilder.forClient()
.protocols(SslUtils.PROTOCOL_SSL_V3)
.protocols(SslProtocols.SSL_v3)
.trustManager(InsecureTrustManagerFactory.INSTANCE)
.sslProvider(SslProvider.JDK).build();
@ -1122,27 +1122,27 @@ public class SslHandlerTest {
@Test
@Timeout(value = 5000, unit = TimeUnit.MILLISECONDS)
public void testSessionTicketsWithTLSv12() throws Throwable {
testSessionTickets(SslProvider.OPENSSL, SslUtils.PROTOCOL_TLS_V1_2, true);
testSessionTickets(SslProvider.OPENSSL, SslProtocols.TLS_v1_2, true);
}
@Test
@Timeout(value = 5000, unit = TimeUnit.MILLISECONDS)
public void testSessionTicketsWithTLSv13() throws Throwable {
assumeTrue(SslProvider.isTlsv13Supported(SslProvider.OPENSSL));
testSessionTickets(SslProvider.OPENSSL, SslUtils.PROTOCOL_TLS_V1_3, true);
testSessionTickets(SslProvider.OPENSSL, SslProtocols.TLS_v1_3, true);
}
@Test
@Timeout(value = 5000, unit = TimeUnit.MILLISECONDS)
public void testSessionTicketsWithTLSv12AndNoKey() throws Throwable {
testSessionTickets(SslProvider.OPENSSL, SslUtils.PROTOCOL_TLS_V1_2, false);
testSessionTickets(SslProvider.OPENSSL, SslProtocols.TLS_v1_2, false);
}
@Test
@Timeout(value = 5000, unit = TimeUnit.MILLISECONDS)
public void testSessionTicketsWithTLSv13AndNoKey() throws Throwable {
assumeTrue(SslProvider.isTlsv13Supported(SslProvider.OPENSSL));
testSessionTickets(SslProvider.OPENSSL, SslUtils.PROTOCOL_TLS_V1_3, false);
testSessionTickets(SslProvider.OPENSSL, SslProtocols.TLS_v1_3, false);
}
private static void testSessionTickets(SslProvider provider, String protocol, boolean withKey) throws Throwable {
@ -1200,7 +1200,7 @@ public class SslHandlerTest {
// This test only works for non TLSv1.3 as TLSv1.3 will establish sessions after
// the handshake is done.
// See https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_sess_set_get_cb.html
if (!SslUtils.PROTOCOL_TLS_V1_3.equals(engine.getSession().getProtocol())) {
if (!SslProtocols.TLS_v1_3.equals(engine.getSession().getProtocol())) {
// First should not re-use the session
try {
assertEquals(handshakeCount > 1, engine.isSessionReused());
@ -1274,7 +1274,7 @@ public class SslHandlerTest {
// This test only works for non TLSv1.3 as TLSv1.3 will establish sessions after
// the handshake is done.
// See https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_sess_set_get_cb.html
if (!SslUtils.PROTOCOL_TLS_V1_3.equals(engine.getSession().getProtocol())) {
if (!SslProtocols.TLS_v1_3.equals(engine.getSession().getProtocol())) {
assertEquals(isReused, engine.isSessionReused());
}
Object obj = queue.take();
@ -1447,11 +1447,11 @@ public class SslHandlerTest {
if (tls13) {
clientCipher = "TLS_AES_128_GCM_SHA256";
serverCipher = "TLS_AES_256_GCM_SHA384";
protocol = SslUtils.PROTOCOL_TLS_V1_3;
protocol = SslProtocols.TLS_v1_3;
} else {
clientCipher = "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256";
serverCipher = "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384";
protocol = SslUtils.PROTOCOL_TLS_V1_2;
protocol = SslProtocols.TLS_v1_2;
}
final SslContext sslClientCtx = SslContextBuilder.forClient()
.trustManager(InsecureTrustManagerFactory.INSTANCE)
@ -1541,26 +1541,26 @@ public class SslHandlerTest {
@Test
public void testHandshakeEventsTls12JDK() throws Exception {
testHandshakeEvents(SslProvider.JDK, SslUtils.PROTOCOL_TLS_V1_2);
testHandshakeEvents(SslProvider.JDK, SslProtocols.TLS_v1_2);
}
@Test
public void testHandshakeEventsTls12Openssl() throws Exception {
OpenSsl.ensureAvailability();
testHandshakeEvents(SslProvider.OPENSSL, SslUtils.PROTOCOL_TLS_V1_2);
testHandshakeEvents(SslProvider.OPENSSL, SslProtocols.TLS_v1_2);
}
@Test
public void testHandshakeEventsTls13JDK() throws Exception {
assumeTrue(SslProvider.isTlsv13Supported(SslProvider.JDK));
testHandshakeEvents(SslProvider.JDK, SslUtils.PROTOCOL_TLS_V1_3);
testHandshakeEvents(SslProvider.JDK, SslProtocols.TLS_v1_3);
}
@Test
public void testHandshakeEventsTls13Openssl() throws Exception {
OpenSsl.ensureAvailability();
assumeTrue(SslProvider.isTlsv13Supported(SslProvider.OPENSSL));
testHandshakeEvents(SslProvider.OPENSSL, SslUtils.PROTOCOL_TLS_V1_3);
testHandshakeEvents(SslProvider.OPENSSL, SslProtocols.TLS_v1_3);
}
private void testHandshakeEvents(SslProvider provider, String protocol) throws Exception {