Fixed default OpenSsl cipher suites

Motivation: The default enabled cipher suites of the OpenSsl engine are not set to SslUtils#DEFAULT_CIPHER_SUITES. Instead all available cipher suites are enabled. This should happen only as a fallback. Modifications: Moved the line in the static initializer in OpenSsl which adds the SslUtils#DEFAULT_CIPHER_SUITES to the default enabled cipher suites up before the fallback. Result: The default enabled cipher suites of the OpenSsl engine are set to the available ones of the SslUtils#DEFAULT_CIPHER_SUITES. The default enabled cipher suites of the OpenSsl engine are only set to all available cipher suites if no one of the SslUtils#DEFAULT_CIPHER_SUITES is supported.
2017-11-28 12:04:38 +01:00 · 2017-11-28 12:04:38 +01:00 · 3c8f4b81d7
commit 3c8f4b81d7
parent e8540c2b7a
2 changed files with 29 additions and 1 deletions
--- a/handler/src/main/java/io/netty/handler/ssl/OpenSsl.java
+++ b/handler/src/main/java/io/netty/handler/ssl/OpenSsl.java
@ -189,9 +189,9 @@ public final class OpenSsl {
                availableJavaCipherSuites.add(CipherSuiteConverter.toJava(cipher, "SSL"));
            }

+            addIfSupported(availableJavaCipherSuites, defaultCiphers, DEFAULT_CIPHER_SUITES);
            useFallbackCiphersIfDefaultIsEmpty(defaultCiphers, availableJavaCipherSuites);
            DEFAULT_CIPHERS = Collections.unmodifiableList(defaultCiphers);
-            addIfSupported(availableJavaCipherSuites, defaultCiphers, DEFAULT_CIPHER_SUITES);

            AVAILABLE_JAVA_CIPHER_SUITES = Collections.unmodifiableSet(availableJavaCipherSuites);

--- a/handler/src/test/java/io/netty/handler/ssl/OpenSslTest.java
+++ b/handler/src/test/java/io/netty/handler/ssl/OpenSslTest.java
@ -0,0 +1,28 @@
+/*
+ * Copyright 2017 The Netty Project
+ *
+ * The Netty Project licenses this file to you under the Apache License,
+ * version 2.0 (the "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at:
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+package io.netty.handler.ssl;
+
+import org.junit.Assert;
+import org.junit.Test;
+
+public class OpenSslTest {
+
+    @Test
+    public void testDefaultCiphers() {
+        Assert.assertTrue(
+                OpenSsl.DEFAULT_CIPHERS.size() <= SslUtils.DEFAULT_CIPHER_SUITES.length);
+    }
+}