Fixed default OpenSsl cipher suites
Motivation: The default enabled cipher suites of the OpenSsl engine are not set to SslUtils#DEFAULT_CIPHER_SUITES. Instead all available cipher suites are enabled. This should happen only as a fallback. Modifications: Moved the line in the static initializer in OpenSsl which adds the SslUtils#DEFAULT_CIPHER_SUITES to the default enabled cipher suites up before the fallback. Result: The default enabled cipher suites of the OpenSsl engine are set to the available ones of the SslUtils#DEFAULT_CIPHER_SUITES. The default enabled cipher suites of the OpenSsl engine are only set to all available cipher suites if no one of the SslUtils#DEFAULT_CIPHER_SUITES is supported.
This commit is contained in:
parent
e8540c2b7a
commit
3c8f4b81d7
@ -189,9 +189,9 @@ public final class OpenSsl {
|
|||||||
availableJavaCipherSuites.add(CipherSuiteConverter.toJava(cipher, "SSL"));
|
availableJavaCipherSuites.add(CipherSuiteConverter.toJava(cipher, "SSL"));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
addIfSupported(availableJavaCipherSuites, defaultCiphers, DEFAULT_CIPHER_SUITES);
|
||||||
useFallbackCiphersIfDefaultIsEmpty(defaultCiphers, availableJavaCipherSuites);
|
useFallbackCiphersIfDefaultIsEmpty(defaultCiphers, availableJavaCipherSuites);
|
||||||
DEFAULT_CIPHERS = Collections.unmodifiableList(defaultCiphers);
|
DEFAULT_CIPHERS = Collections.unmodifiableList(defaultCiphers);
|
||||||
addIfSupported(availableJavaCipherSuites, defaultCiphers, DEFAULT_CIPHER_SUITES);
|
|
||||||
|
|
||||||
AVAILABLE_JAVA_CIPHER_SUITES = Collections.unmodifiableSet(availableJavaCipherSuites);
|
AVAILABLE_JAVA_CIPHER_SUITES = Collections.unmodifiableSet(availableJavaCipherSuites);
|
||||||
|
|
||||||
|
28
handler/src/test/java/io/netty/handler/ssl/OpenSslTest.java
Normal file
28
handler/src/test/java/io/netty/handler/ssl/OpenSslTest.java
Normal file
@ -0,0 +1,28 @@
|
|||||||
|
/*
|
||||||
|
* Copyright 2017 The Netty Project
|
||||||
|
*
|
||||||
|
* The Netty Project licenses this file to you under the Apache License,
|
||||||
|
* version 2.0 (the "License"); you may not use this file except in compliance
|
||||||
|
* with the License. You may obtain a copy of the License at:
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
* License for the specific language governing permissions and limitations
|
||||||
|
* under the License.
|
||||||
|
*/
|
||||||
|
package io.netty.handler.ssl;
|
||||||
|
|
||||||
|
import org.junit.Assert;
|
||||||
|
import org.junit.Test;
|
||||||
|
|
||||||
|
public class OpenSslTest {
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testDefaultCiphers() {
|
||||||
|
Assert.assertTrue(
|
||||||
|
OpenSsl.DEFAULT_CIPHERS.size() <= SslUtils.DEFAULT_CIPHER_SUITES.length);
|
||||||
|
}
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user