Enable Tlsv1.3 when using BouncyCastle ALPN support (#11193)
Motivation: In the latest version of BouncyCastle, BCJSSE:'TLSv1.3' is now a supported protocol for both client and server. So should consider enabling TLSv1.3 when TLSv1.3 is available Modification: This pr is to enable TLSv1.3 when using BouncyCastle ALPN support, please review this pr,thanks Result: Enable TLSv1.3 when using BouncyCastle ALPN support Signed-off-by: xingrufei <xingrufei@sogou-inc.com> Co-authored-by: xingrufei <xingrufei@sogou-inc.com>
This commit is contained in:
parent
183559ddb6
commit
a98c60283b
@ -16,8 +16,6 @@
|
||||
package io.netty.handler.ssl;
|
||||
|
||||
import io.netty.util.internal.SuppressJava6Requirement;
|
||||
import io.netty.util.internal.logging.InternalLogger;
|
||||
import io.netty.util.internal.logging.InternalLoggerFactory;
|
||||
|
||||
import javax.net.ssl.SSLEngine;
|
||||
import java.util.List;
|
||||
@ -27,8 +25,6 @@ import java.util.function.BiFunction;
|
||||
@SuppressJava6Requirement(reason = "Usage guarded by java version check")
|
||||
final class BouncyCastleAlpnSslEngine extends JdkAlpnSslEngine {
|
||||
|
||||
private static final InternalLogger logger = InternalLoggerFactory.getInstance(BouncyCastleAlpnSslEngine.class);
|
||||
|
||||
BouncyCastleAlpnSslEngine(SSLEngine engine,
|
||||
@SuppressWarnings("deprecation") JdkApplicationProtocolNegotiator applicationNegotiator,
|
||||
boolean isServer) {
|
||||
|
@ -25,7 +25,6 @@ import javax.net.ssl.SSLContext;
|
||||
import javax.net.ssl.SSLEngine;
|
||||
import javax.net.ssl.SSLParameters;
|
||||
import java.lang.reflect.InvocationHandler;
|
||||
import java.lang.reflect.InvocationTargetException;
|
||||
import java.lang.reflect.Method;
|
||||
import java.lang.reflect.Proxy;
|
||||
import java.security.AccessController;
|
||||
@ -33,6 +32,8 @@ import java.security.PrivilegedExceptionAction;
|
||||
import java.util.List;
|
||||
import java.util.function.BiFunction;
|
||||
|
||||
import static io.netty.handler.ssl.SslUtils.getSSLContext;
|
||||
|
||||
@SuppressJava6Requirement(reason = "Usage guarded by java version check")
|
||||
final class BouncyCastleAlpnSslUtils {
|
||||
private static final InternalLogger logger = InternalLoggerFactory.getInstance(BouncyCastleAlpnSslUtils.class);
|
||||
@ -79,8 +80,7 @@ final class BouncyCastleAlpnSslUtils {
|
||||
}
|
||||
});
|
||||
|
||||
SSLContext context = SSLContext.getInstance("TLSV1.2", "BCJSSE");
|
||||
context.init(null, null, null);
|
||||
SSLContext context = getSSLContext("BCJSSE");
|
||||
SSLEngine engine = context.createSSLEngine();
|
||||
setParameters = AccessController.doPrivileged(new PrivilegedExceptionAction<Method>() {
|
||||
@Override
|
||||
|
@ -23,6 +23,7 @@ import io.netty.handler.codec.base64.Base64;
|
||||
import io.netty.handler.codec.base64.Base64Dialect;
|
||||
import io.netty.util.NetUtil;
|
||||
import io.netty.util.internal.EmptyArrays;
|
||||
import io.netty.util.internal.StringUtil;
|
||||
import io.netty.util.internal.logging.InternalLogger;
|
||||
import io.netty.util.internal.logging.InternalLoggerFactory;
|
||||
|
||||
@ -30,6 +31,7 @@ import java.nio.ByteBuffer;
|
||||
import java.nio.ByteOrder;
|
||||
import java.security.KeyManagementException;
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
import java.security.NoSuchProviderException;
|
||||
import java.security.Provider;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Collections;
|
||||
@ -195,6 +197,22 @@ final class SslUtils {
|
||||
return context;
|
||||
}
|
||||
|
||||
static SSLContext getSSLContext(String provider)
|
||||
throws NoSuchAlgorithmException, KeyManagementException, NoSuchProviderException {
|
||||
final SSLContext context;
|
||||
if (StringUtil.isNullOrEmpty(provider)) {
|
||||
context = SSLContext.getInstance(getTlsVersion());
|
||||
} else {
|
||||
context = SSLContext.getInstance(getTlsVersion(), provider);
|
||||
}
|
||||
context.init(null, new TrustManager[0], null);
|
||||
return context;
|
||||
}
|
||||
|
||||
private static String getTlsVersion() {
|
||||
return TLSV1_3_JDK_SUPPORTED ? PROTOCOL_TLS_V1_3 : PROTOCOL_TLS_V1_2;
|
||||
}
|
||||
|
||||
static boolean arrayContains(String[] array, String value) {
|
||||
for (String v: array) {
|
||||
if (value.equals(v)) {
|
||||
|
Loading…
Reference in New Issue
Block a user