From df186f38a086a84dbb8b728169e101e660b0cadf Mon Sep 17 00:00:00 2001 From: Trustin Lee Date: Wed, 31 Dec 2014 20:31:56 +0900 Subject: [PATCH] Do not pre-populate cipher suite conversion table Motivation: - There's no point of pre-population. - Waste of memory and time because they are going to be cached lazily - Some pre-populated cipher suites are ancient and will be unused Modification: - Remove cache pre-population Result: Sanity restored --- .../handler/ssl/CipherSuiteConverter.java | 121 ------------------ 1 file changed, 121 deletions(-) diff --git a/handler/src/main/java/io/netty/handler/ssl/CipherSuiteConverter.java b/handler/src/main/java/io/netty/handler/ssl/CipherSuiteConverter.java index 44d1fe0ece..c0fcb3e8d1 100644 --- a/handler/src/main/java/io/netty/handler/ssl/CipherSuiteConverter.java +++ b/handler/src/main/java/io/netty/handler/ssl/CipherSuiteConverter.java @@ -16,13 +16,10 @@ package io.netty.handler.ssl; -import io.netty.util.internal.EmptyArrays; import io.netty.util.internal.PlatformDependent; import io.netty.util.internal.logging.InternalLogger; import io.netty.util.internal.logging.InternalLoggerFactory; -import javax.net.ssl.SSLContext; -import java.security.NoSuchAlgorithmException; import java.util.HashMap; import java.util.Map; import java.util.concurrent.ConcurrentMap; @@ -98,124 +95,6 @@ final class CipherSuiteConverter { */ private static final ConcurrentMap> o2j = PlatformDependent.newConcurrentHashMap(); - static { - String[] cipherSuites = EmptyArrays.EMPTY_STRINGS; - try { - cipherSuites = SSLContext.getDefault().getSupportedSSLParameters().getCipherSuites(); - } catch (NoSuchAlgorithmException e) { - logger.warn("Failed to get the default SSLContext:", e); - } - - // Populate the initial mapping from the currently supported cipher suites. - for (String c: cipherSuites) { - cacheFromJava(c); - } - - // Also popluate those unavailable from Java but maybe available in OpenSSL. - cacheFromJava("SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA"); - cacheFromJava("SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA"); - cacheFromJava("SSL_DHE_DSS_WITH_DES_CBC_SHA"); - cacheFromJava("SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA"); - cacheFromJava("SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA"); - cacheFromJava("SSL_DHE_RSA_WITH_DES_CBC_SHA"); - cacheFromJava("SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA"); - cacheFromJava("SSL_DH_anon_EXPORT_WITH_RC4_40_MD5"); - cacheFromJava("SSL_DH_anon_WITH_3DES_EDE_CBC_SHA"); - cacheFromJava("SSL_DH_anon_WITH_DES_CBC_SHA"); - cacheFromJava("SSL_DH_anon_WITH_RC4_128_MD5"); - cacheFromJava("SSL_RSA_EXPORT_WITH_DES40_CBC_SHA"); - cacheFromJava("SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5"); - cacheFromJava("SSL_RSA_EXPORT_WITH_RC4_40_MD5"); - cacheFromJava("SSL_RSA_WITH_3DES_EDE_CBC_SHA"); - cacheFromJava("SSL_RSA_WITH_DES_CBC_SHA"); - cacheFromJava("SSL_RSA_WITH_NULL_MD5"); - cacheFromJava("SSL_RSA_WITH_NULL_SHA"); - cacheFromJava("SSL_RSA_WITH_RC4_128_MD5"); - cacheFromJava("SSL_RSA_WITH_RC4_128_SHA"); - cacheFromJava("TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA"); - cacheFromJava("TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA"); - cacheFromJava("TLS_DHE_DSS_WITH_AES_128_CBC_SHA"); - cacheFromJava("TLS_DHE_DSS_WITH_AES_128_CBC_SHA256"); - cacheFromJava("TLS_DHE_DSS_WITH_AES_128_GCM_SHA256"); - cacheFromJava("TLS_DHE_DSS_WITH_AES_256_CBC_SHA"); - cacheFromJava("TLS_DHE_DSS_WITH_DES_CBC_SHA"); - cacheFromJava("TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA"); - cacheFromJava("TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA"); - cacheFromJava("TLS_DHE_RSA_WITH_AES_128_CBC_SHA"); - cacheFromJava("TLS_DHE_RSA_WITH_AES_128_CBC_SHA256"); - cacheFromJava("TLS_DHE_RSA_WITH_AES_128_GCM_SHA256"); - cacheFromJava("TLS_DHE_RSA_WITH_AES_256_CBC_SHA"); - cacheFromJava("TLS_DHE_RSA_WITH_DES_CBC_SHA"); - cacheFromJava("TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA"); - cacheFromJava("TLS_DH_anon_EXPORT_WITH_RC4_40_MD5"); - cacheFromJava("TLS_DH_anon_WITH_3DES_EDE_CBC_SHA"); - cacheFromJava("TLS_DH_anon_WITH_AES_128_CBC_SHA"); - cacheFromJava("TLS_DH_anon_WITH_AES_128_CBC_SHA256"); - cacheFromJava("TLS_DH_anon_WITH_AES_128_GCM_SHA256"); - cacheFromJava("TLS_DH_anon_WITH_AES_256_CBC_SHA"); - cacheFromJava("TLS_DH_anon_WITH_DES_CBC_SHA"); - cacheFromJava("TLS_DH_anon_WITH_RC4_128_MD5"); - cacheFromJava("TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA"); - cacheFromJava("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA"); - cacheFromJava("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256"); - cacheFromJava("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"); - cacheFromJava("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"); - cacheFromJava("TLS_ECDHE_ECDSA_WITH_NULL_SHA"); - cacheFromJava("TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"); - cacheFromJava("TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA"); - cacheFromJava("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"); - cacheFromJava("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"); - cacheFromJava("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"); - cacheFromJava("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"); - cacheFromJava("TLS_ECDHE_RSA_WITH_NULL_SHA"); - cacheFromJava("TLS_ECDHE_RSA_WITH_RC4_128_SHA"); - cacheFromJava("TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA"); - cacheFromJava("TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA"); - cacheFromJava("TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256"); - cacheFromJava("TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256"); - cacheFromJava("TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA"); - cacheFromJava("TLS_ECDH_ECDSA_WITH_NULL_SHA"); - cacheFromJava("TLS_ECDH_ECDSA_WITH_RC4_128_SHA"); - cacheFromJava("TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA"); - cacheFromJava("TLS_ECDH_RSA_WITH_AES_128_CBC_SHA"); - cacheFromJava("TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256"); - cacheFromJava("TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256"); - cacheFromJava("TLS_ECDH_RSA_WITH_AES_256_CBC_SHA"); - cacheFromJava("TLS_ECDH_RSA_WITH_NULL_SHA"); - cacheFromJava("TLS_ECDH_RSA_WITH_RC4_128_SHA"); - cacheFromJava("TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA"); - cacheFromJava("TLS_ECDH_anon_WITH_AES_128_CBC_SHA"); - cacheFromJava("TLS_ECDH_anon_WITH_AES_256_CBC_SHA"); - cacheFromJava("TLS_ECDH_anon_WITH_NULL_SHA"); - cacheFromJava("TLS_ECDH_anon_WITH_RC4_128_SHA"); - cacheFromJava("TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5"); - cacheFromJava("TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA"); - cacheFromJava("TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5"); - cacheFromJava("TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA"); - cacheFromJava("TLS_KRB5_EXPORT_WITH_RC4_40_MD5"); - cacheFromJava("TLS_KRB5_EXPORT_WITH_RC4_40_SHA"); - cacheFromJava("TLS_KRB5_WITH_3DES_EDE_CBC_MD5"); - cacheFromJava("TLS_KRB5_WITH_3DES_EDE_CBC_SHA"); - cacheFromJava("TLS_KRB5_WITH_DES_CBC_MD5"); - cacheFromJava("TLS_KRB5_WITH_DES_CBC_SHA"); - cacheFromJava("TLS_KRB5_WITH_RC4_128_MD5"); - cacheFromJava("TLS_KRB5_WITH_RC4_128_SHA"); - cacheFromJava("TLS_RSA_EXPORT_WITH_DES40_CBC_SHA"); - cacheFromJava("TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5"); - cacheFromJava("TLS_RSA_EXPORT_WITH_RC4_40_MD5"); - cacheFromJava("TLS_RSA_WITH_3DES_EDE_CBC_SHA"); - cacheFromJava("TLS_RSA_WITH_AES_128_CBC_SHA"); - cacheFromJava("TLS_RSA_WITH_AES_128_CBC_SHA256"); - cacheFromJava("TLS_RSA_WITH_AES_128_GCM_SHA256"); - cacheFromJava("TLS_RSA_WITH_AES_256_CBC_SHA"); - cacheFromJava("TLS_RSA_WITH_DES_CBC_SHA"); - cacheFromJava("TLS_RSA_WITH_NULL_MD5"); - cacheFromJava("TLS_RSA_WITH_NULL_SHA"); - cacheFromJava("TLS_RSA_WITH_NULL_SHA256"); - cacheFromJava("TLS_RSA_WITH_RC4_128_MD5"); - cacheFromJava("TLS_RSA_WITH_RC4_128_SHA"); - } - /** * Clears the cache for testing purpose. */