andreacavalli/netty5
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add SslProtocols and Cipher suites constants (#11457)

Browse Source 
Motivation:
Protocols and Cipher suites constants to prevent typos in protocol and cipher suites names and ease of use.

Modification:
Added Protocols and Cipher suites as constants in their respective classes.

Result:
Fixes #11393
This commit is contained in:
Aayush Atharva 2021-07-08 00:45:43 +05:30 committed by GitHub
parent 0b2e955aff
commit ede7a604f1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
19 changed files with 1031 additions and 218 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

758
handler/src/main/java/io/netty/handler/ssl/Ciphers.java Normal file
View File

@ -0,0 +1,758 @@
/*
* Copyright 2021 The Netty Project
*
* The Netty Project licenses this file to you under the Apache License,
* version 2.0 (the "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at:
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations
* under the License.
*/
package io.netty.handler.ssl;
import io.netty.util.internal.ObjectUtil;
import java.util.Arrays;
/**
* Cipher suites
*/
public final class Ciphers {
/**
* TLS_AES_256_GCM_SHA384
*/
public static final String TLS_AES_256_GCM_SHA384 = "TLS_AES_256_GCM_SHA384";
/**
* TLS_CHACHA20_POLY1305_SHA256
*/
public static final String TLS_CHACHA20_POLY1305_SHA256 = "TLS_CHACHA20_POLY1305_SHA256";
/**
* TLS_AES_128_GCM_SHA256
*/
public static final String TLS_AES_128_GCM_SHA256 = "TLS_AES_128_GCM_SHA256";
/**
* TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
*/
public static final String TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384";
/**
* TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
*/
public static final String TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384";
/**
* TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
*/
public static final String TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 = "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384";
/**
* TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
*/
public static final String TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384";
/**
* TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
*/
public static final String TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 =
"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256";
/**
* TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
*/
public static final String TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 =
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256";
/**
* TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
*/
public static final String TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256";
/**
* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_CCM8
*/
public static final String TLS_ECDHE_ECDSA_WITH_AES_256_CBC_CCM8 = "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_CCM8";
/**
* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_CCM
*/
public static final String TLS_ECDHE_ECDSA_WITH_AES_256_CBC_CCM = "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_CCM";
/**
* TLS_DHE_RSA_WITH_AES_256_CBC_CCM8
*/
public static final String TLS_DHE_RSA_WITH_AES_256_CBC_CCM8 = "TLS_DHE_RSA_WITH_AES_256_CBC_CCM8";
/**
* TLS_DHE_RSA_WITH_AES_256_CBC_CCM
*/
public static final String TLS_DHE_RSA_WITH_AES_256_CBC_CCM = "TLS_DHE_RSA_WITH_AES_256_CBC_CCM";
/**
* TLS_ECDHE_ECDSA_WITH_ARIA256_GCM_SHA384
*/
public static final String TLS_ECDHE_ECDSA_WITH_ARIA256_GCM_SHA384 = "TLS_ECDHE_ECDSA_WITH_ARIA256_GCM_SHA384";
/**
* TLS_RSA_WITH_ECDHE_ARIA256_GCM_SHA384
*/
public static final String TLS_RSA_WITH_ECDHE_ARIA256_GCM_SHA384 = "TLS_RSA_WITH_ECDHE_ARIA256_GCM_SHA384";
/**
* TLS_DHE_DSS_WITH_ARIA256_GCM_SHA384
*/
public static final String TLS_DHE_DSS_WITH_ARIA256_GCM_SHA384 = "TLS_DHE_DSS_WITH_ARIA256_GCM_SHA384";
/**
* TLS_DHE_RSA_WITH_ARIA256_GCM_SHA384
*/
public static final String TLS_DHE_RSA_WITH_ARIA256_GCM_SHA384 = "TLS_DHE_RSA_WITH_ARIA256_GCM_SHA384";
/**
* TLS_DH_anon_WITH_AES_256_GCM_SHA384
*/
public static final String TLS_DH_anon_WITH_AES_256_GCM_SHA384 = "TLS_DH_anon_WITH_AES_256_GCM_SHA384";
/**
* TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
*/
public static final String TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256";
/**
* TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
*/
public static final String TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256";
/**
* TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
*/
public static final String TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 = "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256";
/**
* TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
*/
public static final String TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256";
/**
* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_CCM8
*/
public static final String TLS_ECDHE_ECDSA_WITH_AES_128_CBC_CCM8 = "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_CCM8";
/**
* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_CCM
*/
public static final String TLS_ECDHE_ECDSA_WITH_AES_128_CBC_CCM = "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_CCM";
/**
* TLS_DHE_RSA_WITH_AES_128_CBC_CCM8
*/
public static final String TLS_DHE_RSA_WITH_AES_128_CBC_CCM8 = "TLS_DHE_RSA_WITH_AES_128_CBC_CCM8";
/**
* TLS_DHE_RSA_WITH_AES_128_CBC_CCM
*/
public static final String TLS_DHE_RSA_WITH_AES_128_CBC_CCM = "TLS_DHE_RSA_WITH_AES_128_CBC_CCM";
/**
* TLS_ECDHE_ECDSA_WITH_ARIA128_GCM_SHA256
*/
public static final String TLS_ECDHE_ECDSA_WITH_ARIA128_GCM_SHA256 = "TLS_ECDHE_ECDSA_WITH_ARIA128_GCM_SHA256";
/**
* TLS_RSA_WITH_ECDHE_ARIA128_GCM_SHA256
*/
public static final String TLS_RSA_WITH_ECDHE_ARIA128_GCM_SHA256 = "TLS_RSA_WITH_ECDHE_ARIA128_GCM_SHA256";
/**
* TLS_DHE_DSS_WITH_ARIA128_GCM_SHA256
*/
public static final String TLS_DHE_DSS_WITH_ARIA128_GCM_SHA256 = "TLS_DHE_DSS_WITH_ARIA128_GCM_SHA256";
/**
* TLS_DHE_RSA_WITH_ARIA128_GCM_SHA256
*/
public static final String TLS_DHE_RSA_WITH_ARIA128_GCM_SHA256 = "TLS_DHE_RSA_WITH_ARIA128_GCM_SHA256";
/**
* TLS_DH_anon_WITH_AES_128_GCM_SHA256
*/
public static final String TLS_DH_anon_WITH_AES_128_GCM_SHA256 = "TLS_DH_anon_WITH_AES_128_GCM_SHA256";
/**
* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
*/
public static final String TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 = "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384";
/**
* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
*/
public static final String TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 = "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384";
/**
* TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
*/
public static final String TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256";
/**
* TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
*/
public static final String TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 = "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256";
/**
* TLS_ECDHE_ECDSA_WITH_CAMELLIA256_SHA384
*/
public static final String TLS_ECDHE_ECDSA_WITH_CAMELLIA256_SHA384 = "TLS_ECDHE_ECDSA_WITH_CAMELLIA256_SHA384";
/**
* TLS_ECDHE_RSA_WITH_CAMELLIA256_SHA384
*/
public static final String TLS_ECDHE_RSA_WITH_CAMELLIA256_SHA384 = "TLS_ECDHE_RSA_WITH_CAMELLIA256_SHA384";
/**
* TLS_DHE_RSA_WITH_CAMELLIA256_SHA256
*/
public static final String TLS_DHE_RSA_WITH_CAMELLIA256_SHA256 = "TLS_DHE_RSA_WITH_CAMELLIA256_SHA256";
/**
* TLS_DHE_DSS_WITH_CAMELLIA256_SHA256
*/
public static final String TLS_DHE_DSS_WITH_CAMELLIA256_SHA256 = "TLS_DHE_DSS_WITH_CAMELLIA256_SHA256";
/**
* TLS_DH_anon_WITH_AES_256_CBC_SHA256
*/
public static final String TLS_DH_anon_WITH_AES_256_CBC_SHA256 = "TLS_DH_anon_WITH_AES_256_CBC_SHA256";
/**
* TLS_DH_anon_WITH_CAMELLIA256_SHA256
*/
public static final String TLS_DH_anon_WITH_CAMELLIA256_SHA256 = "TLS_DH_anon_WITH_CAMELLIA256_SHA256";
/**
* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
*/
public static final String TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256";
/**
* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
*/
public static final String TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256";
/**
* TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
*/
public static final String TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256";
/**
* TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
*/
public static final String TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 = "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256";
/**
* TLS_ECDHE_ECDSA_WITH_CAMELLIA128_SHA256
*/
public static final String TLS_ECDHE_ECDSA_WITH_CAMELLIA128_SHA256 = "TLS_ECDHE_ECDSA_WITH_CAMELLIA128_SHA256";
/**
* TLS_ECDHE_RSA_WITH_CAMELLIA128_SHA256
*/
public static final String TLS_ECDHE_RSA_WITH_CAMELLIA128_SHA256 = "TLS_ECDHE_RSA_WITH_CAMELLIA128_SHA256";
/**
* TLS_DHE_RSA_WITH_CAMELLIA128_SHA256
*/
public static final String TLS_DHE_RSA_WITH_CAMELLIA128_SHA256 = "TLS_DHE_RSA_WITH_CAMELLIA128_SHA256";
/**
* TLS_DHE_DSS_WITH_CAMELLIA128_SHA256
*/
public static final String TLS_DHE_DSS_WITH_CAMELLIA128_SHA256 = "TLS_DHE_DSS_WITH_CAMELLIA128_SHA256";
/**
* TLS_DH_anon_WITH_AES_128_CBC_SHA256
*/
public static final String TLS_DH_anon_WITH_AES_128_CBC_SHA256 = "TLS_DH_anon_WITH_AES_128_CBC_SHA256";
/**
* TLS_DH_anon_WITH_CAMELLIA128_SHA256
*/
public static final String TLS_DH_anon_WITH_CAMELLIA128_SHA256 = "TLS_DH_anon_WITH_CAMELLIA128_SHA256";
/**
* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
*/
public static final String TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA";
/**
* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
*/
public static final String TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA";
/**
* TLS_DHE_RSA_WITH_AES_256_CBC_SHA
*/
public static final String TLS_DHE_RSA_WITH_AES_256_CBC_SHA = "TLS_DHE_RSA_WITH_AES_256_CBC_SHA";
/**
* TLS_DHE_DSS_WITH_AES_256_CBC_SHA
*/
public static final String TLS_DHE_DSS_WITH_AES_256_CBC_SHA = "TLS_DHE_DSS_WITH_AES_256_CBC_SHA";
/**
* TLS_DHE_RSA_WITH_CAMELLIA256_SHA
*/
public static final String TLS_DHE_RSA_WITH_CAMELLIA256_SHA = "TLS_DHE_RSA_WITH_CAMELLIA256_SHA";
/**
* TLS_DHE_DSS_WITH_CAMELLIA256_SHA
*/
public static final String TLS_DHE_DSS_WITH_CAMELLIA256_SHA = "TLS_DHE_DSS_WITH_CAMELLIA256_SHA";
/**
* TLS_ECDH_anon_WITH_AES_256_CBC_SHA
*/
public static final String TLS_ECDH_anon_WITH_AES_256_CBC_SHA = "TLS_ECDH_anon_WITH_AES_256_CBC_SHA";
/**
* TLS_DH_anon_WITH_AES_256_CBC_SHA
*/
public static final String TLS_DH_anon_WITH_AES_256_CBC_SHA = "TLS_DH_anon_WITH_AES_256_CBC_SHA";
/**
* TLS_DH_anon_WITH_CAMELLIA256_SHA
*/
public static final String TLS_DH_anon_WITH_CAMELLIA256_SHA = "TLS_DH_anon_WITH_CAMELLIA256_SHA";
/**
* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
*/
public static final String TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA = "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA";
/**
* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
*/
public static final String TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA";
/**
* TLS_DHE_RSA_WITH_AES_128_CBC_SHA
*/
public static final String TLS_DHE_RSA_WITH_AES_128_CBC_SHA = "TLS_DHE_RSA_WITH_AES_128_CBC_SHA";
/**
* TLS_DHE_DSS_WITH_AES_128_CBC_SHA
*/
public static final String TLS_DHE_DSS_WITH_AES_128_CBC_SHA = "TLS_DHE_DSS_WITH_AES_128_CBC_SHA";
/**
* TLS_DHE_RSA_WITH_SEED_SHA
*/
public static final String TLS_DHE_RSA_WITH_SEED_SHA = "TLS_DHE_RSA_WITH_SEED_SHA";
/**
* TLS_DHE_DSS_WITH_SEED_SHA
*/
public static final String TLS_DHE_DSS_WITH_SEED_SHA = "TLS_DHE_DSS_WITH_SEED_SHA";
/**
* TLS_DHE_RSA_WITH_CAMELLIA128_SHA
*/
public static final String TLS_DHE_RSA_WITH_CAMELLIA128_SHA = "TLS_DHE_RSA_WITH_CAMELLIA128_SHA";
/**
* TLS_DHE_DSS_WITH_CAMELLIA128_SHA
*/
public static final String TLS_DHE_DSS_WITH_CAMELLIA128_SHA = "TLS_DHE_DSS_WITH_CAMELLIA128_SHA";
/**
* TLS_ECDH_anon_WITH_AES_128_CBC_SHA
*/
public static final String TLS_ECDH_anon_WITH_AES_128_CBC_SHA = "TLS_ECDH_anon_WITH_AES_128_CBC_SHA";
/**
* TLS_DH_anon_WITH_AES_128_CBC_SHA
*/
public static final String TLS_DH_anon_WITH_AES_128_CBC_SHA = "TLS_DH_anon_WITH_AES_128_CBC_SHA";
/**
* TLS_DH_anon_WITH_SEED_SHA
*/
public static final String TLS_DH_anon_WITH_SEED_SHA = "TLS_DH_anon_WITH_SEED_SHA";
/**
* TLS_DH_anon_WITH_CAMELLIA128_SHA
*/
public static final String TLS_DH_anon_WITH_CAMELLIA128_SHA = "TLS_DH_anon_WITH_CAMELLIA128_SHA";
/**
* TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
*/
public static final String TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 = "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384";
/**
* TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
*/
public static final String TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 = "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384";
/**
* TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256
*/
public static final String TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256 = "TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256";
/**
* TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256
*/
public static final String TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 = "TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256";
/**
* TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256
*/
public static final String TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 =
"TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256";
/**
* TLS_DHE_PSK_WITH_AES_256_CBC_CCM8
*/
public static final String TLS_DHE_PSK_WITH_AES_256_CBC_CCM8 = "TLS_DHE_PSK_WITH_AES_256_CBC_CCM8";
/**
* TLS_DHE_PSK_WITH_AES_256_CBC_CCM
*/
public static final String TLS_DHE_PSK_WITH_AES_256_CBC_CCM = "TLS_DHE_PSK_WITH_AES_256_CBC_CCM";
/**
* TLS_RSA_PSK_WITH_ARIA256_GCM_SHA384
*/
public static final String TLS_RSA_PSK_WITH_ARIA256_GCM_SHA384 = "TLS_RSA_PSK_WITH_ARIA256_GCM_SHA384";
/**
* TLS_DHE_PSK_WITH_ARIA256_GCM_SHA384
*/
public static final String TLS_DHE_PSK_WITH_ARIA256_GCM_SHA384 = "TLS_DHE_PSK_WITH_ARIA256_GCM_SHA384";
/**
* TLS_RSA_WITH_AES_256_GCM_SHA384
*/
public static final String TLS_RSA_WITH_AES_256_GCM_SHA384 = "TLS_RSA_WITH_AES_256_GCM_SHA384";
/**
* TLS_RSA_WITH_AES_256_CBC_CCM8
*/
public static final String TLS_RSA_WITH_AES_256_CBC_CCM8 = "TLS_RSA_WITH_AES_256_CBC_CCM8";
/**
* TLS_RSA_WITH_AES_256_CBC_CCM
*/
public static final String TLS_RSA_WITH_AES_256_CBC_CCM = "TLS_RSA_WITH_AES_256_CBC_CCM";
/**
* TLS_RSA_WITH_ARIA256_GCM_SHA384
*/
public static final String TLS_RSA_WITH_ARIA256_GCM_SHA384 = "TLS_RSA_WITH_ARIA256_GCM_SHA384";
/**
* TLS_PSK_WITH_AES_256_GCM_SHA384
*/
public static final String TLS_PSK_WITH_AES_256_GCM_SHA384 = "TLS_PSK_WITH_AES_256_GCM_SHA384";
/**
* TLS_PSK_WITH_CHACHA20_POLY1305_SHA256
*/
public static final String TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 = "TLS_PSK_WITH_CHACHA20_POLY1305_SHA256";
/**
* TLS_PSK_WITH_AES_256_CBC_CCM8
*/
public static final String TLS_PSK_WITH_AES_256_CBC_CCM8 = "TLS_PSK_WITH_AES_256_CBC_CCM8";
/**
* TLS_PSK_WITH_AES_256_CBC_CCM
*/
public static final String TLS_PSK_WITH_AES_256_CBC_CCM = "TLS_PSK_WITH_AES_256_CBC_CCM";
/**
* TLS_PSK_WITH_ARIA256_GCM_SHA384
*/
public static final String TLS_PSK_WITH_ARIA256_GCM_SHA384 = "TLS_PSK_WITH_ARIA256_GCM_SHA384";
/**
* TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
*/
public static final String TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 = "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256";
/**
* TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
*/
public static final String TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 = "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256";
/**
* TLS_DHE_PSK_WITH_AES_128_CBC_CCM8
*/
public static final String TLS_DHE_PSK_WITH_AES_128_CBC_CCM8 = "TLS_DHE_PSK_WITH_AES_128_CBC_CCM8";
/**
* TLS_DHE_PSK_WITH_AES_128_CBC_CCM
*/
public static final String TLS_DHE_PSK_WITH_AES_128_CBC_CCM = "TLS_DHE_PSK_WITH_AES_128_CBC_CCM";
/**
* TLS_RSA_PSK_WITH_ARIA128_GCM_SHA256
*/
public static final String TLS_RSA_PSK_WITH_ARIA128_GCM_SHA256 = "TLS_RSA_PSK_WITH_ARIA128_GCM_SHA256";
/**
* TLS_DHE_PSK_WITH_ARIA128_GCM_SHA256
*/
public static final String TLS_DHE_PSK_WITH_ARIA128_GCM_SHA256 = "TLS_DHE_PSK_WITH_ARIA128_GCM_SHA256";
/**
* TLS_RSA_WITH_AES_128_GCM_SHA256
*/
public static final String TLS_RSA_WITH_AES_128_GCM_SHA256 = "TLS_RSA_WITH_AES_128_GCM_SHA256";
/**
* TLS_RSA_WITH_AES_128_CBC_CCM8
*/
public static final String TLS_RSA_WITH_AES_128_CBC_CCM8 = "TLS_RSA_WITH_AES_128_CBC_CCM8";
/**
* TLS_RSA_WITH_AES_128_CBC_CCM
*/
public static final String TLS_RSA_WITH_AES_128_CBC_CCM = "TLS_RSA_WITH_AES_128_CBC_CCM";
/**
* TLS_RSA_WITH_ARIA128_GCM_SHA256
*/
public static final String TLS_RSA_WITH_ARIA128_GCM_SHA256 = "TLS_RSA_WITH_ARIA128_GCM_SHA256";
/**
* TLS_PSK_WITH_AES_128_GCM_SHA256
*/
public static final String TLS_PSK_WITH_AES_128_GCM_SHA256 = "TLS_PSK_WITH_AES_128_GCM_SHA256";
/**
* TLS_PSK_WITH_AES_128_CBC_CCM8
*/
public static final String TLS_PSK_WITH_AES_128_CBC_CCM8 = "TLS_PSK_WITH_AES_128_CBC_CCM8";
/**
* TLS_PSK_WITH_AES_128_CBC_CCM
*/
public static final String TLS_PSK_WITH_AES_128_CBC_CCM = "TLS_PSK_WITH_AES_128_CBC_CCM";
/**
* TLS_PSK_WITH_ARIA128_GCM_SHA256
*/
public static final String TLS_PSK_WITH_ARIA128_GCM_SHA256 = "TLS_PSK_WITH_ARIA128_GCM_SHA256";
/**
* TLS_RSA_WITH_AES_256_CBC_SHA256
*/
public static final String TLS_RSA_WITH_AES_256_CBC_SHA256 = "TLS_RSA_WITH_AES_256_CBC_SHA256";
/**
* TLS_RSA_WITH_CAMELLIA256_SHA256
*/
public static final String TLS_RSA_WITH_CAMELLIA256_SHA256 = "TLS_RSA_WITH_CAMELLIA256_SHA256";
/**
* TLS_RSA_WITH_AES_128_CBC_SHA256
*/
public static final String TLS_RSA_WITH_AES_128_CBC_SHA256 = "TLS_RSA_WITH_AES_128_CBC_SHA256";
/**
* TLS_RSA_WITH_CAMELLIA128_SHA256
*/
public static final String TLS_RSA_WITH_CAMELLIA128_SHA256 = "TLS_RSA_WITH_CAMELLIA128_SHA256";
/**
* TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
*/
public static final String TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 = "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384";
/**
* TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
*/
public static final String TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA = "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA";
/**
* TLS_SRP_DSS_WITH_AES_256_CBC_SHA
*/
public static final String TLS_SRP_DSS_WITH_AES_256_CBC_SHA = "TLS_SRP_DSS_WITH_AES_256_CBC_SHA";
/**
* TLS_SRP_RSA_WITH_AES_256_CBC_SHA
*/
public static final String TLS_SRP_RSA_WITH_AES_256_CBC_SHA = "TLS_SRP_RSA_WITH_AES_256_CBC_SHA";
/**
* TLS_SRP_WITH_AES_256_CBC_SHA
*/
public static final String TLS_SRP_WITH_AES_256_CBC_SHA = "TLS_SRP_WITH_AES_256_CBC_SHA";
/**
* TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
*/
public static final String TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 = "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384";
/**
* TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
*/
public static final String TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 = "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384";
/**
* TLS_RSA_PSK_WITH_AES_256_CBC_SHA
*/
public static final String TLS_RSA_PSK_WITH_AES_256_CBC_SHA = "TLS_RSA_PSK_WITH_AES_256_CBC_SHA";
/**
* TLS_DHE_PSK_WITH_AES_256_CBC_SHA
*/
public static final String TLS_DHE_PSK_WITH_AES_256_CBC_SHA = "TLS_DHE_PSK_WITH_AES_256_CBC_SHA";
/**
* TLS_ECDHE_PSK_WITH_CAMELLIA256_SHA384
*/
public static final String TLS_ECDHE_PSK_WITH_CAMELLIA256_SHA384 = "TLS_ECDHE_PSK_WITH_CAMELLIA256_SHA384";
/**
* TLS_RSA_PSK_WITH_CAMELLIA256_SHA384
*/
public static final String TLS_RSA_PSK_WITH_CAMELLIA256_SHA384 = "TLS_RSA_PSK_WITH_CAMELLIA256_SHA384";
/**
* TLS_DHE_PSK_WITH_CAMELLIA256_SHA384
*/
public static final String TLS_DHE_PSK_WITH_CAMELLIA256_SHA384 = "TLS_DHE_PSK_WITH_CAMELLIA256_SHA384";
/**
* TLS_RSA_WITH_AES_256_CBC_SHA
*/
public static final String TLS_RSA_WITH_AES_256_CBC_SHA = "TLS_RSA_WITH_AES_256_CBC_SHA";
/**
* TLS_RSA_WITH_CAMELLIA256_SHA
*/
public static final String TLS_RSA_WITH_CAMELLIA256_SHA = "TLS_RSA_WITH_CAMELLIA256_SHA";
/**
* TLS_PSK_WITH_AES_256_CBC_SHA384
*/
public static final String TLS_PSK_WITH_AES_256_CBC_SHA384 = "TLS_PSK_WITH_AES_256_CBC_SHA384";
/**
* TLS_PSK_WITH_AES_256_CBC_SHA
*/
public static final String TLS_PSK_WITH_AES_256_CBC_SHA = "TLS_PSK_WITH_AES_256_CBC_SHA";
/**
* TLS_PSK_WITH_CAMELLIA256_SHA384
*/
public static final String TLS_PSK_WITH_CAMELLIA256_SHA384 = "TLS_PSK_WITH_CAMELLIA256_SHA384";
/**
* TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
*/
public static final String TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 = "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256";
/**
* TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
*/
public static final String TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA = "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA";
/**
* TLS_SRP_DSS_WITH_AES_128_CBC_SHA
*/
public static final String TLS_SRP_DSS_WITH_AES_128_CBC_SHA = "TLS_SRP_DSS_WITH_AES_128_CBC_SHA";
/**
* TLS_SRP_RSA_WITH_AES_128_CBC_SHA
*/
public static final String TLS_SRP_RSA_WITH_AES_128_CBC_SHA = "TLS_SRP_RSA_WITH_AES_128_CBC_SHA";
/**
* TLS_SRP_WITH_AES_128_CBC_SHA
*/
public static final String TLS_SRP_WITH_AES_128_CBC_SHA = "TLS_SRP_WITH_AES_128_CBC_SHA";
/**
* TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
*/
public static final String TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 = "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256";
/**
* TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
*/
public static final String TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 = "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256";
/**
* TLS_RSA_PSK_WITH_AES_128_CBC_SHA
*/
public static final String TLS_RSA_PSK_WITH_AES_128_CBC_SHA = "TLS_RSA_PSK_WITH_AES_128_CBC_SHA";
/**
* TLS_DHE_PSK_WITH_AES_128_CBC_SHA
*/
public static final String TLS_DHE_PSK_WITH_AES_128_CBC_SHA = "TLS_DHE_PSK_WITH_AES_128_CBC_SHA";
/**
* TLS_ECDHE_PSK_WITH_CAMELLIA128_SHA256
*/
public static final String TLS_ECDHE_PSK_WITH_CAMELLIA128_SHA256 = "TLS_ECDHE_PSK_WITH_CAMELLIA128_SHA256";
/**
* TLS_RSA_PSK_WITH_CAMELLIA128_SHA256
*/
public static final String TLS_RSA_PSK_WITH_CAMELLIA128_SHA256 = "TLS_RSA_PSK_WITH_CAMELLIA128_SHA256";
/**
* TLS_DHE_PSK_WITH_CAMELLIA128_SHA256
*/
public static final String TLS_DHE_PSK_WITH_CAMELLIA128_SHA256 = "TLS_DHE_PSK_WITH_CAMELLIA128_SHA256";
/**
* TLS_RSA_WITH_AES_128_CBC_SHA
*/
public static final String TLS_RSA_WITH_AES_128_CBC_SHA = "TLS_RSA_WITH_AES_128_CBC_SHA";
/**
* TLS_RSA_WITH_SEED_SHA
*/
public static final String TLS_RSA_WITH_SEED_SHA = "TLS_RSA_WITH_SEED_SHA";
/**
* TLS_RSA_WITH_CAMELLIA128_SHA
*/
public static final String TLS_RSA_WITH_CAMELLIA128_SHA = "TLS_RSA_WITH_CAMELLIA128_SHA";
/**
* TLS_RSA_WITH_IDEA_CBC_SHA
*/
public static final String TLS_RSA_WITH_IDEA_CBC_SHA = "TLS_RSA_WITH_IDEA_CBC_SHA";
/**
* TLS_PSK_WITH_AES_128_CBC_SHA256
*/
public static final String TLS_PSK_WITH_AES_128_CBC_SHA256 = "TLS_PSK_WITH_AES_128_CBC_SHA256";
/**
* TLS_PSK_WITH_AES_128_CBC_SHA
*/
public static final String TLS_PSK_WITH_AES_128_CBC_SHA = "TLS_PSK_WITH_AES_128_CBC_SHA";
/**
* TLS_PSK_WITH_CAMELLIA128_SHA256
*/
public static final String TLS_PSK_WITH_CAMELLIA128_SHA256 = "TLS_PSK_WITH_CAMELLIA128_SHA256";
private Ciphers() {
// Prevent outside initialization
}
}

6
handler/src/main/java/io/netty/handler/ssl/JdkSslContext.java
View File

@ -107,8 +107,8 @@ public class JdkSslContext extends SslContext {
List<String> protocols = new ArrayList<String>(); List<String> protocols = new ArrayList<String>();
addIfSupported( addIfSupported(
supportedProtocolsSet, protocols, supportedProtocolsSet, protocols,
SslUtils.PROTOCOL_TLS_V1_3, SslUtils.PROTOCOL_TLS_V1_2, SslProtocols.TLS_v1_3, SslProtocols.TLS_v1_2,
SslUtils.PROTOCOL_TLS_V1_1, SslUtils.PROTOCOL_TLS_V1); SslProtocols.TLS_v1_1, SslProtocols.TLS_v1);
if (!protocols.isEmpty()) { if (!protocols.isEmpty()) {
return protocols.toArray(EmptyArrays.EMPTY_STRINGS); return protocols.toArray(EmptyArrays.EMPTY_STRINGS);
@ -154,7 +154,7 @@ public class JdkSslContext extends SslContext {
private static boolean isTlsV13Supported(String[] protocols) { private static boolean isTlsV13Supported(String[] protocols) {
for (String protocol: protocols) { for (String protocol: protocols) {
if (SslUtils.PROTOCOL_TLS_V1_3.equals(protocol)) { if (SslProtocols.TLS_v1_3.equals(protocol)) {
return true; return true;
} }
} }

14
handler/src/main/java/io/netty/handler/ssl/OpenSsl.java
View File

@ -348,26 +348,26 @@ public final class OpenSsl {
Set<String> protocols = new LinkedHashSet<String>(6); Set<String> protocols = new LinkedHashSet<String>(6);
// Seems like there is no way to explicitly disable SSLv2Hello in openssl so it is always enabled // Seems like there is no way to explicitly disable SSLv2Hello in openssl so it is always enabled
protocols.add(PROTOCOL_SSL_V2_HELLO); protocols.add(SslProtocols.SSL_v2_HELLO);
if (doesSupportProtocol(SSL.SSL_PROTOCOL_SSLV2, SSL.SSL_OP_NO_SSLv2)) { if (doesSupportProtocol(SSL.SSL_PROTOCOL_SSLV2, SSL.SSL_OP_NO_SSLv2)) {
protocols.add(PROTOCOL_SSL_V2); protocols.add(SslProtocols.SSL_v2);
} }
if (doesSupportProtocol(SSL.SSL_PROTOCOL_SSLV3, SSL.SSL_OP_NO_SSLv3)) { if (doesSupportProtocol(SSL.SSL_PROTOCOL_SSLV3, SSL.SSL_OP_NO_SSLv3)) {
protocols.add(PROTOCOL_SSL_V3); protocols.add(SslProtocols.SSL_v3);
} }
if (doesSupportProtocol(SSL.SSL_PROTOCOL_TLSV1, SSL.SSL_OP_NO_TLSv1)) { if (doesSupportProtocol(SSL.SSL_PROTOCOL_TLSV1, SSL.SSL_OP_NO_TLSv1)) {
protocols.add(PROTOCOL_TLS_V1); protocols.add(SslProtocols.TLS_v1);
} }
if (doesSupportProtocol(SSL.SSL_PROTOCOL_TLSV1_1, SSL.SSL_OP_NO_TLSv1_1)) { if (doesSupportProtocol(SSL.SSL_PROTOCOL_TLSV1_1, SSL.SSL_OP_NO_TLSv1_1)) {
protocols.add(PROTOCOL_TLS_V1_1); protocols.add(SslProtocols.TLS_v1_1);
} }
if (doesSupportProtocol(SSL.SSL_PROTOCOL_TLSV1_2, SSL.SSL_OP_NO_TLSv1_2)) { if (doesSupportProtocol(SSL.SSL_PROTOCOL_TLSV1_2, SSL.SSL_OP_NO_TLSv1_2)) {
protocols.add(PROTOCOL_TLS_V1_2); protocols.add(SslProtocols.TLS_v1_2);
} }
// This is only supported by java11 and later. // This is only supported by java11 and later.
if (tlsv13Supported && doesSupportProtocol(SSL.SSL_PROTOCOL_TLSV1_3, SSL.SSL_OP_NO_TLSv1_3)) { if (tlsv13Supported && doesSupportProtocol(SSL.SSL_PROTOCOL_TLSV1_3, SSL.SSL_OP_NO_TLSv1_3)) {
protocols.add(PROTOCOL_TLS_V1_3); protocols.add(SslProtocols.TLS_v1_3);
TLSV13_SUPPORTED = true; TLSV13_SUPPORTED = true;
} else { } else {
TLSV13_SUPPORTED = false; TLSV13_SUPPORTED = false;

6
handler/src/main/java/io/netty/handler/ssl/OpenSslTlsv13X509ExtendedTrustManager.java
View File

@ -66,7 +66,7 @@ final class OpenSslTlsv13X509ExtendedTrustManager extends X509ExtendedTrustManag
private static SSLEngine wrapEngine(final SSLEngine engine) { private static SSLEngine wrapEngine(final SSLEngine engine) {
final SSLSession session = engine.getHandshakeSession(); final SSLSession session = engine.getHandshakeSession();
if (session != null && SslUtils.PROTOCOL_TLS_V1_3.equals(session.getProtocol())) { if (session != null && SslProtocols.TLS_v1_3.equals(session.getProtocol())) {
return new JdkSslEngine(engine) { return new JdkSslEngine(engine) {
@Override @Override
public String getNegotiatedApplicationProtocol() { public String getNegotiatedApplicationProtocol() {
@ -93,7 +93,7 @@ final class OpenSslTlsv13X509ExtendedTrustManager extends X509ExtendedTrustManag
@Override @Override
public String getProtocol() { public String getProtocol() {
return SslUtils.PROTOCOL_TLS_V1_2; return SslProtocols.TLS_v1_2;
} }
}; };
} else { } else {
@ -181,7 +181,7 @@ final class OpenSslTlsv13X509ExtendedTrustManager extends X509ExtendedTrustManag
@Override @Override
public String getProtocol() { public String getProtocol() {
return SslUtils.PROTOCOL_TLS_V1_2; return SslProtocols.TLS_v1_2;
} }
@Override @Override

65
handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslEngine.java
View File

@ -65,13 +65,6 @@ import javax.net.ssl.SSLSessionBindingListener;
import javax.security.cert.X509Certificate; import javax.security.cert.X509Certificate;
import static io.netty.handler.ssl.OpenSsl.memoryAddress; import static io.netty.handler.ssl.OpenSsl.memoryAddress;
import static io.netty.handler.ssl.SslUtils.PROTOCOL_SSL_V2;
import static io.netty.handler.ssl.SslUtils.PROTOCOL_SSL_V2_HELLO;
import static io.netty.handler.ssl.SslUtils.PROTOCOL_SSL_V3;
import static io.netty.handler.ssl.SslUtils.PROTOCOL_TLS_V1;
import static io.netty.handler.ssl.SslUtils.PROTOCOL_TLS_V1_1;
import static io.netty.handler.ssl.SslUtils.PROTOCOL_TLS_V1_2;
import static io.netty.handler.ssl.SslUtils.PROTOCOL_TLS_V1_3;
import static io.netty.handler.ssl.SslUtils.SSL_RECORD_HEADER_LENGTH; import static io.netty.handler.ssl.SslUtils.SSL_RECORD_HEADER_LENGTH;
import static io.netty.util.internal.ObjectUtil.checkNotNull; import static io.netty.util.internal.ObjectUtil.checkNotNull;
import static io.netty.util.internal.ObjectUtil.checkNotNullArrayParam; import static io.netty.util.internal.ObjectUtil.checkNotNullArrayParam;
@ -360,7 +353,7 @@ public class ReferenceCountedOpenSslEngine extends SSLEngine implements Referenc
SSL.setMode(ssl, SSL.getMode(ssl) | SSL.SSL_MODE_ENABLE_PARTIAL_WRITE); SSL.setMode(ssl, SSL.getMode(ssl) | SSL.SSL_MODE_ENABLE_PARTIAL_WRITE);
} }
if (isProtocolEnabled(SSL.getOptions(ssl), SSL.SSL_OP_NO_TLSv1_3, PROTOCOL_TLS_V1_3)) { if (isProtocolEnabled(SSL.getOptions(ssl), SSL.SSL_OP_NO_TLSv1_3, SslProtocols.TLS_v1_3)) {
final boolean enableTickets = clientMode ? final boolean enableTickets = clientMode ?
ReferenceCountedOpenSslContext.CLIENT_ENABLE_SESSION_TICKET_TLSV13 : ReferenceCountedOpenSslContext.CLIENT_ENABLE_SESSION_TICKET_TLSV13 :
ReferenceCountedOpenSslContext.SERVER_ENABLE_SESSION_TICKET_TLSV13; ReferenceCountedOpenSslContext.SERVER_ENABLE_SESSION_TICKET_TLSV13;
@ -1368,7 +1361,7 @@ public class ReferenceCountedOpenSslEngine extends SSLEngine implements Referenc
if (!isDestroyed() && SSL.getHandshakeCount(ssl) > 1 && if (!isDestroyed() && SSL.getHandshakeCount(ssl) > 1 &&
// As we may count multiple handshakes when TLSv1.3 is used we should just ignore this here as // As we may count multiple handshakes when TLSv1.3 is used we should just ignore this here as
// renegotiation is not supported in TLSv1.3 as per spec. // renegotiation is not supported in TLSv1.3 as per spec.
!SslUtils.PROTOCOL_TLS_V1_3.equals(session.getProtocol()) && handshakeState == HandshakeState.FINISHED) { !SslProtocols.TLS_v1_3.equals(session.getProtocol()) && handshakeState == HandshakeState.FINISHED) {
// TODO: In future versions me may also want to send a fatal_alert to the client and so notify it // TODO: In future versions me may also want to send a fatal_alert to the client and so notify it
// that the renegotiation failed. // that the renegotiation failed.
shutdown(); shutdown();
@ -1556,7 +1549,7 @@ public class ReferenceCountedOpenSslEngine extends SSLEngine implements Referenc
if (!isDestroyed()) { if (!isDestroyed()) {
enabled = SSL.getCiphers(ssl); enabled = SSL.getCiphers(ssl);
int opts = SSL.getOptions(ssl); int opts = SSL.getOptions(ssl);
if (isProtocolEnabled(opts, SSL.SSL_OP_NO_TLSv1_3, PROTOCOL_TLS_V1_3)) { if (isProtocolEnabled(opts, SSL.SSL_OP_NO_TLSv1_3, SslProtocols.TLS_v1_3)) {
extraCiphers = OpenSsl.EXTRA_SUPPORTED_TLS_1_3_CIPHERS; extraCiphers = OpenSsl.EXTRA_SUPPORTED_TLS_1_3_CIPHERS;
tls13Enabled = true; tls13Enabled = true;
} else { } else {
@ -1618,16 +1611,16 @@ public class ReferenceCountedOpenSslEngine extends SSLEngine implements Referenc
// We have no ciphers that are compatible with none-TLSv1.3, let us explicit disable all other // We have no ciphers that are compatible with none-TLSv1.3, let us explicit disable all other
// protocols. // protocols.
if (cipherSuiteSpec.isEmpty()) { if (cipherSuiteSpec.isEmpty()) {
protocols.remove(PROTOCOL_TLS_V1); protocols.remove(SslProtocols.TLS_v1);
protocols.remove(PROTOCOL_TLS_V1_1); protocols.remove(SslProtocols.TLS_v1_1);
protocols.remove(PROTOCOL_TLS_V1_2); protocols.remove(SslProtocols.TLS_v1_2);
protocols.remove(PROTOCOL_SSL_V3); protocols.remove(SslProtocols.SSL_v3);
protocols.remove(PROTOCOL_SSL_V2); protocols.remove(SslProtocols.SSL_v2);
protocols.remove(PROTOCOL_SSL_V2_HELLO); protocols.remove(SslProtocols.SSL_v2_HELLO);
} }
// We have no ciphers that are compatible with TLSv1.3, let us explicit disable it. // We have no ciphers that are compatible with TLSv1.3, let us explicit disable it.
if (cipherSuiteSpecTLSv13.isEmpty()) { if (cipherSuiteSpecTLSv13.isEmpty()) {
protocols.remove(PROTOCOL_TLS_V1_3); protocols.remove(SslProtocols.TLS_v1_3);
} }
// Update the protocols but not cache the value. We only cache when we call it from the user // Update the protocols but not cache the value. We only cache when we call it from the user
// code or when we construct the engine. // code or when we construct the engine.
@ -1650,7 +1643,7 @@ public class ReferenceCountedOpenSslEngine extends SSLEngine implements Referenc
public final String[] getEnabledProtocols() { public final String[] getEnabledProtocols() {
List<String> enabled = new ArrayList<String>(6); List<String> enabled = new ArrayList<String>(6);
// Seems like there is no way to explicit disable SSLv2Hello in openssl so it is always enabled // Seems like there is no way to explicit disable SSLv2Hello in openssl so it is always enabled
enabled.add(PROTOCOL_SSL_V2_HELLO); enabled.add(SslProtocols.SSL_v2_HELLO);
int opts; int opts;
synchronized (this) { synchronized (this) {
@ -1660,23 +1653,23 @@ public class ReferenceCountedOpenSslEngine extends SSLEngine implements Referenc
return enabled.toArray(new String[0]); return enabled.toArray(new String[0]);
} }
} }
if (isProtocolEnabled(opts, SSL.SSL_OP_NO_TLSv1, PROTOCOL_TLS_V1)) { if (isProtocolEnabled(opts, SSL.SSL_OP_NO_TLSv1, SslProtocols.TLS_v1)) {
enabled.add(PROTOCOL_TLS_V1); enabled.add(SslProtocols.TLS_v1);
} }
if (isProtocolEnabled(opts, SSL.SSL_OP_NO_TLSv1_1, PROTOCOL_TLS_V1_1)) { if (isProtocolEnabled(opts, SSL.SSL_OP_NO_TLSv1_1, SslProtocols.TLS_v1_1)) {
enabled.add(PROTOCOL_TLS_V1_1); enabled.add(SslProtocols.TLS_v1_1);
} }
if (isProtocolEnabled(opts, SSL.SSL_OP_NO_TLSv1_2, PROTOCOL_TLS_V1_2)) { if (isProtocolEnabled(opts, SSL.SSL_OP_NO_TLSv1_2, SslProtocols.TLS_v1_2)) {
enabled.add(PROTOCOL_TLS_V1_2); enabled.add(SslProtocols.TLS_v1_2);
} }
if (isProtocolEnabled(opts, SSL.SSL_OP_NO_TLSv1_3, PROTOCOL_TLS_V1_3)) { if (isProtocolEnabled(opts, SSL.SSL_OP_NO_TLSv1_3, SslProtocols.TLS_v1_3)) {
enabled.add(PROTOCOL_TLS_V1_3); enabled.add(SslProtocols.TLS_v1_3);
} }
if (isProtocolEnabled(opts, SSL.SSL_OP_NO_SSLv2, PROTOCOL_SSL_V2)) { if (isProtocolEnabled(opts, SSL.SSL_OP_NO_SSLv2, SslProtocols.SSL_v2)) {
enabled.add(PROTOCOL_SSL_V2); enabled.add(SslProtocols.SSL_v2);
} }
if (isProtocolEnabled(opts, SSL.SSL_OP_NO_SSLv3, PROTOCOL_SSL_V3)) { if (isProtocolEnabled(opts, SSL.SSL_OP_NO_SSLv3, SslProtocols.SSL_v3)) {
enabled.add(PROTOCOL_SSL_V3); enabled.add(SslProtocols.SSL_v3);
} }
return enabled.toArray(new String[0]); return enabled.toArray(new String[0]);
} }
@ -1710,42 +1703,42 @@ public class ReferenceCountedOpenSslEngine extends SSLEngine implements Referenc
if (!OpenSsl.SUPPORTED_PROTOCOLS_SET.contains(p)) { if (!OpenSsl.SUPPORTED_PROTOCOLS_SET.contains(p)) {
throw new IllegalArgumentException("Protocol " + p + " is not supported."); throw new IllegalArgumentException("Protocol " + p + " is not supported.");
} }
if (p.equals(PROTOCOL_SSL_V2)) { if (p.equals(SslProtocols.SSL_v2)) {
if (minProtocolIndex > OPENSSL_OP_NO_PROTOCOL_INDEX_SSLV2) { if (minProtocolIndex > OPENSSL_OP_NO_PROTOCOL_INDEX_SSLV2) {
minProtocolIndex = OPENSSL_OP_NO_PROTOCOL_INDEX_SSLV2; minProtocolIndex = OPENSSL_OP_NO_PROTOCOL_INDEX_SSLV2;
} }
if (maxProtocolIndex < OPENSSL_OP_NO_PROTOCOL_INDEX_SSLV2) { // lgtm[java/constant-comparison] if (maxProtocolIndex < OPENSSL_OP_NO_PROTOCOL_INDEX_SSLV2) { // lgtm[java/constant-comparison]
maxProtocolIndex = OPENSSL_OP_NO_PROTOCOL_INDEX_SSLV2; maxProtocolIndex = OPENSSL_OP_NO_PROTOCOL_INDEX_SSLV2;
} }
} else if (p.equals(PROTOCOL_SSL_V3)) { } else if (p.equals(SslProtocols.SSL_v3)) {
if (minProtocolIndex > OPENSSL_OP_NO_PROTOCOL_INDEX_SSLV3) { if (minProtocolIndex > OPENSSL_OP_NO_PROTOCOL_INDEX_SSLV3) {
minProtocolIndex = OPENSSL_OP_NO_PROTOCOL_INDEX_SSLV3; minProtocolIndex = OPENSSL_OP_NO_PROTOCOL_INDEX_SSLV3;
} }
if (maxProtocolIndex < OPENSSL_OP_NO_PROTOCOL_INDEX_SSLV3) { if (maxProtocolIndex < OPENSSL_OP_NO_PROTOCOL_INDEX_SSLV3) {
maxProtocolIndex = OPENSSL_OP_NO_PROTOCOL_INDEX_SSLV3; maxProtocolIndex = OPENSSL_OP_NO_PROTOCOL_INDEX_SSLV3;
} }
} else if (p.equals(PROTOCOL_TLS_V1)) { } else if (p.equals(SslProtocols.TLS_v1)) {
if (minProtocolIndex > OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1) { if (minProtocolIndex > OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1) {
minProtocolIndex = OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1; minProtocolIndex = OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1;
} }
if (maxProtocolIndex < OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1) { if (maxProtocolIndex < OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1) {
maxProtocolIndex = OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1; maxProtocolIndex = OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1;
} }
} else if (p.equals(PROTOCOL_TLS_V1_1)) { } else if (p.equals(SslProtocols.TLS_v1_1)) {
if (minProtocolIndex > OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1_1) { if (minProtocolIndex > OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1_1) {
minProtocolIndex = OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1_1; minProtocolIndex = OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1_1;
} }
if (maxProtocolIndex < OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1_1) { if (maxProtocolIndex < OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1_1) {
maxProtocolIndex = OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1_1; maxProtocolIndex = OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1_1;
} }
} else if (p.equals(PROTOCOL_TLS_V1_2)) { } else if (p.equals(SslProtocols.TLS_v1_2)) {
if (minProtocolIndex > OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1_2) { if (minProtocolIndex > OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1_2) {
minProtocolIndex = OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1_2; minProtocolIndex = OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1_2;
} }
if (maxProtocolIndex < OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1_2) { if (maxProtocolIndex < OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1_2) {
maxProtocolIndex = OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1_2; maxProtocolIndex = OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1_2;
} }
} else if (p.equals(PROTOCOL_TLS_V1_3)) { } else if (p.equals(SslProtocols.TLS_v1_3)) {
if (minProtocolIndex > OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1_3) { if (minProtocolIndex > OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1_3) {
minProtocolIndex = OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1_3; minProtocolIndex = OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1_3;
} }

76
handler/src/main/java/io/netty/handler/ssl/SslProtocols.java Normal file
View File

@ -0,0 +1,76 @@
/*
* Copyright 2021 The Netty Project
*
* The Netty Project licenses this file to you under the Apache License,
* version 2.0 (the "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at:
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations
* under the License.
*/
package io.netty.handler.ssl;
/**
* SSL/TLS protocols
*/
public final class SslProtocols {
/**
* SSL v2 Hello
*
* @deprecated SSLv2Hello is no longer secure. Consider using {@link #TLS_v1_2} or {@link #TLS_v1_3}
*/
@Deprecated
public static final String SSL_v2_HELLO = "SSLv2Hello";
/**
* SSL v2
*
* @deprecated SSLv2 is no longer secure. Consider using {@link #TLS_v1_2} or {@link #TLS_v1_3}
*/
@Deprecated
public static final String SSL_v2 = "SSLv2";
/**
* SSLv3
*
* @deprecated SSLv3 is no longer secure. Consider using {@link #TLS_v1_2} or {@link #TLS_v1_3}
*/
@Deprecated
public static final String SSL_v3 = "SSLv3";
/**
* TLS v1
*
* @deprecated TLSv1 is no longer secure. Consider using {@link #TLS_v1_2} or {@link #TLS_v1_3}
*/
@Deprecated
public static final String TLS_v1 = "TLSv1";
/**
* TLS v1.1
*
* @deprecated TLSv1.1 is no longer secure. Consider using {@link #TLS_v1_2} or {@link #TLS_v1_3}
*/
@Deprecated
public static final String TLS_v1_1 = "TLSv1.1";
/**
* TLS v1.2
*/
public static final String TLS_v1_2 = "TLSv1.2";
/**
* TLS v1.3
*/
public static final String TLS_v1_3 = "TLSv1.3";
private SslProtocols() {
// Prevent outside initialization
}
}

18
handler/src/main/java/io/netty/handler/ssl/SslUtils.java
View File

@ -56,14 +56,10 @@ final class SslUtils {
asList("TLS_AES_256_GCM_SHA384", "TLS_CHACHA20_POLY1305_SHA256", asList("TLS_AES_256_GCM_SHA384", "TLS_CHACHA20_POLY1305_SHA256",
"TLS_AES_128_GCM_SHA256", "TLS_AES_128_CCM_8_SHA256", "TLS_AES_128_GCM_SHA256", "TLS_AES_128_CCM_8_SHA256",
"TLS_AES_128_CCM_SHA256"))); "TLS_AES_128_CCM_SHA256")));
// Protocols
static final String PROTOCOL_SSL_V2_HELLO = "SSLv2Hello"; /**
static final String PROTOCOL_SSL_V2 = "SSLv2"; * GMSSL Protocol Version
static final String PROTOCOL_SSL_V3 = "SSLv3"; */
static final String PROTOCOL_TLS_V1 = "TLSv1";
static final String PROTOCOL_TLS_V1_1 = "TLSv1.1";
static final String PROTOCOL_TLS_V1_2 = "TLSv1.2";
static final String PROTOCOL_TLS_V1_3 = "TLSv1.3";
static final int GMSSL_PROTOCOL_VERSION = 0x101; static final int GMSSL_PROTOCOL_VERSION = 0x101;
static final String INVALID_CIPHER = "SSL_NULL_WITH_NULL_NULL"; static final String INVALID_CIPHER = "SSL_NULL_WITH_NULL_NULL";
@ -157,7 +153,7 @@ final class SslUtils {
private static boolean isTLSv13SupportedByJDK0(Provider provider) { private static boolean isTLSv13SupportedByJDK0(Provider provider) {
try { try {
return arrayContains(newInitContext(provider) return arrayContains(newInitContext(provider)
.getSupportedSSLParameters().getProtocols(), PROTOCOL_TLS_V1_3); .getSupportedSSLParameters().getProtocols(), SslProtocols.TLS_v1_3);
} catch (Throwable cause) { } catch (Throwable cause) {
logger.debug("Unable to detect if JDK SSLEngine with provider {} supports TLSv1.3, assuming no", logger.debug("Unable to detect if JDK SSLEngine with provider {} supports TLSv1.3, assuming no",
provider, cause); provider, cause);
@ -178,7 +174,7 @@ final class SslUtils {
private static boolean isTLSv13EnabledByJDK0(Provider provider) { private static boolean isTLSv13EnabledByJDK0(Provider provider) {
try { try {
return arrayContains(newInitContext(provider) return arrayContains(newInitContext(provider)
.getDefaultSSLParameters().getProtocols(), PROTOCOL_TLS_V1_3); .getDefaultSSLParameters().getProtocols(), SslProtocols.TLS_v1_3);
} catch (Throwable cause) { } catch (Throwable cause) {
logger.debug("Unable to detect if JDK SSLEngine with provider {} enables TLSv1.3 by default," + logger.debug("Unable to detect if JDK SSLEngine with provider {} enables TLSv1.3 by default," +
" assuming no", provider, cause); " assuming no", provider, cause);
@ -211,7 +207,7 @@ final class SslUtils {
} }
private static String getTlsVersion() { private static String getTlsVersion() {
return TLSV1_3_JDK_SUPPORTED ? PROTOCOL_TLS_V1_3 : PROTOCOL_TLS_V1_2; return TLSV1_3_JDK_SUPPORTED ? SslProtocols.TLS_v1_3 : SslProtocols.TLS_v1_2;
} }
static boolean arrayContains(String[] array, String value) { static boolean arrayContains(String[] array, String value) {

4
handler/src/test/java/io/netty/handler/ssl/CipherSuiteCanaryTest.java
View File

@ -124,7 +124,7 @@ public class CipherSuiteCanaryTest {
.sslProvider(serverSslProvider) .sslProvider(serverSslProvider)
.ciphers(ciphers) .ciphers(ciphers)
// As this is not a TLSv1.3 cipher we should ensure we talk something else. // As this is not a TLSv1.3 cipher we should ensure we talk something else.
.protocols(SslUtils.PROTOCOL_TLS_V1_2) .protocols(SslProtocols.TLS_v1_2)
.build(); .build();
final ExecutorService executorService = delegate ? Executors.newCachedThreadPool() : null; final ExecutorService executorService = delegate ? Executors.newCachedThreadPool() : null;
@ -134,7 +134,7 @@ public class CipherSuiteCanaryTest {
.sslProvider(clientSslProvider) .sslProvider(clientSslProvider)
.ciphers(ciphers) .ciphers(ciphers)
// As this is not a TLSv1.3 cipher we should ensure we talk something else. // As this is not a TLSv1.3 cipher we should ensure we talk something else.
.protocols(SslUtils.PROTOCOL_TLS_V1_2) .protocols(SslProtocols.TLS_v1_2)
.trustManager(InsecureTrustManagerFactory.INSTANCE) .trustManager(InsecureTrustManagerFactory.INSTANCE)
.build(); .build();

14
handler/src/test/java/io/netty/handler/ssl/CloseNotifyTest.java
View File

@ -37,8 +37,6 @@ import javax.net.ssl.SSLSession;
import static io.netty.buffer.ByteBufUtil.writeAscii; import static io.netty.buffer.ByteBufUtil.writeAscii;
import static io.netty.buffer.Unpooled.EMPTY_BUFFER; import static io.netty.buffer.Unpooled.EMPTY_BUFFER;
import static io.netty.handler.codec.ByteToMessageDecoder.MERGE_CUMULATOR; import static io.netty.handler.codec.ByteToMessageDecoder.MERGE_CUMULATOR;
import static io.netty.handler.ssl.SslUtils.PROTOCOL_TLS_V1_2;
import static io.netty.handler.ssl.SslUtils.PROTOCOL_TLS_V1_3;
import static java.nio.charset.StandardCharsets.US_ASCII; import static java.nio.charset.StandardCharsets.US_ASCII;
import static java.util.Arrays.asList; import static java.util.Arrays.asList;
import static org.hamcrest.MatcherAssert.assertThat; import static org.hamcrest.MatcherAssert.assertThat;
@ -62,10 +60,10 @@ public class CloseNotifyTest {
static Collection<Object[]> data() { static Collection<Object[]> data() {
return asList(new Object[][] { return asList(new Object[][] {
{ SslProvider.JDK, PROTOCOL_TLS_V1_2 }, { SslProvider.JDK, SslProtocols.TLS_v1_2 },
{ SslProvider.JDK, PROTOCOL_TLS_V1_3 }, { SslProvider.JDK, SslProtocols.TLS_v1_3 },
{ SslProvider.OPENSSL, PROTOCOL_TLS_V1_2 }, { SslProvider.OPENSSL, SslProtocols.TLS_v1_2 },
{ SslProvider.OPENSSL, PROTOCOL_TLS_V1_3 }, { SslProvider.OPENSSL, SslProtocols.TLS_v1_3 },
}); });
} }
@ -75,7 +73,7 @@ public class CloseNotifyTest {
public void eventsOrder(SslProvider provider, String protocol) throws Exception { public void eventsOrder(SslProvider provider, String protocol) throws Exception {
assumeTrue(provider != SslProvider.OPENSSL || OpenSsl.isAvailable(), "OpenSSL is not available"); assumeTrue(provider != SslProvider.OPENSSL || OpenSsl.isAvailable(), "OpenSSL is not available");
if (PROTOCOL_TLS_V1_3.equals(protocol)) { if (SslProtocols.TLS_v1_3.equals(protocol)) {
// Ensure we support TLSv1.3 // Ensure we support TLSv1.3
assumeTrue(SslProvider.isTlsv13Supported(provider)); assumeTrue(SslProvider.isTlsv13Supported(provider));
} }
@ -144,7 +142,7 @@ public class CloseNotifyTest {
} }
private static boolean jdkTls13(SslProvider provider, String protocol) { private static boolean jdkTls13(SslProvider provider, String protocol) {
return provider == SslProvider.JDK && PROTOCOL_TLS_V1_3.equals(protocol); return provider == SslProvider.JDK && SslProtocols.TLS_v1_3.equals(protocol);
} }
private static EmbeddedChannel initChannel(SslProvider provider, String protocol, final boolean useClientMode, private static EmbeddedChannel initChannel(SslProvider provider, String protocol, final boolean useClientMode,

2
handler/src/test/java/io/netty/handler/ssl/DelegatingSslContextTest.java
View File

@ -25,7 +25,7 @@ import javax.net.ssl.SSLEngine;
import static org.junit.jupiter.api.Assertions.assertArrayEquals; import static org.junit.jupiter.api.Assertions.assertArrayEquals;
public class DelegatingSslContextTest { public class DelegatingSslContextTest {
private static final String[] EXPECTED_PROTOCOLS = { SslUtils.PROTOCOL_TLS_V1_1 }; private static final String[] EXPECTED_PROTOCOLS = { SslProtocols.TLS_v1_1 };
@Test @Test
public void testInitEngineOnNewEngine() throws Exception { public void testInitEngineOnNewEngine() throws Exception {

2
handler/src/test/java/io/netty/handler/ssl/JdkSslEngineTest.java
View File

@ -299,7 +299,7 @@ public class JdkSslEngineTest extends SSLEngineTest {
@Test @Test
public void testEnablingAnAlreadyDisabledSslProtocol() throws Exception { public void testEnablingAnAlreadyDisabledSslProtocol() throws Exception {
testEnablingAnAlreadyDisabledSslProtocol(new String[]{}, new String[]{ SslUtils.PROTOCOL_TLS_V1_2 }); testEnablingAnAlreadyDisabledSslProtocol(new String[]{}, new String[]{ SslProtocols.TLS_v1_2 });
} }
@Ignore /* Does the JDK support a "max certificate chain length"? */ @Ignore /* Does the JDK support a "max certificate chain length"? */

183
handler/src/test/java/io/netty/handler/ssl/OpenSslEngineTest.java
View File

@ -58,11 +58,6 @@ import java.util.Set;
import static io.netty.handler.ssl.OpenSslTestUtils.checkShouldUseKeyManagerFactory; import static io.netty.handler.ssl.OpenSslTestUtils.checkShouldUseKeyManagerFactory;
import static io.netty.handler.ssl.ReferenceCountedOpenSslEngine.MAX_PLAINTEXT_LENGTH; import static io.netty.handler.ssl.ReferenceCountedOpenSslEngine.MAX_PLAINTEXT_LENGTH;
import static io.netty.handler.ssl.SslUtils.PROTOCOL_SSL_V2_HELLO;
import static io.netty.handler.ssl.SslUtils.PROTOCOL_SSL_V3;
import static io.netty.handler.ssl.SslUtils.PROTOCOL_TLS_V1;
import static io.netty.handler.ssl.SslUtils.PROTOCOL_TLS_V1_1;
import static io.netty.handler.ssl.SslUtils.PROTOCOL_TLS_V1_2;
import static io.netty.internal.tcnative.SSL.SSL_CVERIFY_IGNORED; import static io.netty.internal.tcnative.SSL.SSL_CVERIFY_IGNORED;
import static java.lang.Integer.MAX_VALUE; import static java.lang.Integer.MAX_VALUE;
import static org.junit.Assert.assertArrayEquals; import static org.junit.Assert.assertArrayEquals;
@ -241,8 +236,8 @@ public class OpenSslEngineTest extends SSLEngineTest {
@Test @Test
public void testEnablingAnAlreadyDisabledSslProtocol() throws Exception { public void testEnablingAnAlreadyDisabledSslProtocol() throws Exception {
testEnablingAnAlreadyDisabledSslProtocol(new String[]{PROTOCOL_SSL_V2_HELLO}, testEnablingAnAlreadyDisabledSslProtocol(new String[]{SslProtocols.SSL_v2_HELLO},
new String[]{PROTOCOL_SSL_V2_HELLO, PROTOCOL_TLS_V1_2}); new String[]{SslProtocols.SSL_v2_HELLO, SslProtocols.TLS_v1_2});
} }
@Test @Test
public void testWrapBuffersNoWritePendingError() throws Exception { public void testWrapBuffersNoWritePendingError() throws Exception {
@ -546,24 +541,24 @@ public class OpenSslEngineTest extends SSLEngineTest {
.sslProvider(sslServerProvider()) .sslProvider(sslServerProvider())
.build()); .build());
testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "AES128-SHA"); testWrapWithDifferentSizes(SslProtocols.TLS_v1, "AES128-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "ECDHE-RSA-AES128-SHA"); testWrapWithDifferentSizes(SslProtocols.TLS_v1, "ECDHE-RSA-AES128-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "DES-CBC3-SHA"); testWrapWithDifferentSizes(SslProtocols.TLS_v1, "DES-CBC3-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "AECDH-DES-CBC3-SHA"); testWrapWithDifferentSizes(SslProtocols.TLS_v1, "AECDH-DES-CBC3-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "CAMELLIA128-SHA"); testWrapWithDifferentSizes(SslProtocols.TLS_v1, "CAMELLIA128-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "SEED-SHA"); testWrapWithDifferentSizes(SslProtocols.TLS_v1, "SEED-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "RC4-MD5"); testWrapWithDifferentSizes(SslProtocols.TLS_v1, "RC4-MD5");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "AES256-SHA"); testWrapWithDifferentSizes(SslProtocols.TLS_v1, "AES256-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "ADH-DES-CBC3-SHA"); testWrapWithDifferentSizes(SslProtocols.TLS_v1, "ADH-DES-CBC3-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "EDH-RSA-DES-CBC3-SHA"); testWrapWithDifferentSizes(SslProtocols.TLS_v1, "EDH-RSA-DES-CBC3-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "ADH-RC4-MD5"); testWrapWithDifferentSizes(SslProtocols.TLS_v1, "ADH-RC4-MD5");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "IDEA-CBC-SHA"); testWrapWithDifferentSizes(SslProtocols.TLS_v1, "IDEA-CBC-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "RC4-SHA"); testWrapWithDifferentSizes(SslProtocols.TLS_v1, "RC4-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "CAMELLIA256-SHA"); testWrapWithDifferentSizes(SslProtocols.TLS_v1, "CAMELLIA256-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "AECDH-RC4-SHA"); testWrapWithDifferentSizes(SslProtocols.TLS_v1, "AECDH-RC4-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "ECDHE-RSA-DES-CBC3-SHA"); testWrapWithDifferentSizes(SslProtocols.TLS_v1, "ECDHE-RSA-DES-CBC3-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "ECDHE-RSA-AES256-SHA"); testWrapWithDifferentSizes(SslProtocols.TLS_v1, "ECDHE-RSA-AES256-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "ECDHE-RSA-RC4-SHA"); testWrapWithDifferentSizes(SslProtocols.TLS_v1, "ECDHE-RSA-RC4-SHA");
} }
@Test @Test
@ -577,21 +572,21 @@ public class OpenSslEngineTest extends SSLEngineTest {
.sslProvider(sslServerProvider()) .sslProvider(sslServerProvider())
.build()); .build());
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_1, "ECDHE-RSA-AES256-SHA"); testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "ECDHE-RSA-AES256-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_1, "AES256-SHA"); testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "AES256-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_1, "CAMELLIA256-SHA"); testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "CAMELLIA256-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_1, "ECDHE-RSA-AES256-SHA"); testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "ECDHE-RSA-AES256-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_1, "SEED-SHA"); testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "SEED-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_1, "CAMELLIA128-SHA"); testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "CAMELLIA128-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_1, "IDEA-CBC-SHA"); testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "IDEA-CBC-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_1, "AECDH-RC4-SHA"); testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "AECDH-RC4-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_1, "ADH-RC4-MD5"); testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "ADH-RC4-MD5");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_1, "RC4-SHA"); testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "RC4-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_1, "ECDHE-RSA-DES-CBC3-SHA"); testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "ECDHE-RSA-DES-CBC3-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_1, "EDH-RSA-DES-CBC3-SHA"); testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "EDH-RSA-DES-CBC3-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_1, "AECDH-DES-CBC3-SHA"); testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "AECDH-DES-CBC3-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_1, "ADH-DES-CBC3-SHA"); testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "ADH-DES-CBC3-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_1, "DES-CBC3-SHA"); testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "DES-CBC3-SHA");
} }
@Test @Test
@ -605,31 +600,31 @@ public class OpenSslEngineTest extends SSLEngineTest {
.sslProvider(sslServerProvider()) .sslProvider(sslServerProvider())
.build()); .build());
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "AES128-SHA"); testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "AES128-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "ECDHE-RSA-AES128-SHA"); testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "ECDHE-RSA-AES128-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "DES-CBC3-SHA"); testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "DES-CBC3-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "AES128-GCM-SHA256"); testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "AES128-GCM-SHA256");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "ECDHE-RSA-AES256-SHA384"); testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "ECDHE-RSA-AES256-SHA384");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "AECDH-DES-CBC3-SHA"); testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "AECDH-DES-CBC3-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "AES256-GCM-SHA384"); testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "AES256-GCM-SHA384");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "AES256-SHA256"); testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "AES256-SHA256");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "ECDHE-RSA-AES128-GCM-SHA256"); testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "ECDHE-RSA-AES128-GCM-SHA256");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "ECDHE-RSA-AES128-SHA256"); testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "ECDHE-RSA-AES128-SHA256");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "CAMELLIA128-SHA"); testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "CAMELLIA128-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "SEED-SHA"); testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "SEED-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "RC4-MD5"); testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "RC4-MD5");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "AES256-SHA"); testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "AES256-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "ADH-DES-CBC3-SHA"); testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "ADH-DES-CBC3-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "EDH-RSA-DES-CBC3-SHA"); testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "EDH-RSA-DES-CBC3-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "ADH-RC4-MD5"); testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "ADH-RC4-MD5");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "RC4-SHA"); testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "RC4-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "CAMELLIA256-SHA"); testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "CAMELLIA256-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "AES128-SHA256"); testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "AES128-SHA256");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "AECDH-RC4-SHA"); testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "AECDH-RC4-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "ECDHE-RSA-DES-CBC3-SHA"); testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "ECDHE-RSA-DES-CBC3-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "ECDHE-RSA-AES256-GCM-SHA384"); testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "ECDHE-RSA-AES256-GCM-SHA384");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "ECDHE-RSA-AES256-SHA"); testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "ECDHE-RSA-AES256-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "ECDHE-RSA-RC4-SHA"); testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "ECDHE-RSA-RC4-SHA");
} }
@Test @Test
@ -643,31 +638,31 @@ public class OpenSslEngineTest extends SSLEngineTest {
.sslProvider(sslServerProvider()) .sslProvider(sslServerProvider())
.build()); .build());
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "ADH-AES128-SHA"); testWrapWithDifferentSizes(SslProtocols.SSL_v3, "ADH-AES128-SHA");
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "ADH-CAMELLIA128-SHA"); testWrapWithDifferentSizes(SslProtocols.SSL_v3, "ADH-CAMELLIA128-SHA");
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "AECDH-AES128-SHA"); testWrapWithDifferentSizes(SslProtocols.SSL_v3, "AECDH-AES128-SHA");
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "AECDH-DES-CBC3-SHA"); testWrapWithDifferentSizes(SslProtocols.SSL_v3, "AECDH-DES-CBC3-SHA");
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "CAMELLIA128-SHA"); testWrapWithDifferentSizes(SslProtocols.SSL_v3, "CAMELLIA128-SHA");
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "DHE-RSA-AES256-SHA"); testWrapWithDifferentSizes(SslProtocols.SSL_v3, "DHE-RSA-AES256-SHA");
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "SEED-SHA"); testWrapWithDifferentSizes(SslProtocols.SSL_v3, "SEED-SHA");
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "RC4-MD5"); testWrapWithDifferentSizes(SslProtocols.SSL_v3, "RC4-MD5");
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "ADH-AES256-SHA"); testWrapWithDifferentSizes(SslProtocols.SSL_v3, "ADH-AES256-SHA");
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "ADH-SEED-SHA"); testWrapWithDifferentSizes(SslProtocols.SSL_v3, "ADH-SEED-SHA");
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "ADH-DES-CBC3-SHA"); testWrapWithDifferentSizes(SslProtocols.SSL_v3, "ADH-DES-CBC3-SHA");
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "EDH-RSA-DES-CBC3-SHA"); testWrapWithDifferentSizes(SslProtocols.SSL_v3, "EDH-RSA-DES-CBC3-SHA");
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "ADH-RC4-MD5"); testWrapWithDifferentSizes(SslProtocols.SSL_v3, "ADH-RC4-MD5");
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "IDEA-CBC-SHA"); testWrapWithDifferentSizes(SslProtocols.SSL_v3, "IDEA-CBC-SHA");
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "DHE-RSA-AES128-SHA"); testWrapWithDifferentSizes(SslProtocols.SSL_v3, "DHE-RSA-AES128-SHA");
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "RC4-SHA"); testWrapWithDifferentSizes(SslProtocols.SSL_v3, "RC4-SHA");
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "CAMELLIA256-SHA"); testWrapWithDifferentSizes(SslProtocols.SSL_v3, "CAMELLIA256-SHA");
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "AECDH-RC4-SHA"); testWrapWithDifferentSizes(SslProtocols.SSL_v3, "AECDH-RC4-SHA");
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "DHE-RSA-SEED-SHA"); testWrapWithDifferentSizes(SslProtocols.SSL_v3, "DHE-RSA-SEED-SHA");
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "AECDH-AES256-SHA"); testWrapWithDifferentSizes(SslProtocols.SSL_v3, "AECDH-AES256-SHA");
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "ECDHE-RSA-DES-CBC3-SHA"); testWrapWithDifferentSizes(SslProtocols.SSL_v3, "ECDHE-RSA-DES-CBC3-SHA");
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "ADH-CAMELLIA256-SHA"); testWrapWithDifferentSizes(SslProtocols.SSL_v3, "ADH-CAMELLIA256-SHA");
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "DHE-RSA-CAMELLIA256-SHA"); testWrapWithDifferentSizes(SslProtocols.SSL_v3, "DHE-RSA-CAMELLIA256-SHA");
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "DHE-RSA-CAMELLIA128-SHA"); testWrapWithDifferentSizes(SslProtocols.SSL_v3, "DHE-RSA-CAMELLIA128-SHA");
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "ECDHE-RSA-RC4-SHA"); testWrapWithDifferentSizes(SslProtocols.SSL_v3, "ECDHE-RSA-RC4-SHA");
} }
@Test @Test
@ -1394,22 +1389,22 @@ public class OpenSslEngineTest extends SSLEngineTest {
@Test @Test
public void testDefaultTLS1NotAcceptedByDefaultServer() throws Exception { public void testDefaultTLS1NotAcceptedByDefaultServer() throws Exception {
testDefaultTLS1NotAcceptedByDefault(null, PROTOCOL_TLS_V1); testDefaultTLS1NotAcceptedByDefault(null, SslProtocols.TLS_v1);
} }
@Test @Test
public void testDefaultTLS11NotAcceptedByDefaultServer() throws Exception { public void testDefaultTLS11NotAcceptedByDefaultServer() throws Exception {
testDefaultTLS1NotAcceptedByDefault(null, PROTOCOL_TLS_V1_1); testDefaultTLS1NotAcceptedByDefault(null, SslProtocols.TLS_v1_1);
} }
@Test @Test
public void testDefaultTLS1NotAcceptedByDefaultClient() throws Exception { public void testDefaultTLS1NotAcceptedByDefaultClient() throws Exception {
testDefaultTLS1NotAcceptedByDefault(PROTOCOL_TLS_V1, null); testDefaultTLS1NotAcceptedByDefault(SslProtocols.TLS_v1, null);
} }
@Test @Test
public void testDefaultTLS11NotAcceptedByDefaultClient() throws Exception { public void testDefaultTLS11NotAcceptedByDefaultClient() throws Exception {
testDefaultTLS1NotAcceptedByDefault(PROTOCOL_TLS_V1_1, null); testDefaultTLS1NotAcceptedByDefault(SslProtocols.TLS_v1_1, null);
} }
private void testDefaultTLS1NotAcceptedByDefault(String clientProtocol, String serverProtocol) throws Exception { private void testDefaultTLS1NotAcceptedByDefault(String clientProtocol, String serverProtocol) throws Exception {

18
handler/src/test/java/io/netty/handler/ssl/OpenSslPrivateKeyMethodTest.java
View File

@ -117,10 +117,10 @@ public class OpenSslPrivateKeyMethodTest {
if (provider == SslProvider.JDK) { if (provider == SslProvider.JDK) {
SSLEngine engine = SSLContext.getDefault().createSSLEngine(); SSLEngine engine = SSLContext.getDefault().createSSLEngine();
for (String c: engine.getSupportedCipherSuites()) { for (String c: engine.getSupportedCipherSuites()) {
if (RFC_CIPHER_NAME.equals(c)) { if (RFC_CIPHER_NAME.equals(c)) {
cipherSupported = true; cipherSupported = true;
break; break;
} }
} }
} else { } else {
cipherSupported = OpenSsl.isCipherSuiteAvailable(RFC_CIPHER_NAME); cipherSupported = OpenSsl.isCipherSuiteAvailable(RFC_CIPHER_NAME);
@ -141,11 +141,11 @@ public class OpenSslPrivateKeyMethodTest {
final KeyManagerFactory kmf = OpenSslX509KeyManagerFactory.newKeyless(CERT.cert()); final KeyManagerFactory kmf = OpenSslX509KeyManagerFactory.newKeyless(CERT.cert());
return SslContextBuilder.forServer(kmf) return SslContextBuilder.forServer(kmf)
.sslProvider(SslProvider.OPENSSL) .sslProvider(SslProvider.OPENSSL)
.ciphers(ciphers) .ciphers(ciphers)
// As this is not a TLSv1.3 cipher we should ensure we talk something else. // As this is not a TLSv1.3 cipher we should ensure we talk something else.
.protocols(SslUtils.PROTOCOL_TLS_V1_2) .protocols(SslProtocols.TLS_v1_2)
.option(OpenSslContextOption.PRIVATE_KEY_METHOD, method) .option(OpenSslContextOption.PRIVATE_KEY_METHOD, method)
.build(); .build();
} }
@ -155,13 +155,13 @@ public class OpenSslPrivateKeyMethodTest {
.sslProvider(SslProvider.JDK) .sslProvider(SslProvider.JDK)
.ciphers(Collections.singletonList(RFC_CIPHER_NAME)) .ciphers(Collections.singletonList(RFC_CIPHER_NAME))
// As this is not a TLSv1.3 cipher we should ensure we talk something else. // As this is not a TLSv1.3 cipher we should ensure we talk something else.
.protocols(SslUtils.PROTOCOL_TLS_V1_2) .protocols(SslProtocols.TLS_v1_2)
.trustManager(InsecureTrustManagerFactory.INSTANCE) .trustManager(InsecureTrustManagerFactory.INSTANCE)
.build(); .build();
} }
private static Executor delegateExecutor(boolean delegate) { private static Executor delegateExecutor(boolean delegate) {
return delegate ? EXECUTOR : null; return delegate ? EXECUTOR : null;
} }
private static void assertThread(boolean delegate) { private static void assertThread(boolean delegate) {
@ -282,7 +282,7 @@ public class OpenSslPrivateKeyMethodTest {
Channel client = client(server, clientHandler); Channel client = client(server, clientHandler);
try { try {
client.writeAndFlush(Unpooled.wrappedBuffer(new byte[] {'P', 'I', 'N', 'G'})) client.writeAndFlush(Unpooled.wrappedBuffer(new byte[] {'P', 'I', 'N', 'G'}))
.syncUninterruptibly(); .syncUninterruptibly();
assertTrue(clientPromise.await(5L, TimeUnit.SECONDS), "client timeout"); assertTrue(clientPromise.await(5L, TimeUnit.SECONDS), "client timeout");
assertTrue(serverPromise.await(5L, TimeUnit.SECONDS), "server timeout"); assertTrue(serverPromise.await(5L, TimeUnit.SECONDS), "server timeout");

4
handler/src/test/java/io/netty/handler/ssl/OpenSslServerContextTest.java
View File

@ -13,17 +13,13 @@
* License for the specific language governing permissions and limitations * License for the specific language governing permissions and limitations
* under the License. * under the License.
*/ */
package io.netty.handler.ssl; package io.netty.handler.ssl;
import org.junit.Assume;
import org.junit.BeforeClass; import org.junit.BeforeClass;
import javax.net.ssl.SSLException; import javax.net.ssl.SSLException;
import java.io.File; import java.io.File;
import static org.junit.Assume.assumeTrue;
public class OpenSslServerContextTest extends SslContextTest { public class OpenSslServerContextTest extends SslContextTest {
@BeforeClass @BeforeClass

4
handler/src/test/java/io/netty/handler/ssl/ParameterizedSslHandlerTest.java
View File

@ -405,7 +405,7 @@ public class ParameterizedSslHandlerTest {
// Use TLSv1.2 as we depend on the fact that the handshake // Use TLSv1.2 as we depend on the fact that the handshake
// is done in an extra round trip in the test which // is done in an extra round trip in the test which
// is not true in TLSv1.3 // is not true in TLSv1.3
.protocols(SslUtils.PROTOCOL_TLS_V1_2) .protocols(SslProtocols.TLS_v1_2)
.build(); .build();
final SslContext sslClientCtx = SslContextBuilder.forClient() final SslContext sslClientCtx = SslContextBuilder.forClient()
@ -414,7 +414,7 @@ public class ParameterizedSslHandlerTest {
// Use TLSv1.2 as we depend on the fact that the handshake // Use TLSv1.2 as we depend on the fact that the handshake
// is done in an extra round trip in the test which // is done in an extra round trip in the test which
// is not true in TLSv1.3 // is not true in TLSv1.3
.protocols(SslUtils.PROTOCOL_TLS_V1_2) .protocols(SslProtocols.TLS_v1_2)
.build(); .build();
EventLoopGroup group = new NioEventLoopGroup(); EventLoopGroup group = new NioEventLoopGroup();

4
handler/src/test/java/io/netty/handler/ssl/RenegotiateTest.java
View File

@ -50,7 +50,7 @@ public abstract class RenegotiateTest {
try { try {
final SslContext context = SslContextBuilder.forServer(cert.key(), cert.cert()) final SslContext context = SslContextBuilder.forServer(cert.key(), cert.cert())
.sslProvider(serverSslProvider()) .sslProvider(serverSslProvider())
.protocols(SslUtils.PROTOCOL_TLS_V1_2) .protocols(SslProtocols.TLS_v1_2)
.build(); .build();
ServerBootstrap sb = new ServerBootstrap(); ServerBootstrap sb = new ServerBootstrap();
@ -105,7 +105,7 @@ public abstract class RenegotiateTest {
final SslContext clientContext = SslContextBuilder.forClient() final SslContext clientContext = SslContextBuilder.forClient()
.trustManager(InsecureTrustManagerFactory.INSTANCE) .trustManager(InsecureTrustManagerFactory.INSTANCE)
.sslProvider(SslProvider.JDK) .sslProvider(SslProvider.JDK)
.protocols(SslUtils.PROTOCOL_TLS_V1_2) .protocols(SslProtocols.TLS_v1_2)
.build(); .build();
Bootstrap bootstrap = new Bootstrap(); Bootstrap bootstrap = new Bootstrap();

43
handler/src/test/java/io/netty/handler/ssl/SSLEngineTest.java
View File

@ -184,9 +184,9 @@ public abstract class SSLEngineTest {
static final class ProtocolCipherCombo { static final class ProtocolCipherCombo {
private static final ProtocolCipherCombo TLSV12 = new ProtocolCipherCombo( private static final ProtocolCipherCombo TLSV12 = new ProtocolCipherCombo(
PROTOCOL_TLS_V1_2, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"); SslProtocols.TLS_v1_2, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256");
private static final ProtocolCipherCombo TLSV13 = new ProtocolCipherCombo( private static final ProtocolCipherCombo TLSV13 = new ProtocolCipherCombo(
PROTOCOL_TLS_V1_3, "TLS_AES_128_GCM_SHA256"); SslProtocols.TLS_v1_3, "TLS_AES_128_GCM_SHA256");
final String protocol; final String protocol;
final String cipher; final String cipher;
@ -532,13 +532,13 @@ public abstract class SSLEngineTest {
// due to no shared/supported cipher. // due to no shared/supported cipher.
clientSslCtx = wrapContext(SslContextBuilder.forClient() clientSslCtx = wrapContext(SslContextBuilder.forClient()
.trustManager(InsecureTrustManagerFactory.INSTANCE) .trustManager(InsecureTrustManagerFactory.INSTANCE)
.protocols(PROTOCOL_TLS_V1_3, PROTOCOL_TLS_V1_2, PROTOCOL_TLS_V1) .protocols(SslProtocols.TLS_v1_3, SslProtocols.TLS_v1_2, SslProtocols.TLS_v1)
.sslContextProvider(clientSslContextProvider()) .sslContextProvider(clientSslContextProvider())
.sslProvider(sslClientProvider()) .sslProvider(sslClientProvider())
.build()); .build());
serverSslCtx = wrapContext(SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()) serverSslCtx = wrapContext(SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
.protocols(PROTOCOL_TLS_V1_3, PROTOCOL_TLS_V1_2, PROTOCOL_TLS_V1) .protocols(SslProtocols.TLS_v1_3, SslProtocols.TLS_v1_2, SslProtocols.TLS_v1)
.sslContextProvider(serverSslContextProvider()) .sslContextProvider(serverSslContextProvider())
.sslProvider(sslServerProvider()) .sslProvider(sslServerProvider())
.build()); .build());
@ -1513,7 +1513,7 @@ public abstract class SSLEngineTest {
assertArrayEquals(protocols1, enabledProtocols); assertArrayEquals(protocols1, enabledProtocols);
// Enable a protocol that is currently disabled // Enable a protocol that is currently disabled
sslEngine.setEnabledProtocols(new String[]{ PROTOCOL_TLS_V1_2 }); sslEngine.setEnabledProtocols(new String[]{ SslProtocols.TLS_v1_2 });
// The protocol that was just enabled should be returned // The protocol that was just enabled should be returned
enabledProtocols = sslEngine.getEnabledProtocols(); enabledProtocols = sslEngine.getEnabledProtocols();
@ -1584,7 +1584,7 @@ public abstract class SSLEngineTest {
if (!clientHandshakeFinished || if (!clientHandshakeFinished ||
// After the handshake completes it is possible we have more data that was send by the server as // After the handshake completes it is possible we have more data that was send by the server as
// the server will send session updates after the handshake. In this case continue to unwrap. // the server will send session updates after the handshake. In this case continue to unwrap.
SslUtils.PROTOCOL_TLS_V1_3.equals(clientEngine.getSession().getProtocol())) { SslProtocols.TLS_v1_3.equals(clientEngine.getSession().getProtocol())) {
int clientAppReadBufferPos = clientAppReadBuffer.position(); int clientAppReadBufferPos = clientAppReadBuffer.position();
clientResult = clientEngine.unwrap(sTOc, clientAppReadBuffer); clientResult = clientEngine.unwrap(sTOc, clientAppReadBuffer);
@ -1700,7 +1700,7 @@ public abstract class SSLEngineTest {
if (serverApn.protocol() == Protocol.NPN || serverApn.protocol() == Protocol.NPN_AND_ALPN) { if (serverApn.protocol() == Protocol.NPN || serverApn.protocol() == Protocol.NPN_AND_ALPN) {
// NPN is not really well supported with TLSv1.3 so force to use TLSv1.2 // NPN is not really well supported with TLSv1.3 so force to use TLSv1.2
// See https://github.com/openssl/openssl/issues/3665 // See https://github.com/openssl/openssl/issues/3665
serverCtxBuilder.protocols(PROTOCOL_TLS_V1_2); serverCtxBuilder.protocols(SslProtocols.TLS_v1_2);
} }
SslContextBuilder clientCtxBuilder = SslContextBuilder.forClient() SslContextBuilder clientCtxBuilder = SslContextBuilder.forClient()
@ -1715,7 +1715,7 @@ public abstract class SSLEngineTest {
if (clientApn.protocol() == Protocol.NPN || clientApn.protocol() == Protocol.NPN_AND_ALPN) { if (clientApn.protocol() == Protocol.NPN || clientApn.protocol() == Protocol.NPN_AND_ALPN) {
// NPN is not really well supported with TLSv1.3 so force to use TLSv1.2 // NPN is not really well supported with TLSv1.3 so force to use TLSv1.2
// See https://github.com/openssl/openssl/issues/3665 // See https://github.com/openssl/openssl/issues/3665
clientCtxBuilder.protocols(PROTOCOL_TLS_V1_2); clientCtxBuilder.protocols(SslProtocols.TLS_v1_2);
} }
setupHandlers(wrapContext(serverCtxBuilder.build()), wrapContext(clientCtxBuilder.build())); setupHandlers(wrapContext(serverCtxBuilder.build()), wrapContext(clientCtxBuilder.build()));
@ -2043,9 +2043,9 @@ public abstract class SSLEngineTest {
if (provider != null) { if (provider != null) {
// conscrypt not correctly filters out TLSv1 and TLSv1.1 which is required now by the JDK. // conscrypt not correctly filters out TLSv1 and TLSv1.1 which is required now by the JDK.
// https://github.com/google/conscrypt/issues/1013 // https://github.com/google/conscrypt/issues/1013
return new String[] { PROTOCOL_TLS_V1_2 }; return new String[] { SslProtocols.TLS_v1_2 };
} }
return new String[] {PROTOCOL_TLS_V1_2, PROTOCOL_TLS_V1}; return new String[] {SslProtocols.TLS_v1_2, SslProtocols.TLS_v1};
} }
@Test @Test
@ -2333,7 +2333,7 @@ public abstract class SSLEngineTest {
.sslContextProvider(clientSslContextProvider()) .sslContextProvider(clientSslContextProvider())
.sslProvider(sslClientProvider()) .sslProvider(sslClientProvider())
// This test only works for non TLSv1.3 for now // This test only works for non TLSv1.3 for now
.protocols(PROTOCOL_TLS_V1_2) .protocols(SslProtocols.TLS_v1_2)
.build()); .build());
SSLEngine client = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); SSLEngine client = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
@ -2342,7 +2342,7 @@ public abstract class SSLEngineTest {
.sslContextProvider(serverSslContextProvider()) .sslContextProvider(serverSslContextProvider())
.sslProvider(sslServerProvider()) .sslProvider(sslServerProvider())
// This test only works for non TLSv1.3 for now // This test only works for non TLSv1.3 for now
.protocols(PROTOCOL_TLS_V1_2) .protocols(SslProtocols.TLS_v1_2)
.build()); .build());
SSLEngine server = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); SSLEngine server = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
@ -2803,12 +2803,13 @@ public abstract class SSLEngineTest {
@Test @Test
public void testDisableProtocols() throws Exception { public void testDisableProtocols() throws Exception {
testDisableProtocols(PROTOCOL_SSL_V2, PROTOCOL_SSL_V2); testDisableProtocols(SslProtocols.SSL_v2, SslProtocols.SSL_v2);
testDisableProtocols(PROTOCOL_SSL_V3, PROTOCOL_SSL_V2, PROTOCOL_SSL_V3); testDisableProtocols(SslProtocols.SSL_v3, SslProtocols.SSL_v2, SslProtocols.SSL_v3);
testDisableProtocols(PROTOCOL_TLS_V1, PROTOCOL_SSL_V2, PROTOCOL_SSL_V3, PROTOCOL_TLS_V1); testDisableProtocols(SslProtocols.TLS_v1, SslProtocols.SSL_v2, SslProtocols.SSL_v3, SslProtocols.TLS_v1);
testDisableProtocols(PROTOCOL_TLS_V1_1, PROTOCOL_SSL_V2, PROTOCOL_SSL_V3, PROTOCOL_TLS_V1, PROTOCOL_TLS_V1_1); testDisableProtocols(SslProtocols.TLS_v1_1, SslProtocols.SSL_v2, SslProtocols.SSL_v3, SslProtocols.TLS_v1,
testDisableProtocols(PROTOCOL_TLS_V1_2, PROTOCOL_SSL_V2, SslProtocols.TLS_v1_1);
PROTOCOL_SSL_V3, PROTOCOL_TLS_V1, PROTOCOL_TLS_V1_1, PROTOCOL_TLS_V1_2); testDisableProtocols(SslProtocols.TLS_v1_2, SslProtocols.SSL_v2,
SslProtocols.SSL_v3, SslProtocols.TLS_v1, SslProtocols.TLS_v1_1, SslProtocols.TLS_v1_2);
} }
private void testDisableProtocols(String protocol, String... disabledProtocols) throws Exception { private void testDisableProtocols(String protocol, String... disabledProtocols) throws Exception {
@ -2832,7 +2833,7 @@ public abstract class SSLEngineTest {
for (String disabled : disabledProtocols) { for (String disabled : disabledProtocols) {
supported.remove(disabled); supported.remove(disabled);
} }
if (supported.contains(PROTOCOL_SSL_V2_HELLO) && supported.size() == 1) { if (supported.contains(SslProtocols.SSL_v2_HELLO) && supported.size() == 1) {
// It's not allowed to set only PROTOCOL_SSL_V2_HELLO if using JDK SSLEngine. // It's not allowed to set only PROTOCOL_SSL_V2_HELLO if using JDK SSLEngine.
return; return;
} }
@ -4010,9 +4011,9 @@ public abstract class SSLEngineTest {
} }
assertEquals(SslProvider.isTlsv13EnabledByDefault(sslClientProvider(), clientSslContextProvider()), assertEquals(SslProvider.isTlsv13EnabledByDefault(sslClientProvider(), clientSslContextProvider()),
arrayContains(clientProtocols, PROTOCOL_TLS_V1_3)); arrayContains(clientProtocols, SslProtocols.TLS_v1_3));
assertEquals(SslProvider.isTlsv13EnabledByDefault(sslServerProvider(), serverSslContextProvider()), assertEquals(SslProvider.isTlsv13EnabledByDefault(sslServerProvider(), serverSslContextProvider()),
arrayContains(serverProtocols, PROTOCOL_TLS_V1_3)); arrayContains(serverProtocols, SslProtocols.TLS_v1_3));
} }
protected SSLEngine wrapEngine(SSLEngine engine) { protected SSLEngine wrapEngine(SSLEngine engine) {

2
handler/src/test/java/io/netty/handler/ssl/SniHandlerTest.java
View File

@ -611,7 +611,7 @@ public class SniHandlerTest {
* This is a {@link SslHandler} that will call {@code release()} on the {@link SslContext} when * This is a {@link SslHandler} that will call {@code release()} on the {@link SslContext} when
* the client disconnects. * the client disconnects.
* *
* @see SniHandlerTest#testReplaceHandler() * @see SniHandlerTest#testReplaceHandler(SslProvider)
*/ */
private static class CustomSslHandler extends SslHandler { private static class CustomSslHandler extends SslHandler {
private final SslContext sslContext; private final SslContext sslContext;

26
handler/src/test/java/io/netty/handler/ssl/SslHandlerTest.java
View File

@ -836,7 +836,7 @@ public class SslHandlerTest {
@Timeout(value = 10000, unit = TimeUnit.MILLISECONDS) @Timeout(value = 10000, unit = TimeUnit.MILLISECONDS)
public void testHandshakeFailedByWriteBeforeChannelActive() throws Exception { public void testHandshakeFailedByWriteBeforeChannelActive() throws Exception {
final SslContext sslClientCtx = SslContextBuilder.forClient() final SslContext sslClientCtx = SslContextBuilder.forClient()
.protocols(SslUtils.PROTOCOL_SSL_V3) .protocols(SslProtocols.SSL_v3)
.trustManager(InsecureTrustManagerFactory.INSTANCE) .trustManager(InsecureTrustManagerFactory.INSTANCE)
.sslProvider(SslProvider.JDK).build(); .sslProvider(SslProvider.JDK).build();
@ -1145,27 +1145,27 @@ public class SslHandlerTest {
@Test @Test
@Timeout(value = 5000, unit = TimeUnit.MILLISECONDS) @Timeout(value = 5000, unit = TimeUnit.MILLISECONDS)
public void testSessionTicketsWithTLSv12() throws Throwable { public void testSessionTicketsWithTLSv12() throws Throwable {
testSessionTickets(SslProvider.OPENSSL, SslUtils.PROTOCOL_TLS_V1_2, true); testSessionTickets(SslProvider.OPENSSL, SslProtocols.TLS_v1_2, true);
} }
@Test @Test
@Timeout(value = 5000, unit = TimeUnit.MILLISECONDS) @Timeout(value = 5000, unit = TimeUnit.MILLISECONDS)
public void testSessionTicketsWithTLSv13() throws Throwable { public void testSessionTicketsWithTLSv13() throws Throwable {
assumeTrue(SslProvider.isTlsv13Supported(SslProvider.OPENSSL)); assumeTrue(SslProvider.isTlsv13Supported(SslProvider.OPENSSL));
testSessionTickets(SslProvider.OPENSSL, SslUtils.PROTOCOL_TLS_V1_3, true); testSessionTickets(SslProvider.OPENSSL, SslProtocols.TLS_v1_3, true);
} }
@Test @Test
@Timeout(value = 5000, unit = TimeUnit.MILLISECONDS) @Timeout(value = 5000, unit = TimeUnit.MILLISECONDS)
public void testSessionTicketsWithTLSv12AndNoKey() throws Throwable { public void testSessionTicketsWithTLSv12AndNoKey() throws Throwable {
testSessionTickets(SslProvider.OPENSSL, SslUtils.PROTOCOL_TLS_V1_2, false); testSessionTickets(SslProvider.OPENSSL, SslProtocols.TLS_v1_2, false);
} }
@Test @Test
@Timeout(value = 5000, unit = TimeUnit.MILLISECONDS) @Timeout(value = 5000, unit = TimeUnit.MILLISECONDS)
public void testSessionTicketsWithTLSv13AndNoKey() throws Throwable { public void testSessionTicketsWithTLSv13AndNoKey() throws Throwable {
assumeTrue(OpenSsl.isTlsv13Supported()); assumeTrue(OpenSsl.isTlsv13Supported());
testSessionTickets(SslProvider.OPENSSL, SslUtils.PROTOCOL_TLS_V1_3, false); testSessionTickets(SslProvider.OPENSSL, SslProtocols.TLS_v1_3, false);
} }
private static void testSessionTickets(SslProvider provider, String protocol, boolean withKey) throws Throwable { private static void testSessionTickets(SslProvider provider, String protocol, boolean withKey) throws Throwable {
@ -1223,7 +1223,7 @@ public class SslHandlerTest {
// This test only works for non TLSv1.3 as TLSv1.3 will establish sessions after // This test only works for non TLSv1.3 as TLSv1.3 will establish sessions after
// the handshake is done. // the handshake is done.
// See https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_sess_set_get_cb.html // See https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_sess_set_get_cb.html
if (!SslUtils.PROTOCOL_TLS_V1_3.equals(engine.getSession().getProtocol())) { if (!SslProtocols.TLS_v1_3.equals(engine.getSession().getProtocol())) {
// First should not re-use the session // First should not re-use the session
try { try {
assertEquals(handshakeCount > 1, engine.isSessionReused()); assertEquals(handshakeCount > 1, engine.isSessionReused());
@ -1297,7 +1297,7 @@ public class SslHandlerTest {
// This test only works for non TLSv1.3 as TLSv1.3 will establish sessions after // This test only works for non TLSv1.3 as TLSv1.3 will establish sessions after
// the handshake is done. // the handshake is done.
// See https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_sess_set_get_cb.html // See https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_sess_set_get_cb.html
if (!SslUtils.PROTOCOL_TLS_V1_3.equals(engine.getSession().getProtocol())) { if (!SslProtocols.TLS_v1_3.equals(engine.getSession().getProtocol())) {
assertEquals(isReused, engine.isSessionReused()); assertEquals(isReused, engine.isSessionReused());
} }
Object obj = queue.take(); Object obj = queue.take();
@ -1472,11 +1472,11 @@ public class SslHandlerTest {
if (tls13) { if (tls13) {
clientCipher = "TLS_AES_128_GCM_SHA256"; clientCipher = "TLS_AES_128_GCM_SHA256";
serverCipher = "TLS_AES_256_GCM_SHA384"; serverCipher = "TLS_AES_256_GCM_SHA384";
protocol = SslUtils.PROTOCOL_TLS_V1_3; protocol = SslProtocols.TLS_v1_3;
} else { } else {
clientCipher = "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"; clientCipher = "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256";
serverCipher = "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"; serverCipher = "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384";
protocol = SslUtils.PROTOCOL_TLS_V1_2; protocol = SslProtocols.TLS_v1_2;
} }
final SslContext sslClientCtx = SslContextBuilder.forClient() final SslContext sslClientCtx = SslContextBuilder.forClient()
.trustManager(InsecureTrustManagerFactory.INSTANCE) .trustManager(InsecureTrustManagerFactory.INSTANCE)
@ -1566,26 +1566,26 @@ public class SslHandlerTest {
@Test @Test
public void testHandshakeEventsTls12JDK() throws Exception { public void testHandshakeEventsTls12JDK() throws Exception {
testHandshakeEvents(SslProvider.JDK, SslUtils.PROTOCOL_TLS_V1_2); testHandshakeEvents(SslProvider.JDK, SslProtocols.TLS_v1_2);
} }
@Test @Test
public void testHandshakeEventsTls12Openssl() throws Exception { public void testHandshakeEventsTls12Openssl() throws Exception {
OpenSsl.ensureAvailability(); OpenSsl.ensureAvailability();
testHandshakeEvents(SslProvider.OPENSSL, SslUtils.PROTOCOL_TLS_V1_2); testHandshakeEvents(SslProvider.OPENSSL, SslProtocols.TLS_v1_2);
} }
@Test @Test
public void testHandshakeEventsTls13JDK() throws Exception { public void testHandshakeEventsTls13JDK() throws Exception {
assumeTrue(SslProvider.isTlsv13Supported(SslProvider.JDK)); assumeTrue(SslProvider.isTlsv13Supported(SslProvider.JDK));
testHandshakeEvents(SslProvider.JDK, SslUtils.PROTOCOL_TLS_V1_3); testHandshakeEvents(SslProvider.JDK, SslProtocols.TLS_v1_3);
} }
@Test @Test
public void testHandshakeEventsTls13Openssl() throws Exception { public void testHandshakeEventsTls13Openssl() throws Exception {
OpenSsl.ensureAvailability(); OpenSsl.ensureAvailability();
assumeTrue(SslProvider.isTlsv13Supported(SslProvider.OPENSSL)); assumeTrue(SslProvider.isTlsv13Supported(SslProvider.OPENSSL));
testHandshakeEvents(SslProvider.OPENSSL, SslUtils.PROTOCOL_TLS_V1_3); testHandshakeEvents(SslProvider.OPENSSL, SslProtocols.TLS_v1_3);
} }
private void testHandshakeEvents(SslProvider provider, String protocol) throws Exception { private void testHandshakeEvents(SslProvider provider, String protocol) throws Exception {