Add SslProtocols and Cipher suites constants (#11457)

Motivation:
Protocols and Cipher suites constants to prevent typos in protocol and cipher suites names and ease of use.

Modification:
Added Protocols and Cipher suites as constants in their respective classes.

Result:
Fixes #11393
This commit is contained in:
Aayush Atharva 2021-07-08 00:45:43 +05:30 committed by GitHub
parent 0b2e955aff
commit ede7a604f1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
19 changed files with 1031 additions and 218 deletions

View File

@ -0,0 +1,758 @@
/*
* Copyright 2021 The Netty Project
*
* The Netty Project licenses this file to you under the Apache License,
* version 2.0 (the "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at:
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations
* under the License.
*/
package io.netty.handler.ssl;
import io.netty.util.internal.ObjectUtil;
import java.util.Arrays;
/**
* Cipher suites
*/
public final class Ciphers {
/**
* TLS_AES_256_GCM_SHA384
*/
public static final String TLS_AES_256_GCM_SHA384 = "TLS_AES_256_GCM_SHA384";
/**
* TLS_CHACHA20_POLY1305_SHA256
*/
public static final String TLS_CHACHA20_POLY1305_SHA256 = "TLS_CHACHA20_POLY1305_SHA256";
/**
* TLS_AES_128_GCM_SHA256
*/
public static final String TLS_AES_128_GCM_SHA256 = "TLS_AES_128_GCM_SHA256";
/**
* TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
*/
public static final String TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384";
/**
* TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
*/
public static final String TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384";
/**
* TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
*/
public static final String TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 = "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384";
/**
* TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
*/
public static final String TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384";
/**
* TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
*/
public static final String TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 =
"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256";
/**
* TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
*/
public static final String TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 =
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256";
/**
* TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
*/
public static final String TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256";
/**
* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_CCM8
*/
public static final String TLS_ECDHE_ECDSA_WITH_AES_256_CBC_CCM8 = "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_CCM8";
/**
* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_CCM
*/
public static final String TLS_ECDHE_ECDSA_WITH_AES_256_CBC_CCM = "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_CCM";
/**
* TLS_DHE_RSA_WITH_AES_256_CBC_CCM8
*/
public static final String TLS_DHE_RSA_WITH_AES_256_CBC_CCM8 = "TLS_DHE_RSA_WITH_AES_256_CBC_CCM8";
/**
* TLS_DHE_RSA_WITH_AES_256_CBC_CCM
*/
public static final String TLS_DHE_RSA_WITH_AES_256_CBC_CCM = "TLS_DHE_RSA_WITH_AES_256_CBC_CCM";
/**
* TLS_ECDHE_ECDSA_WITH_ARIA256_GCM_SHA384
*/
public static final String TLS_ECDHE_ECDSA_WITH_ARIA256_GCM_SHA384 = "TLS_ECDHE_ECDSA_WITH_ARIA256_GCM_SHA384";
/**
* TLS_RSA_WITH_ECDHE_ARIA256_GCM_SHA384
*/
public static final String TLS_RSA_WITH_ECDHE_ARIA256_GCM_SHA384 = "TLS_RSA_WITH_ECDHE_ARIA256_GCM_SHA384";
/**
* TLS_DHE_DSS_WITH_ARIA256_GCM_SHA384
*/
public static final String TLS_DHE_DSS_WITH_ARIA256_GCM_SHA384 = "TLS_DHE_DSS_WITH_ARIA256_GCM_SHA384";
/**
* TLS_DHE_RSA_WITH_ARIA256_GCM_SHA384
*/
public static final String TLS_DHE_RSA_WITH_ARIA256_GCM_SHA384 = "TLS_DHE_RSA_WITH_ARIA256_GCM_SHA384";
/**
* TLS_DH_anon_WITH_AES_256_GCM_SHA384
*/
public static final String TLS_DH_anon_WITH_AES_256_GCM_SHA384 = "TLS_DH_anon_WITH_AES_256_GCM_SHA384";
/**
* TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
*/
public static final String TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256";
/**
* TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
*/
public static final String TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256";
/**
* TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
*/
public static final String TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 = "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256";
/**
* TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
*/
public static final String TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256";
/**
* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_CCM8
*/
public static final String TLS_ECDHE_ECDSA_WITH_AES_128_CBC_CCM8 = "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_CCM8";
/**
* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_CCM
*/
public static final String TLS_ECDHE_ECDSA_WITH_AES_128_CBC_CCM = "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_CCM";
/**
* TLS_DHE_RSA_WITH_AES_128_CBC_CCM8
*/
public static final String TLS_DHE_RSA_WITH_AES_128_CBC_CCM8 = "TLS_DHE_RSA_WITH_AES_128_CBC_CCM8";
/**
* TLS_DHE_RSA_WITH_AES_128_CBC_CCM
*/
public static final String TLS_DHE_RSA_WITH_AES_128_CBC_CCM = "TLS_DHE_RSA_WITH_AES_128_CBC_CCM";
/**
* TLS_ECDHE_ECDSA_WITH_ARIA128_GCM_SHA256
*/
public static final String TLS_ECDHE_ECDSA_WITH_ARIA128_GCM_SHA256 = "TLS_ECDHE_ECDSA_WITH_ARIA128_GCM_SHA256";
/**
* TLS_RSA_WITH_ECDHE_ARIA128_GCM_SHA256
*/
public static final String TLS_RSA_WITH_ECDHE_ARIA128_GCM_SHA256 = "TLS_RSA_WITH_ECDHE_ARIA128_GCM_SHA256";
/**
* TLS_DHE_DSS_WITH_ARIA128_GCM_SHA256
*/
public static final String TLS_DHE_DSS_WITH_ARIA128_GCM_SHA256 = "TLS_DHE_DSS_WITH_ARIA128_GCM_SHA256";
/**
* TLS_DHE_RSA_WITH_ARIA128_GCM_SHA256
*/
public static final String TLS_DHE_RSA_WITH_ARIA128_GCM_SHA256 = "TLS_DHE_RSA_WITH_ARIA128_GCM_SHA256";
/**
* TLS_DH_anon_WITH_AES_128_GCM_SHA256
*/
public static final String TLS_DH_anon_WITH_AES_128_GCM_SHA256 = "TLS_DH_anon_WITH_AES_128_GCM_SHA256";
/**
* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
*/
public static final String TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 = "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384";
/**
* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
*/
public static final String TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 = "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384";
/**
* TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
*/
public static final String TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256";
/**
* TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
*/
public static final String TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 = "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256";
/**
* TLS_ECDHE_ECDSA_WITH_CAMELLIA256_SHA384
*/
public static final String TLS_ECDHE_ECDSA_WITH_CAMELLIA256_SHA384 = "TLS_ECDHE_ECDSA_WITH_CAMELLIA256_SHA384";
/**
* TLS_ECDHE_RSA_WITH_CAMELLIA256_SHA384
*/
public static final String TLS_ECDHE_RSA_WITH_CAMELLIA256_SHA384 = "TLS_ECDHE_RSA_WITH_CAMELLIA256_SHA384";
/**
* TLS_DHE_RSA_WITH_CAMELLIA256_SHA256
*/
public static final String TLS_DHE_RSA_WITH_CAMELLIA256_SHA256 = "TLS_DHE_RSA_WITH_CAMELLIA256_SHA256";
/**
* TLS_DHE_DSS_WITH_CAMELLIA256_SHA256
*/
public static final String TLS_DHE_DSS_WITH_CAMELLIA256_SHA256 = "TLS_DHE_DSS_WITH_CAMELLIA256_SHA256";
/**
* TLS_DH_anon_WITH_AES_256_CBC_SHA256
*/
public static final String TLS_DH_anon_WITH_AES_256_CBC_SHA256 = "TLS_DH_anon_WITH_AES_256_CBC_SHA256";
/**
* TLS_DH_anon_WITH_CAMELLIA256_SHA256
*/
public static final String TLS_DH_anon_WITH_CAMELLIA256_SHA256 = "TLS_DH_anon_WITH_CAMELLIA256_SHA256";
/**
* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
*/
public static final String TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256";
/**
* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
*/
public static final String TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256";
/**
* TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
*/
public static final String TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256";
/**
* TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
*/
public static final String TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 = "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256";
/**
* TLS_ECDHE_ECDSA_WITH_CAMELLIA128_SHA256
*/
public static final String TLS_ECDHE_ECDSA_WITH_CAMELLIA128_SHA256 = "TLS_ECDHE_ECDSA_WITH_CAMELLIA128_SHA256";
/**
* TLS_ECDHE_RSA_WITH_CAMELLIA128_SHA256
*/
public static final String TLS_ECDHE_RSA_WITH_CAMELLIA128_SHA256 = "TLS_ECDHE_RSA_WITH_CAMELLIA128_SHA256";
/**
* TLS_DHE_RSA_WITH_CAMELLIA128_SHA256
*/
public static final String TLS_DHE_RSA_WITH_CAMELLIA128_SHA256 = "TLS_DHE_RSA_WITH_CAMELLIA128_SHA256";
/**
* TLS_DHE_DSS_WITH_CAMELLIA128_SHA256
*/
public static final String TLS_DHE_DSS_WITH_CAMELLIA128_SHA256 = "TLS_DHE_DSS_WITH_CAMELLIA128_SHA256";
/**
* TLS_DH_anon_WITH_AES_128_CBC_SHA256
*/
public static final String TLS_DH_anon_WITH_AES_128_CBC_SHA256 = "TLS_DH_anon_WITH_AES_128_CBC_SHA256";
/**
* TLS_DH_anon_WITH_CAMELLIA128_SHA256
*/
public static final String TLS_DH_anon_WITH_CAMELLIA128_SHA256 = "TLS_DH_anon_WITH_CAMELLIA128_SHA256";
/**
* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
*/
public static final String TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA";
/**
* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
*/
public static final String TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA";
/**
* TLS_DHE_RSA_WITH_AES_256_CBC_SHA
*/
public static final String TLS_DHE_RSA_WITH_AES_256_CBC_SHA = "TLS_DHE_RSA_WITH_AES_256_CBC_SHA";
/**
* TLS_DHE_DSS_WITH_AES_256_CBC_SHA
*/
public static final String TLS_DHE_DSS_WITH_AES_256_CBC_SHA = "TLS_DHE_DSS_WITH_AES_256_CBC_SHA";
/**
* TLS_DHE_RSA_WITH_CAMELLIA256_SHA
*/
public static final String TLS_DHE_RSA_WITH_CAMELLIA256_SHA = "TLS_DHE_RSA_WITH_CAMELLIA256_SHA";
/**
* TLS_DHE_DSS_WITH_CAMELLIA256_SHA
*/
public static final String TLS_DHE_DSS_WITH_CAMELLIA256_SHA = "TLS_DHE_DSS_WITH_CAMELLIA256_SHA";
/**
* TLS_ECDH_anon_WITH_AES_256_CBC_SHA
*/
public static final String TLS_ECDH_anon_WITH_AES_256_CBC_SHA = "TLS_ECDH_anon_WITH_AES_256_CBC_SHA";
/**
* TLS_DH_anon_WITH_AES_256_CBC_SHA
*/
public static final String TLS_DH_anon_WITH_AES_256_CBC_SHA = "TLS_DH_anon_WITH_AES_256_CBC_SHA";
/**
* TLS_DH_anon_WITH_CAMELLIA256_SHA
*/
public static final String TLS_DH_anon_WITH_CAMELLIA256_SHA = "TLS_DH_anon_WITH_CAMELLIA256_SHA";
/**
* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
*/
public static final String TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA = "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA";
/**
* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
*/
public static final String TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA";
/**
* TLS_DHE_RSA_WITH_AES_128_CBC_SHA
*/
public static final String TLS_DHE_RSA_WITH_AES_128_CBC_SHA = "TLS_DHE_RSA_WITH_AES_128_CBC_SHA";
/**
* TLS_DHE_DSS_WITH_AES_128_CBC_SHA
*/
public static final String TLS_DHE_DSS_WITH_AES_128_CBC_SHA = "TLS_DHE_DSS_WITH_AES_128_CBC_SHA";
/**
* TLS_DHE_RSA_WITH_SEED_SHA
*/
public static final String TLS_DHE_RSA_WITH_SEED_SHA = "TLS_DHE_RSA_WITH_SEED_SHA";
/**
* TLS_DHE_DSS_WITH_SEED_SHA
*/
public static final String TLS_DHE_DSS_WITH_SEED_SHA = "TLS_DHE_DSS_WITH_SEED_SHA";
/**
* TLS_DHE_RSA_WITH_CAMELLIA128_SHA
*/
public static final String TLS_DHE_RSA_WITH_CAMELLIA128_SHA = "TLS_DHE_RSA_WITH_CAMELLIA128_SHA";
/**
* TLS_DHE_DSS_WITH_CAMELLIA128_SHA
*/
public static final String TLS_DHE_DSS_WITH_CAMELLIA128_SHA = "TLS_DHE_DSS_WITH_CAMELLIA128_SHA";
/**
* TLS_ECDH_anon_WITH_AES_128_CBC_SHA
*/
public static final String TLS_ECDH_anon_WITH_AES_128_CBC_SHA = "TLS_ECDH_anon_WITH_AES_128_CBC_SHA";
/**
* TLS_DH_anon_WITH_AES_128_CBC_SHA
*/
public static final String TLS_DH_anon_WITH_AES_128_CBC_SHA = "TLS_DH_anon_WITH_AES_128_CBC_SHA";
/**
* TLS_DH_anon_WITH_SEED_SHA
*/
public static final String TLS_DH_anon_WITH_SEED_SHA = "TLS_DH_anon_WITH_SEED_SHA";
/**
* TLS_DH_anon_WITH_CAMELLIA128_SHA
*/
public static final String TLS_DH_anon_WITH_CAMELLIA128_SHA = "TLS_DH_anon_WITH_CAMELLIA128_SHA";
/**
* TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
*/
public static final String TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 = "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384";
/**
* TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
*/
public static final String TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 = "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384";
/**
* TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256
*/
public static final String TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256 = "TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256";
/**
* TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256
*/
public static final String TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 = "TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256";
/**
* TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256
*/
public static final String TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 =
"TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256";
/**
* TLS_DHE_PSK_WITH_AES_256_CBC_CCM8
*/
public static final String TLS_DHE_PSK_WITH_AES_256_CBC_CCM8 = "TLS_DHE_PSK_WITH_AES_256_CBC_CCM8";
/**
* TLS_DHE_PSK_WITH_AES_256_CBC_CCM
*/
public static final String TLS_DHE_PSK_WITH_AES_256_CBC_CCM = "TLS_DHE_PSK_WITH_AES_256_CBC_CCM";
/**
* TLS_RSA_PSK_WITH_ARIA256_GCM_SHA384
*/
public static final String TLS_RSA_PSK_WITH_ARIA256_GCM_SHA384 = "TLS_RSA_PSK_WITH_ARIA256_GCM_SHA384";
/**
* TLS_DHE_PSK_WITH_ARIA256_GCM_SHA384
*/
public static final String TLS_DHE_PSK_WITH_ARIA256_GCM_SHA384 = "TLS_DHE_PSK_WITH_ARIA256_GCM_SHA384";
/**
* TLS_RSA_WITH_AES_256_GCM_SHA384
*/
public static final String TLS_RSA_WITH_AES_256_GCM_SHA384 = "TLS_RSA_WITH_AES_256_GCM_SHA384";
/**
* TLS_RSA_WITH_AES_256_CBC_CCM8
*/
public static final String TLS_RSA_WITH_AES_256_CBC_CCM8 = "TLS_RSA_WITH_AES_256_CBC_CCM8";
/**
* TLS_RSA_WITH_AES_256_CBC_CCM
*/
public static final String TLS_RSA_WITH_AES_256_CBC_CCM = "TLS_RSA_WITH_AES_256_CBC_CCM";
/**
* TLS_RSA_WITH_ARIA256_GCM_SHA384
*/
public static final String TLS_RSA_WITH_ARIA256_GCM_SHA384 = "TLS_RSA_WITH_ARIA256_GCM_SHA384";
/**
* TLS_PSK_WITH_AES_256_GCM_SHA384
*/
public static final String TLS_PSK_WITH_AES_256_GCM_SHA384 = "TLS_PSK_WITH_AES_256_GCM_SHA384";
/**
* TLS_PSK_WITH_CHACHA20_POLY1305_SHA256
*/
public static final String TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 = "TLS_PSK_WITH_CHACHA20_POLY1305_SHA256";
/**
* TLS_PSK_WITH_AES_256_CBC_CCM8
*/
public static final String TLS_PSK_WITH_AES_256_CBC_CCM8 = "TLS_PSK_WITH_AES_256_CBC_CCM8";
/**
* TLS_PSK_WITH_AES_256_CBC_CCM
*/
public static final String TLS_PSK_WITH_AES_256_CBC_CCM = "TLS_PSK_WITH_AES_256_CBC_CCM";
/**
* TLS_PSK_WITH_ARIA256_GCM_SHA384
*/
public static final String TLS_PSK_WITH_ARIA256_GCM_SHA384 = "TLS_PSK_WITH_ARIA256_GCM_SHA384";
/**
* TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
*/
public static final String TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 = "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256";
/**
* TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
*/
public static final String TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 = "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256";
/**
* TLS_DHE_PSK_WITH_AES_128_CBC_CCM8
*/
public static final String TLS_DHE_PSK_WITH_AES_128_CBC_CCM8 = "TLS_DHE_PSK_WITH_AES_128_CBC_CCM8";
/**
* TLS_DHE_PSK_WITH_AES_128_CBC_CCM
*/
public static final String TLS_DHE_PSK_WITH_AES_128_CBC_CCM = "TLS_DHE_PSK_WITH_AES_128_CBC_CCM";
/**
* TLS_RSA_PSK_WITH_ARIA128_GCM_SHA256
*/
public static final String TLS_RSA_PSK_WITH_ARIA128_GCM_SHA256 = "TLS_RSA_PSK_WITH_ARIA128_GCM_SHA256";
/**
* TLS_DHE_PSK_WITH_ARIA128_GCM_SHA256
*/
public static final String TLS_DHE_PSK_WITH_ARIA128_GCM_SHA256 = "TLS_DHE_PSK_WITH_ARIA128_GCM_SHA256";
/**
* TLS_RSA_WITH_AES_128_GCM_SHA256
*/
public static final String TLS_RSA_WITH_AES_128_GCM_SHA256 = "TLS_RSA_WITH_AES_128_GCM_SHA256";
/**
* TLS_RSA_WITH_AES_128_CBC_CCM8
*/
public static final String TLS_RSA_WITH_AES_128_CBC_CCM8 = "TLS_RSA_WITH_AES_128_CBC_CCM8";
/**
* TLS_RSA_WITH_AES_128_CBC_CCM
*/
public static final String TLS_RSA_WITH_AES_128_CBC_CCM = "TLS_RSA_WITH_AES_128_CBC_CCM";
/**
* TLS_RSA_WITH_ARIA128_GCM_SHA256
*/
public static final String TLS_RSA_WITH_ARIA128_GCM_SHA256 = "TLS_RSA_WITH_ARIA128_GCM_SHA256";
/**
* TLS_PSK_WITH_AES_128_GCM_SHA256
*/
public static final String TLS_PSK_WITH_AES_128_GCM_SHA256 = "TLS_PSK_WITH_AES_128_GCM_SHA256";
/**
* TLS_PSK_WITH_AES_128_CBC_CCM8
*/
public static final String TLS_PSK_WITH_AES_128_CBC_CCM8 = "TLS_PSK_WITH_AES_128_CBC_CCM8";
/**
* TLS_PSK_WITH_AES_128_CBC_CCM
*/
public static final String TLS_PSK_WITH_AES_128_CBC_CCM = "TLS_PSK_WITH_AES_128_CBC_CCM";
/**
* TLS_PSK_WITH_ARIA128_GCM_SHA256
*/
public static final String TLS_PSK_WITH_ARIA128_GCM_SHA256 = "TLS_PSK_WITH_ARIA128_GCM_SHA256";
/**
* TLS_RSA_WITH_AES_256_CBC_SHA256
*/
public static final String TLS_RSA_WITH_AES_256_CBC_SHA256 = "TLS_RSA_WITH_AES_256_CBC_SHA256";
/**
* TLS_RSA_WITH_CAMELLIA256_SHA256
*/
public static final String TLS_RSA_WITH_CAMELLIA256_SHA256 = "TLS_RSA_WITH_CAMELLIA256_SHA256";
/**
* TLS_RSA_WITH_AES_128_CBC_SHA256
*/
public static final String TLS_RSA_WITH_AES_128_CBC_SHA256 = "TLS_RSA_WITH_AES_128_CBC_SHA256";
/**
* TLS_RSA_WITH_CAMELLIA128_SHA256
*/
public static final String TLS_RSA_WITH_CAMELLIA128_SHA256 = "TLS_RSA_WITH_CAMELLIA128_SHA256";
/**
* TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
*/
public static final String TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 = "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384";
/**
* TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
*/
public static final String TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA = "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA";
/**
* TLS_SRP_DSS_WITH_AES_256_CBC_SHA
*/
public static final String TLS_SRP_DSS_WITH_AES_256_CBC_SHA = "TLS_SRP_DSS_WITH_AES_256_CBC_SHA";
/**
* TLS_SRP_RSA_WITH_AES_256_CBC_SHA
*/
public static final String TLS_SRP_RSA_WITH_AES_256_CBC_SHA = "TLS_SRP_RSA_WITH_AES_256_CBC_SHA";
/**
* TLS_SRP_WITH_AES_256_CBC_SHA
*/
public static final String TLS_SRP_WITH_AES_256_CBC_SHA = "TLS_SRP_WITH_AES_256_CBC_SHA";
/**
* TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
*/
public static final String TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 = "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384";
/**
* TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
*/
public static final String TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 = "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384";
/**
* TLS_RSA_PSK_WITH_AES_256_CBC_SHA
*/
public static final String TLS_RSA_PSK_WITH_AES_256_CBC_SHA = "TLS_RSA_PSK_WITH_AES_256_CBC_SHA";
/**
* TLS_DHE_PSK_WITH_AES_256_CBC_SHA
*/
public static final String TLS_DHE_PSK_WITH_AES_256_CBC_SHA = "TLS_DHE_PSK_WITH_AES_256_CBC_SHA";
/**
* TLS_ECDHE_PSK_WITH_CAMELLIA256_SHA384
*/
public static final String TLS_ECDHE_PSK_WITH_CAMELLIA256_SHA384 = "TLS_ECDHE_PSK_WITH_CAMELLIA256_SHA384";
/**
* TLS_RSA_PSK_WITH_CAMELLIA256_SHA384
*/
public static final String TLS_RSA_PSK_WITH_CAMELLIA256_SHA384 = "TLS_RSA_PSK_WITH_CAMELLIA256_SHA384";
/**
* TLS_DHE_PSK_WITH_CAMELLIA256_SHA384
*/
public static final String TLS_DHE_PSK_WITH_CAMELLIA256_SHA384 = "TLS_DHE_PSK_WITH_CAMELLIA256_SHA384";
/**
* TLS_RSA_WITH_AES_256_CBC_SHA
*/
public static final String TLS_RSA_WITH_AES_256_CBC_SHA = "TLS_RSA_WITH_AES_256_CBC_SHA";
/**
* TLS_RSA_WITH_CAMELLIA256_SHA
*/
public static final String TLS_RSA_WITH_CAMELLIA256_SHA = "TLS_RSA_WITH_CAMELLIA256_SHA";
/**
* TLS_PSK_WITH_AES_256_CBC_SHA384
*/
public static final String TLS_PSK_WITH_AES_256_CBC_SHA384 = "TLS_PSK_WITH_AES_256_CBC_SHA384";
/**
* TLS_PSK_WITH_AES_256_CBC_SHA
*/
public static final String TLS_PSK_WITH_AES_256_CBC_SHA = "TLS_PSK_WITH_AES_256_CBC_SHA";
/**
* TLS_PSK_WITH_CAMELLIA256_SHA384
*/
public static final String TLS_PSK_WITH_CAMELLIA256_SHA384 = "TLS_PSK_WITH_CAMELLIA256_SHA384";
/**
* TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
*/
public static final String TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 = "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256";
/**
* TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
*/
public static final String TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA = "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA";
/**
* TLS_SRP_DSS_WITH_AES_128_CBC_SHA
*/
public static final String TLS_SRP_DSS_WITH_AES_128_CBC_SHA = "TLS_SRP_DSS_WITH_AES_128_CBC_SHA";
/**
* TLS_SRP_RSA_WITH_AES_128_CBC_SHA
*/
public static final String TLS_SRP_RSA_WITH_AES_128_CBC_SHA = "TLS_SRP_RSA_WITH_AES_128_CBC_SHA";
/**
* TLS_SRP_WITH_AES_128_CBC_SHA
*/
public static final String TLS_SRP_WITH_AES_128_CBC_SHA = "TLS_SRP_WITH_AES_128_CBC_SHA";
/**
* TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
*/
public static final String TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 = "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256";
/**
* TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
*/
public static final String TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 = "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256";
/**
* TLS_RSA_PSK_WITH_AES_128_CBC_SHA
*/
public static final String TLS_RSA_PSK_WITH_AES_128_CBC_SHA = "TLS_RSA_PSK_WITH_AES_128_CBC_SHA";
/**
* TLS_DHE_PSK_WITH_AES_128_CBC_SHA
*/
public static final String TLS_DHE_PSK_WITH_AES_128_CBC_SHA = "TLS_DHE_PSK_WITH_AES_128_CBC_SHA";
/**
* TLS_ECDHE_PSK_WITH_CAMELLIA128_SHA256
*/
public static final String TLS_ECDHE_PSK_WITH_CAMELLIA128_SHA256 = "TLS_ECDHE_PSK_WITH_CAMELLIA128_SHA256";
/**
* TLS_RSA_PSK_WITH_CAMELLIA128_SHA256
*/
public static final String TLS_RSA_PSK_WITH_CAMELLIA128_SHA256 = "TLS_RSA_PSK_WITH_CAMELLIA128_SHA256";
/**
* TLS_DHE_PSK_WITH_CAMELLIA128_SHA256
*/
public static final String TLS_DHE_PSK_WITH_CAMELLIA128_SHA256 = "TLS_DHE_PSK_WITH_CAMELLIA128_SHA256";
/**
* TLS_RSA_WITH_AES_128_CBC_SHA
*/
public static final String TLS_RSA_WITH_AES_128_CBC_SHA = "TLS_RSA_WITH_AES_128_CBC_SHA";
/**
* TLS_RSA_WITH_SEED_SHA
*/
public static final String TLS_RSA_WITH_SEED_SHA = "TLS_RSA_WITH_SEED_SHA";
/**
* TLS_RSA_WITH_CAMELLIA128_SHA
*/
public static final String TLS_RSA_WITH_CAMELLIA128_SHA = "TLS_RSA_WITH_CAMELLIA128_SHA";
/**
* TLS_RSA_WITH_IDEA_CBC_SHA
*/
public static final String TLS_RSA_WITH_IDEA_CBC_SHA = "TLS_RSA_WITH_IDEA_CBC_SHA";
/**
* TLS_PSK_WITH_AES_128_CBC_SHA256
*/
public static final String TLS_PSK_WITH_AES_128_CBC_SHA256 = "TLS_PSK_WITH_AES_128_CBC_SHA256";
/**
* TLS_PSK_WITH_AES_128_CBC_SHA
*/
public static final String TLS_PSK_WITH_AES_128_CBC_SHA = "TLS_PSK_WITH_AES_128_CBC_SHA";
/**
* TLS_PSK_WITH_CAMELLIA128_SHA256
*/
public static final String TLS_PSK_WITH_CAMELLIA128_SHA256 = "TLS_PSK_WITH_CAMELLIA128_SHA256";
private Ciphers() {
// Prevent outside initialization
}
}

View File

@ -107,8 +107,8 @@ public class JdkSslContext extends SslContext {
List<String> protocols = new ArrayList<String>();
addIfSupported(
supportedProtocolsSet, protocols,
SslUtils.PROTOCOL_TLS_V1_3, SslUtils.PROTOCOL_TLS_V1_2,
SslUtils.PROTOCOL_TLS_V1_1, SslUtils.PROTOCOL_TLS_V1);
SslProtocols.TLS_v1_3, SslProtocols.TLS_v1_2,
SslProtocols.TLS_v1_1, SslProtocols.TLS_v1);
if (!protocols.isEmpty()) {
return protocols.toArray(EmptyArrays.EMPTY_STRINGS);
@ -154,7 +154,7 @@ public class JdkSslContext extends SslContext {
private static boolean isTlsV13Supported(String[] protocols) {
for (String protocol: protocols) {
if (SslUtils.PROTOCOL_TLS_V1_3.equals(protocol)) {
if (SslProtocols.TLS_v1_3.equals(protocol)) {
return true;
}
}

View File

@ -348,26 +348,26 @@ public final class OpenSsl {
Set<String> protocols = new LinkedHashSet<String>(6);
// Seems like there is no way to explicitly disable SSLv2Hello in openssl so it is always enabled
protocols.add(PROTOCOL_SSL_V2_HELLO);
protocols.add(SslProtocols.SSL_v2_HELLO);
if (doesSupportProtocol(SSL.SSL_PROTOCOL_SSLV2, SSL.SSL_OP_NO_SSLv2)) {
protocols.add(PROTOCOL_SSL_V2);
protocols.add(SslProtocols.SSL_v2);
}
if (doesSupportProtocol(SSL.SSL_PROTOCOL_SSLV3, SSL.SSL_OP_NO_SSLv3)) {
protocols.add(PROTOCOL_SSL_V3);
protocols.add(SslProtocols.SSL_v3);
}
if (doesSupportProtocol(SSL.SSL_PROTOCOL_TLSV1, SSL.SSL_OP_NO_TLSv1)) {
protocols.add(PROTOCOL_TLS_V1);
protocols.add(SslProtocols.TLS_v1);
}
if (doesSupportProtocol(SSL.SSL_PROTOCOL_TLSV1_1, SSL.SSL_OP_NO_TLSv1_1)) {
protocols.add(PROTOCOL_TLS_V1_1);
protocols.add(SslProtocols.TLS_v1_1);
}
if (doesSupportProtocol(SSL.SSL_PROTOCOL_TLSV1_2, SSL.SSL_OP_NO_TLSv1_2)) {
protocols.add(PROTOCOL_TLS_V1_2);
protocols.add(SslProtocols.TLS_v1_2);
}
// This is only supported by java11 and later.
if (tlsv13Supported && doesSupportProtocol(SSL.SSL_PROTOCOL_TLSV1_3, SSL.SSL_OP_NO_TLSv1_3)) {
protocols.add(PROTOCOL_TLS_V1_3);
protocols.add(SslProtocols.TLS_v1_3);
TLSV13_SUPPORTED = true;
} else {
TLSV13_SUPPORTED = false;

View File

@ -66,7 +66,7 @@ final class OpenSslTlsv13X509ExtendedTrustManager extends X509ExtendedTrustManag
private static SSLEngine wrapEngine(final SSLEngine engine) {
final SSLSession session = engine.getHandshakeSession();
if (session != null && SslUtils.PROTOCOL_TLS_V1_3.equals(session.getProtocol())) {
if (session != null && SslProtocols.TLS_v1_3.equals(session.getProtocol())) {
return new JdkSslEngine(engine) {
@Override
public String getNegotiatedApplicationProtocol() {
@ -93,7 +93,7 @@ final class OpenSslTlsv13X509ExtendedTrustManager extends X509ExtendedTrustManag
@Override
public String getProtocol() {
return SslUtils.PROTOCOL_TLS_V1_2;
return SslProtocols.TLS_v1_2;
}
};
} else {
@ -181,7 +181,7 @@ final class OpenSslTlsv13X509ExtendedTrustManager extends X509ExtendedTrustManag
@Override
public String getProtocol() {
return SslUtils.PROTOCOL_TLS_V1_2;
return SslProtocols.TLS_v1_2;
}
@Override

View File

@ -65,13 +65,6 @@ import javax.net.ssl.SSLSessionBindingListener;
import javax.security.cert.X509Certificate;
import static io.netty.handler.ssl.OpenSsl.memoryAddress;
import static io.netty.handler.ssl.SslUtils.PROTOCOL_SSL_V2;
import static io.netty.handler.ssl.SslUtils.PROTOCOL_SSL_V2_HELLO;
import static io.netty.handler.ssl.SslUtils.PROTOCOL_SSL_V3;
import static io.netty.handler.ssl.SslUtils.PROTOCOL_TLS_V1;
import static io.netty.handler.ssl.SslUtils.PROTOCOL_TLS_V1_1;
import static io.netty.handler.ssl.SslUtils.PROTOCOL_TLS_V1_2;
import static io.netty.handler.ssl.SslUtils.PROTOCOL_TLS_V1_3;
import static io.netty.handler.ssl.SslUtils.SSL_RECORD_HEADER_LENGTH;
import static io.netty.util.internal.ObjectUtil.checkNotNull;
import static io.netty.util.internal.ObjectUtil.checkNotNullArrayParam;
@ -360,7 +353,7 @@ public class ReferenceCountedOpenSslEngine extends SSLEngine implements Referenc
SSL.setMode(ssl, SSL.getMode(ssl) | SSL.SSL_MODE_ENABLE_PARTIAL_WRITE);
}
if (isProtocolEnabled(SSL.getOptions(ssl), SSL.SSL_OP_NO_TLSv1_3, PROTOCOL_TLS_V1_3)) {
if (isProtocolEnabled(SSL.getOptions(ssl), SSL.SSL_OP_NO_TLSv1_3, SslProtocols.TLS_v1_3)) {
final boolean enableTickets = clientMode ?
ReferenceCountedOpenSslContext.CLIENT_ENABLE_SESSION_TICKET_TLSV13 :
ReferenceCountedOpenSslContext.SERVER_ENABLE_SESSION_TICKET_TLSV13;
@ -1368,7 +1361,7 @@ public class ReferenceCountedOpenSslEngine extends SSLEngine implements Referenc
if (!isDestroyed() && SSL.getHandshakeCount(ssl) > 1 &&
// As we may count multiple handshakes when TLSv1.3 is used we should just ignore this here as
// renegotiation is not supported in TLSv1.3 as per spec.
!SslUtils.PROTOCOL_TLS_V1_3.equals(session.getProtocol()) && handshakeState == HandshakeState.FINISHED) {
!SslProtocols.TLS_v1_3.equals(session.getProtocol()) && handshakeState == HandshakeState.FINISHED) {
// TODO: In future versions me may also want to send a fatal_alert to the client and so notify it
// that the renegotiation failed.
shutdown();
@ -1556,7 +1549,7 @@ public class ReferenceCountedOpenSslEngine extends SSLEngine implements Referenc
if (!isDestroyed()) {
enabled = SSL.getCiphers(ssl);
int opts = SSL.getOptions(ssl);
if (isProtocolEnabled(opts, SSL.SSL_OP_NO_TLSv1_3, PROTOCOL_TLS_V1_3)) {
if (isProtocolEnabled(opts, SSL.SSL_OP_NO_TLSv1_3, SslProtocols.TLS_v1_3)) {
extraCiphers = OpenSsl.EXTRA_SUPPORTED_TLS_1_3_CIPHERS;
tls13Enabled = true;
} else {
@ -1618,16 +1611,16 @@ public class ReferenceCountedOpenSslEngine extends SSLEngine implements Referenc
// We have no ciphers that are compatible with none-TLSv1.3, let us explicit disable all other
// protocols.
if (cipherSuiteSpec.isEmpty()) {
protocols.remove(PROTOCOL_TLS_V1);
protocols.remove(PROTOCOL_TLS_V1_1);
protocols.remove(PROTOCOL_TLS_V1_2);
protocols.remove(PROTOCOL_SSL_V3);
protocols.remove(PROTOCOL_SSL_V2);
protocols.remove(PROTOCOL_SSL_V2_HELLO);
protocols.remove(SslProtocols.TLS_v1);
protocols.remove(SslProtocols.TLS_v1_1);
protocols.remove(SslProtocols.TLS_v1_2);
protocols.remove(SslProtocols.SSL_v3);
protocols.remove(SslProtocols.SSL_v2);
protocols.remove(SslProtocols.SSL_v2_HELLO);
}
// We have no ciphers that are compatible with TLSv1.3, let us explicit disable it.
if (cipherSuiteSpecTLSv13.isEmpty()) {
protocols.remove(PROTOCOL_TLS_V1_3);
protocols.remove(SslProtocols.TLS_v1_3);
}
// Update the protocols but not cache the value. We only cache when we call it from the user
// code or when we construct the engine.
@ -1650,7 +1643,7 @@ public class ReferenceCountedOpenSslEngine extends SSLEngine implements Referenc
public final String[] getEnabledProtocols() {
List<String> enabled = new ArrayList<String>(6);
// Seems like there is no way to explicit disable SSLv2Hello in openssl so it is always enabled
enabled.add(PROTOCOL_SSL_V2_HELLO);
enabled.add(SslProtocols.SSL_v2_HELLO);
int opts;
synchronized (this) {
@ -1660,23 +1653,23 @@ public class ReferenceCountedOpenSslEngine extends SSLEngine implements Referenc
return enabled.toArray(new String[0]);
}
}
if (isProtocolEnabled(opts, SSL.SSL_OP_NO_TLSv1, PROTOCOL_TLS_V1)) {
enabled.add(PROTOCOL_TLS_V1);
if (isProtocolEnabled(opts, SSL.SSL_OP_NO_TLSv1, SslProtocols.TLS_v1)) {
enabled.add(SslProtocols.TLS_v1);
}
if (isProtocolEnabled(opts, SSL.SSL_OP_NO_TLSv1_1, PROTOCOL_TLS_V1_1)) {
enabled.add(PROTOCOL_TLS_V1_1);
if (isProtocolEnabled(opts, SSL.SSL_OP_NO_TLSv1_1, SslProtocols.TLS_v1_1)) {
enabled.add(SslProtocols.TLS_v1_1);
}
if (isProtocolEnabled(opts, SSL.SSL_OP_NO_TLSv1_2, PROTOCOL_TLS_V1_2)) {
enabled.add(PROTOCOL_TLS_V1_2);
if (isProtocolEnabled(opts, SSL.SSL_OP_NO_TLSv1_2, SslProtocols.TLS_v1_2)) {
enabled.add(SslProtocols.TLS_v1_2);
}
if (isProtocolEnabled(opts, SSL.SSL_OP_NO_TLSv1_3, PROTOCOL_TLS_V1_3)) {
enabled.add(PROTOCOL_TLS_V1_3);
if (isProtocolEnabled(opts, SSL.SSL_OP_NO_TLSv1_3, SslProtocols.TLS_v1_3)) {
enabled.add(SslProtocols.TLS_v1_3);
}
if (isProtocolEnabled(opts, SSL.SSL_OP_NO_SSLv2, PROTOCOL_SSL_V2)) {
enabled.add(PROTOCOL_SSL_V2);
if (isProtocolEnabled(opts, SSL.SSL_OP_NO_SSLv2, SslProtocols.SSL_v2)) {
enabled.add(SslProtocols.SSL_v2);
}
if (isProtocolEnabled(opts, SSL.SSL_OP_NO_SSLv3, PROTOCOL_SSL_V3)) {
enabled.add(PROTOCOL_SSL_V3);
if (isProtocolEnabled(opts, SSL.SSL_OP_NO_SSLv3, SslProtocols.SSL_v3)) {
enabled.add(SslProtocols.SSL_v3);
}
return enabled.toArray(new String[0]);
}
@ -1710,42 +1703,42 @@ public class ReferenceCountedOpenSslEngine extends SSLEngine implements Referenc
if (!OpenSsl.SUPPORTED_PROTOCOLS_SET.contains(p)) {
throw new IllegalArgumentException("Protocol " + p + " is not supported.");
}
if (p.equals(PROTOCOL_SSL_V2)) {
if (p.equals(SslProtocols.SSL_v2)) {
if (minProtocolIndex > OPENSSL_OP_NO_PROTOCOL_INDEX_SSLV2) {
minProtocolIndex = OPENSSL_OP_NO_PROTOCOL_INDEX_SSLV2;
}
if (maxProtocolIndex < OPENSSL_OP_NO_PROTOCOL_INDEX_SSLV2) { // lgtm[java/constant-comparison]
maxProtocolIndex = OPENSSL_OP_NO_PROTOCOL_INDEX_SSLV2;
}
} else if (p.equals(PROTOCOL_SSL_V3)) {
} else if (p.equals(SslProtocols.SSL_v3)) {
if (minProtocolIndex > OPENSSL_OP_NO_PROTOCOL_INDEX_SSLV3) {
minProtocolIndex = OPENSSL_OP_NO_PROTOCOL_INDEX_SSLV3;
}
if (maxProtocolIndex < OPENSSL_OP_NO_PROTOCOL_INDEX_SSLV3) {
maxProtocolIndex = OPENSSL_OP_NO_PROTOCOL_INDEX_SSLV3;
}
} else if (p.equals(PROTOCOL_TLS_V1)) {
} else if (p.equals(SslProtocols.TLS_v1)) {
if (minProtocolIndex > OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1) {
minProtocolIndex = OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1;
}
if (maxProtocolIndex < OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1) {
maxProtocolIndex = OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1;
}
} else if (p.equals(PROTOCOL_TLS_V1_1)) {
} else if (p.equals(SslProtocols.TLS_v1_1)) {
if (minProtocolIndex > OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1_1) {
minProtocolIndex = OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1_1;
}
if (maxProtocolIndex < OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1_1) {
maxProtocolIndex = OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1_1;
}
} else if (p.equals(PROTOCOL_TLS_V1_2)) {
} else if (p.equals(SslProtocols.TLS_v1_2)) {
if (minProtocolIndex > OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1_2) {
minProtocolIndex = OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1_2;
}
if (maxProtocolIndex < OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1_2) {
maxProtocolIndex = OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1_2;
}
} else if (p.equals(PROTOCOL_TLS_V1_3)) {
} else if (p.equals(SslProtocols.TLS_v1_3)) {
if (minProtocolIndex > OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1_3) {
minProtocolIndex = OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1_3;
}

View File

@ -0,0 +1,76 @@
/*
* Copyright 2021 The Netty Project
*
* The Netty Project licenses this file to you under the Apache License,
* version 2.0 (the "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at:
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations
* under the License.
*/
package io.netty.handler.ssl;
/**
* SSL/TLS protocols
*/
public final class SslProtocols {
/**
* SSL v2 Hello
*
* @deprecated SSLv2Hello is no longer secure. Consider using {@link #TLS_v1_2} or {@link #TLS_v1_3}
*/
@Deprecated
public static final String SSL_v2_HELLO = "SSLv2Hello";
/**
* SSL v2
*
* @deprecated SSLv2 is no longer secure. Consider using {@link #TLS_v1_2} or {@link #TLS_v1_3}
*/
@Deprecated
public static final String SSL_v2 = "SSLv2";
/**
* SSLv3
*
* @deprecated SSLv3 is no longer secure. Consider using {@link #TLS_v1_2} or {@link #TLS_v1_3}
*/
@Deprecated
public static final String SSL_v3 = "SSLv3";
/**
* TLS v1
*
* @deprecated TLSv1 is no longer secure. Consider using {@link #TLS_v1_2} or {@link #TLS_v1_3}
*/
@Deprecated
public static final String TLS_v1 = "TLSv1";
/**
* TLS v1.1
*
* @deprecated TLSv1.1 is no longer secure. Consider using {@link #TLS_v1_2} or {@link #TLS_v1_3}
*/
@Deprecated
public static final String TLS_v1_1 = "TLSv1.1";
/**
* TLS v1.2
*/
public static final String TLS_v1_2 = "TLSv1.2";
/**
* TLS v1.3
*/
public static final String TLS_v1_3 = "TLSv1.3";
private SslProtocols() {
// Prevent outside initialization
}
}

View File

@ -56,14 +56,10 @@ final class SslUtils {
asList("TLS_AES_256_GCM_SHA384", "TLS_CHACHA20_POLY1305_SHA256",
"TLS_AES_128_GCM_SHA256", "TLS_AES_128_CCM_8_SHA256",
"TLS_AES_128_CCM_SHA256")));
// Protocols
static final String PROTOCOL_SSL_V2_HELLO = "SSLv2Hello";
static final String PROTOCOL_SSL_V2 = "SSLv2";
static final String PROTOCOL_SSL_V3 = "SSLv3";
static final String PROTOCOL_TLS_V1 = "TLSv1";
static final String PROTOCOL_TLS_V1_1 = "TLSv1.1";
static final String PROTOCOL_TLS_V1_2 = "TLSv1.2";
static final String PROTOCOL_TLS_V1_3 = "TLSv1.3";
/**
* GMSSL Protocol Version
*/
static final int GMSSL_PROTOCOL_VERSION = 0x101;
static final String INVALID_CIPHER = "SSL_NULL_WITH_NULL_NULL";
@ -157,7 +153,7 @@ final class SslUtils {
private static boolean isTLSv13SupportedByJDK0(Provider provider) {
try {
return arrayContains(newInitContext(provider)
.getSupportedSSLParameters().getProtocols(), PROTOCOL_TLS_V1_3);
.getSupportedSSLParameters().getProtocols(), SslProtocols.TLS_v1_3);
} catch (Throwable cause) {
logger.debug("Unable to detect if JDK SSLEngine with provider {} supports TLSv1.3, assuming no",
provider, cause);
@ -178,7 +174,7 @@ final class SslUtils {
private static boolean isTLSv13EnabledByJDK0(Provider provider) {
try {
return arrayContains(newInitContext(provider)
.getDefaultSSLParameters().getProtocols(), PROTOCOL_TLS_V1_3);
.getDefaultSSLParameters().getProtocols(), SslProtocols.TLS_v1_3);
} catch (Throwable cause) {
logger.debug("Unable to detect if JDK SSLEngine with provider {} enables TLSv1.3 by default," +
" assuming no", provider, cause);
@ -211,7 +207,7 @@ final class SslUtils {
}
private static String getTlsVersion() {
return TLSV1_3_JDK_SUPPORTED ? PROTOCOL_TLS_V1_3 : PROTOCOL_TLS_V1_2;
return TLSV1_3_JDK_SUPPORTED ? SslProtocols.TLS_v1_3 : SslProtocols.TLS_v1_2;
}
static boolean arrayContains(String[] array, String value) {

View File

@ -124,7 +124,7 @@ public class CipherSuiteCanaryTest {
.sslProvider(serverSslProvider)
.ciphers(ciphers)
// As this is not a TLSv1.3 cipher we should ensure we talk something else.
.protocols(SslUtils.PROTOCOL_TLS_V1_2)
.protocols(SslProtocols.TLS_v1_2)
.build();
final ExecutorService executorService = delegate ? Executors.newCachedThreadPool() : null;
@ -134,7 +134,7 @@ public class CipherSuiteCanaryTest {
.sslProvider(clientSslProvider)
.ciphers(ciphers)
// As this is not a TLSv1.3 cipher we should ensure we talk something else.
.protocols(SslUtils.PROTOCOL_TLS_V1_2)
.protocols(SslProtocols.TLS_v1_2)
.trustManager(InsecureTrustManagerFactory.INSTANCE)
.build();

View File

@ -37,8 +37,6 @@ import javax.net.ssl.SSLSession;
import static io.netty.buffer.ByteBufUtil.writeAscii;
import static io.netty.buffer.Unpooled.EMPTY_BUFFER;
import static io.netty.handler.codec.ByteToMessageDecoder.MERGE_CUMULATOR;
import static io.netty.handler.ssl.SslUtils.PROTOCOL_TLS_V1_2;
import static io.netty.handler.ssl.SslUtils.PROTOCOL_TLS_V1_3;
import static java.nio.charset.StandardCharsets.US_ASCII;
import static java.util.Arrays.asList;
import static org.hamcrest.MatcherAssert.assertThat;
@ -62,10 +60,10 @@ public class CloseNotifyTest {
static Collection<Object[]> data() {
return asList(new Object[][] {
{ SslProvider.JDK, PROTOCOL_TLS_V1_2 },
{ SslProvider.JDK, PROTOCOL_TLS_V1_3 },
{ SslProvider.OPENSSL, PROTOCOL_TLS_V1_2 },
{ SslProvider.OPENSSL, PROTOCOL_TLS_V1_3 },
{ SslProvider.JDK, SslProtocols.TLS_v1_2 },
{ SslProvider.JDK, SslProtocols.TLS_v1_3 },
{ SslProvider.OPENSSL, SslProtocols.TLS_v1_2 },
{ SslProvider.OPENSSL, SslProtocols.TLS_v1_3 },
});
}
@ -75,7 +73,7 @@ public class CloseNotifyTest {
public void eventsOrder(SslProvider provider, String protocol) throws Exception {
assumeTrue(provider != SslProvider.OPENSSL || OpenSsl.isAvailable(), "OpenSSL is not available");
if (PROTOCOL_TLS_V1_3.equals(protocol)) {
if (SslProtocols.TLS_v1_3.equals(protocol)) {
// Ensure we support TLSv1.3
assumeTrue(SslProvider.isTlsv13Supported(provider));
}
@ -144,7 +142,7 @@ public class CloseNotifyTest {
}
private static boolean jdkTls13(SslProvider provider, String protocol) {
return provider == SslProvider.JDK && PROTOCOL_TLS_V1_3.equals(protocol);
return provider == SslProvider.JDK && SslProtocols.TLS_v1_3.equals(protocol);
}
private static EmbeddedChannel initChannel(SslProvider provider, String protocol, final boolean useClientMode,

View File

@ -25,7 +25,7 @@ import javax.net.ssl.SSLEngine;
import static org.junit.jupiter.api.Assertions.assertArrayEquals;
public class DelegatingSslContextTest {
private static final String[] EXPECTED_PROTOCOLS = { SslUtils.PROTOCOL_TLS_V1_1 };
private static final String[] EXPECTED_PROTOCOLS = { SslProtocols.TLS_v1_1 };
@Test
public void testInitEngineOnNewEngine() throws Exception {

View File

@ -299,7 +299,7 @@ public class JdkSslEngineTest extends SSLEngineTest {
@Test
public void testEnablingAnAlreadyDisabledSslProtocol() throws Exception {
testEnablingAnAlreadyDisabledSslProtocol(new String[]{}, new String[]{ SslUtils.PROTOCOL_TLS_V1_2 });
testEnablingAnAlreadyDisabledSslProtocol(new String[]{}, new String[]{ SslProtocols.TLS_v1_2 });
}
@Ignore /* Does the JDK support a "max certificate chain length"? */

View File

@ -58,11 +58,6 @@ import java.util.Set;
import static io.netty.handler.ssl.OpenSslTestUtils.checkShouldUseKeyManagerFactory;
import static io.netty.handler.ssl.ReferenceCountedOpenSslEngine.MAX_PLAINTEXT_LENGTH;
import static io.netty.handler.ssl.SslUtils.PROTOCOL_SSL_V2_HELLO;
import static io.netty.handler.ssl.SslUtils.PROTOCOL_SSL_V3;
import static io.netty.handler.ssl.SslUtils.PROTOCOL_TLS_V1;
import static io.netty.handler.ssl.SslUtils.PROTOCOL_TLS_V1_1;
import static io.netty.handler.ssl.SslUtils.PROTOCOL_TLS_V1_2;
import static io.netty.internal.tcnative.SSL.SSL_CVERIFY_IGNORED;
import static java.lang.Integer.MAX_VALUE;
import static org.junit.Assert.assertArrayEquals;
@ -241,8 +236,8 @@ public class OpenSslEngineTest extends SSLEngineTest {
@Test
public void testEnablingAnAlreadyDisabledSslProtocol() throws Exception {
testEnablingAnAlreadyDisabledSslProtocol(new String[]{PROTOCOL_SSL_V2_HELLO},
new String[]{PROTOCOL_SSL_V2_HELLO, PROTOCOL_TLS_V1_2});
testEnablingAnAlreadyDisabledSslProtocol(new String[]{SslProtocols.SSL_v2_HELLO},
new String[]{SslProtocols.SSL_v2_HELLO, SslProtocols.TLS_v1_2});
}
@Test
public void testWrapBuffersNoWritePendingError() throws Exception {
@ -546,24 +541,24 @@ public class OpenSslEngineTest extends SSLEngineTest {
.sslProvider(sslServerProvider())
.build());
testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "AES128-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "ECDHE-RSA-AES128-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "DES-CBC3-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "AECDH-DES-CBC3-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "CAMELLIA128-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "SEED-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "RC4-MD5");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "AES256-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "ADH-DES-CBC3-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "EDH-RSA-DES-CBC3-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "ADH-RC4-MD5");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "IDEA-CBC-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "RC4-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "CAMELLIA256-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "AECDH-RC4-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "ECDHE-RSA-DES-CBC3-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "ECDHE-RSA-AES256-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "ECDHE-RSA-RC4-SHA");
testWrapWithDifferentSizes(SslProtocols.TLS_v1, "AES128-SHA");
testWrapWithDifferentSizes(SslProtocols.TLS_v1, "ECDHE-RSA-AES128-SHA");
testWrapWithDifferentSizes(SslProtocols.TLS_v1, "DES-CBC3-SHA");
testWrapWithDifferentSizes(SslProtocols.TLS_v1, "AECDH-DES-CBC3-SHA");
testWrapWithDifferentSizes(SslProtocols.TLS_v1, "CAMELLIA128-SHA");
testWrapWithDifferentSizes(SslProtocols.TLS_v1, "SEED-SHA");
testWrapWithDifferentSizes(SslProtocols.TLS_v1, "RC4-MD5");
testWrapWithDifferentSizes(SslProtocols.TLS_v1, "AES256-SHA");
testWrapWithDifferentSizes(SslProtocols.TLS_v1, "ADH-DES-CBC3-SHA");
testWrapWithDifferentSizes(SslProtocols.TLS_v1, "EDH-RSA-DES-CBC3-SHA");
testWrapWithDifferentSizes(SslProtocols.TLS_v1, "ADH-RC4-MD5");
testWrapWithDifferentSizes(SslProtocols.TLS_v1, "IDEA-CBC-SHA");
testWrapWithDifferentSizes(SslProtocols.TLS_v1, "RC4-SHA");
testWrapWithDifferentSizes(SslProtocols.TLS_v1, "CAMELLIA256-SHA");
testWrapWithDifferentSizes(SslProtocols.TLS_v1, "AECDH-RC4-SHA");
testWrapWithDifferentSizes(SslProtocols.TLS_v1, "ECDHE-RSA-DES-CBC3-SHA");
testWrapWithDifferentSizes(SslProtocols.TLS_v1, "ECDHE-RSA-AES256-SHA");
testWrapWithDifferentSizes(SslProtocols.TLS_v1, "ECDHE-RSA-RC4-SHA");
}
@Test
@ -577,21 +572,21 @@ public class OpenSslEngineTest extends SSLEngineTest {
.sslProvider(sslServerProvider())
.build());
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_1, "ECDHE-RSA-AES256-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_1, "AES256-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_1, "CAMELLIA256-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_1, "ECDHE-RSA-AES256-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_1, "SEED-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_1, "CAMELLIA128-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_1, "IDEA-CBC-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_1, "AECDH-RC4-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_1, "ADH-RC4-MD5");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_1, "RC4-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_1, "ECDHE-RSA-DES-CBC3-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_1, "EDH-RSA-DES-CBC3-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_1, "AECDH-DES-CBC3-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_1, "ADH-DES-CBC3-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_1, "DES-CBC3-SHA");
testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "ECDHE-RSA-AES256-SHA");
testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "AES256-SHA");
testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "CAMELLIA256-SHA");
testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "ECDHE-RSA-AES256-SHA");
testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "SEED-SHA");
testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "CAMELLIA128-SHA");
testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "IDEA-CBC-SHA");
testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "AECDH-RC4-SHA");
testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "ADH-RC4-MD5");
testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "RC4-SHA");
testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "ECDHE-RSA-DES-CBC3-SHA");
testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "EDH-RSA-DES-CBC3-SHA");
testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "AECDH-DES-CBC3-SHA");
testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "ADH-DES-CBC3-SHA");
testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "DES-CBC3-SHA");
}
@Test
@ -605,31 +600,31 @@ public class OpenSslEngineTest extends SSLEngineTest {
.sslProvider(sslServerProvider())
.build());
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "AES128-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "ECDHE-RSA-AES128-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "DES-CBC3-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "AES128-GCM-SHA256");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "ECDHE-RSA-AES256-SHA384");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "AECDH-DES-CBC3-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "AES256-GCM-SHA384");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "AES256-SHA256");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "ECDHE-RSA-AES128-GCM-SHA256");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "ECDHE-RSA-AES128-SHA256");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "CAMELLIA128-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "SEED-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "RC4-MD5");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "AES256-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "ADH-DES-CBC3-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "EDH-RSA-DES-CBC3-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "ADH-RC4-MD5");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "RC4-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "CAMELLIA256-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "AES128-SHA256");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "AECDH-RC4-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "ECDHE-RSA-DES-CBC3-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "ECDHE-RSA-AES256-GCM-SHA384");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "ECDHE-RSA-AES256-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "ECDHE-RSA-RC4-SHA");
testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "AES128-SHA");
testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "ECDHE-RSA-AES128-SHA");
testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "DES-CBC3-SHA");
testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "AES128-GCM-SHA256");
testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "ECDHE-RSA-AES256-SHA384");
testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "AECDH-DES-CBC3-SHA");
testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "AES256-GCM-SHA384");
testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "AES256-SHA256");
testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "ECDHE-RSA-AES128-GCM-SHA256");
testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "ECDHE-RSA-AES128-SHA256");
testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "CAMELLIA128-SHA");
testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "SEED-SHA");
testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "RC4-MD5");
testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "AES256-SHA");
testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "ADH-DES-CBC3-SHA");
testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "EDH-RSA-DES-CBC3-SHA");
testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "ADH-RC4-MD5");
testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "RC4-SHA");
testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "CAMELLIA256-SHA");
testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "AES128-SHA256");
testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "AECDH-RC4-SHA");
testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "ECDHE-RSA-DES-CBC3-SHA");
testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "ECDHE-RSA-AES256-GCM-SHA384");
testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "ECDHE-RSA-AES256-SHA");
testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "ECDHE-RSA-RC4-SHA");
}
@Test
@ -643,31 +638,31 @@ public class OpenSslEngineTest extends SSLEngineTest {
.sslProvider(sslServerProvider())
.build());
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "ADH-AES128-SHA");
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "ADH-CAMELLIA128-SHA");
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "AECDH-AES128-SHA");
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "AECDH-DES-CBC3-SHA");
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "CAMELLIA128-SHA");
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "DHE-RSA-AES256-SHA");
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "SEED-SHA");
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "RC4-MD5");
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "ADH-AES256-SHA");
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "ADH-SEED-SHA");
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "ADH-DES-CBC3-SHA");
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "EDH-RSA-DES-CBC3-SHA");
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "ADH-RC4-MD5");
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "IDEA-CBC-SHA");
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "DHE-RSA-AES128-SHA");
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "RC4-SHA");
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "CAMELLIA256-SHA");
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "AECDH-RC4-SHA");
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "DHE-RSA-SEED-SHA");
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "AECDH-AES256-SHA");
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "ECDHE-RSA-DES-CBC3-SHA");
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "ADH-CAMELLIA256-SHA");
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "DHE-RSA-CAMELLIA256-SHA");
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "DHE-RSA-CAMELLIA128-SHA");
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "ECDHE-RSA-RC4-SHA");
testWrapWithDifferentSizes(SslProtocols.SSL_v3, "ADH-AES128-SHA");
testWrapWithDifferentSizes(SslProtocols.SSL_v3, "ADH-CAMELLIA128-SHA");
testWrapWithDifferentSizes(SslProtocols.SSL_v3, "AECDH-AES128-SHA");
testWrapWithDifferentSizes(SslProtocols.SSL_v3, "AECDH-DES-CBC3-SHA");
testWrapWithDifferentSizes(SslProtocols.SSL_v3, "CAMELLIA128-SHA");
testWrapWithDifferentSizes(SslProtocols.SSL_v3, "DHE-RSA-AES256-SHA");
testWrapWithDifferentSizes(SslProtocols.SSL_v3, "SEED-SHA");
testWrapWithDifferentSizes(SslProtocols.SSL_v3, "RC4-MD5");
testWrapWithDifferentSizes(SslProtocols.SSL_v3, "ADH-AES256-SHA");
testWrapWithDifferentSizes(SslProtocols.SSL_v3, "ADH-SEED-SHA");
testWrapWithDifferentSizes(SslProtocols.SSL_v3, "ADH-DES-CBC3-SHA");
testWrapWithDifferentSizes(SslProtocols.SSL_v3, "EDH-RSA-DES-CBC3-SHA");
testWrapWithDifferentSizes(SslProtocols.SSL_v3, "ADH-RC4-MD5");
testWrapWithDifferentSizes(SslProtocols.SSL_v3, "IDEA-CBC-SHA");
testWrapWithDifferentSizes(SslProtocols.SSL_v3, "DHE-RSA-AES128-SHA");
testWrapWithDifferentSizes(SslProtocols.SSL_v3, "RC4-SHA");
testWrapWithDifferentSizes(SslProtocols.SSL_v3, "CAMELLIA256-SHA");
testWrapWithDifferentSizes(SslProtocols.SSL_v3, "AECDH-RC4-SHA");
testWrapWithDifferentSizes(SslProtocols.SSL_v3, "DHE-RSA-SEED-SHA");
testWrapWithDifferentSizes(SslProtocols.SSL_v3, "AECDH-AES256-SHA");
testWrapWithDifferentSizes(SslProtocols.SSL_v3, "ECDHE-RSA-DES-CBC3-SHA");
testWrapWithDifferentSizes(SslProtocols.SSL_v3, "ADH-CAMELLIA256-SHA");
testWrapWithDifferentSizes(SslProtocols.SSL_v3, "DHE-RSA-CAMELLIA256-SHA");
testWrapWithDifferentSizes(SslProtocols.SSL_v3, "DHE-RSA-CAMELLIA128-SHA");
testWrapWithDifferentSizes(SslProtocols.SSL_v3, "ECDHE-RSA-RC4-SHA");
}
@Test
@ -1394,22 +1389,22 @@ public class OpenSslEngineTest extends SSLEngineTest {
@Test
public void testDefaultTLS1NotAcceptedByDefaultServer() throws Exception {
testDefaultTLS1NotAcceptedByDefault(null, PROTOCOL_TLS_V1);
testDefaultTLS1NotAcceptedByDefault(null, SslProtocols.TLS_v1);
}
@Test
public void testDefaultTLS11NotAcceptedByDefaultServer() throws Exception {
testDefaultTLS1NotAcceptedByDefault(null, PROTOCOL_TLS_V1_1);
testDefaultTLS1NotAcceptedByDefault(null, SslProtocols.TLS_v1_1);
}
@Test
public void testDefaultTLS1NotAcceptedByDefaultClient() throws Exception {
testDefaultTLS1NotAcceptedByDefault(PROTOCOL_TLS_V1, null);
testDefaultTLS1NotAcceptedByDefault(SslProtocols.TLS_v1, null);
}
@Test
public void testDefaultTLS11NotAcceptedByDefaultClient() throws Exception {
testDefaultTLS1NotAcceptedByDefault(PROTOCOL_TLS_V1_1, null);
testDefaultTLS1NotAcceptedByDefault(SslProtocols.TLS_v1_1, null);
}
private void testDefaultTLS1NotAcceptedByDefault(String clientProtocol, String serverProtocol) throws Exception {

View File

@ -145,7 +145,7 @@ public class OpenSslPrivateKeyMethodTest {
.sslProvider(SslProvider.OPENSSL)
.ciphers(ciphers)
// As this is not a TLSv1.3 cipher we should ensure we talk something else.
.protocols(SslUtils.PROTOCOL_TLS_V1_2)
.protocols(SslProtocols.TLS_v1_2)
.option(OpenSslContextOption.PRIVATE_KEY_METHOD, method)
.build();
}
@ -155,7 +155,7 @@ public class OpenSslPrivateKeyMethodTest {
.sslProvider(SslProvider.JDK)
.ciphers(Collections.singletonList(RFC_CIPHER_NAME))
// As this is not a TLSv1.3 cipher we should ensure we talk something else.
.protocols(SslUtils.PROTOCOL_TLS_V1_2)
.protocols(SslProtocols.TLS_v1_2)
.trustManager(InsecureTrustManagerFactory.INSTANCE)
.build();
}

View File

@ -13,17 +13,13 @@
* License for the specific language governing permissions and limitations
* under the License.
*/
package io.netty.handler.ssl;
import org.junit.Assume;
import org.junit.BeforeClass;
import javax.net.ssl.SSLException;
import java.io.File;
import static org.junit.Assume.assumeTrue;
public class OpenSslServerContextTest extends SslContextTest {
@BeforeClass

View File

@ -405,7 +405,7 @@ public class ParameterizedSslHandlerTest {
// Use TLSv1.2 as we depend on the fact that the handshake
// is done in an extra round trip in the test which
// is not true in TLSv1.3
.protocols(SslUtils.PROTOCOL_TLS_V1_2)
.protocols(SslProtocols.TLS_v1_2)
.build();
final SslContext sslClientCtx = SslContextBuilder.forClient()
@ -414,7 +414,7 @@ public class ParameterizedSslHandlerTest {
// Use TLSv1.2 as we depend on the fact that the handshake
// is done in an extra round trip in the test which
// is not true in TLSv1.3
.protocols(SslUtils.PROTOCOL_TLS_V1_2)
.protocols(SslProtocols.TLS_v1_2)
.build();
EventLoopGroup group = new NioEventLoopGroup();

View File

@ -50,7 +50,7 @@ public abstract class RenegotiateTest {
try {
final SslContext context = SslContextBuilder.forServer(cert.key(), cert.cert())
.sslProvider(serverSslProvider())
.protocols(SslUtils.PROTOCOL_TLS_V1_2)
.protocols(SslProtocols.TLS_v1_2)
.build();
ServerBootstrap sb = new ServerBootstrap();
@ -105,7 +105,7 @@ public abstract class RenegotiateTest {
final SslContext clientContext = SslContextBuilder.forClient()
.trustManager(InsecureTrustManagerFactory.INSTANCE)
.sslProvider(SslProvider.JDK)
.protocols(SslUtils.PROTOCOL_TLS_V1_2)
.protocols(SslProtocols.TLS_v1_2)
.build();
Bootstrap bootstrap = new Bootstrap();

View File

@ -184,9 +184,9 @@ public abstract class SSLEngineTest {
static final class ProtocolCipherCombo {
private static final ProtocolCipherCombo TLSV12 = new ProtocolCipherCombo(
PROTOCOL_TLS_V1_2, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256");
SslProtocols.TLS_v1_2, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256");
private static final ProtocolCipherCombo TLSV13 = new ProtocolCipherCombo(
PROTOCOL_TLS_V1_3, "TLS_AES_128_GCM_SHA256");
SslProtocols.TLS_v1_3, "TLS_AES_128_GCM_SHA256");
final String protocol;
final String cipher;
@ -532,13 +532,13 @@ public abstract class SSLEngineTest {
// due to no shared/supported cipher.
clientSslCtx = wrapContext(SslContextBuilder.forClient()
.trustManager(InsecureTrustManagerFactory.INSTANCE)
.protocols(PROTOCOL_TLS_V1_3, PROTOCOL_TLS_V1_2, PROTOCOL_TLS_V1)
.protocols(SslProtocols.TLS_v1_3, SslProtocols.TLS_v1_2, SslProtocols.TLS_v1)
.sslContextProvider(clientSslContextProvider())
.sslProvider(sslClientProvider())
.build());
serverSslCtx = wrapContext(SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
.protocols(PROTOCOL_TLS_V1_3, PROTOCOL_TLS_V1_2, PROTOCOL_TLS_V1)
.protocols(SslProtocols.TLS_v1_3, SslProtocols.TLS_v1_2, SslProtocols.TLS_v1)
.sslContextProvider(serverSslContextProvider())
.sslProvider(sslServerProvider())
.build());
@ -1513,7 +1513,7 @@ public abstract class SSLEngineTest {
assertArrayEquals(protocols1, enabledProtocols);
// Enable a protocol that is currently disabled
sslEngine.setEnabledProtocols(new String[]{ PROTOCOL_TLS_V1_2 });
sslEngine.setEnabledProtocols(new String[]{ SslProtocols.TLS_v1_2 });
// The protocol that was just enabled should be returned
enabledProtocols = sslEngine.getEnabledProtocols();
@ -1584,7 +1584,7 @@ public abstract class SSLEngineTest {
if (!clientHandshakeFinished ||
// After the handshake completes it is possible we have more data that was send by the server as
// the server will send session updates after the handshake. In this case continue to unwrap.
SslUtils.PROTOCOL_TLS_V1_3.equals(clientEngine.getSession().getProtocol())) {
SslProtocols.TLS_v1_3.equals(clientEngine.getSession().getProtocol())) {
int clientAppReadBufferPos = clientAppReadBuffer.position();
clientResult = clientEngine.unwrap(sTOc, clientAppReadBuffer);
@ -1700,7 +1700,7 @@ public abstract class SSLEngineTest {
if (serverApn.protocol() == Protocol.NPN || serverApn.protocol() == Protocol.NPN_AND_ALPN) {
// NPN is not really well supported with TLSv1.3 so force to use TLSv1.2
// See https://github.com/openssl/openssl/issues/3665
serverCtxBuilder.protocols(PROTOCOL_TLS_V1_2);
serverCtxBuilder.protocols(SslProtocols.TLS_v1_2);
}
SslContextBuilder clientCtxBuilder = SslContextBuilder.forClient()
@ -1715,7 +1715,7 @@ public abstract class SSLEngineTest {
if (clientApn.protocol() == Protocol.NPN || clientApn.protocol() == Protocol.NPN_AND_ALPN) {
// NPN is not really well supported with TLSv1.3 so force to use TLSv1.2
// See https://github.com/openssl/openssl/issues/3665
clientCtxBuilder.protocols(PROTOCOL_TLS_V1_2);
clientCtxBuilder.protocols(SslProtocols.TLS_v1_2);
}
setupHandlers(wrapContext(serverCtxBuilder.build()), wrapContext(clientCtxBuilder.build()));
@ -2043,9 +2043,9 @@ public abstract class SSLEngineTest {
if (provider != null) {
// conscrypt not correctly filters out TLSv1 and TLSv1.1 which is required now by the JDK.
// https://github.com/google/conscrypt/issues/1013
return new String[] { PROTOCOL_TLS_V1_2 };
return new String[] { SslProtocols.TLS_v1_2 };
}
return new String[] {PROTOCOL_TLS_V1_2, PROTOCOL_TLS_V1};
return new String[] {SslProtocols.TLS_v1_2, SslProtocols.TLS_v1};
}
@Test
@ -2333,7 +2333,7 @@ public abstract class SSLEngineTest {
.sslContextProvider(clientSslContextProvider())
.sslProvider(sslClientProvider())
// This test only works for non TLSv1.3 for now
.protocols(PROTOCOL_TLS_V1_2)
.protocols(SslProtocols.TLS_v1_2)
.build());
SSLEngine client = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
@ -2342,7 +2342,7 @@ public abstract class SSLEngineTest {
.sslContextProvider(serverSslContextProvider())
.sslProvider(sslServerProvider())
// This test only works for non TLSv1.3 for now
.protocols(PROTOCOL_TLS_V1_2)
.protocols(SslProtocols.TLS_v1_2)
.build());
SSLEngine server = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
@ -2803,12 +2803,13 @@ public abstract class SSLEngineTest {
@Test
public void testDisableProtocols() throws Exception {
testDisableProtocols(PROTOCOL_SSL_V2, PROTOCOL_SSL_V2);
testDisableProtocols(PROTOCOL_SSL_V3, PROTOCOL_SSL_V2, PROTOCOL_SSL_V3);
testDisableProtocols(PROTOCOL_TLS_V1, PROTOCOL_SSL_V2, PROTOCOL_SSL_V3, PROTOCOL_TLS_V1);
testDisableProtocols(PROTOCOL_TLS_V1_1, PROTOCOL_SSL_V2, PROTOCOL_SSL_V3, PROTOCOL_TLS_V1, PROTOCOL_TLS_V1_1);
testDisableProtocols(PROTOCOL_TLS_V1_2, PROTOCOL_SSL_V2,
PROTOCOL_SSL_V3, PROTOCOL_TLS_V1, PROTOCOL_TLS_V1_1, PROTOCOL_TLS_V1_2);
testDisableProtocols(SslProtocols.SSL_v2, SslProtocols.SSL_v2);
testDisableProtocols(SslProtocols.SSL_v3, SslProtocols.SSL_v2, SslProtocols.SSL_v3);
testDisableProtocols(SslProtocols.TLS_v1, SslProtocols.SSL_v2, SslProtocols.SSL_v3, SslProtocols.TLS_v1);
testDisableProtocols(SslProtocols.TLS_v1_1, SslProtocols.SSL_v2, SslProtocols.SSL_v3, SslProtocols.TLS_v1,
SslProtocols.TLS_v1_1);
testDisableProtocols(SslProtocols.TLS_v1_2, SslProtocols.SSL_v2,
SslProtocols.SSL_v3, SslProtocols.TLS_v1, SslProtocols.TLS_v1_1, SslProtocols.TLS_v1_2);
}
private void testDisableProtocols(String protocol, String... disabledProtocols) throws Exception {
@ -2832,7 +2833,7 @@ public abstract class SSLEngineTest {
for (String disabled : disabledProtocols) {
supported.remove(disabled);
}
if (supported.contains(PROTOCOL_SSL_V2_HELLO) && supported.size() == 1) {
if (supported.contains(SslProtocols.SSL_v2_HELLO) && supported.size() == 1) {
// It's not allowed to set only PROTOCOL_SSL_V2_HELLO if using JDK SSLEngine.
return;
}
@ -4010,9 +4011,9 @@ public abstract class SSLEngineTest {
}
assertEquals(SslProvider.isTlsv13EnabledByDefault(sslClientProvider(), clientSslContextProvider()),
arrayContains(clientProtocols, PROTOCOL_TLS_V1_3));
arrayContains(clientProtocols, SslProtocols.TLS_v1_3));
assertEquals(SslProvider.isTlsv13EnabledByDefault(sslServerProvider(), serverSslContextProvider()),
arrayContains(serverProtocols, PROTOCOL_TLS_V1_3));
arrayContains(serverProtocols, SslProtocols.TLS_v1_3));
}
protected SSLEngine wrapEngine(SSLEngine engine) {

View File

@ -611,7 +611,7 @@ public class SniHandlerTest {
* This is a {@link SslHandler} that will call {@code release()} on the {@link SslContext} when
* the client disconnects.
*
* @see SniHandlerTest#testReplaceHandler()
* @see SniHandlerTest#testReplaceHandler(SslProvider)
*/
private static class CustomSslHandler extends SslHandler {
private final SslContext sslContext;

View File

@ -836,7 +836,7 @@ public class SslHandlerTest {
@Timeout(value = 10000, unit = TimeUnit.MILLISECONDS)
public void testHandshakeFailedByWriteBeforeChannelActive() throws Exception {
final SslContext sslClientCtx = SslContextBuilder.forClient()
.protocols(SslUtils.PROTOCOL_SSL_V3)
.protocols(SslProtocols.SSL_v3)
.trustManager(InsecureTrustManagerFactory.INSTANCE)
.sslProvider(SslProvider.JDK).build();
@ -1145,27 +1145,27 @@ public class SslHandlerTest {
@Test
@Timeout(value = 5000, unit = TimeUnit.MILLISECONDS)
public void testSessionTicketsWithTLSv12() throws Throwable {
testSessionTickets(SslProvider.OPENSSL, SslUtils.PROTOCOL_TLS_V1_2, true);
testSessionTickets(SslProvider.OPENSSL, SslProtocols.TLS_v1_2, true);
}
@Test
@Timeout(value = 5000, unit = TimeUnit.MILLISECONDS)
public void testSessionTicketsWithTLSv13() throws Throwable {
assumeTrue(SslProvider.isTlsv13Supported(SslProvider.OPENSSL));
testSessionTickets(SslProvider.OPENSSL, SslUtils.PROTOCOL_TLS_V1_3, true);
testSessionTickets(SslProvider.OPENSSL, SslProtocols.TLS_v1_3, true);
}
@Test
@Timeout(value = 5000, unit = TimeUnit.MILLISECONDS)
public void testSessionTicketsWithTLSv12AndNoKey() throws Throwable {
testSessionTickets(SslProvider.OPENSSL, SslUtils.PROTOCOL_TLS_V1_2, false);
testSessionTickets(SslProvider.OPENSSL, SslProtocols.TLS_v1_2, false);
}
@Test
@Timeout(value = 5000, unit = TimeUnit.MILLISECONDS)
public void testSessionTicketsWithTLSv13AndNoKey() throws Throwable {
assumeTrue(OpenSsl.isTlsv13Supported());
testSessionTickets(SslProvider.OPENSSL, SslUtils.PROTOCOL_TLS_V1_3, false);
testSessionTickets(SslProvider.OPENSSL, SslProtocols.TLS_v1_3, false);
}
private static void testSessionTickets(SslProvider provider, String protocol, boolean withKey) throws Throwable {
@ -1223,7 +1223,7 @@ public class SslHandlerTest {
// This test only works for non TLSv1.3 as TLSv1.3 will establish sessions after
// the handshake is done.
// See https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_sess_set_get_cb.html
if (!SslUtils.PROTOCOL_TLS_V1_3.equals(engine.getSession().getProtocol())) {
if (!SslProtocols.TLS_v1_3.equals(engine.getSession().getProtocol())) {
// First should not re-use the session
try {
assertEquals(handshakeCount > 1, engine.isSessionReused());
@ -1297,7 +1297,7 @@ public class SslHandlerTest {
// This test only works for non TLSv1.3 as TLSv1.3 will establish sessions after
// the handshake is done.
// See https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_sess_set_get_cb.html
if (!SslUtils.PROTOCOL_TLS_V1_3.equals(engine.getSession().getProtocol())) {
if (!SslProtocols.TLS_v1_3.equals(engine.getSession().getProtocol())) {
assertEquals(isReused, engine.isSessionReused());
}
Object obj = queue.take();
@ -1472,11 +1472,11 @@ public class SslHandlerTest {
if (tls13) {
clientCipher = "TLS_AES_128_GCM_SHA256";
serverCipher = "TLS_AES_256_GCM_SHA384";
protocol = SslUtils.PROTOCOL_TLS_V1_3;
protocol = SslProtocols.TLS_v1_3;
} else {
clientCipher = "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256";
serverCipher = "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384";
protocol = SslUtils.PROTOCOL_TLS_V1_2;
protocol = SslProtocols.TLS_v1_2;
}
final SslContext sslClientCtx = SslContextBuilder.forClient()
.trustManager(InsecureTrustManagerFactory.INSTANCE)
@ -1566,26 +1566,26 @@ public class SslHandlerTest {
@Test
public void testHandshakeEventsTls12JDK() throws Exception {
testHandshakeEvents(SslProvider.JDK, SslUtils.PROTOCOL_TLS_V1_2);
testHandshakeEvents(SslProvider.JDK, SslProtocols.TLS_v1_2);
}
@Test
public void testHandshakeEventsTls12Openssl() throws Exception {
OpenSsl.ensureAvailability();
testHandshakeEvents(SslProvider.OPENSSL, SslUtils.PROTOCOL_TLS_V1_2);
testHandshakeEvents(SslProvider.OPENSSL, SslProtocols.TLS_v1_2);
}
@Test
public void testHandshakeEventsTls13JDK() throws Exception {
assumeTrue(SslProvider.isTlsv13Supported(SslProvider.JDK));
testHandshakeEvents(SslProvider.JDK, SslUtils.PROTOCOL_TLS_V1_3);
testHandshakeEvents(SslProvider.JDK, SslProtocols.TLS_v1_3);
}
@Test
public void testHandshakeEventsTls13Openssl() throws Exception {
OpenSsl.ensureAvailability();
assumeTrue(SslProvider.isTlsv13Supported(SslProvider.OPENSSL));
testHandshakeEvents(SslProvider.OPENSSL, SslUtils.PROTOCOL_TLS_V1_3);
testHandshakeEvents(SslProvider.OPENSSL, SslProtocols.TLS_v1_3);
}
private void testHandshakeEvents(SslProvider provider, String protocol) throws Exception {