Use SslProtocols and Ciphers constant

2021-07-06 21:01:24 +05:30 · 2021-07-06 21:01:24 +05:30 · fac6c19958
parent 0b2e955aff
commit fac6c19958
19 changed files with 1009 additions and 211 deletions
--- a/handler/src/main/java/io/netty/handler/ssl/Ciphers.java
+++ b/handler/src/main/java/io/netty/handler/ssl/Ciphers.java
@ -0,0 +1,758 @@
+/*
+ * Copyright 2021 The Netty Project
+ *
+ * The Netty Project licenses this file to you under the Apache License,
+ * version 2.0 (the "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at:
+ *
+ *   https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+package io.netty.handler.ssl;
+
+import io.netty.util.internal.ObjectUtil;
+
+import java.util.Arrays;
+
+/**
+ * Cipher suites
+ */
+public final class Ciphers {
+
+    /**
+     * TLS_AES_256_GCM_SHA384
+     */
+    public static final String TLS_AES_256_GCM_SHA384 = "TLS_AES_256_GCM_SHA384";
+
+    /**
+     * TLS_CHACHA20_POLY1305_SHA256
+     */
+    public static final String TLS_CHACHA20_POLY1305_SHA256 = "TLS_CHACHA20_POLY1305_SHA256";
+
+    /**
+     * TLS_AES_128_GCM_SHA256
+     */
+    public static final String TLS_AES_128_GCM_SHA256 = "TLS_AES_128_GCM_SHA256";
+
+    /**
+     * TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
+     */
+    public static final String TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384";
+
+    /**
+     * TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+     */
+    public static final String TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384";
+
+    /**
+     * TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
+     */
+    public static final String TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 = "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384";
+
+    /**
+     * TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
+     */
+    public static final String TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384";
+
+    /**
+     * TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
+     */
+    public static final String TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 =
+            "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256";
+
+    /**
+     * TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
+     */
+    public static final String TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 =
+            "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256";
+
+    /**
+     * TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
+     */
+    public static final String TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256";
+
+    /**
+     * TLS_ECDHE_ECDSA_WITH_AES_256_CBC_CCM8
+     */
+    public static final String TLS_ECDHE_ECDSA_WITH_AES_256_CBC_CCM8 = "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_CCM8";
+
+    /**
+     * TLS_ECDHE_ECDSA_WITH_AES_256_CBC_CCM
+     */
+    public static final String TLS_ECDHE_ECDSA_WITH_AES_256_CBC_CCM = "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_CCM";
+
+    /**
+     * TLS_DHE_RSA_WITH_AES_256_CBC_CCM8
+     */
+    public static final String TLS_DHE_RSA_WITH_AES_256_CBC_CCM8 = "TLS_DHE_RSA_WITH_AES_256_CBC_CCM8";
+
+    /**
+     * TLS_DHE_RSA_WITH_AES_256_CBC_CCM
+     */
+    public static final String TLS_DHE_RSA_WITH_AES_256_CBC_CCM = "TLS_DHE_RSA_WITH_AES_256_CBC_CCM";
+
+    /**
+     * TLS_ECDHE_ECDSA_WITH_ARIA256_GCM_SHA384
+     */
+    public static final String TLS_ECDHE_ECDSA_WITH_ARIA256_GCM_SHA384 = "TLS_ECDHE_ECDSA_WITH_ARIA256_GCM_SHA384";
+
+    /**
+     * TLS_RSA_WITH_ECDHE_ARIA256_GCM_SHA384
+     */
+    public static final String TLS_RSA_WITH_ECDHE_ARIA256_GCM_SHA384 = "TLS_RSA_WITH_ECDHE_ARIA256_GCM_SHA384";
+
+    /**
+     * TLS_DHE_DSS_WITH_ARIA256_GCM_SHA384
+     */
+    public static final String TLS_DHE_DSS_WITH_ARIA256_GCM_SHA384 = "TLS_DHE_DSS_WITH_ARIA256_GCM_SHA384";
+
+    /**
+     * TLS_DHE_RSA_WITH_ARIA256_GCM_SHA384
+     */
+    public static final String TLS_DHE_RSA_WITH_ARIA256_GCM_SHA384 = "TLS_DHE_RSA_WITH_ARIA256_GCM_SHA384";
+
+    /**
+     * TLS_DH_anon_WITH_AES_256_GCM_SHA384
+     */
+    public static final String TLS_DH_anon_WITH_AES_256_GCM_SHA384 = "TLS_DH_anon_WITH_AES_256_GCM_SHA384";
+
+    /**
+     * TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+     */
+    public static final String TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256";
+
+    /**
+     * TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+     */
+    public static final String TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256";
+
+    /**
+     * TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
+     */
+    public static final String TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 = "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256";
+
+    /**
+     * TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
+     */
+    public static final String TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256";
+
+    /**
+     * TLS_ECDHE_ECDSA_WITH_AES_128_CBC_CCM8
+     */
+    public static final String TLS_ECDHE_ECDSA_WITH_AES_128_CBC_CCM8 = "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_CCM8";
+
+    /**
+     * TLS_ECDHE_ECDSA_WITH_AES_128_CBC_CCM
+     */
+    public static final String TLS_ECDHE_ECDSA_WITH_AES_128_CBC_CCM = "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_CCM";
+
+    /**
+     * TLS_DHE_RSA_WITH_AES_128_CBC_CCM8
+     */
+    public static final String TLS_DHE_RSA_WITH_AES_128_CBC_CCM8 = "TLS_DHE_RSA_WITH_AES_128_CBC_CCM8";
+
+    /**
+     * TLS_DHE_RSA_WITH_AES_128_CBC_CCM
+     */
+    public static final String TLS_DHE_RSA_WITH_AES_128_CBC_CCM = "TLS_DHE_RSA_WITH_AES_128_CBC_CCM";
+
+    /**
+     * TLS_ECDHE_ECDSA_WITH_ARIA128_GCM_SHA256
+     */
+    public static final String TLS_ECDHE_ECDSA_WITH_ARIA128_GCM_SHA256 = "TLS_ECDHE_ECDSA_WITH_ARIA128_GCM_SHA256";
+
+    /**
+     * TLS_RSA_WITH_ECDHE_ARIA128_GCM_SHA256
+     */
+    public static final String TLS_RSA_WITH_ECDHE_ARIA128_GCM_SHA256 = "TLS_RSA_WITH_ECDHE_ARIA128_GCM_SHA256";
+
+    /**
+     * TLS_DHE_DSS_WITH_ARIA128_GCM_SHA256
+     */
+    public static final String TLS_DHE_DSS_WITH_ARIA128_GCM_SHA256 = "TLS_DHE_DSS_WITH_ARIA128_GCM_SHA256";
+
+    /**
+     * TLS_DHE_RSA_WITH_ARIA128_GCM_SHA256
+     */
+    public static final String TLS_DHE_RSA_WITH_ARIA128_GCM_SHA256 = "TLS_DHE_RSA_WITH_ARIA128_GCM_SHA256";
+
+    /**
+     * TLS_DH_anon_WITH_AES_128_GCM_SHA256
+     */
+    public static final String TLS_DH_anon_WITH_AES_128_GCM_SHA256 = "TLS_DH_anon_WITH_AES_128_GCM_SHA256";
+
+    /**
+     * TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
+     */
+    public static final String TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 = "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384";
+
+    /**
+     * TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
+     */
+    public static final String TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 = "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384";
+
+    /**
+     * TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
+     */
+    public static final String TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256";
+
+    /**
+     * TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
+     */
+    public static final String TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 = "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256";
+
+    /**
+     * TLS_ECDHE_ECDSA_WITH_CAMELLIA256_SHA384
+     */
+    public static final String TLS_ECDHE_ECDSA_WITH_CAMELLIA256_SHA384 = "TLS_ECDHE_ECDSA_WITH_CAMELLIA256_SHA384";
+
+    /**
+     * TLS_ECDHE_RSA_WITH_CAMELLIA256_SHA384
+     */
+    public static final String TLS_ECDHE_RSA_WITH_CAMELLIA256_SHA384 = "TLS_ECDHE_RSA_WITH_CAMELLIA256_SHA384";
+
+    /**
+     * TLS_DHE_RSA_WITH_CAMELLIA256_SHA256
+     */
+    public static final String TLS_DHE_RSA_WITH_CAMELLIA256_SHA256 = "TLS_DHE_RSA_WITH_CAMELLIA256_SHA256";
+
+    /**
+     * TLS_DHE_DSS_WITH_CAMELLIA256_SHA256
+     */
+    public static final String TLS_DHE_DSS_WITH_CAMELLIA256_SHA256 = "TLS_DHE_DSS_WITH_CAMELLIA256_SHA256";
+
+    /**
+     * TLS_DH_anon_WITH_AES_256_CBC_SHA256
+     */
+    public static final String TLS_DH_anon_WITH_AES_256_CBC_SHA256 = "TLS_DH_anon_WITH_AES_256_CBC_SHA256";
+
+    /**
+     * TLS_DH_anon_WITH_CAMELLIA256_SHA256
+     */
+    public static final String TLS_DH_anon_WITH_CAMELLIA256_SHA256 = "TLS_DH_anon_WITH_CAMELLIA256_SHA256";
+
+    /**
+     * TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
+     */
+    public static final String TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256";
+
+    /**
+     * TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
+     */
+    public static final String TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256";
+
+    /**
+     * TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
+     */
+    public static final String TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256";
+
+    /**
+     * TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
+     */
+    public static final String TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 = "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256";
+
+    /**
+     * TLS_ECDHE_ECDSA_WITH_CAMELLIA128_SHA256
+     */
+    public static final String TLS_ECDHE_ECDSA_WITH_CAMELLIA128_SHA256 = "TLS_ECDHE_ECDSA_WITH_CAMELLIA128_SHA256";
+
+    /**
+     * TLS_ECDHE_RSA_WITH_CAMELLIA128_SHA256
+     */
+    public static final String TLS_ECDHE_RSA_WITH_CAMELLIA128_SHA256 = "TLS_ECDHE_RSA_WITH_CAMELLIA128_SHA256";
+
+    /**
+     * TLS_DHE_RSA_WITH_CAMELLIA128_SHA256
+     */
+    public static final String TLS_DHE_RSA_WITH_CAMELLIA128_SHA256 = "TLS_DHE_RSA_WITH_CAMELLIA128_SHA256";
+
+    /**
+     * TLS_DHE_DSS_WITH_CAMELLIA128_SHA256
+     */
+    public static final String TLS_DHE_DSS_WITH_CAMELLIA128_SHA256 = "TLS_DHE_DSS_WITH_CAMELLIA128_SHA256";
+
+    /**
+     * TLS_DH_anon_WITH_AES_128_CBC_SHA256
+     */
+    public static final String TLS_DH_anon_WITH_AES_128_CBC_SHA256 = "TLS_DH_anon_WITH_AES_128_CBC_SHA256";
+
+    /**
+     * TLS_DH_anon_WITH_CAMELLIA128_SHA256
+     */
+    public static final String TLS_DH_anon_WITH_CAMELLIA128_SHA256 = "TLS_DH_anon_WITH_CAMELLIA128_SHA256";
+
+    /**
+     * TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
+     */
+    public static final String TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA";
+
+    /**
+     * TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
+     */
+    public static final String TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA";
+
+    /**
+     * TLS_DHE_RSA_WITH_AES_256_CBC_SHA
+     */
+    public static final String TLS_DHE_RSA_WITH_AES_256_CBC_SHA = "TLS_DHE_RSA_WITH_AES_256_CBC_SHA";
+
+    /**
+     * TLS_DHE_DSS_WITH_AES_256_CBC_SHA
+     */
+    public static final String TLS_DHE_DSS_WITH_AES_256_CBC_SHA = "TLS_DHE_DSS_WITH_AES_256_CBC_SHA";
+
+    /**
+     * TLS_DHE_RSA_WITH_CAMELLIA256_SHA
+     */
+    public static final String TLS_DHE_RSA_WITH_CAMELLIA256_SHA = "TLS_DHE_RSA_WITH_CAMELLIA256_SHA";
+
+    /**
+     * TLS_DHE_DSS_WITH_CAMELLIA256_SHA
+     */
+    public static final String TLS_DHE_DSS_WITH_CAMELLIA256_SHA = "TLS_DHE_DSS_WITH_CAMELLIA256_SHA";
+
+    /**
+     * TLS_ECDH_anon_WITH_AES_256_CBC_SHA
+     */
+    public static final String TLS_ECDH_anon_WITH_AES_256_CBC_SHA = "TLS_ECDH_anon_WITH_AES_256_CBC_SHA";
+
+    /**
+     * TLS_DH_anon_WITH_AES_256_CBC_SHA
+     */
+    public static final String TLS_DH_anon_WITH_AES_256_CBC_SHA = "TLS_DH_anon_WITH_AES_256_CBC_SHA";
+
+    /**
+     * TLS_DH_anon_WITH_CAMELLIA256_SHA
+     */
+    public static final String TLS_DH_anon_WITH_CAMELLIA256_SHA = "TLS_DH_anon_WITH_CAMELLIA256_SHA";
+
+    /**
+     * TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
+     */
+    public static final String TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA = "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA";
+
+    /**
+     * TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
+     */
+    public static final String TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA";
+
+    /**
+     * TLS_DHE_RSA_WITH_AES_128_CBC_SHA
+     */
+    public static final String TLS_DHE_RSA_WITH_AES_128_CBC_SHA = "TLS_DHE_RSA_WITH_AES_128_CBC_SHA";
+
+    /**
+     * TLS_DHE_DSS_WITH_AES_128_CBC_SHA
+     */
+    public static final String TLS_DHE_DSS_WITH_AES_128_CBC_SHA = "TLS_DHE_DSS_WITH_AES_128_CBC_SHA";
+
+    /**
+     * TLS_DHE_RSA_WITH_SEED_SHA
+     */
+    public static final String TLS_DHE_RSA_WITH_SEED_SHA = "TLS_DHE_RSA_WITH_SEED_SHA";
+
+    /**
+     * TLS_DHE_DSS_WITH_SEED_SHA
+     */
+    public static final String TLS_DHE_DSS_WITH_SEED_SHA = "TLS_DHE_DSS_WITH_SEED_SHA";
+
+    /**
+     * TLS_DHE_RSA_WITH_CAMELLIA128_SHA
+     */
+    public static final String TLS_DHE_RSA_WITH_CAMELLIA128_SHA = "TLS_DHE_RSA_WITH_CAMELLIA128_SHA";
+
+    /**
+     * TLS_DHE_DSS_WITH_CAMELLIA128_SHA
+     */
+    public static final String TLS_DHE_DSS_WITH_CAMELLIA128_SHA = "TLS_DHE_DSS_WITH_CAMELLIA128_SHA";
+
+    /**
+     * TLS_ECDH_anon_WITH_AES_128_CBC_SHA
+     */
+    public static final String TLS_ECDH_anon_WITH_AES_128_CBC_SHA = "TLS_ECDH_anon_WITH_AES_128_CBC_SHA";
+
+    /**
+     * TLS_DH_anon_WITH_AES_128_CBC_SHA
+     */
+    public static final String TLS_DH_anon_WITH_AES_128_CBC_SHA = "TLS_DH_anon_WITH_AES_128_CBC_SHA";
+
+    /**
+     * TLS_DH_anon_WITH_SEED_SHA
+     */
+    public static final String TLS_DH_anon_WITH_SEED_SHA = "TLS_DH_anon_WITH_SEED_SHA";
+
+    /**
+     * TLS_DH_anon_WITH_CAMELLIA128_SHA
+     */
+    public static final String TLS_DH_anon_WITH_CAMELLIA128_SHA = "TLS_DH_anon_WITH_CAMELLIA128_SHA";
+
+    /**
+     * TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
+     */
+    public static final String TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 = "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384";
+
+    /**
+     * TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
+     */
+    public static final String TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 = "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384";
+
+    /**
+     * TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256
+     */
+    public static final String TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256 = "TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256";
+
+    /**
+     * TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256
+     */
+    public static final String TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 = "TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256";
+
+    /**
+     * TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256
+     */
+    public static final String TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 =
+            "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256";
+
+    /**
+     * TLS_DHE_PSK_WITH_AES_256_CBC_CCM8
+     */
+    public static final String TLS_DHE_PSK_WITH_AES_256_CBC_CCM8 = "TLS_DHE_PSK_WITH_AES_256_CBC_CCM8";
+
+    /**
+     * TLS_DHE_PSK_WITH_AES_256_CBC_CCM
+     */
+    public static final String TLS_DHE_PSK_WITH_AES_256_CBC_CCM = "TLS_DHE_PSK_WITH_AES_256_CBC_CCM";
+
+    /**
+     * TLS_RSA_PSK_WITH_ARIA256_GCM_SHA384
+     */
+    public static final String TLS_RSA_PSK_WITH_ARIA256_GCM_SHA384 = "TLS_RSA_PSK_WITH_ARIA256_GCM_SHA384";
+
+    /**
+     * TLS_DHE_PSK_WITH_ARIA256_GCM_SHA384
+     */
+    public static final String TLS_DHE_PSK_WITH_ARIA256_GCM_SHA384 = "TLS_DHE_PSK_WITH_ARIA256_GCM_SHA384";
+
+    /**
+     * TLS_RSA_WITH_AES_256_GCM_SHA384
+     */
+    public static final String TLS_RSA_WITH_AES_256_GCM_SHA384 = "TLS_RSA_WITH_AES_256_GCM_SHA384";
+
+    /**
+     * TLS_RSA_WITH_AES_256_CBC_CCM8
+     */
+    public static final String TLS_RSA_WITH_AES_256_CBC_CCM8 = "TLS_RSA_WITH_AES_256_CBC_CCM8";
+
+    /**
+     * TLS_RSA_WITH_AES_256_CBC_CCM
+     */
+    public static final String TLS_RSA_WITH_AES_256_CBC_CCM = "TLS_RSA_WITH_AES_256_CBC_CCM";
+
+    /**
+     * TLS_RSA_WITH_ARIA256_GCM_SHA384
+     */
+    public static final String TLS_RSA_WITH_ARIA256_GCM_SHA384 = "TLS_RSA_WITH_ARIA256_GCM_SHA384";
+
+    /**
+     * TLS_PSK_WITH_AES_256_GCM_SHA384
+     */
+    public static final String TLS_PSK_WITH_AES_256_GCM_SHA384 = "TLS_PSK_WITH_AES_256_GCM_SHA384";
+
+    /**
+     * TLS_PSK_WITH_CHACHA20_POLY1305_SHA256
+     */
+    public static final String TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 = "TLS_PSK_WITH_CHACHA20_POLY1305_SHA256";
+
+    /**
+     * TLS_PSK_WITH_AES_256_CBC_CCM8
+     */
+    public static final String TLS_PSK_WITH_AES_256_CBC_CCM8 = "TLS_PSK_WITH_AES_256_CBC_CCM8";
+
+    /**
+     * TLS_PSK_WITH_AES_256_CBC_CCM
+     */
+    public static final String TLS_PSK_WITH_AES_256_CBC_CCM = "TLS_PSK_WITH_AES_256_CBC_CCM";
+
+    /**
+     * TLS_PSK_WITH_ARIA256_GCM_SHA384
+     */
+    public static final String TLS_PSK_WITH_ARIA256_GCM_SHA384 = "TLS_PSK_WITH_ARIA256_GCM_SHA384";
+
+    /**
+     * TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
+     */
+    public static final String TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 = "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256";
+
+    /**
+     * TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
+     */
+    public static final String TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 = "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256";
+
+    /**
+     * TLS_DHE_PSK_WITH_AES_128_CBC_CCM8
+     */
+    public static final String TLS_DHE_PSK_WITH_AES_128_CBC_CCM8 = "TLS_DHE_PSK_WITH_AES_128_CBC_CCM8";
+
+    /**
+     * TLS_DHE_PSK_WITH_AES_128_CBC_CCM
+     */
+    public static final String TLS_DHE_PSK_WITH_AES_128_CBC_CCM = "TLS_DHE_PSK_WITH_AES_128_CBC_CCM";
+
+    /**
+     * TLS_RSA_PSK_WITH_ARIA128_GCM_SHA256
+     */
+    public static final String TLS_RSA_PSK_WITH_ARIA128_GCM_SHA256 = "TLS_RSA_PSK_WITH_ARIA128_GCM_SHA256";
+
+    /**
+     * TLS_DHE_PSK_WITH_ARIA128_GCM_SHA256
+     */
+    public static final String TLS_DHE_PSK_WITH_ARIA128_GCM_SHA256 = "TLS_DHE_PSK_WITH_ARIA128_GCM_SHA256";
+
+    /**
+     * TLS_RSA_WITH_AES_128_GCM_SHA256
+     */
+    public static final String TLS_RSA_WITH_AES_128_GCM_SHA256 = "TLS_RSA_WITH_AES_128_GCM_SHA256";
+
+    /**
+     * TLS_RSA_WITH_AES_128_CBC_CCM8
+     */
+    public static final String TLS_RSA_WITH_AES_128_CBC_CCM8 = "TLS_RSA_WITH_AES_128_CBC_CCM8";
+
+    /**
+     * TLS_RSA_WITH_AES_128_CBC_CCM
+     */
+    public static final String TLS_RSA_WITH_AES_128_CBC_CCM = "TLS_RSA_WITH_AES_128_CBC_CCM";
+
+    /**
+     * TLS_RSA_WITH_ARIA128_GCM_SHA256
+     */
+    public static final String TLS_RSA_WITH_ARIA128_GCM_SHA256 = "TLS_RSA_WITH_ARIA128_GCM_SHA256";
+
+    /**
+     * TLS_PSK_WITH_AES_128_GCM_SHA256
+     */
+    public static final String TLS_PSK_WITH_AES_128_GCM_SHA256 = "TLS_PSK_WITH_AES_128_GCM_SHA256";
+
+    /**
+     * TLS_PSK_WITH_AES_128_CBC_CCM8
+     */
+    public static final String TLS_PSK_WITH_AES_128_CBC_CCM8 = "TLS_PSK_WITH_AES_128_CBC_CCM8";
+
+    /**
+     * TLS_PSK_WITH_AES_128_CBC_CCM
+     */
+    public static final String TLS_PSK_WITH_AES_128_CBC_CCM = "TLS_PSK_WITH_AES_128_CBC_CCM";
+
+    /**
+     * TLS_PSK_WITH_ARIA128_GCM_SHA256
+     */
+    public static final String TLS_PSK_WITH_ARIA128_GCM_SHA256 = "TLS_PSK_WITH_ARIA128_GCM_SHA256";
+
+    /**
+     * TLS_RSA_WITH_AES_256_CBC_SHA256
+     */
+    public static final String TLS_RSA_WITH_AES_256_CBC_SHA256 = "TLS_RSA_WITH_AES_256_CBC_SHA256";
+
+    /**
+     * TLS_RSA_WITH_CAMELLIA256_SHA256
+     */
+    public static final String TLS_RSA_WITH_CAMELLIA256_SHA256 = "TLS_RSA_WITH_CAMELLIA256_SHA256";
+
+    /**
+     * TLS_RSA_WITH_AES_128_CBC_SHA256
+     */
+    public static final String TLS_RSA_WITH_AES_128_CBC_SHA256 = "TLS_RSA_WITH_AES_128_CBC_SHA256";
+
+    /**
+     * TLS_RSA_WITH_CAMELLIA128_SHA256
+     */
+    public static final String TLS_RSA_WITH_CAMELLIA128_SHA256 = "TLS_RSA_WITH_CAMELLIA128_SHA256";
+
+    /**
+     * TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
+     */
+    public static final String TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 = "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384";
+
+    /**
+     * TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
+     */
+    public static final String TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA = "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA";
+
+    /**
+     * TLS_SRP_DSS_WITH_AES_256_CBC_SHA
+     */
+    public static final String TLS_SRP_DSS_WITH_AES_256_CBC_SHA = "TLS_SRP_DSS_WITH_AES_256_CBC_SHA";
+
+    /**
+     * TLS_SRP_RSA_WITH_AES_256_CBC_SHA
+     */
+    public static final String TLS_SRP_RSA_WITH_AES_256_CBC_SHA = "TLS_SRP_RSA_WITH_AES_256_CBC_SHA";
+
+    /**
+     * TLS_SRP_WITH_AES_256_CBC_SHA
+     */
+    public static final String TLS_SRP_WITH_AES_256_CBC_SHA = "TLS_SRP_WITH_AES_256_CBC_SHA";
+
+    /**
+     * TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
+     */
+    public static final String TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 = "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384";
+
+    /**
+     * TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
+     */
+    public static final String TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 = "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384";
+
+    /**
+     * TLS_RSA_PSK_WITH_AES_256_CBC_SHA
+     */
+    public static final String TLS_RSA_PSK_WITH_AES_256_CBC_SHA = "TLS_RSA_PSK_WITH_AES_256_CBC_SHA";
+
+    /**
+     * TLS_DHE_PSK_WITH_AES_256_CBC_SHA
+     */
+    public static final String TLS_DHE_PSK_WITH_AES_256_CBC_SHA = "TLS_DHE_PSK_WITH_AES_256_CBC_SHA";
+
+    /**
+     * TLS_ECDHE_PSK_WITH_CAMELLIA256_SHA384
+     */
+    public static final String TLS_ECDHE_PSK_WITH_CAMELLIA256_SHA384 = "TLS_ECDHE_PSK_WITH_CAMELLIA256_SHA384";
+
+    /**
+     * TLS_RSA_PSK_WITH_CAMELLIA256_SHA384
+     */
+    public static final String TLS_RSA_PSK_WITH_CAMELLIA256_SHA384 = "TLS_RSA_PSK_WITH_CAMELLIA256_SHA384";
+
+    /**
+     * TLS_DHE_PSK_WITH_CAMELLIA256_SHA384
+     */
+    public static final String TLS_DHE_PSK_WITH_CAMELLIA256_SHA384 = "TLS_DHE_PSK_WITH_CAMELLIA256_SHA384";
+
+    /**
+     * TLS_RSA_WITH_AES_256_CBC_SHA
+     */
+    public static final String TLS_RSA_WITH_AES_256_CBC_SHA = "TLS_RSA_WITH_AES_256_CBC_SHA";
+
+    /**
+     * TLS_RSA_WITH_CAMELLIA256_SHA
+     */
+    public static final String TLS_RSA_WITH_CAMELLIA256_SHA = "TLS_RSA_WITH_CAMELLIA256_SHA";
+
+    /**
+     * TLS_PSK_WITH_AES_256_CBC_SHA384
+     */
+    public static final String TLS_PSK_WITH_AES_256_CBC_SHA384 = "TLS_PSK_WITH_AES_256_CBC_SHA384";
+
+    /**
+     * TLS_PSK_WITH_AES_256_CBC_SHA
+     */
+    public static final String TLS_PSK_WITH_AES_256_CBC_SHA = "TLS_PSK_WITH_AES_256_CBC_SHA";
+
+    /**
+     * TLS_PSK_WITH_CAMELLIA256_SHA384
+     */
+    public static final String TLS_PSK_WITH_CAMELLIA256_SHA384 = "TLS_PSK_WITH_CAMELLIA256_SHA384";
+
+    /**
+     * TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
+     */
+    public static final String TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 = "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256";
+
+    /**
+     * TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
+     */
+    public static final String TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA = "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA";
+
+    /**
+     * TLS_SRP_DSS_WITH_AES_128_CBC_SHA
+     */
+    public static final String TLS_SRP_DSS_WITH_AES_128_CBC_SHA = "TLS_SRP_DSS_WITH_AES_128_CBC_SHA";
+
+    /**
+     * TLS_SRP_RSA_WITH_AES_128_CBC_SHA
+     */
+    public static final String TLS_SRP_RSA_WITH_AES_128_CBC_SHA = "TLS_SRP_RSA_WITH_AES_128_CBC_SHA";
+
+    /**
+     * TLS_SRP_WITH_AES_128_CBC_SHA
+     */
+    public static final String TLS_SRP_WITH_AES_128_CBC_SHA = "TLS_SRP_WITH_AES_128_CBC_SHA";
+
+    /**
+     * TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
+     */
+    public static final String TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 = "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256";
+
+    /**
+     * TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
+     */
+    public static final String TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 = "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256";
+
+    /**
+     * TLS_RSA_PSK_WITH_AES_128_CBC_SHA
+     */
+    public static final String TLS_RSA_PSK_WITH_AES_128_CBC_SHA = "TLS_RSA_PSK_WITH_AES_128_CBC_SHA";
+
+    /**
+     * TLS_DHE_PSK_WITH_AES_128_CBC_SHA
+     */
+    public static final String TLS_DHE_PSK_WITH_AES_128_CBC_SHA = "TLS_DHE_PSK_WITH_AES_128_CBC_SHA";
+
+    /**
+     * TLS_ECDHE_PSK_WITH_CAMELLIA128_SHA256
+     */
+    public static final String TLS_ECDHE_PSK_WITH_CAMELLIA128_SHA256 = "TLS_ECDHE_PSK_WITH_CAMELLIA128_SHA256";
+
+    /**
+     * TLS_RSA_PSK_WITH_CAMELLIA128_SHA256
+     */
+    public static final String TLS_RSA_PSK_WITH_CAMELLIA128_SHA256 = "TLS_RSA_PSK_WITH_CAMELLIA128_SHA256";
+
+    /**
+     * TLS_DHE_PSK_WITH_CAMELLIA128_SHA256
+     */
+    public static final String TLS_DHE_PSK_WITH_CAMELLIA128_SHA256 = "TLS_DHE_PSK_WITH_CAMELLIA128_SHA256";
+
+    /**
+     * TLS_RSA_WITH_AES_128_CBC_SHA
+     */
+    public static final String TLS_RSA_WITH_AES_128_CBC_SHA = "TLS_RSA_WITH_AES_128_CBC_SHA";
+
+    /**
+     * TLS_RSA_WITH_SEED_SHA
+     */
+    public static final String TLS_RSA_WITH_SEED_SHA = "TLS_RSA_WITH_SEED_SHA";
+
+    /**
+     * TLS_RSA_WITH_CAMELLIA128_SHA
+     */
+    public static final String TLS_RSA_WITH_CAMELLIA128_SHA = "TLS_RSA_WITH_CAMELLIA128_SHA";
+
+    /**
+     * TLS_RSA_WITH_IDEA_CBC_SHA
+     */
+    public static final String TLS_RSA_WITH_IDEA_CBC_SHA = "TLS_RSA_WITH_IDEA_CBC_SHA";
+
+    /**
+     * TLS_PSK_WITH_AES_128_CBC_SHA256
+     */
+    public static final String TLS_PSK_WITH_AES_128_CBC_SHA256 = "TLS_PSK_WITH_AES_128_CBC_SHA256";
+
+    /**
+     * TLS_PSK_WITH_AES_128_CBC_SHA
+     */
+    public static final String TLS_PSK_WITH_AES_128_CBC_SHA = "TLS_PSK_WITH_AES_128_CBC_SHA";
+
+    /**
+     * TLS_PSK_WITH_CAMELLIA128_SHA256
+     */
+    public static final String TLS_PSK_WITH_CAMELLIA128_SHA256 = "TLS_PSK_WITH_CAMELLIA128_SHA256";
+
+    private Ciphers() {
+        // Prevent outside initialization
+    }
+}
--- a/handler/src/main/java/io/netty/handler/ssl/JdkSslContext.java
+++ b/handler/src/main/java/io/netty/handler/ssl/JdkSslContext.java
@ -107,8 +107,8 @@ public class JdkSslContext extends SslContext {
        List<String> protocols = new ArrayList<String>();
        addIfSupported(
                supportedProtocolsSet, protocols,
-                SslUtils.PROTOCOL_TLS_V1_3, SslUtils.PROTOCOL_TLS_V1_2,
-                SslUtils.PROTOCOL_TLS_V1_1, SslUtils.PROTOCOL_TLS_V1);
+                SslProtocols.TLS_v1_3, SslProtocols.TLS_v1_2,
+                SslProtocols.TLS_v1_1, SslProtocols.TLS_v1);

        if (!protocols.isEmpty()) {
            return protocols.toArray(EmptyArrays.EMPTY_STRINGS);
@ -154,7 +154,7 @@ public class JdkSslContext extends SslContext {

    private static boolean isTlsV13Supported(String[] protocols) {
        for (String protocol: protocols) {
-            if (SslUtils.PROTOCOL_TLS_V1_3.equals(protocol)) {
+            if (SslProtocols.TLS_v1_3.equals(protocol)) {
                return true;
            }
        }
--- a/handler/src/main/java/io/netty/handler/ssl/OpenSsl.java
+++ b/handler/src/main/java/io/netty/handler/ssl/OpenSsl.java
@ -348,26 +348,26 @@ public final class OpenSsl {

            Set<String> protocols = new LinkedHashSet<String>(6);
            // Seems like there is no way to explicitly disable SSLv2Hello in openssl so it is always enabled
-            protocols.add(PROTOCOL_SSL_V2_HELLO);
+            protocols.add(SslProtocols.SSL_v2_HELLO);
            if (doesSupportProtocol(SSL.SSL_PROTOCOL_SSLV2, SSL.SSL_OP_NO_SSLv2)) {
-                protocols.add(PROTOCOL_SSL_V2);
+                protocols.add(SslProtocols.SSL_v2);
            }
            if (doesSupportProtocol(SSL.SSL_PROTOCOL_SSLV3, SSL.SSL_OP_NO_SSLv3)) {
-                protocols.add(PROTOCOL_SSL_V3);
+                protocols.add(SslProtocols.SSL_v3);
            }
            if (doesSupportProtocol(SSL.SSL_PROTOCOL_TLSV1, SSL.SSL_OP_NO_TLSv1)) {
-                protocols.add(PROTOCOL_TLS_V1);
+                protocols.add(SslProtocols.TLS_v1);
            }
            if (doesSupportProtocol(SSL.SSL_PROTOCOL_TLSV1_1, SSL.SSL_OP_NO_TLSv1_1)) {
-                protocols.add(PROTOCOL_TLS_V1_1);
+                protocols.add(SslProtocols.TLS_v1_1);
            }
            if (doesSupportProtocol(SSL.SSL_PROTOCOL_TLSV1_2, SSL.SSL_OP_NO_TLSv1_2)) {
-                protocols.add(PROTOCOL_TLS_V1_2);
+                protocols.add(SslProtocols.TLS_v1_2);
            }

            // This is only supported by java11 and later.
            if (tlsv13Supported && doesSupportProtocol(SSL.SSL_PROTOCOL_TLSV1_3, SSL.SSL_OP_NO_TLSv1_3)) {
-                protocols.add(PROTOCOL_TLS_V1_3);
+                protocols.add(SslProtocols.TLS_v1_3);
                TLSV13_SUPPORTED = true;
            } else {
                TLSV13_SUPPORTED = false;
--- a/handler/src/main/java/io/netty/handler/ssl/OpenSslTlsv13X509ExtendedTrustManager.java
+++ b/handler/src/main/java/io/netty/handler/ssl/OpenSslTlsv13X509ExtendedTrustManager.java
@ -66,7 +66,7 @@ final class OpenSslTlsv13X509ExtendedTrustManager extends X509ExtendedTrustManag

    private static SSLEngine wrapEngine(final SSLEngine engine) {
        final SSLSession session = engine.getHandshakeSession();
-        if (session != null && SslUtils.PROTOCOL_TLS_V1_3.equals(session.getProtocol())) {
+        if (session != null && SslProtocols.TLS_v1_3.equals(session.getProtocol())) {
            return new JdkSslEngine(engine) {
                @Override
                public String getNegotiatedApplicationProtocol() {
@ -93,7 +93,7 @@ final class OpenSslTlsv13X509ExtendedTrustManager extends X509ExtendedTrustManag

                            @Override
                            public String getProtocol() {
-                                return SslUtils.PROTOCOL_TLS_V1_2;
+                                return SslProtocols.TLS_v1_2;
                            }
                        };
                    } else {
@ -181,7 +181,7 @@ final class OpenSslTlsv13X509ExtendedTrustManager extends X509ExtendedTrustManag

                            @Override
                            public String getProtocol() {
-                                return SslUtils.PROTOCOL_TLS_V1_2;
+                                return SslProtocols.TLS_v1_2;
                            }

                            @Override
--- a/handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslEngine.java
+++ b/handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslEngine.java
@ -65,13 +65,6 @@ import javax.net.ssl.SSLSessionBindingListener;
 import javax.security.cert.X509Certificate;

 import static io.netty.handler.ssl.OpenSsl.memoryAddress;
-import static io.netty.handler.ssl.SslUtils.PROTOCOL_SSL_V2;
-import static io.netty.handler.ssl.SslUtils.PROTOCOL_SSL_V2_HELLO;
-import static io.netty.handler.ssl.SslUtils.PROTOCOL_SSL_V3;
-import static io.netty.handler.ssl.SslUtils.PROTOCOL_TLS_V1;
-import static io.netty.handler.ssl.SslUtils.PROTOCOL_TLS_V1_1;
-import static io.netty.handler.ssl.SslUtils.PROTOCOL_TLS_V1_2;
-import static io.netty.handler.ssl.SslUtils.PROTOCOL_TLS_V1_3;
 import static io.netty.handler.ssl.SslUtils.SSL_RECORD_HEADER_LENGTH;
 import static io.netty.util.internal.ObjectUtil.checkNotNull;
 import static io.netty.util.internal.ObjectUtil.checkNotNullArrayParam;
@ -360,7 +353,7 @@ public class ReferenceCountedOpenSslEngine extends SSLEngine implements Referenc
                    SSL.setMode(ssl, SSL.getMode(ssl) | SSL.SSL_MODE_ENABLE_PARTIAL_WRITE);
                }

-                if (isProtocolEnabled(SSL.getOptions(ssl), SSL.SSL_OP_NO_TLSv1_3, PROTOCOL_TLS_V1_3)) {
+                if (isProtocolEnabled(SSL.getOptions(ssl), SSL.SSL_OP_NO_TLSv1_3, SslProtocols.TLS_v1_3)) {
                    final boolean enableTickets = clientMode ?
                            ReferenceCountedOpenSslContext.CLIENT_ENABLE_SESSION_TICKET_TLSV13 :
                            ReferenceCountedOpenSslContext.SERVER_ENABLE_SESSION_TICKET_TLSV13;
@ -1368,7 +1361,7 @@ public class ReferenceCountedOpenSslEngine extends SSLEngine implements Referenc
        if (!isDestroyed() && SSL.getHandshakeCount(ssl) > 1 &&
            // As we may count multiple handshakes when TLSv1.3 is used we should just ignore this here as
            // renegotiation is not supported in TLSv1.3 as per spec.
-            !SslUtils.PROTOCOL_TLS_V1_3.equals(session.getProtocol()) && handshakeState == HandshakeState.FINISHED) {
+            !SslProtocols.TLS_v1_3.equals(session.getProtocol()) && handshakeState == HandshakeState.FINISHED) {
            // TODO: In future versions me may also want to send a fatal_alert to the client and so notify it
            // that the renegotiation failed.
            shutdown();
@ -1556,7 +1549,7 @@ public class ReferenceCountedOpenSslEngine extends SSLEngine implements Referenc
            if (!isDestroyed()) {
                enabled = SSL.getCiphers(ssl);
                int opts = SSL.getOptions(ssl);
-                if (isProtocolEnabled(opts, SSL.SSL_OP_NO_TLSv1_3, PROTOCOL_TLS_V1_3)) {
+                if (isProtocolEnabled(opts, SSL.SSL_OP_NO_TLSv1_3, SslProtocols.TLS_v1_3)) {
                    extraCiphers = OpenSsl.EXTRA_SUPPORTED_TLS_1_3_CIPHERS;
                    tls13Enabled = true;
                } else {
@ -1618,16 +1611,16 @@ public class ReferenceCountedOpenSslEngine extends SSLEngine implements Referenc
                    // We have no ciphers that are compatible with none-TLSv1.3, let us explicit disable all other
                    // protocols.
                    if (cipherSuiteSpec.isEmpty()) {
-                        protocols.remove(PROTOCOL_TLS_V1);
-                        protocols.remove(PROTOCOL_TLS_V1_1);
-                        protocols.remove(PROTOCOL_TLS_V1_2);
-                        protocols.remove(PROTOCOL_SSL_V3);
-                        protocols.remove(PROTOCOL_SSL_V2);
-                        protocols.remove(PROTOCOL_SSL_V2_HELLO);
+                        protocols.remove(SslProtocols.TLS_v1);
+                        protocols.remove(SslProtocols.TLS_v1_1);
+                        protocols.remove(SslProtocols.TLS_v1_2);
+                        protocols.remove(SslProtocols.SSL_v3);
+                        protocols.remove(SslProtocols.SSL_v2);
+                        protocols.remove(SslProtocols.SSL_v2_HELLO);
                    }
                    // We have no ciphers that are compatible with TLSv1.3, let us explicit disable it.
                    if (cipherSuiteSpecTLSv13.isEmpty()) {
-                        protocols.remove(PROTOCOL_TLS_V1_3);
+                        protocols.remove(SslProtocols.TLS_v1_3);
                    }
                    // Update the protocols but not cache the value. We only cache when we call it from the user
                    // code or when we construct the engine.
@ -1650,7 +1643,7 @@ public class ReferenceCountedOpenSslEngine extends SSLEngine implements Referenc
    public final String[] getEnabledProtocols() {
        List<String> enabled = new ArrayList<String>(6);
        // Seems like there is no way to explicit disable SSLv2Hello in openssl so it is always enabled
-        enabled.add(PROTOCOL_SSL_V2_HELLO);
+        enabled.add(SslProtocols.SSL_v2_HELLO);

        int opts;
        synchronized (this) {
@ -1660,23 +1653,23 @@ public class ReferenceCountedOpenSslEngine extends SSLEngine implements Referenc
                return enabled.toArray(new String[0]);
            }
        }
-        if (isProtocolEnabled(opts, SSL.SSL_OP_NO_TLSv1, PROTOCOL_TLS_V1)) {
-            enabled.add(PROTOCOL_TLS_V1);
+        if (isProtocolEnabled(opts, SSL.SSL_OP_NO_TLSv1, SslProtocols.TLS_v1)) {
+            enabled.add(SslProtocols.TLS_v1);
        }
-        if (isProtocolEnabled(opts, SSL.SSL_OP_NO_TLSv1_1, PROTOCOL_TLS_V1_1)) {
-            enabled.add(PROTOCOL_TLS_V1_1);
+        if (isProtocolEnabled(opts, SSL.SSL_OP_NO_TLSv1_1, SslProtocols.TLS_v1_1)) {
+            enabled.add(SslProtocols.TLS_v1_1);
        }
-        if (isProtocolEnabled(opts, SSL.SSL_OP_NO_TLSv1_2, PROTOCOL_TLS_V1_2)) {
-            enabled.add(PROTOCOL_TLS_V1_2);
+        if (isProtocolEnabled(opts, SSL.SSL_OP_NO_TLSv1_2, SslProtocols.TLS_v1_2)) {
+            enabled.add(SslProtocols.TLS_v1_2);
        }
-        if (isProtocolEnabled(opts, SSL.SSL_OP_NO_TLSv1_3, PROTOCOL_TLS_V1_3)) {
-            enabled.add(PROTOCOL_TLS_V1_3);
+        if (isProtocolEnabled(opts, SSL.SSL_OP_NO_TLSv1_3, SslProtocols.TLS_v1_3)) {
+            enabled.add(SslProtocols.TLS_v1_3);
        }
-        if (isProtocolEnabled(opts, SSL.SSL_OP_NO_SSLv2, PROTOCOL_SSL_V2)) {
-            enabled.add(PROTOCOL_SSL_V2);
+        if (isProtocolEnabled(opts, SSL.SSL_OP_NO_SSLv2, SslProtocols.SSL_v2)) {
+            enabled.add(SslProtocols.SSL_v2);
        }
-        if (isProtocolEnabled(opts, SSL.SSL_OP_NO_SSLv3, PROTOCOL_SSL_V3)) {
-            enabled.add(PROTOCOL_SSL_V3);
+        if (isProtocolEnabled(opts, SSL.SSL_OP_NO_SSLv3, SslProtocols.SSL_v3)) {
+            enabled.add(SslProtocols.SSL_v3);
        }
        return enabled.toArray(new String[0]);
    }
@ -1710,42 +1703,42 @@ public class ReferenceCountedOpenSslEngine extends SSLEngine implements Referenc
            if (!OpenSsl.SUPPORTED_PROTOCOLS_SET.contains(p)) {
                throw new IllegalArgumentException("Protocol " + p + " is not supported.");
            }
-            if (p.equals(PROTOCOL_SSL_V2)) {
+            if (p.equals(SslProtocols.SSL_v2)) {
                if (minProtocolIndex > OPENSSL_OP_NO_PROTOCOL_INDEX_SSLV2) {
                    minProtocolIndex = OPENSSL_OP_NO_PROTOCOL_INDEX_SSLV2;
                }
                if (maxProtocolIndex < OPENSSL_OP_NO_PROTOCOL_INDEX_SSLV2) { // lgtm[java/constant-comparison]
                    maxProtocolIndex = OPENSSL_OP_NO_PROTOCOL_INDEX_SSLV2;
                }
-            } else if (p.equals(PROTOCOL_SSL_V3)) {
+            } else if (p.equals(SslProtocols.SSL_v3)) {
                if (minProtocolIndex > OPENSSL_OP_NO_PROTOCOL_INDEX_SSLV3) {
                    minProtocolIndex = OPENSSL_OP_NO_PROTOCOL_INDEX_SSLV3;
                }
                if (maxProtocolIndex < OPENSSL_OP_NO_PROTOCOL_INDEX_SSLV3) {
                    maxProtocolIndex = OPENSSL_OP_NO_PROTOCOL_INDEX_SSLV3;
                }
-            } else if (p.equals(PROTOCOL_TLS_V1)) {
+            } else if (p.equals(SslProtocols.TLS_v1)) {
                if (minProtocolIndex > OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1) {
                    minProtocolIndex = OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1;
                }
                if (maxProtocolIndex < OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1) {
                    maxProtocolIndex = OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1;
                }
-            } else if (p.equals(PROTOCOL_TLS_V1_1)) {
+            } else if (p.equals(SslProtocols.TLS_v1_1)) {
                if (minProtocolIndex > OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1_1) {
                    minProtocolIndex = OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1_1;
                }
                if (maxProtocolIndex < OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1_1) {
                    maxProtocolIndex = OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1_1;
                }
-            } else if (p.equals(PROTOCOL_TLS_V1_2)) {
+            } else if (p.equals(SslProtocols.TLS_v1_2)) {
                if (minProtocolIndex > OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1_2) {
                    minProtocolIndex = OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1_2;
                }
                if (maxProtocolIndex < OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1_2) {
                    maxProtocolIndex = OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1_2;
                }
-            } else if (p.equals(PROTOCOL_TLS_V1_3)) {
+            } else if (p.equals(SslProtocols.TLS_v1_3)) {
                if (minProtocolIndex > OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1_3) {
                    minProtocolIndex = OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1_3;
                }
--- a/handler/src/main/java/io/netty/handler/ssl/SslProtocols.java
+++ b/handler/src/main/java/io/netty/handler/ssl/SslProtocols.java
@ -0,0 +1,61 @@
+/*
+ * Copyright 2021 The Netty Project
+ *
+ * The Netty Project licenses this file to you under the Apache License,
+ * version 2.0 (the "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at:
+ *
+ *   https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+package io.netty.handler.ssl;
+
+/**
+ * SSL/TLS protocols
+ */
+public final class SslProtocols {
+
+    /**
+     * SSL v2 Hello
+     */
+    public static final String SSL_v2_HELLO = "SSLv2Hello";
+
+    /**
+     * SSL v2
+     */
+    public static final String SSL_v2 = "SSLv2";
+
+    /**
+     * SSLv3
+     */
+    public static final String SSL_v3 = "SSLv3";
+
+    /**
+     * TLS v1
+     */
+    public static final String TLS_v1 = "TLSv1";
+
+    /**
+     * TLS v1.1
+     */
+    public static final String TLS_v1_1 = "TLSv1.1";
+
+    /**
+     * TLS v1.2
+     */
+    public static final String TLS_v1_2 = "TLSv1.2";
+
+    /**
+     * TLS v1.3
+     */
+    public static final String TLS_v1_3 = "TLSv1.3";
+
+    private SslProtocols() {
+        // Prevent outside initialization
+    }
+}
--- a/handler/src/main/java/io/netty/handler/ssl/SslUtils.java
+++ b/handler/src/main/java/io/netty/handler/ssl/SslUtils.java
@ -56,14 +56,10 @@ final class SslUtils {
            asList("TLS_AES_256_GCM_SHA384", "TLS_CHACHA20_POLY1305_SHA256",
                          "TLS_AES_128_GCM_SHA256", "TLS_AES_128_CCM_8_SHA256",
                          "TLS_AES_128_CCM_SHA256")));
-    // Protocols
-    static final String PROTOCOL_SSL_V2_HELLO = "SSLv2Hello";
-    static final String PROTOCOL_SSL_V2 = "SSLv2";
-    static final String PROTOCOL_SSL_V3 = "SSLv3";
-    static final String PROTOCOL_TLS_V1 = "TLSv1";
-    static final String PROTOCOL_TLS_V1_1 = "TLSv1.1";
-    static final String PROTOCOL_TLS_V1_2 = "TLSv1.2";
-    static final String PROTOCOL_TLS_V1_3 = "TLSv1.3";
+
+    /**
+     * GMSSL Protocol Version
+     */
    static final int GMSSL_PROTOCOL_VERSION = 0x101;

    static final String INVALID_CIPHER = "SSL_NULL_WITH_NULL_NULL";
@ -157,7 +153,7 @@ final class SslUtils {
    private static boolean isTLSv13SupportedByJDK0(Provider provider) {
        try {
            return arrayContains(newInitContext(provider)
-                    .getSupportedSSLParameters().getProtocols(), PROTOCOL_TLS_V1_3);
+                    .getSupportedSSLParameters().getProtocols(), SslProtocols.TLS_v1_3);
        } catch (Throwable cause) {
            logger.debug("Unable to detect if JDK SSLEngine with provider {} supports TLSv1.3, assuming no",
                    provider, cause);
@ -178,7 +174,7 @@ final class SslUtils {
    private static boolean isTLSv13EnabledByJDK0(Provider provider) {
        try {
            return arrayContains(newInitContext(provider)
-                    .getDefaultSSLParameters().getProtocols(), PROTOCOL_TLS_V1_3);
+                    .getDefaultSSLParameters().getProtocols(), SslProtocols.TLS_v1_3);
        } catch (Throwable cause) {
            logger.debug("Unable to detect if JDK SSLEngine with provider {} enables TLSv1.3 by default," +
                    " assuming no", provider, cause);
@ -211,7 +207,7 @@ final class SslUtils {
    }

    private static String getTlsVersion() {
-        return TLSV1_3_JDK_SUPPORTED ? PROTOCOL_TLS_V1_3 : PROTOCOL_TLS_V1_2;
+        return TLSV1_3_JDK_SUPPORTED ? SslProtocols.TLS_v1_3 : SslProtocols.TLS_v1_2;
    }

    static boolean arrayContains(String[] array, String value) {
--- a/handler/src/test/java/io/netty/handler/ssl/CipherSuiteCanaryTest.java
+++ b/handler/src/test/java/io/netty/handler/ssl/CipherSuiteCanaryTest.java
@ -124,7 +124,7 @@ public class CipherSuiteCanaryTest {
                .sslProvider(serverSslProvider)
                .ciphers(ciphers)
                // As this is not a TLSv1.3 cipher we should ensure we talk something else.
-                .protocols(SslUtils.PROTOCOL_TLS_V1_2)
+                .protocols(SslProtocols.TLS_v1_2)
                .build();

        final ExecutorService executorService = delegate ? Executors.newCachedThreadPool() : null;
@ -134,7 +134,7 @@ public class CipherSuiteCanaryTest {
                    .sslProvider(clientSslProvider)
                    .ciphers(ciphers)
                    // As this is not a TLSv1.3 cipher we should ensure we talk something else.
-                    .protocols(SslUtils.PROTOCOL_TLS_V1_2)
+                    .protocols(SslProtocols.TLS_v1_2)
                    .trustManager(InsecureTrustManagerFactory.INSTANCE)
                    .build();

--- a/handler/src/test/java/io/netty/handler/ssl/CloseNotifyTest.java
+++ b/handler/src/test/java/io/netty/handler/ssl/CloseNotifyTest.java
@ -37,8 +37,6 @@ import javax.net.ssl.SSLSession;
 import static io.netty.buffer.ByteBufUtil.writeAscii;
 import static io.netty.buffer.Unpooled.EMPTY_BUFFER;
 import static io.netty.handler.codec.ByteToMessageDecoder.MERGE_CUMULATOR;
-import static io.netty.handler.ssl.SslUtils.PROTOCOL_TLS_V1_2;
-import static io.netty.handler.ssl.SslUtils.PROTOCOL_TLS_V1_3;
 import static java.nio.charset.StandardCharsets.US_ASCII;
 import static java.util.Arrays.asList;
 import static org.hamcrest.MatcherAssert.assertThat;
@ -62,10 +60,10 @@ public class CloseNotifyTest {

    static Collection<Object[]> data() {
        return asList(new Object[][] {
-                { SslProvider.JDK, PROTOCOL_TLS_V1_2 },
-                { SslProvider.JDK, PROTOCOL_TLS_V1_3 },
-                { SslProvider.OPENSSL, PROTOCOL_TLS_V1_2 },
-                { SslProvider.OPENSSL, PROTOCOL_TLS_V1_3 },
+                { SslProvider.JDK, SslProtocols.TLS_v1_2 },
+                { SslProvider.JDK, SslProtocols.TLS_v1_3 },
+                { SslProvider.OPENSSL, SslProtocols.TLS_v1_2 },
+                { SslProvider.OPENSSL, SslProtocols.TLS_v1_3 },
        });
    }

@ -75,7 +73,7 @@ public class CloseNotifyTest {
    public void eventsOrder(SslProvider provider, String protocol) throws Exception {
        assumeTrue(provider != SslProvider.OPENSSL || OpenSsl.isAvailable(), "OpenSSL is not available");

-        if (PROTOCOL_TLS_V1_3.equals(protocol)) {
+        if (SslProtocols.TLS_v1_3.equals(protocol)) {
            // Ensure we support TLSv1.3
            assumeTrue(SslProvider.isTlsv13Supported(provider));
        }
@ -144,7 +142,7 @@ public class CloseNotifyTest {
    }

    private static boolean jdkTls13(SslProvider provider, String protocol) {
-        return provider == SslProvider.JDK && PROTOCOL_TLS_V1_3.equals(protocol);
+        return provider == SslProvider.JDK && SslProtocols.TLS_v1_3.equals(protocol);
    }

    private static EmbeddedChannel initChannel(SslProvider provider, String protocol, final boolean useClientMode,
--- a/handler/src/test/java/io/netty/handler/ssl/DelegatingSslContextTest.java
+++ b/handler/src/test/java/io/netty/handler/ssl/DelegatingSslContextTest.java
@ -25,7 +25,7 @@ import javax.net.ssl.SSLEngine;
 import static org.junit.jupiter.api.Assertions.assertArrayEquals;

 public class DelegatingSslContextTest {
-    private static final String[] EXPECTED_PROTOCOLS = { SslUtils.PROTOCOL_TLS_V1_1 };
+    private static final String[] EXPECTED_PROTOCOLS = { SslProtocols.TLS_v1_1 };

    @Test
    public void testInitEngineOnNewEngine() throws Exception {
--- a/handler/src/test/java/io/netty/handler/ssl/JdkSslEngineTest.java
+++ b/handler/src/test/java/io/netty/handler/ssl/JdkSslEngineTest.java
@ -299,7 +299,7 @@ public class JdkSslEngineTest extends SSLEngineTest {

    @Test
    public void testEnablingAnAlreadyDisabledSslProtocol() throws Exception {
-        testEnablingAnAlreadyDisabledSslProtocol(new String[]{}, new String[]{ SslUtils.PROTOCOL_TLS_V1_2 });
+        testEnablingAnAlreadyDisabledSslProtocol(new String[]{}, new String[]{ SslProtocols.TLS_v1_2 });
    }

    @Ignore /* Does the JDK support a "max certificate chain length"? */
--- a/handler/src/test/java/io/netty/handler/ssl/OpenSslEngineTest.java
+++ b/handler/src/test/java/io/netty/handler/ssl/OpenSslEngineTest.java
@ -58,11 +58,6 @@ import java.util.Set;

 import static io.netty.handler.ssl.OpenSslTestUtils.checkShouldUseKeyManagerFactory;
 import static io.netty.handler.ssl.ReferenceCountedOpenSslEngine.MAX_PLAINTEXT_LENGTH;
-import static io.netty.handler.ssl.SslUtils.PROTOCOL_SSL_V2_HELLO;
-import static io.netty.handler.ssl.SslUtils.PROTOCOL_SSL_V3;
-import static io.netty.handler.ssl.SslUtils.PROTOCOL_TLS_V1;
-import static io.netty.handler.ssl.SslUtils.PROTOCOL_TLS_V1_1;
-import static io.netty.handler.ssl.SslUtils.PROTOCOL_TLS_V1_2;
 import static io.netty.internal.tcnative.SSL.SSL_CVERIFY_IGNORED;
 import static java.lang.Integer.MAX_VALUE;
 import static org.junit.Assert.assertArrayEquals;
@ -241,8 +236,8 @@ public class OpenSslEngineTest extends SSLEngineTest {

    @Test
    public void testEnablingAnAlreadyDisabledSslProtocol() throws Exception {
-        testEnablingAnAlreadyDisabledSslProtocol(new String[]{PROTOCOL_SSL_V2_HELLO},
-            new String[]{PROTOCOL_SSL_V2_HELLO, PROTOCOL_TLS_V1_2});
+        testEnablingAnAlreadyDisabledSslProtocol(new String[]{SslProtocols.SSL_v2_HELLO},
+            new String[]{SslProtocols.SSL_v2_HELLO, SslProtocols.TLS_v1_2});
    }
    @Test
    public void testWrapBuffersNoWritePendingError() throws Exception {
@ -546,24 +541,24 @@ public class OpenSslEngineTest extends SSLEngineTest {
                                        .sslProvider(sslServerProvider())
                                        .build());

-        testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "AES128-SHA");
-        testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "ECDHE-RSA-AES128-SHA");
-        testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "DES-CBC3-SHA");
-        testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "AECDH-DES-CBC3-SHA");
-        testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "CAMELLIA128-SHA");
-        testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "SEED-SHA");
-        testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "RC4-MD5");
-        testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "AES256-SHA");
-        testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "ADH-DES-CBC3-SHA");
-        testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "EDH-RSA-DES-CBC3-SHA");
-        testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "ADH-RC4-MD5");
-        testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "IDEA-CBC-SHA");
-        testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "RC4-SHA");
-        testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "CAMELLIA256-SHA");
-        testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "AECDH-RC4-SHA");
-        testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "ECDHE-RSA-DES-CBC3-SHA");
-        testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "ECDHE-RSA-AES256-SHA");
-        testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "ECDHE-RSA-RC4-SHA");
+        testWrapWithDifferentSizes(SslProtocols.TLS_v1, "AES128-SHA");
+        testWrapWithDifferentSizes(SslProtocols.TLS_v1, "ECDHE-RSA-AES128-SHA");
+        testWrapWithDifferentSizes(SslProtocols.TLS_v1, "DES-CBC3-SHA");
+        testWrapWithDifferentSizes(SslProtocols.TLS_v1, "AECDH-DES-CBC3-SHA");
+        testWrapWithDifferentSizes(SslProtocols.TLS_v1, "CAMELLIA128-SHA");
+        testWrapWithDifferentSizes(SslProtocols.TLS_v1, "SEED-SHA");
+        testWrapWithDifferentSizes(SslProtocols.TLS_v1, "RC4-MD5");
+        testWrapWithDifferentSizes(SslProtocols.TLS_v1, "AES256-SHA");
+        testWrapWithDifferentSizes(SslProtocols.TLS_v1, "ADH-DES-CBC3-SHA");
+        testWrapWithDifferentSizes(SslProtocols.TLS_v1, "EDH-RSA-DES-CBC3-SHA");
+        testWrapWithDifferentSizes(SslProtocols.TLS_v1, "ADH-RC4-MD5");
+        testWrapWithDifferentSizes(SslProtocols.TLS_v1, "IDEA-CBC-SHA");
+        testWrapWithDifferentSizes(SslProtocols.TLS_v1, "RC4-SHA");
+        testWrapWithDifferentSizes(SslProtocols.TLS_v1, "CAMELLIA256-SHA");
+        testWrapWithDifferentSizes(SslProtocols.TLS_v1, "AECDH-RC4-SHA");
+        testWrapWithDifferentSizes(SslProtocols.TLS_v1, "ECDHE-RSA-DES-CBC3-SHA");
+        testWrapWithDifferentSizes(SslProtocols.TLS_v1, "ECDHE-RSA-AES256-SHA");
+        testWrapWithDifferentSizes(SslProtocols.TLS_v1, "ECDHE-RSA-RC4-SHA");
    }

    @Test
@ -577,21 +572,21 @@ public class OpenSslEngineTest extends SSLEngineTest {
                                        .sslProvider(sslServerProvider())
                                        .build());

-        testWrapWithDifferentSizes(PROTOCOL_TLS_V1_1, "ECDHE-RSA-AES256-SHA");
-        testWrapWithDifferentSizes(PROTOCOL_TLS_V1_1, "AES256-SHA");
-        testWrapWithDifferentSizes(PROTOCOL_TLS_V1_1, "CAMELLIA256-SHA");
-        testWrapWithDifferentSizes(PROTOCOL_TLS_V1_1, "ECDHE-RSA-AES256-SHA");
-        testWrapWithDifferentSizes(PROTOCOL_TLS_V1_1, "SEED-SHA");
-        testWrapWithDifferentSizes(PROTOCOL_TLS_V1_1, "CAMELLIA128-SHA");
-        testWrapWithDifferentSizes(PROTOCOL_TLS_V1_1, "IDEA-CBC-SHA");
-        testWrapWithDifferentSizes(PROTOCOL_TLS_V1_1, "AECDH-RC4-SHA");
-        testWrapWithDifferentSizes(PROTOCOL_TLS_V1_1, "ADH-RC4-MD5");
-        testWrapWithDifferentSizes(PROTOCOL_TLS_V1_1, "RC4-SHA");
-        testWrapWithDifferentSizes(PROTOCOL_TLS_V1_1, "ECDHE-RSA-DES-CBC3-SHA");
-        testWrapWithDifferentSizes(PROTOCOL_TLS_V1_1, "EDH-RSA-DES-CBC3-SHA");
-        testWrapWithDifferentSizes(PROTOCOL_TLS_V1_1, "AECDH-DES-CBC3-SHA");
-        testWrapWithDifferentSizes(PROTOCOL_TLS_V1_1, "ADH-DES-CBC3-SHA");
-        testWrapWithDifferentSizes(PROTOCOL_TLS_V1_1, "DES-CBC3-SHA");
+        testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "ECDHE-RSA-AES256-SHA");
+        testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "AES256-SHA");
+        testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "CAMELLIA256-SHA");
+        testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "ECDHE-RSA-AES256-SHA");
+        testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "SEED-SHA");
+        testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "CAMELLIA128-SHA");
+        testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "IDEA-CBC-SHA");
+        testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "AECDH-RC4-SHA");
+        testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "ADH-RC4-MD5");
+        testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "RC4-SHA");
+        testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "ECDHE-RSA-DES-CBC3-SHA");
+        testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "EDH-RSA-DES-CBC3-SHA");
+        testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "AECDH-DES-CBC3-SHA");
+        testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "ADH-DES-CBC3-SHA");
+        testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "DES-CBC3-SHA");
    }

    @Test
@ -605,31 +600,31 @@ public class OpenSslEngineTest extends SSLEngineTest {
                .sslProvider(sslServerProvider())
                .build());

-        testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "AES128-SHA");
-        testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "ECDHE-RSA-AES128-SHA");
-        testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "DES-CBC3-SHA");
-        testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "AES128-GCM-SHA256");
-        testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "ECDHE-RSA-AES256-SHA384");
-        testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "AECDH-DES-CBC3-SHA");
-        testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "AES256-GCM-SHA384");
-        testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "AES256-SHA256");
-        testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "ECDHE-RSA-AES128-GCM-SHA256");
-        testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "ECDHE-RSA-AES128-SHA256");
-        testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "CAMELLIA128-SHA");
-        testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "SEED-SHA");
-        testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "RC4-MD5");
-        testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "AES256-SHA");
-        testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "ADH-DES-CBC3-SHA");
-        testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "EDH-RSA-DES-CBC3-SHA");
-        testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "ADH-RC4-MD5");
-        testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "RC4-SHA");
-        testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "CAMELLIA256-SHA");
-        testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "AES128-SHA256");
-        testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "AECDH-RC4-SHA");
-        testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "ECDHE-RSA-DES-CBC3-SHA");
-        testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "ECDHE-RSA-AES256-GCM-SHA384");
-        testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "ECDHE-RSA-AES256-SHA");
-        testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "ECDHE-RSA-RC4-SHA");
+        testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "AES128-SHA");
+        testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "ECDHE-RSA-AES128-SHA");
+        testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "DES-CBC3-SHA");
+        testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "AES128-GCM-SHA256");
+        testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "ECDHE-RSA-AES256-SHA384");
+        testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "AECDH-DES-CBC3-SHA");
+        testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "AES256-GCM-SHA384");
+        testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "AES256-SHA256");
+        testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "ECDHE-RSA-AES128-GCM-SHA256");
+        testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "ECDHE-RSA-AES128-SHA256");
+        testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "CAMELLIA128-SHA");
+        testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "SEED-SHA");
+        testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "RC4-MD5");
+        testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "AES256-SHA");
+        testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "ADH-DES-CBC3-SHA");
+        testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "EDH-RSA-DES-CBC3-SHA");
+        testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "ADH-RC4-MD5");
+        testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "RC4-SHA");
+        testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "CAMELLIA256-SHA");
+        testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "AES128-SHA256");
+        testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "AECDH-RC4-SHA");
+        testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "ECDHE-RSA-DES-CBC3-SHA");
+        testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "ECDHE-RSA-AES256-GCM-SHA384");
+        testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "ECDHE-RSA-AES256-SHA");
+        testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "ECDHE-RSA-RC4-SHA");
    }

    @Test
@ -643,31 +638,31 @@ public class OpenSslEngineTest extends SSLEngineTest {
                .sslProvider(sslServerProvider())
                .build());

-        testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "ADH-AES128-SHA");
-        testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "ADH-CAMELLIA128-SHA");
-        testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "AECDH-AES128-SHA");
-        testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "AECDH-DES-CBC3-SHA");
-        testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "CAMELLIA128-SHA");
-        testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "DHE-RSA-AES256-SHA");
-        testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "SEED-SHA");
-        testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "RC4-MD5");
-        testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "ADH-AES256-SHA");
-        testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "ADH-SEED-SHA");
-        testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "ADH-DES-CBC3-SHA");
-        testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "EDH-RSA-DES-CBC3-SHA");
-        testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "ADH-RC4-MD5");
-        testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "IDEA-CBC-SHA");
-        testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "DHE-RSA-AES128-SHA");
-        testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "RC4-SHA");
-        testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "CAMELLIA256-SHA");
-        testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "AECDH-RC4-SHA");
-        testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "DHE-RSA-SEED-SHA");
-        testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "AECDH-AES256-SHA");
-        testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "ECDHE-RSA-DES-CBC3-SHA");
-        testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "ADH-CAMELLIA256-SHA");
-        testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "DHE-RSA-CAMELLIA256-SHA");
-        testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "DHE-RSA-CAMELLIA128-SHA");
-        testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "ECDHE-RSA-RC4-SHA");
+        testWrapWithDifferentSizes(SslProtocols.SSL_v3, "ADH-AES128-SHA");
+        testWrapWithDifferentSizes(SslProtocols.SSL_v3, "ADH-CAMELLIA128-SHA");
+        testWrapWithDifferentSizes(SslProtocols.SSL_v3, "AECDH-AES128-SHA");
+        testWrapWithDifferentSizes(SslProtocols.SSL_v3, "AECDH-DES-CBC3-SHA");
+        testWrapWithDifferentSizes(SslProtocols.SSL_v3, "CAMELLIA128-SHA");
+        testWrapWithDifferentSizes(SslProtocols.SSL_v3, "DHE-RSA-AES256-SHA");
+        testWrapWithDifferentSizes(SslProtocols.SSL_v3, "SEED-SHA");
+        testWrapWithDifferentSizes(SslProtocols.SSL_v3, "RC4-MD5");
+        testWrapWithDifferentSizes(SslProtocols.SSL_v3, "ADH-AES256-SHA");
+        testWrapWithDifferentSizes(SslProtocols.SSL_v3, "ADH-SEED-SHA");
+        testWrapWithDifferentSizes(SslProtocols.SSL_v3, "ADH-DES-CBC3-SHA");
+        testWrapWithDifferentSizes(SslProtocols.SSL_v3, "EDH-RSA-DES-CBC3-SHA");
+        testWrapWithDifferentSizes(SslProtocols.SSL_v3, "ADH-RC4-MD5");
+        testWrapWithDifferentSizes(SslProtocols.SSL_v3, "IDEA-CBC-SHA");
+        testWrapWithDifferentSizes(SslProtocols.SSL_v3, "DHE-RSA-AES128-SHA");
+        testWrapWithDifferentSizes(SslProtocols.SSL_v3, "RC4-SHA");
+        testWrapWithDifferentSizes(SslProtocols.SSL_v3, "CAMELLIA256-SHA");
+        testWrapWithDifferentSizes(SslProtocols.SSL_v3, "AECDH-RC4-SHA");
+        testWrapWithDifferentSizes(SslProtocols.SSL_v3, "DHE-RSA-SEED-SHA");
+        testWrapWithDifferentSizes(SslProtocols.SSL_v3, "AECDH-AES256-SHA");
+        testWrapWithDifferentSizes(SslProtocols.SSL_v3, "ECDHE-RSA-DES-CBC3-SHA");
+        testWrapWithDifferentSizes(SslProtocols.SSL_v3, "ADH-CAMELLIA256-SHA");
+        testWrapWithDifferentSizes(SslProtocols.SSL_v3, "DHE-RSA-CAMELLIA256-SHA");
+        testWrapWithDifferentSizes(SslProtocols.SSL_v3, "DHE-RSA-CAMELLIA128-SHA");
+        testWrapWithDifferentSizes(SslProtocols.SSL_v3, "ECDHE-RSA-RC4-SHA");
    }

    @Test
@ -1394,22 +1389,22 @@ public class OpenSslEngineTest extends SSLEngineTest {

    @Test
    public void testDefaultTLS1NotAcceptedByDefaultServer() throws Exception {
-        testDefaultTLS1NotAcceptedByDefault(null, PROTOCOL_TLS_V1);
+        testDefaultTLS1NotAcceptedByDefault(null, SslProtocols.TLS_v1);
    }

    @Test
    public void testDefaultTLS11NotAcceptedByDefaultServer() throws Exception {
-        testDefaultTLS1NotAcceptedByDefault(null, PROTOCOL_TLS_V1_1);
+        testDefaultTLS1NotAcceptedByDefault(null, SslProtocols.TLS_v1_1);
    }

    @Test
    public void testDefaultTLS1NotAcceptedByDefaultClient() throws Exception {
-        testDefaultTLS1NotAcceptedByDefault(PROTOCOL_TLS_V1, null);
+        testDefaultTLS1NotAcceptedByDefault(SslProtocols.TLS_v1, null);
    }

    @Test
    public void testDefaultTLS11NotAcceptedByDefaultClient() throws Exception {
-        testDefaultTLS1NotAcceptedByDefault(PROTOCOL_TLS_V1_1, null);
+        testDefaultTLS1NotAcceptedByDefault(SslProtocols.TLS_v1_1, null);
    }

    private void testDefaultTLS1NotAcceptedByDefault(String clientProtocol, String serverProtocol) throws Exception {
--- a/handler/src/test/java/io/netty/handler/ssl/OpenSslPrivateKeyMethodTest.java
+++ b/handler/src/test/java/io/netty/handler/ssl/OpenSslPrivateKeyMethodTest.java
@ -145,7 +145,7 @@ public class OpenSslPrivateKeyMethodTest {
                .sslProvider(SslProvider.OPENSSL)
                .ciphers(ciphers)
                // As this is not a TLSv1.3 cipher we should ensure we talk something else.
-                .protocols(SslUtils.PROTOCOL_TLS_V1_2)
+                .protocols(SslProtocols.TLS_v1_2)
                .option(OpenSslContextOption.PRIVATE_KEY_METHOD, method)
                .build();
    }
@ -155,7 +155,7 @@ public class OpenSslPrivateKeyMethodTest {
                .sslProvider(SslProvider.JDK)
                .ciphers(Collections.singletonList(RFC_CIPHER_NAME))
                // As this is not a TLSv1.3 cipher we should ensure we talk something else.
-                .protocols(SslUtils.PROTOCOL_TLS_V1_2)
+                .protocols(SslProtocols.TLS_v1_2)
                .trustManager(InsecureTrustManagerFactory.INSTANCE)
                .build();
    }
--- a/handler/src/test/java/io/netty/handler/ssl/OpenSslServerContextTest.java
+++ b/handler/src/test/java/io/netty/handler/ssl/OpenSslServerContextTest.java
@ -13,17 +13,13 @@
 * License for the specific language governing permissions and limitations
 * under the License.
 */
-
 package io.netty.handler.ssl;

-import org.junit.Assume;
 import org.junit.BeforeClass;

 import javax.net.ssl.SSLException;
 import java.io.File;

-import static org.junit.Assume.assumeTrue;
-
 public class OpenSslServerContextTest extends SslContextTest {

    @BeforeClass
--- a/handler/src/test/java/io/netty/handler/ssl/ParameterizedSslHandlerTest.java
+++ b/handler/src/test/java/io/netty/handler/ssl/ParameterizedSslHandlerTest.java
@ -405,7 +405,7 @@ public class ParameterizedSslHandlerTest {
                                                         // Use TLSv1.2 as we depend on the fact that the handshake
                                                         // is done in an extra round trip in the test which
                                                         // is not true in TLSv1.3
-                                                         .protocols(SslUtils.PROTOCOL_TLS_V1_2)
+                                                         .protocols(SslProtocols.TLS_v1_2)
                                                         .build();

        final SslContext sslClientCtx = SslContextBuilder.forClient()
@ -414,7 +414,7 @@ public class ParameterizedSslHandlerTest {
                                                         // Use TLSv1.2 as we depend on the fact that the handshake
                                                         // is done in an extra round trip in the test which
                                                         // is not true in TLSv1.3
-                                                         .protocols(SslUtils.PROTOCOL_TLS_V1_2)
+                                                         .protocols(SslProtocols.TLS_v1_2)
                                                         .build();

        EventLoopGroup group = new NioEventLoopGroup();
--- a/handler/src/test/java/io/netty/handler/ssl/RenegotiateTest.java
+++ b/handler/src/test/java/io/netty/handler/ssl/RenegotiateTest.java
@ -50,7 +50,7 @@ public abstract class RenegotiateTest {
        try {
            final SslContext context = SslContextBuilder.forServer(cert.key(), cert.cert())
                    .sslProvider(serverSslProvider())
-                    .protocols(SslUtils.PROTOCOL_TLS_V1_2)
+                    .protocols(SslProtocols.TLS_v1_2)
                    .build();

            ServerBootstrap sb = new ServerBootstrap();
@ -105,7 +105,7 @@ public abstract class RenegotiateTest {
            final SslContext clientContext = SslContextBuilder.forClient()
                    .trustManager(InsecureTrustManagerFactory.INSTANCE)
                    .sslProvider(SslProvider.JDK)
-                    .protocols(SslUtils.PROTOCOL_TLS_V1_2)
+                    .protocols(SslProtocols.TLS_v1_2)
                    .build();

            Bootstrap bootstrap = new Bootstrap();
--- a/handler/src/test/java/io/netty/handler/ssl/SSLEngineTest.java
+++ b/handler/src/test/java/io/netty/handler/ssl/SSLEngineTest.java
@ -184,9 +184,9 @@ public abstract class SSLEngineTest {

    static final class ProtocolCipherCombo {
        private static final ProtocolCipherCombo TLSV12 = new ProtocolCipherCombo(
-                PROTOCOL_TLS_V1_2, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256");
+                SslProtocols.TLS_v1_2, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256");
        private static final ProtocolCipherCombo TLSV13 = new ProtocolCipherCombo(
-                PROTOCOL_TLS_V1_3, "TLS_AES_128_GCM_SHA256");
+                SslProtocols.TLS_v1_3, "TLS_AES_128_GCM_SHA256");
        final String protocol;
        final String cipher;

@ -532,13 +532,13 @@ public abstract class SSLEngineTest {
        // due to no shared/supported cipher.
        clientSslCtx = wrapContext(SslContextBuilder.forClient()
                .trustManager(InsecureTrustManagerFactory.INSTANCE)
-                .protocols(PROTOCOL_TLS_V1_3, PROTOCOL_TLS_V1_2, PROTOCOL_TLS_V1)
+                .protocols(SslProtocols.TLS_v1_3, SslProtocols.TLS_v1_2, SslProtocols.TLS_v1)
                .sslContextProvider(clientSslContextProvider())
                .sslProvider(sslClientProvider())
                .build());

        serverSslCtx = wrapContext(SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
-                .protocols(PROTOCOL_TLS_V1_3, PROTOCOL_TLS_V1_2, PROTOCOL_TLS_V1)
+                .protocols(SslProtocols.TLS_v1_3, SslProtocols.TLS_v1_2, SslProtocols.TLS_v1)
                .sslContextProvider(serverSslContextProvider())
                .sslProvider(sslServerProvider())
                .build());
@ -1513,7 +1513,7 @@ public abstract class SSLEngineTest {
            assertArrayEquals(protocols1, enabledProtocols);

            // Enable a protocol that is currently disabled
-            sslEngine.setEnabledProtocols(new String[]{ PROTOCOL_TLS_V1_2 });
+            sslEngine.setEnabledProtocols(new String[]{ SslProtocols.TLS_v1_2 });

            // The protocol that was just enabled should be returned
            enabledProtocols = sslEngine.getEnabledProtocols();
@ -1584,7 +1584,7 @@ public abstract class SSLEngineTest {
            if (!clientHandshakeFinished ||
                // After the handshake completes it is possible we have more data that was send by the server as
                // the server will send session updates after the handshake. In this case continue to unwrap.
-                SslUtils.PROTOCOL_TLS_V1_3.equals(clientEngine.getSession().getProtocol())) {
+                SslProtocols.TLS_v1_3.equals(clientEngine.getSession().getProtocol())) {
                int clientAppReadBufferPos = clientAppReadBuffer.position();
                clientResult = clientEngine.unwrap(sTOc, clientAppReadBuffer);

@ -1700,7 +1700,7 @@ public abstract class SSLEngineTest {
            if (serverApn.protocol() == Protocol.NPN || serverApn.protocol() == Protocol.NPN_AND_ALPN) {
                // NPN is not really well supported with TLSv1.3 so force to use TLSv1.2
                // See https://github.com/openssl/openssl/issues/3665
-                serverCtxBuilder.protocols(PROTOCOL_TLS_V1_2);
+                serverCtxBuilder.protocols(SslProtocols.TLS_v1_2);
            }

            SslContextBuilder clientCtxBuilder = SslContextBuilder.forClient()
@ -1715,7 +1715,7 @@ public abstract class SSLEngineTest {
            if (clientApn.protocol() == Protocol.NPN || clientApn.protocol() == Protocol.NPN_AND_ALPN) {
                // NPN is not really well supported with TLSv1.3 so force to use TLSv1.2
                // See https://github.com/openssl/openssl/issues/3665
-                clientCtxBuilder.protocols(PROTOCOL_TLS_V1_2);
+                clientCtxBuilder.protocols(SslProtocols.TLS_v1_2);
            }

            setupHandlers(wrapContext(serverCtxBuilder.build()), wrapContext(clientCtxBuilder.build()));
@ -2043,9 +2043,9 @@ public abstract class SSLEngineTest {
        if (provider != null) {
            // conscrypt not correctly filters out TLSv1 and TLSv1.1 which is required now by the JDK.
            // https://github.com/google/conscrypt/issues/1013
-            return new String[] { PROTOCOL_TLS_V1_2 };
+            return new String[] { SslProtocols.TLS_v1_2 };
        }
-        return new String[] {PROTOCOL_TLS_V1_2, PROTOCOL_TLS_V1};
+        return new String[] {SslProtocols.TLS_v1_2, SslProtocols.TLS_v1};
    }

    @Test
@ -2333,7 +2333,7 @@ public abstract class SSLEngineTest {
                .sslContextProvider(clientSslContextProvider())
                .sslProvider(sslClientProvider())
                // This test only works for non TLSv1.3 for now
-                .protocols(PROTOCOL_TLS_V1_2)
+                .protocols(SslProtocols.TLS_v1_2)
                .build());
        SSLEngine client = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));

@ -2342,7 +2342,7 @@ public abstract class SSLEngineTest {
                .sslContextProvider(serverSslContextProvider())
                .sslProvider(sslServerProvider())
                // This test only works for non TLSv1.3 for now
-                .protocols(PROTOCOL_TLS_V1_2)
+                .protocols(SslProtocols.TLS_v1_2)
                .build());
        SSLEngine server = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));

@ -2803,12 +2803,13 @@ public abstract class SSLEngineTest {

    @Test
    public void testDisableProtocols() throws Exception {
-        testDisableProtocols(PROTOCOL_SSL_V2, PROTOCOL_SSL_V2);
-        testDisableProtocols(PROTOCOL_SSL_V3, PROTOCOL_SSL_V2, PROTOCOL_SSL_V3);
-        testDisableProtocols(PROTOCOL_TLS_V1, PROTOCOL_SSL_V2, PROTOCOL_SSL_V3, PROTOCOL_TLS_V1);
-        testDisableProtocols(PROTOCOL_TLS_V1_1, PROTOCOL_SSL_V2, PROTOCOL_SSL_V3, PROTOCOL_TLS_V1, PROTOCOL_TLS_V1_1);
-        testDisableProtocols(PROTOCOL_TLS_V1_2, PROTOCOL_SSL_V2,
-                PROTOCOL_SSL_V3, PROTOCOL_TLS_V1, PROTOCOL_TLS_V1_1, PROTOCOL_TLS_V1_2);
+        testDisableProtocols(SslProtocols.SSL_v2, SslProtocols.SSL_v2);
+        testDisableProtocols(SslProtocols.SSL_v3, SslProtocols.SSL_v2, SslProtocols.SSL_v3);
+        testDisableProtocols(SslProtocols.TLS_v1, SslProtocols.SSL_v2, SslProtocols.SSL_v3, SslProtocols.TLS_v1);
+        testDisableProtocols(SslProtocols.TLS_v1_1, SslProtocols.SSL_v2, SslProtocols.SSL_v3, SslProtocols.TLS_v1,
+                SslProtocols.TLS_v1_1);
+        testDisableProtocols(SslProtocols.TLS_v1_2, SslProtocols.SSL_v2,
+                SslProtocols.SSL_v3, SslProtocols.TLS_v1, SslProtocols.TLS_v1_1, SslProtocols.TLS_v1_2);
    }

    private void testDisableProtocols(String protocol, String... disabledProtocols) throws Exception {
@ -2832,7 +2833,7 @@ public abstract class SSLEngineTest {
                for (String disabled : disabledProtocols) {
                    supported.remove(disabled);
                }
-                if (supported.contains(PROTOCOL_SSL_V2_HELLO) && supported.size() == 1) {
+                if (supported.contains(SslProtocols.SSL_v2_HELLO) && supported.size() == 1) {
                    // It's not allowed to set only PROTOCOL_SSL_V2_HELLO if using JDK SSLEngine.
                    return;
                }
@ -4010,9 +4011,9 @@ public abstract class SSLEngineTest {
        }

        assertEquals(SslProvider.isTlsv13EnabledByDefault(sslClientProvider(), clientSslContextProvider()),
-                arrayContains(clientProtocols, PROTOCOL_TLS_V1_3));
+                arrayContains(clientProtocols, SslProtocols.TLS_v1_3));
        assertEquals(SslProvider.isTlsv13EnabledByDefault(sslServerProvider(), serverSslContextProvider()),
-                arrayContains(serverProtocols, PROTOCOL_TLS_V1_3));
+                arrayContains(serverProtocols, SslProtocols.TLS_v1_3));
    }

    protected SSLEngine wrapEngine(SSLEngine engine) {
--- a/handler/src/test/java/io/netty/handler/ssl/SniHandlerTest.java
+++ b/handler/src/test/java/io/netty/handler/ssl/SniHandlerTest.java
@ -611,7 +611,7 @@ public class SniHandlerTest {
     * This is a {@link SslHandler} that will call {@code release()} on the {@link SslContext} when
     * the client disconnects.
     *
-     * @see SniHandlerTest#testReplaceHandler()
+     * @see SniHandlerTest#testReplaceHandler(SslProvider)
     */
    private static class CustomSslHandler extends SslHandler {
        private final SslContext sslContext;
--- a/handler/src/test/java/io/netty/handler/ssl/SslHandlerTest.java
+++ b/handler/src/test/java/io/netty/handler/ssl/SslHandlerTest.java
@ -836,7 +836,7 @@ public class SslHandlerTest {
    @Timeout(value = 10000, unit = TimeUnit.MILLISECONDS)
    public void testHandshakeFailedByWriteBeforeChannelActive() throws Exception {
        final SslContext sslClientCtx = SslContextBuilder.forClient()
-                                                         .protocols(SslUtils.PROTOCOL_SSL_V3)
+                                                         .protocols(SslProtocols.SSL_v3)
                                                         .trustManager(InsecureTrustManagerFactory.INSTANCE)
                                                         .sslProvider(SslProvider.JDK).build();

@ -1145,27 +1145,27 @@ public class SslHandlerTest {
    @Test
    @Timeout(value = 5000, unit = TimeUnit.MILLISECONDS)
    public void testSessionTicketsWithTLSv12() throws Throwable {
-        testSessionTickets(SslProvider.OPENSSL, SslUtils.PROTOCOL_TLS_V1_2, true);
+        testSessionTickets(SslProvider.OPENSSL, SslProtocols.TLS_v1_2, true);
    }

    @Test
    @Timeout(value = 5000, unit = TimeUnit.MILLISECONDS)
    public void testSessionTicketsWithTLSv13() throws Throwable {
        assumeTrue(SslProvider.isTlsv13Supported(SslProvider.OPENSSL));
-        testSessionTickets(SslProvider.OPENSSL, SslUtils.PROTOCOL_TLS_V1_3, true);
+        testSessionTickets(SslProvider.OPENSSL, SslProtocols.TLS_v1_3, true);
    }

    @Test
    @Timeout(value = 5000, unit = TimeUnit.MILLISECONDS)
    public void testSessionTicketsWithTLSv12AndNoKey() throws Throwable {
-        testSessionTickets(SslProvider.OPENSSL, SslUtils.PROTOCOL_TLS_V1_2, false);
+        testSessionTickets(SslProvider.OPENSSL, SslProtocols.TLS_v1_2, false);
    }

    @Test
    @Timeout(value = 5000, unit = TimeUnit.MILLISECONDS)
    public void testSessionTicketsWithTLSv13AndNoKey() throws Throwable {
        assumeTrue(OpenSsl.isTlsv13Supported());
-        testSessionTickets(SslProvider.OPENSSL, SslUtils.PROTOCOL_TLS_V1_3, false);
+        testSessionTickets(SslProvider.OPENSSL, SslProtocols.TLS_v1_3, false);
    }

    private static void testSessionTickets(SslProvider provider, String protocol, boolean withKey) throws Throwable {
@ -1223,7 +1223,7 @@ public class SslHandlerTest {
                                        // This test only works for non TLSv1.3 as TLSv1.3 will establish sessions after
                                        // the handshake is done.
                                        // See https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_sess_set_get_cb.html
-                                        if (!SslUtils.PROTOCOL_TLS_V1_3.equals(engine.getSession().getProtocol())) {
+                                        if (!SslProtocols.TLS_v1_3.equals(engine.getSession().getProtocol())) {
                                            // First should not re-use the session
                                            try {
                                                assertEquals(handshakeCount > 1, engine.isSessionReused());
@ -1297,7 +1297,7 @@ public class SslHandlerTest {
            // This test only works for non TLSv1.3 as TLSv1.3 will establish sessions after
            // the handshake is done.
            // See https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_sess_set_get_cb.html
-            if (!SslUtils.PROTOCOL_TLS_V1_3.equals(engine.getSession().getProtocol())) {
+            if (!SslProtocols.TLS_v1_3.equals(engine.getSession().getProtocol())) {
                assertEquals(isReused, engine.isSessionReused());
            }
            Object obj = queue.take();
@ -1472,11 +1472,11 @@ public class SslHandlerTest {
        if (tls13) {
            clientCipher = "TLS_AES_128_GCM_SHA256";
            serverCipher = "TLS_AES_256_GCM_SHA384";
-            protocol = SslUtils.PROTOCOL_TLS_V1_3;
+            protocol = SslProtocols.TLS_v1_3;
        } else {
            clientCipher = "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256";
            serverCipher = "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384";
-            protocol = SslUtils.PROTOCOL_TLS_V1_2;
+            protocol = SslProtocols.TLS_v1_2;
        }
        final SslContext sslClientCtx = SslContextBuilder.forClient()
                .trustManager(InsecureTrustManagerFactory.INSTANCE)
@ -1566,26 +1566,26 @@ public class SslHandlerTest {

    @Test
    public void testHandshakeEventsTls12JDK() throws Exception {
-        testHandshakeEvents(SslProvider.JDK, SslUtils.PROTOCOL_TLS_V1_2);
+        testHandshakeEvents(SslProvider.JDK, SslProtocols.TLS_v1_2);
    }

    @Test
    public void testHandshakeEventsTls12Openssl() throws Exception {
        OpenSsl.ensureAvailability();
-        testHandshakeEvents(SslProvider.OPENSSL, SslUtils.PROTOCOL_TLS_V1_2);
+        testHandshakeEvents(SslProvider.OPENSSL, SslProtocols.TLS_v1_2);
    }

    @Test
    public void testHandshakeEventsTls13JDK() throws Exception {
        assumeTrue(SslProvider.isTlsv13Supported(SslProvider.JDK));
-        testHandshakeEvents(SslProvider.JDK, SslUtils.PROTOCOL_TLS_V1_3);
+        testHandshakeEvents(SslProvider.JDK, SslProtocols.TLS_v1_3);
    }

    @Test
    public void testHandshakeEventsTls13Openssl() throws Exception {
        OpenSsl.ensureAvailability();
        assumeTrue(SslProvider.isTlsv13Supported(SslProvider.OPENSSL));
-        testHandshakeEvents(SslProvider.OPENSSL, SslUtils.PROTOCOL_TLS_V1_3);
+        testHandshakeEvents(SslProvider.OPENSSL, SslProtocols.TLS_v1_3);
    }

    private void testHandshakeEvents(SslProvider provider, String protocol) throws Exception {