Use SslProtocols and Ciphers constant
This commit is contained in:
parent
0b2e955aff
commit
fac6c19958
758
handler/src/main/java/io/netty/handler/ssl/Ciphers.java
Normal file
758
handler/src/main/java/io/netty/handler/ssl/Ciphers.java
Normal file
@ -0,0 +1,758 @@
|
|||||||
|
/*
|
||||||
|
* Copyright 2021 The Netty Project
|
||||||
|
*
|
||||||
|
* The Netty Project licenses this file to you under the Apache License,
|
||||||
|
* version 2.0 (the "License"); you may not use this file except in compliance
|
||||||
|
* with the License. You may obtain a copy of the License at:
|
||||||
|
*
|
||||||
|
* https://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
* License for the specific language governing permissions and limitations
|
||||||
|
* under the License.
|
||||||
|
*/
|
||||||
|
package io.netty.handler.ssl;
|
||||||
|
|
||||||
|
import io.netty.util.internal.ObjectUtil;
|
||||||
|
|
||||||
|
import java.util.Arrays;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Cipher suites
|
||||||
|
*/
|
||||||
|
public final class Ciphers {
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_AES_256_GCM_SHA384
|
||||||
|
*/
|
||||||
|
public static final String TLS_AES_256_GCM_SHA384 = "TLS_AES_256_GCM_SHA384";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_CHACHA20_POLY1305_SHA256
|
||||||
|
*/
|
||||||
|
public static final String TLS_CHACHA20_POLY1305_SHA256 = "TLS_CHACHA20_POLY1305_SHA256";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_AES_128_GCM_SHA256
|
||||||
|
*/
|
||||||
|
public static final String TLS_AES_128_GCM_SHA256 = "TLS_AES_128_GCM_SHA256";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
|
||||||
|
*/
|
||||||
|
public static final String TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
|
||||||
|
*/
|
||||||
|
public static final String TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
|
||||||
|
*/
|
||||||
|
public static final String TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 = "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
|
||||||
|
*/
|
||||||
|
public static final String TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
|
||||||
|
*/
|
||||||
|
public static final String TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 =
|
||||||
|
"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
|
||||||
|
*/
|
||||||
|
public static final String TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 =
|
||||||
|
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
|
||||||
|
*/
|
||||||
|
public static final String TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_CCM8
|
||||||
|
*/
|
||||||
|
public static final String TLS_ECDHE_ECDSA_WITH_AES_256_CBC_CCM8 = "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_CCM8";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_CCM
|
||||||
|
*/
|
||||||
|
public static final String TLS_ECDHE_ECDSA_WITH_AES_256_CBC_CCM = "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_CCM";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_DHE_RSA_WITH_AES_256_CBC_CCM8
|
||||||
|
*/
|
||||||
|
public static final String TLS_DHE_RSA_WITH_AES_256_CBC_CCM8 = "TLS_DHE_RSA_WITH_AES_256_CBC_CCM8";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_DHE_RSA_WITH_AES_256_CBC_CCM
|
||||||
|
*/
|
||||||
|
public static final String TLS_DHE_RSA_WITH_AES_256_CBC_CCM = "TLS_DHE_RSA_WITH_AES_256_CBC_CCM";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_ECDHE_ECDSA_WITH_ARIA256_GCM_SHA384
|
||||||
|
*/
|
||||||
|
public static final String TLS_ECDHE_ECDSA_WITH_ARIA256_GCM_SHA384 = "TLS_ECDHE_ECDSA_WITH_ARIA256_GCM_SHA384";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_RSA_WITH_ECDHE_ARIA256_GCM_SHA384
|
||||||
|
*/
|
||||||
|
public static final String TLS_RSA_WITH_ECDHE_ARIA256_GCM_SHA384 = "TLS_RSA_WITH_ECDHE_ARIA256_GCM_SHA384";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_DHE_DSS_WITH_ARIA256_GCM_SHA384
|
||||||
|
*/
|
||||||
|
public static final String TLS_DHE_DSS_WITH_ARIA256_GCM_SHA384 = "TLS_DHE_DSS_WITH_ARIA256_GCM_SHA384";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_DHE_RSA_WITH_ARIA256_GCM_SHA384
|
||||||
|
*/
|
||||||
|
public static final String TLS_DHE_RSA_WITH_ARIA256_GCM_SHA384 = "TLS_DHE_RSA_WITH_ARIA256_GCM_SHA384";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_DH_anon_WITH_AES_256_GCM_SHA384
|
||||||
|
*/
|
||||||
|
public static final String TLS_DH_anon_WITH_AES_256_GCM_SHA384 = "TLS_DH_anon_WITH_AES_256_GCM_SHA384";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
|
||||||
|
*/
|
||||||
|
public static final String TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
|
||||||
|
*/
|
||||||
|
public static final String TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
|
||||||
|
*/
|
||||||
|
public static final String TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 = "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
|
||||||
|
*/
|
||||||
|
public static final String TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_CCM8
|
||||||
|
*/
|
||||||
|
public static final String TLS_ECDHE_ECDSA_WITH_AES_128_CBC_CCM8 = "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_CCM8";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_CCM
|
||||||
|
*/
|
||||||
|
public static final String TLS_ECDHE_ECDSA_WITH_AES_128_CBC_CCM = "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_CCM";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_DHE_RSA_WITH_AES_128_CBC_CCM8
|
||||||
|
*/
|
||||||
|
public static final String TLS_DHE_RSA_WITH_AES_128_CBC_CCM8 = "TLS_DHE_RSA_WITH_AES_128_CBC_CCM8";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_DHE_RSA_WITH_AES_128_CBC_CCM
|
||||||
|
*/
|
||||||
|
public static final String TLS_DHE_RSA_WITH_AES_128_CBC_CCM = "TLS_DHE_RSA_WITH_AES_128_CBC_CCM";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_ECDHE_ECDSA_WITH_ARIA128_GCM_SHA256
|
||||||
|
*/
|
||||||
|
public static final String TLS_ECDHE_ECDSA_WITH_ARIA128_GCM_SHA256 = "TLS_ECDHE_ECDSA_WITH_ARIA128_GCM_SHA256";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_RSA_WITH_ECDHE_ARIA128_GCM_SHA256
|
||||||
|
*/
|
||||||
|
public static final String TLS_RSA_WITH_ECDHE_ARIA128_GCM_SHA256 = "TLS_RSA_WITH_ECDHE_ARIA128_GCM_SHA256";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_DHE_DSS_WITH_ARIA128_GCM_SHA256
|
||||||
|
*/
|
||||||
|
public static final String TLS_DHE_DSS_WITH_ARIA128_GCM_SHA256 = "TLS_DHE_DSS_WITH_ARIA128_GCM_SHA256";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_DHE_RSA_WITH_ARIA128_GCM_SHA256
|
||||||
|
*/
|
||||||
|
public static final String TLS_DHE_RSA_WITH_ARIA128_GCM_SHA256 = "TLS_DHE_RSA_WITH_ARIA128_GCM_SHA256";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_DH_anon_WITH_AES_128_GCM_SHA256
|
||||||
|
*/
|
||||||
|
public static final String TLS_DH_anon_WITH_AES_128_GCM_SHA256 = "TLS_DH_anon_WITH_AES_128_GCM_SHA256";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
|
||||||
|
*/
|
||||||
|
public static final String TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 = "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
|
||||||
|
*/
|
||||||
|
public static final String TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 = "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
|
||||||
|
*/
|
||||||
|
public static final String TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
|
||||||
|
*/
|
||||||
|
public static final String TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 = "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_ECDHE_ECDSA_WITH_CAMELLIA256_SHA384
|
||||||
|
*/
|
||||||
|
public static final String TLS_ECDHE_ECDSA_WITH_CAMELLIA256_SHA384 = "TLS_ECDHE_ECDSA_WITH_CAMELLIA256_SHA384";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_ECDHE_RSA_WITH_CAMELLIA256_SHA384
|
||||||
|
*/
|
||||||
|
public static final String TLS_ECDHE_RSA_WITH_CAMELLIA256_SHA384 = "TLS_ECDHE_RSA_WITH_CAMELLIA256_SHA384";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_DHE_RSA_WITH_CAMELLIA256_SHA256
|
||||||
|
*/
|
||||||
|
public static final String TLS_DHE_RSA_WITH_CAMELLIA256_SHA256 = "TLS_DHE_RSA_WITH_CAMELLIA256_SHA256";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_DHE_DSS_WITH_CAMELLIA256_SHA256
|
||||||
|
*/
|
||||||
|
public static final String TLS_DHE_DSS_WITH_CAMELLIA256_SHA256 = "TLS_DHE_DSS_WITH_CAMELLIA256_SHA256";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_DH_anon_WITH_AES_256_CBC_SHA256
|
||||||
|
*/
|
||||||
|
public static final String TLS_DH_anon_WITH_AES_256_CBC_SHA256 = "TLS_DH_anon_WITH_AES_256_CBC_SHA256";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_DH_anon_WITH_CAMELLIA256_SHA256
|
||||||
|
*/
|
||||||
|
public static final String TLS_DH_anon_WITH_CAMELLIA256_SHA256 = "TLS_DH_anon_WITH_CAMELLIA256_SHA256";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
|
||||||
|
*/
|
||||||
|
public static final String TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
|
||||||
|
*/
|
||||||
|
public static final String TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
|
||||||
|
*/
|
||||||
|
public static final String TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
|
||||||
|
*/
|
||||||
|
public static final String TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 = "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_ECDHE_ECDSA_WITH_CAMELLIA128_SHA256
|
||||||
|
*/
|
||||||
|
public static final String TLS_ECDHE_ECDSA_WITH_CAMELLIA128_SHA256 = "TLS_ECDHE_ECDSA_WITH_CAMELLIA128_SHA256";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_ECDHE_RSA_WITH_CAMELLIA128_SHA256
|
||||||
|
*/
|
||||||
|
public static final String TLS_ECDHE_RSA_WITH_CAMELLIA128_SHA256 = "TLS_ECDHE_RSA_WITH_CAMELLIA128_SHA256";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_DHE_RSA_WITH_CAMELLIA128_SHA256
|
||||||
|
*/
|
||||||
|
public static final String TLS_DHE_RSA_WITH_CAMELLIA128_SHA256 = "TLS_DHE_RSA_WITH_CAMELLIA128_SHA256";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_DHE_DSS_WITH_CAMELLIA128_SHA256
|
||||||
|
*/
|
||||||
|
public static final String TLS_DHE_DSS_WITH_CAMELLIA128_SHA256 = "TLS_DHE_DSS_WITH_CAMELLIA128_SHA256";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_DH_anon_WITH_AES_128_CBC_SHA256
|
||||||
|
*/
|
||||||
|
public static final String TLS_DH_anon_WITH_AES_128_CBC_SHA256 = "TLS_DH_anon_WITH_AES_128_CBC_SHA256";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_DH_anon_WITH_CAMELLIA128_SHA256
|
||||||
|
*/
|
||||||
|
public static final String TLS_DH_anon_WITH_CAMELLIA128_SHA256 = "TLS_DH_anon_WITH_CAMELLIA128_SHA256";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
|
||||||
|
*/
|
||||||
|
public static final String TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
|
||||||
|
*/
|
||||||
|
public static final String TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_DHE_RSA_WITH_AES_256_CBC_SHA
|
||||||
|
*/
|
||||||
|
public static final String TLS_DHE_RSA_WITH_AES_256_CBC_SHA = "TLS_DHE_RSA_WITH_AES_256_CBC_SHA";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_DHE_DSS_WITH_AES_256_CBC_SHA
|
||||||
|
*/
|
||||||
|
public static final String TLS_DHE_DSS_WITH_AES_256_CBC_SHA = "TLS_DHE_DSS_WITH_AES_256_CBC_SHA";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_DHE_RSA_WITH_CAMELLIA256_SHA
|
||||||
|
*/
|
||||||
|
public static final String TLS_DHE_RSA_WITH_CAMELLIA256_SHA = "TLS_DHE_RSA_WITH_CAMELLIA256_SHA";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_DHE_DSS_WITH_CAMELLIA256_SHA
|
||||||
|
*/
|
||||||
|
public static final String TLS_DHE_DSS_WITH_CAMELLIA256_SHA = "TLS_DHE_DSS_WITH_CAMELLIA256_SHA";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_ECDH_anon_WITH_AES_256_CBC_SHA
|
||||||
|
*/
|
||||||
|
public static final String TLS_ECDH_anon_WITH_AES_256_CBC_SHA = "TLS_ECDH_anon_WITH_AES_256_CBC_SHA";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_DH_anon_WITH_AES_256_CBC_SHA
|
||||||
|
*/
|
||||||
|
public static final String TLS_DH_anon_WITH_AES_256_CBC_SHA = "TLS_DH_anon_WITH_AES_256_CBC_SHA";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_DH_anon_WITH_CAMELLIA256_SHA
|
||||||
|
*/
|
||||||
|
public static final String TLS_DH_anon_WITH_CAMELLIA256_SHA = "TLS_DH_anon_WITH_CAMELLIA256_SHA";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
|
||||||
|
*/
|
||||||
|
public static final String TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA = "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
|
||||||
|
*/
|
||||||
|
public static final String TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_DHE_RSA_WITH_AES_128_CBC_SHA
|
||||||
|
*/
|
||||||
|
public static final String TLS_DHE_RSA_WITH_AES_128_CBC_SHA = "TLS_DHE_RSA_WITH_AES_128_CBC_SHA";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_DHE_DSS_WITH_AES_128_CBC_SHA
|
||||||
|
*/
|
||||||
|
public static final String TLS_DHE_DSS_WITH_AES_128_CBC_SHA = "TLS_DHE_DSS_WITH_AES_128_CBC_SHA";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_DHE_RSA_WITH_SEED_SHA
|
||||||
|
*/
|
||||||
|
public static final String TLS_DHE_RSA_WITH_SEED_SHA = "TLS_DHE_RSA_WITH_SEED_SHA";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_DHE_DSS_WITH_SEED_SHA
|
||||||
|
*/
|
||||||
|
public static final String TLS_DHE_DSS_WITH_SEED_SHA = "TLS_DHE_DSS_WITH_SEED_SHA";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_DHE_RSA_WITH_CAMELLIA128_SHA
|
||||||
|
*/
|
||||||
|
public static final String TLS_DHE_RSA_WITH_CAMELLIA128_SHA = "TLS_DHE_RSA_WITH_CAMELLIA128_SHA";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_DHE_DSS_WITH_CAMELLIA128_SHA
|
||||||
|
*/
|
||||||
|
public static final String TLS_DHE_DSS_WITH_CAMELLIA128_SHA = "TLS_DHE_DSS_WITH_CAMELLIA128_SHA";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_ECDH_anon_WITH_AES_128_CBC_SHA
|
||||||
|
*/
|
||||||
|
public static final String TLS_ECDH_anon_WITH_AES_128_CBC_SHA = "TLS_ECDH_anon_WITH_AES_128_CBC_SHA";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_DH_anon_WITH_AES_128_CBC_SHA
|
||||||
|
*/
|
||||||
|
public static final String TLS_DH_anon_WITH_AES_128_CBC_SHA = "TLS_DH_anon_WITH_AES_128_CBC_SHA";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_DH_anon_WITH_SEED_SHA
|
||||||
|
*/
|
||||||
|
public static final String TLS_DH_anon_WITH_SEED_SHA = "TLS_DH_anon_WITH_SEED_SHA";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_DH_anon_WITH_CAMELLIA128_SHA
|
||||||
|
*/
|
||||||
|
public static final String TLS_DH_anon_WITH_CAMELLIA128_SHA = "TLS_DH_anon_WITH_CAMELLIA128_SHA";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
|
||||||
|
*/
|
||||||
|
public static final String TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 = "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
|
||||||
|
*/
|
||||||
|
public static final String TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 = "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256
|
||||||
|
*/
|
||||||
|
public static final String TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256 = "TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256
|
||||||
|
*/
|
||||||
|
public static final String TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 = "TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256
|
||||||
|
*/
|
||||||
|
public static final String TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 =
|
||||||
|
"TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_DHE_PSK_WITH_AES_256_CBC_CCM8
|
||||||
|
*/
|
||||||
|
public static final String TLS_DHE_PSK_WITH_AES_256_CBC_CCM8 = "TLS_DHE_PSK_WITH_AES_256_CBC_CCM8";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_DHE_PSK_WITH_AES_256_CBC_CCM
|
||||||
|
*/
|
||||||
|
public static final String TLS_DHE_PSK_WITH_AES_256_CBC_CCM = "TLS_DHE_PSK_WITH_AES_256_CBC_CCM";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_RSA_PSK_WITH_ARIA256_GCM_SHA384
|
||||||
|
*/
|
||||||
|
public static final String TLS_RSA_PSK_WITH_ARIA256_GCM_SHA384 = "TLS_RSA_PSK_WITH_ARIA256_GCM_SHA384";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_DHE_PSK_WITH_ARIA256_GCM_SHA384
|
||||||
|
*/
|
||||||
|
public static final String TLS_DHE_PSK_WITH_ARIA256_GCM_SHA384 = "TLS_DHE_PSK_WITH_ARIA256_GCM_SHA384";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_RSA_WITH_AES_256_GCM_SHA384
|
||||||
|
*/
|
||||||
|
public static final String TLS_RSA_WITH_AES_256_GCM_SHA384 = "TLS_RSA_WITH_AES_256_GCM_SHA384";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_RSA_WITH_AES_256_CBC_CCM8
|
||||||
|
*/
|
||||||
|
public static final String TLS_RSA_WITH_AES_256_CBC_CCM8 = "TLS_RSA_WITH_AES_256_CBC_CCM8";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_RSA_WITH_AES_256_CBC_CCM
|
||||||
|
*/
|
||||||
|
public static final String TLS_RSA_WITH_AES_256_CBC_CCM = "TLS_RSA_WITH_AES_256_CBC_CCM";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_RSA_WITH_ARIA256_GCM_SHA384
|
||||||
|
*/
|
||||||
|
public static final String TLS_RSA_WITH_ARIA256_GCM_SHA384 = "TLS_RSA_WITH_ARIA256_GCM_SHA384";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_PSK_WITH_AES_256_GCM_SHA384
|
||||||
|
*/
|
||||||
|
public static final String TLS_PSK_WITH_AES_256_GCM_SHA384 = "TLS_PSK_WITH_AES_256_GCM_SHA384";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_PSK_WITH_CHACHA20_POLY1305_SHA256
|
||||||
|
*/
|
||||||
|
public static final String TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 = "TLS_PSK_WITH_CHACHA20_POLY1305_SHA256";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_PSK_WITH_AES_256_CBC_CCM8
|
||||||
|
*/
|
||||||
|
public static final String TLS_PSK_WITH_AES_256_CBC_CCM8 = "TLS_PSK_WITH_AES_256_CBC_CCM8";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_PSK_WITH_AES_256_CBC_CCM
|
||||||
|
*/
|
||||||
|
public static final String TLS_PSK_WITH_AES_256_CBC_CCM = "TLS_PSK_WITH_AES_256_CBC_CCM";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_PSK_WITH_ARIA256_GCM_SHA384
|
||||||
|
*/
|
||||||
|
public static final String TLS_PSK_WITH_ARIA256_GCM_SHA384 = "TLS_PSK_WITH_ARIA256_GCM_SHA384";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
|
||||||
|
*/
|
||||||
|
public static final String TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 = "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
|
||||||
|
*/
|
||||||
|
public static final String TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 = "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_DHE_PSK_WITH_AES_128_CBC_CCM8
|
||||||
|
*/
|
||||||
|
public static final String TLS_DHE_PSK_WITH_AES_128_CBC_CCM8 = "TLS_DHE_PSK_WITH_AES_128_CBC_CCM8";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_DHE_PSK_WITH_AES_128_CBC_CCM
|
||||||
|
*/
|
||||||
|
public static final String TLS_DHE_PSK_WITH_AES_128_CBC_CCM = "TLS_DHE_PSK_WITH_AES_128_CBC_CCM";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_RSA_PSK_WITH_ARIA128_GCM_SHA256
|
||||||
|
*/
|
||||||
|
public static final String TLS_RSA_PSK_WITH_ARIA128_GCM_SHA256 = "TLS_RSA_PSK_WITH_ARIA128_GCM_SHA256";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_DHE_PSK_WITH_ARIA128_GCM_SHA256
|
||||||
|
*/
|
||||||
|
public static final String TLS_DHE_PSK_WITH_ARIA128_GCM_SHA256 = "TLS_DHE_PSK_WITH_ARIA128_GCM_SHA256";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_RSA_WITH_AES_128_GCM_SHA256
|
||||||
|
*/
|
||||||
|
public static final String TLS_RSA_WITH_AES_128_GCM_SHA256 = "TLS_RSA_WITH_AES_128_GCM_SHA256";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_RSA_WITH_AES_128_CBC_CCM8
|
||||||
|
*/
|
||||||
|
public static final String TLS_RSA_WITH_AES_128_CBC_CCM8 = "TLS_RSA_WITH_AES_128_CBC_CCM8";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_RSA_WITH_AES_128_CBC_CCM
|
||||||
|
*/
|
||||||
|
public static final String TLS_RSA_WITH_AES_128_CBC_CCM = "TLS_RSA_WITH_AES_128_CBC_CCM";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_RSA_WITH_ARIA128_GCM_SHA256
|
||||||
|
*/
|
||||||
|
public static final String TLS_RSA_WITH_ARIA128_GCM_SHA256 = "TLS_RSA_WITH_ARIA128_GCM_SHA256";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_PSK_WITH_AES_128_GCM_SHA256
|
||||||
|
*/
|
||||||
|
public static final String TLS_PSK_WITH_AES_128_GCM_SHA256 = "TLS_PSK_WITH_AES_128_GCM_SHA256";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_PSK_WITH_AES_128_CBC_CCM8
|
||||||
|
*/
|
||||||
|
public static final String TLS_PSK_WITH_AES_128_CBC_CCM8 = "TLS_PSK_WITH_AES_128_CBC_CCM8";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_PSK_WITH_AES_128_CBC_CCM
|
||||||
|
*/
|
||||||
|
public static final String TLS_PSK_WITH_AES_128_CBC_CCM = "TLS_PSK_WITH_AES_128_CBC_CCM";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_PSK_WITH_ARIA128_GCM_SHA256
|
||||||
|
*/
|
||||||
|
public static final String TLS_PSK_WITH_ARIA128_GCM_SHA256 = "TLS_PSK_WITH_ARIA128_GCM_SHA256";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_RSA_WITH_AES_256_CBC_SHA256
|
||||||
|
*/
|
||||||
|
public static final String TLS_RSA_WITH_AES_256_CBC_SHA256 = "TLS_RSA_WITH_AES_256_CBC_SHA256";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_RSA_WITH_CAMELLIA256_SHA256
|
||||||
|
*/
|
||||||
|
public static final String TLS_RSA_WITH_CAMELLIA256_SHA256 = "TLS_RSA_WITH_CAMELLIA256_SHA256";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_RSA_WITH_AES_128_CBC_SHA256
|
||||||
|
*/
|
||||||
|
public static final String TLS_RSA_WITH_AES_128_CBC_SHA256 = "TLS_RSA_WITH_AES_128_CBC_SHA256";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_RSA_WITH_CAMELLIA128_SHA256
|
||||||
|
*/
|
||||||
|
public static final String TLS_RSA_WITH_CAMELLIA128_SHA256 = "TLS_RSA_WITH_CAMELLIA128_SHA256";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
|
||||||
|
*/
|
||||||
|
public static final String TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 = "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
|
||||||
|
*/
|
||||||
|
public static final String TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA = "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_SRP_DSS_WITH_AES_256_CBC_SHA
|
||||||
|
*/
|
||||||
|
public static final String TLS_SRP_DSS_WITH_AES_256_CBC_SHA = "TLS_SRP_DSS_WITH_AES_256_CBC_SHA";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_SRP_RSA_WITH_AES_256_CBC_SHA
|
||||||
|
*/
|
||||||
|
public static final String TLS_SRP_RSA_WITH_AES_256_CBC_SHA = "TLS_SRP_RSA_WITH_AES_256_CBC_SHA";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_SRP_WITH_AES_256_CBC_SHA
|
||||||
|
*/
|
||||||
|
public static final String TLS_SRP_WITH_AES_256_CBC_SHA = "TLS_SRP_WITH_AES_256_CBC_SHA";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
|
||||||
|
*/
|
||||||
|
public static final String TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 = "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
|
||||||
|
*/
|
||||||
|
public static final String TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 = "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_RSA_PSK_WITH_AES_256_CBC_SHA
|
||||||
|
*/
|
||||||
|
public static final String TLS_RSA_PSK_WITH_AES_256_CBC_SHA = "TLS_RSA_PSK_WITH_AES_256_CBC_SHA";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_DHE_PSK_WITH_AES_256_CBC_SHA
|
||||||
|
*/
|
||||||
|
public static final String TLS_DHE_PSK_WITH_AES_256_CBC_SHA = "TLS_DHE_PSK_WITH_AES_256_CBC_SHA";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_ECDHE_PSK_WITH_CAMELLIA256_SHA384
|
||||||
|
*/
|
||||||
|
public static final String TLS_ECDHE_PSK_WITH_CAMELLIA256_SHA384 = "TLS_ECDHE_PSK_WITH_CAMELLIA256_SHA384";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_RSA_PSK_WITH_CAMELLIA256_SHA384
|
||||||
|
*/
|
||||||
|
public static final String TLS_RSA_PSK_WITH_CAMELLIA256_SHA384 = "TLS_RSA_PSK_WITH_CAMELLIA256_SHA384";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_DHE_PSK_WITH_CAMELLIA256_SHA384
|
||||||
|
*/
|
||||||
|
public static final String TLS_DHE_PSK_WITH_CAMELLIA256_SHA384 = "TLS_DHE_PSK_WITH_CAMELLIA256_SHA384";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_RSA_WITH_AES_256_CBC_SHA
|
||||||
|
*/
|
||||||
|
public static final String TLS_RSA_WITH_AES_256_CBC_SHA = "TLS_RSA_WITH_AES_256_CBC_SHA";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_RSA_WITH_CAMELLIA256_SHA
|
||||||
|
*/
|
||||||
|
public static final String TLS_RSA_WITH_CAMELLIA256_SHA = "TLS_RSA_WITH_CAMELLIA256_SHA";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_PSK_WITH_AES_256_CBC_SHA384
|
||||||
|
*/
|
||||||
|
public static final String TLS_PSK_WITH_AES_256_CBC_SHA384 = "TLS_PSK_WITH_AES_256_CBC_SHA384";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_PSK_WITH_AES_256_CBC_SHA
|
||||||
|
*/
|
||||||
|
public static final String TLS_PSK_WITH_AES_256_CBC_SHA = "TLS_PSK_WITH_AES_256_CBC_SHA";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_PSK_WITH_CAMELLIA256_SHA384
|
||||||
|
*/
|
||||||
|
public static final String TLS_PSK_WITH_CAMELLIA256_SHA384 = "TLS_PSK_WITH_CAMELLIA256_SHA384";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
|
||||||
|
*/
|
||||||
|
public static final String TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 = "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
|
||||||
|
*/
|
||||||
|
public static final String TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA = "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_SRP_DSS_WITH_AES_128_CBC_SHA
|
||||||
|
*/
|
||||||
|
public static final String TLS_SRP_DSS_WITH_AES_128_CBC_SHA = "TLS_SRP_DSS_WITH_AES_128_CBC_SHA";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_SRP_RSA_WITH_AES_128_CBC_SHA
|
||||||
|
*/
|
||||||
|
public static final String TLS_SRP_RSA_WITH_AES_128_CBC_SHA = "TLS_SRP_RSA_WITH_AES_128_CBC_SHA";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_SRP_WITH_AES_128_CBC_SHA
|
||||||
|
*/
|
||||||
|
public static final String TLS_SRP_WITH_AES_128_CBC_SHA = "TLS_SRP_WITH_AES_128_CBC_SHA";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
|
||||||
|
*/
|
||||||
|
public static final String TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 = "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
|
||||||
|
*/
|
||||||
|
public static final String TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 = "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_RSA_PSK_WITH_AES_128_CBC_SHA
|
||||||
|
*/
|
||||||
|
public static final String TLS_RSA_PSK_WITH_AES_128_CBC_SHA = "TLS_RSA_PSK_WITH_AES_128_CBC_SHA";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_DHE_PSK_WITH_AES_128_CBC_SHA
|
||||||
|
*/
|
||||||
|
public static final String TLS_DHE_PSK_WITH_AES_128_CBC_SHA = "TLS_DHE_PSK_WITH_AES_128_CBC_SHA";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_ECDHE_PSK_WITH_CAMELLIA128_SHA256
|
||||||
|
*/
|
||||||
|
public static final String TLS_ECDHE_PSK_WITH_CAMELLIA128_SHA256 = "TLS_ECDHE_PSK_WITH_CAMELLIA128_SHA256";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_RSA_PSK_WITH_CAMELLIA128_SHA256
|
||||||
|
*/
|
||||||
|
public static final String TLS_RSA_PSK_WITH_CAMELLIA128_SHA256 = "TLS_RSA_PSK_WITH_CAMELLIA128_SHA256";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_DHE_PSK_WITH_CAMELLIA128_SHA256
|
||||||
|
*/
|
||||||
|
public static final String TLS_DHE_PSK_WITH_CAMELLIA128_SHA256 = "TLS_DHE_PSK_WITH_CAMELLIA128_SHA256";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_RSA_WITH_AES_128_CBC_SHA
|
||||||
|
*/
|
||||||
|
public static final String TLS_RSA_WITH_AES_128_CBC_SHA = "TLS_RSA_WITH_AES_128_CBC_SHA";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_RSA_WITH_SEED_SHA
|
||||||
|
*/
|
||||||
|
public static final String TLS_RSA_WITH_SEED_SHA = "TLS_RSA_WITH_SEED_SHA";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_RSA_WITH_CAMELLIA128_SHA
|
||||||
|
*/
|
||||||
|
public static final String TLS_RSA_WITH_CAMELLIA128_SHA = "TLS_RSA_WITH_CAMELLIA128_SHA";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_RSA_WITH_IDEA_CBC_SHA
|
||||||
|
*/
|
||||||
|
public static final String TLS_RSA_WITH_IDEA_CBC_SHA = "TLS_RSA_WITH_IDEA_CBC_SHA";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_PSK_WITH_AES_128_CBC_SHA256
|
||||||
|
*/
|
||||||
|
public static final String TLS_PSK_WITH_AES_128_CBC_SHA256 = "TLS_PSK_WITH_AES_128_CBC_SHA256";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_PSK_WITH_AES_128_CBC_SHA
|
||||||
|
*/
|
||||||
|
public static final String TLS_PSK_WITH_AES_128_CBC_SHA = "TLS_PSK_WITH_AES_128_CBC_SHA";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS_PSK_WITH_CAMELLIA128_SHA256
|
||||||
|
*/
|
||||||
|
public static final String TLS_PSK_WITH_CAMELLIA128_SHA256 = "TLS_PSK_WITH_CAMELLIA128_SHA256";
|
||||||
|
|
||||||
|
private Ciphers() {
|
||||||
|
// Prevent outside initialization
|
||||||
|
}
|
||||||
|
}
|
@ -107,8 +107,8 @@ public class JdkSslContext extends SslContext {
|
|||||||
List<String> protocols = new ArrayList<String>();
|
List<String> protocols = new ArrayList<String>();
|
||||||
addIfSupported(
|
addIfSupported(
|
||||||
supportedProtocolsSet, protocols,
|
supportedProtocolsSet, protocols,
|
||||||
SslUtils.PROTOCOL_TLS_V1_3, SslUtils.PROTOCOL_TLS_V1_2,
|
SslProtocols.TLS_v1_3, SslProtocols.TLS_v1_2,
|
||||||
SslUtils.PROTOCOL_TLS_V1_1, SslUtils.PROTOCOL_TLS_V1);
|
SslProtocols.TLS_v1_1, SslProtocols.TLS_v1);
|
||||||
|
|
||||||
if (!protocols.isEmpty()) {
|
if (!protocols.isEmpty()) {
|
||||||
return protocols.toArray(EmptyArrays.EMPTY_STRINGS);
|
return protocols.toArray(EmptyArrays.EMPTY_STRINGS);
|
||||||
@ -154,7 +154,7 @@ public class JdkSslContext extends SslContext {
|
|||||||
|
|
||||||
private static boolean isTlsV13Supported(String[] protocols) {
|
private static boolean isTlsV13Supported(String[] protocols) {
|
||||||
for (String protocol: protocols) {
|
for (String protocol: protocols) {
|
||||||
if (SslUtils.PROTOCOL_TLS_V1_3.equals(protocol)) {
|
if (SslProtocols.TLS_v1_3.equals(protocol)) {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -348,26 +348,26 @@ public final class OpenSsl {
|
|||||||
|
|
||||||
Set<String> protocols = new LinkedHashSet<String>(6);
|
Set<String> protocols = new LinkedHashSet<String>(6);
|
||||||
// Seems like there is no way to explicitly disable SSLv2Hello in openssl so it is always enabled
|
// Seems like there is no way to explicitly disable SSLv2Hello in openssl so it is always enabled
|
||||||
protocols.add(PROTOCOL_SSL_V2_HELLO);
|
protocols.add(SslProtocols.SSL_v2_HELLO);
|
||||||
if (doesSupportProtocol(SSL.SSL_PROTOCOL_SSLV2, SSL.SSL_OP_NO_SSLv2)) {
|
if (doesSupportProtocol(SSL.SSL_PROTOCOL_SSLV2, SSL.SSL_OP_NO_SSLv2)) {
|
||||||
protocols.add(PROTOCOL_SSL_V2);
|
protocols.add(SslProtocols.SSL_v2);
|
||||||
}
|
}
|
||||||
if (doesSupportProtocol(SSL.SSL_PROTOCOL_SSLV3, SSL.SSL_OP_NO_SSLv3)) {
|
if (doesSupportProtocol(SSL.SSL_PROTOCOL_SSLV3, SSL.SSL_OP_NO_SSLv3)) {
|
||||||
protocols.add(PROTOCOL_SSL_V3);
|
protocols.add(SslProtocols.SSL_v3);
|
||||||
}
|
}
|
||||||
if (doesSupportProtocol(SSL.SSL_PROTOCOL_TLSV1, SSL.SSL_OP_NO_TLSv1)) {
|
if (doesSupportProtocol(SSL.SSL_PROTOCOL_TLSV1, SSL.SSL_OP_NO_TLSv1)) {
|
||||||
protocols.add(PROTOCOL_TLS_V1);
|
protocols.add(SslProtocols.TLS_v1);
|
||||||
}
|
}
|
||||||
if (doesSupportProtocol(SSL.SSL_PROTOCOL_TLSV1_1, SSL.SSL_OP_NO_TLSv1_1)) {
|
if (doesSupportProtocol(SSL.SSL_PROTOCOL_TLSV1_1, SSL.SSL_OP_NO_TLSv1_1)) {
|
||||||
protocols.add(PROTOCOL_TLS_V1_1);
|
protocols.add(SslProtocols.TLS_v1_1);
|
||||||
}
|
}
|
||||||
if (doesSupportProtocol(SSL.SSL_PROTOCOL_TLSV1_2, SSL.SSL_OP_NO_TLSv1_2)) {
|
if (doesSupportProtocol(SSL.SSL_PROTOCOL_TLSV1_2, SSL.SSL_OP_NO_TLSv1_2)) {
|
||||||
protocols.add(PROTOCOL_TLS_V1_2);
|
protocols.add(SslProtocols.TLS_v1_2);
|
||||||
}
|
}
|
||||||
|
|
||||||
// This is only supported by java11 and later.
|
// This is only supported by java11 and later.
|
||||||
if (tlsv13Supported && doesSupportProtocol(SSL.SSL_PROTOCOL_TLSV1_3, SSL.SSL_OP_NO_TLSv1_3)) {
|
if (tlsv13Supported && doesSupportProtocol(SSL.SSL_PROTOCOL_TLSV1_3, SSL.SSL_OP_NO_TLSv1_3)) {
|
||||||
protocols.add(PROTOCOL_TLS_V1_3);
|
protocols.add(SslProtocols.TLS_v1_3);
|
||||||
TLSV13_SUPPORTED = true;
|
TLSV13_SUPPORTED = true;
|
||||||
} else {
|
} else {
|
||||||
TLSV13_SUPPORTED = false;
|
TLSV13_SUPPORTED = false;
|
||||||
|
@ -66,7 +66,7 @@ final class OpenSslTlsv13X509ExtendedTrustManager extends X509ExtendedTrustManag
|
|||||||
|
|
||||||
private static SSLEngine wrapEngine(final SSLEngine engine) {
|
private static SSLEngine wrapEngine(final SSLEngine engine) {
|
||||||
final SSLSession session = engine.getHandshakeSession();
|
final SSLSession session = engine.getHandshakeSession();
|
||||||
if (session != null && SslUtils.PROTOCOL_TLS_V1_3.equals(session.getProtocol())) {
|
if (session != null && SslProtocols.TLS_v1_3.equals(session.getProtocol())) {
|
||||||
return new JdkSslEngine(engine) {
|
return new JdkSslEngine(engine) {
|
||||||
@Override
|
@Override
|
||||||
public String getNegotiatedApplicationProtocol() {
|
public String getNegotiatedApplicationProtocol() {
|
||||||
@ -93,7 +93,7 @@ final class OpenSslTlsv13X509ExtendedTrustManager extends X509ExtendedTrustManag
|
|||||||
|
|
||||||
@Override
|
@Override
|
||||||
public String getProtocol() {
|
public String getProtocol() {
|
||||||
return SslUtils.PROTOCOL_TLS_V1_2;
|
return SslProtocols.TLS_v1_2;
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
} else {
|
} else {
|
||||||
@ -181,7 +181,7 @@ final class OpenSslTlsv13X509ExtendedTrustManager extends X509ExtendedTrustManag
|
|||||||
|
|
||||||
@Override
|
@Override
|
||||||
public String getProtocol() {
|
public String getProtocol() {
|
||||||
return SslUtils.PROTOCOL_TLS_V1_2;
|
return SslProtocols.TLS_v1_2;
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
@ -65,13 +65,6 @@ import javax.net.ssl.SSLSessionBindingListener;
|
|||||||
import javax.security.cert.X509Certificate;
|
import javax.security.cert.X509Certificate;
|
||||||
|
|
||||||
import static io.netty.handler.ssl.OpenSsl.memoryAddress;
|
import static io.netty.handler.ssl.OpenSsl.memoryAddress;
|
||||||
import static io.netty.handler.ssl.SslUtils.PROTOCOL_SSL_V2;
|
|
||||||
import static io.netty.handler.ssl.SslUtils.PROTOCOL_SSL_V2_HELLO;
|
|
||||||
import static io.netty.handler.ssl.SslUtils.PROTOCOL_SSL_V3;
|
|
||||||
import static io.netty.handler.ssl.SslUtils.PROTOCOL_TLS_V1;
|
|
||||||
import static io.netty.handler.ssl.SslUtils.PROTOCOL_TLS_V1_1;
|
|
||||||
import static io.netty.handler.ssl.SslUtils.PROTOCOL_TLS_V1_2;
|
|
||||||
import static io.netty.handler.ssl.SslUtils.PROTOCOL_TLS_V1_3;
|
|
||||||
import static io.netty.handler.ssl.SslUtils.SSL_RECORD_HEADER_LENGTH;
|
import static io.netty.handler.ssl.SslUtils.SSL_RECORD_HEADER_LENGTH;
|
||||||
import static io.netty.util.internal.ObjectUtil.checkNotNull;
|
import static io.netty.util.internal.ObjectUtil.checkNotNull;
|
||||||
import static io.netty.util.internal.ObjectUtil.checkNotNullArrayParam;
|
import static io.netty.util.internal.ObjectUtil.checkNotNullArrayParam;
|
||||||
@ -360,7 +353,7 @@ public class ReferenceCountedOpenSslEngine extends SSLEngine implements Referenc
|
|||||||
SSL.setMode(ssl, SSL.getMode(ssl) | SSL.SSL_MODE_ENABLE_PARTIAL_WRITE);
|
SSL.setMode(ssl, SSL.getMode(ssl) | SSL.SSL_MODE_ENABLE_PARTIAL_WRITE);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (isProtocolEnabled(SSL.getOptions(ssl), SSL.SSL_OP_NO_TLSv1_3, PROTOCOL_TLS_V1_3)) {
|
if (isProtocolEnabled(SSL.getOptions(ssl), SSL.SSL_OP_NO_TLSv1_3, SslProtocols.TLS_v1_3)) {
|
||||||
final boolean enableTickets = clientMode ?
|
final boolean enableTickets = clientMode ?
|
||||||
ReferenceCountedOpenSslContext.CLIENT_ENABLE_SESSION_TICKET_TLSV13 :
|
ReferenceCountedOpenSslContext.CLIENT_ENABLE_SESSION_TICKET_TLSV13 :
|
||||||
ReferenceCountedOpenSslContext.SERVER_ENABLE_SESSION_TICKET_TLSV13;
|
ReferenceCountedOpenSslContext.SERVER_ENABLE_SESSION_TICKET_TLSV13;
|
||||||
@ -1368,7 +1361,7 @@ public class ReferenceCountedOpenSslEngine extends SSLEngine implements Referenc
|
|||||||
if (!isDestroyed() && SSL.getHandshakeCount(ssl) > 1 &&
|
if (!isDestroyed() && SSL.getHandshakeCount(ssl) > 1 &&
|
||||||
// As we may count multiple handshakes when TLSv1.3 is used we should just ignore this here as
|
// As we may count multiple handshakes when TLSv1.3 is used we should just ignore this here as
|
||||||
// renegotiation is not supported in TLSv1.3 as per spec.
|
// renegotiation is not supported in TLSv1.3 as per spec.
|
||||||
!SslUtils.PROTOCOL_TLS_V1_3.equals(session.getProtocol()) && handshakeState == HandshakeState.FINISHED) {
|
!SslProtocols.TLS_v1_3.equals(session.getProtocol()) && handshakeState == HandshakeState.FINISHED) {
|
||||||
// TODO: In future versions me may also want to send a fatal_alert to the client and so notify it
|
// TODO: In future versions me may also want to send a fatal_alert to the client and so notify it
|
||||||
// that the renegotiation failed.
|
// that the renegotiation failed.
|
||||||
shutdown();
|
shutdown();
|
||||||
@ -1556,7 +1549,7 @@ public class ReferenceCountedOpenSslEngine extends SSLEngine implements Referenc
|
|||||||
if (!isDestroyed()) {
|
if (!isDestroyed()) {
|
||||||
enabled = SSL.getCiphers(ssl);
|
enabled = SSL.getCiphers(ssl);
|
||||||
int opts = SSL.getOptions(ssl);
|
int opts = SSL.getOptions(ssl);
|
||||||
if (isProtocolEnabled(opts, SSL.SSL_OP_NO_TLSv1_3, PROTOCOL_TLS_V1_3)) {
|
if (isProtocolEnabled(opts, SSL.SSL_OP_NO_TLSv1_3, SslProtocols.TLS_v1_3)) {
|
||||||
extraCiphers = OpenSsl.EXTRA_SUPPORTED_TLS_1_3_CIPHERS;
|
extraCiphers = OpenSsl.EXTRA_SUPPORTED_TLS_1_3_CIPHERS;
|
||||||
tls13Enabled = true;
|
tls13Enabled = true;
|
||||||
} else {
|
} else {
|
||||||
@ -1618,16 +1611,16 @@ public class ReferenceCountedOpenSslEngine extends SSLEngine implements Referenc
|
|||||||
// We have no ciphers that are compatible with none-TLSv1.3, let us explicit disable all other
|
// We have no ciphers that are compatible with none-TLSv1.3, let us explicit disable all other
|
||||||
// protocols.
|
// protocols.
|
||||||
if (cipherSuiteSpec.isEmpty()) {
|
if (cipherSuiteSpec.isEmpty()) {
|
||||||
protocols.remove(PROTOCOL_TLS_V1);
|
protocols.remove(SslProtocols.TLS_v1);
|
||||||
protocols.remove(PROTOCOL_TLS_V1_1);
|
protocols.remove(SslProtocols.TLS_v1_1);
|
||||||
protocols.remove(PROTOCOL_TLS_V1_2);
|
protocols.remove(SslProtocols.TLS_v1_2);
|
||||||
protocols.remove(PROTOCOL_SSL_V3);
|
protocols.remove(SslProtocols.SSL_v3);
|
||||||
protocols.remove(PROTOCOL_SSL_V2);
|
protocols.remove(SslProtocols.SSL_v2);
|
||||||
protocols.remove(PROTOCOL_SSL_V2_HELLO);
|
protocols.remove(SslProtocols.SSL_v2_HELLO);
|
||||||
}
|
}
|
||||||
// We have no ciphers that are compatible with TLSv1.3, let us explicit disable it.
|
// We have no ciphers that are compatible with TLSv1.3, let us explicit disable it.
|
||||||
if (cipherSuiteSpecTLSv13.isEmpty()) {
|
if (cipherSuiteSpecTLSv13.isEmpty()) {
|
||||||
protocols.remove(PROTOCOL_TLS_V1_3);
|
protocols.remove(SslProtocols.TLS_v1_3);
|
||||||
}
|
}
|
||||||
// Update the protocols but not cache the value. We only cache when we call it from the user
|
// Update the protocols but not cache the value. We only cache when we call it from the user
|
||||||
// code or when we construct the engine.
|
// code or when we construct the engine.
|
||||||
@ -1650,7 +1643,7 @@ public class ReferenceCountedOpenSslEngine extends SSLEngine implements Referenc
|
|||||||
public final String[] getEnabledProtocols() {
|
public final String[] getEnabledProtocols() {
|
||||||
List<String> enabled = new ArrayList<String>(6);
|
List<String> enabled = new ArrayList<String>(6);
|
||||||
// Seems like there is no way to explicit disable SSLv2Hello in openssl so it is always enabled
|
// Seems like there is no way to explicit disable SSLv2Hello in openssl so it is always enabled
|
||||||
enabled.add(PROTOCOL_SSL_V2_HELLO);
|
enabled.add(SslProtocols.SSL_v2_HELLO);
|
||||||
|
|
||||||
int opts;
|
int opts;
|
||||||
synchronized (this) {
|
synchronized (this) {
|
||||||
@ -1660,23 +1653,23 @@ public class ReferenceCountedOpenSslEngine extends SSLEngine implements Referenc
|
|||||||
return enabled.toArray(new String[0]);
|
return enabled.toArray(new String[0]);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (isProtocolEnabled(opts, SSL.SSL_OP_NO_TLSv1, PROTOCOL_TLS_V1)) {
|
if (isProtocolEnabled(opts, SSL.SSL_OP_NO_TLSv1, SslProtocols.TLS_v1)) {
|
||||||
enabled.add(PROTOCOL_TLS_V1);
|
enabled.add(SslProtocols.TLS_v1);
|
||||||
}
|
}
|
||||||
if (isProtocolEnabled(opts, SSL.SSL_OP_NO_TLSv1_1, PROTOCOL_TLS_V1_1)) {
|
if (isProtocolEnabled(opts, SSL.SSL_OP_NO_TLSv1_1, SslProtocols.TLS_v1_1)) {
|
||||||
enabled.add(PROTOCOL_TLS_V1_1);
|
enabled.add(SslProtocols.TLS_v1_1);
|
||||||
}
|
}
|
||||||
if (isProtocolEnabled(opts, SSL.SSL_OP_NO_TLSv1_2, PROTOCOL_TLS_V1_2)) {
|
if (isProtocolEnabled(opts, SSL.SSL_OP_NO_TLSv1_2, SslProtocols.TLS_v1_2)) {
|
||||||
enabled.add(PROTOCOL_TLS_V1_2);
|
enabled.add(SslProtocols.TLS_v1_2);
|
||||||
}
|
}
|
||||||
if (isProtocolEnabled(opts, SSL.SSL_OP_NO_TLSv1_3, PROTOCOL_TLS_V1_3)) {
|
if (isProtocolEnabled(opts, SSL.SSL_OP_NO_TLSv1_3, SslProtocols.TLS_v1_3)) {
|
||||||
enabled.add(PROTOCOL_TLS_V1_3);
|
enabled.add(SslProtocols.TLS_v1_3);
|
||||||
}
|
}
|
||||||
if (isProtocolEnabled(opts, SSL.SSL_OP_NO_SSLv2, PROTOCOL_SSL_V2)) {
|
if (isProtocolEnabled(opts, SSL.SSL_OP_NO_SSLv2, SslProtocols.SSL_v2)) {
|
||||||
enabled.add(PROTOCOL_SSL_V2);
|
enabled.add(SslProtocols.SSL_v2);
|
||||||
}
|
}
|
||||||
if (isProtocolEnabled(opts, SSL.SSL_OP_NO_SSLv3, PROTOCOL_SSL_V3)) {
|
if (isProtocolEnabled(opts, SSL.SSL_OP_NO_SSLv3, SslProtocols.SSL_v3)) {
|
||||||
enabled.add(PROTOCOL_SSL_V3);
|
enabled.add(SslProtocols.SSL_v3);
|
||||||
}
|
}
|
||||||
return enabled.toArray(new String[0]);
|
return enabled.toArray(new String[0]);
|
||||||
}
|
}
|
||||||
@ -1710,42 +1703,42 @@ public class ReferenceCountedOpenSslEngine extends SSLEngine implements Referenc
|
|||||||
if (!OpenSsl.SUPPORTED_PROTOCOLS_SET.contains(p)) {
|
if (!OpenSsl.SUPPORTED_PROTOCOLS_SET.contains(p)) {
|
||||||
throw new IllegalArgumentException("Protocol " + p + " is not supported.");
|
throw new IllegalArgumentException("Protocol " + p + " is not supported.");
|
||||||
}
|
}
|
||||||
if (p.equals(PROTOCOL_SSL_V2)) {
|
if (p.equals(SslProtocols.SSL_v2)) {
|
||||||
if (minProtocolIndex > OPENSSL_OP_NO_PROTOCOL_INDEX_SSLV2) {
|
if (minProtocolIndex > OPENSSL_OP_NO_PROTOCOL_INDEX_SSLV2) {
|
||||||
minProtocolIndex = OPENSSL_OP_NO_PROTOCOL_INDEX_SSLV2;
|
minProtocolIndex = OPENSSL_OP_NO_PROTOCOL_INDEX_SSLV2;
|
||||||
}
|
}
|
||||||
if (maxProtocolIndex < OPENSSL_OP_NO_PROTOCOL_INDEX_SSLV2) { // lgtm[java/constant-comparison]
|
if (maxProtocolIndex < OPENSSL_OP_NO_PROTOCOL_INDEX_SSLV2) { // lgtm[java/constant-comparison]
|
||||||
maxProtocolIndex = OPENSSL_OP_NO_PROTOCOL_INDEX_SSLV2;
|
maxProtocolIndex = OPENSSL_OP_NO_PROTOCOL_INDEX_SSLV2;
|
||||||
}
|
}
|
||||||
} else if (p.equals(PROTOCOL_SSL_V3)) {
|
} else if (p.equals(SslProtocols.SSL_v3)) {
|
||||||
if (minProtocolIndex > OPENSSL_OP_NO_PROTOCOL_INDEX_SSLV3) {
|
if (minProtocolIndex > OPENSSL_OP_NO_PROTOCOL_INDEX_SSLV3) {
|
||||||
minProtocolIndex = OPENSSL_OP_NO_PROTOCOL_INDEX_SSLV3;
|
minProtocolIndex = OPENSSL_OP_NO_PROTOCOL_INDEX_SSLV3;
|
||||||
}
|
}
|
||||||
if (maxProtocolIndex < OPENSSL_OP_NO_PROTOCOL_INDEX_SSLV3) {
|
if (maxProtocolIndex < OPENSSL_OP_NO_PROTOCOL_INDEX_SSLV3) {
|
||||||
maxProtocolIndex = OPENSSL_OP_NO_PROTOCOL_INDEX_SSLV3;
|
maxProtocolIndex = OPENSSL_OP_NO_PROTOCOL_INDEX_SSLV3;
|
||||||
}
|
}
|
||||||
} else if (p.equals(PROTOCOL_TLS_V1)) {
|
} else if (p.equals(SslProtocols.TLS_v1)) {
|
||||||
if (minProtocolIndex > OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1) {
|
if (minProtocolIndex > OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1) {
|
||||||
minProtocolIndex = OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1;
|
minProtocolIndex = OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1;
|
||||||
}
|
}
|
||||||
if (maxProtocolIndex < OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1) {
|
if (maxProtocolIndex < OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1) {
|
||||||
maxProtocolIndex = OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1;
|
maxProtocolIndex = OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1;
|
||||||
}
|
}
|
||||||
} else if (p.equals(PROTOCOL_TLS_V1_1)) {
|
} else if (p.equals(SslProtocols.TLS_v1_1)) {
|
||||||
if (minProtocolIndex > OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1_1) {
|
if (minProtocolIndex > OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1_1) {
|
||||||
minProtocolIndex = OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1_1;
|
minProtocolIndex = OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1_1;
|
||||||
}
|
}
|
||||||
if (maxProtocolIndex < OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1_1) {
|
if (maxProtocolIndex < OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1_1) {
|
||||||
maxProtocolIndex = OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1_1;
|
maxProtocolIndex = OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1_1;
|
||||||
}
|
}
|
||||||
} else if (p.equals(PROTOCOL_TLS_V1_2)) {
|
} else if (p.equals(SslProtocols.TLS_v1_2)) {
|
||||||
if (minProtocolIndex > OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1_2) {
|
if (minProtocolIndex > OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1_2) {
|
||||||
minProtocolIndex = OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1_2;
|
minProtocolIndex = OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1_2;
|
||||||
}
|
}
|
||||||
if (maxProtocolIndex < OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1_2) {
|
if (maxProtocolIndex < OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1_2) {
|
||||||
maxProtocolIndex = OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1_2;
|
maxProtocolIndex = OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1_2;
|
||||||
}
|
}
|
||||||
} else if (p.equals(PROTOCOL_TLS_V1_3)) {
|
} else if (p.equals(SslProtocols.TLS_v1_3)) {
|
||||||
if (minProtocolIndex > OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1_3) {
|
if (minProtocolIndex > OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1_3) {
|
||||||
minProtocolIndex = OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1_3;
|
minProtocolIndex = OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1_3;
|
||||||
}
|
}
|
||||||
|
61
handler/src/main/java/io/netty/handler/ssl/SslProtocols.java
Normal file
61
handler/src/main/java/io/netty/handler/ssl/SslProtocols.java
Normal file
@ -0,0 +1,61 @@
|
|||||||
|
/*
|
||||||
|
* Copyright 2021 The Netty Project
|
||||||
|
*
|
||||||
|
* The Netty Project licenses this file to you under the Apache License,
|
||||||
|
* version 2.0 (the "License"); you may not use this file except in compliance
|
||||||
|
* with the License. You may obtain a copy of the License at:
|
||||||
|
*
|
||||||
|
* https://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
* License for the specific language governing permissions and limitations
|
||||||
|
* under the License.
|
||||||
|
*/
|
||||||
|
package io.netty.handler.ssl;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* SSL/TLS protocols
|
||||||
|
*/
|
||||||
|
public final class SslProtocols {
|
||||||
|
|
||||||
|
/**
|
||||||
|
* SSL v2 Hello
|
||||||
|
*/
|
||||||
|
public static final String SSL_v2_HELLO = "SSLv2Hello";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* SSL v2
|
||||||
|
*/
|
||||||
|
public static final String SSL_v2 = "SSLv2";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* SSLv3
|
||||||
|
*/
|
||||||
|
public static final String SSL_v3 = "SSLv3";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS v1
|
||||||
|
*/
|
||||||
|
public static final String TLS_v1 = "TLSv1";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS v1.1
|
||||||
|
*/
|
||||||
|
public static final String TLS_v1_1 = "TLSv1.1";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS v1.2
|
||||||
|
*/
|
||||||
|
public static final String TLS_v1_2 = "TLSv1.2";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS v1.3
|
||||||
|
*/
|
||||||
|
public static final String TLS_v1_3 = "TLSv1.3";
|
||||||
|
|
||||||
|
private SslProtocols() {
|
||||||
|
// Prevent outside initialization
|
||||||
|
}
|
||||||
|
}
|
@ -56,14 +56,10 @@ final class SslUtils {
|
|||||||
asList("TLS_AES_256_GCM_SHA384", "TLS_CHACHA20_POLY1305_SHA256",
|
asList("TLS_AES_256_GCM_SHA384", "TLS_CHACHA20_POLY1305_SHA256",
|
||||||
"TLS_AES_128_GCM_SHA256", "TLS_AES_128_CCM_8_SHA256",
|
"TLS_AES_128_GCM_SHA256", "TLS_AES_128_CCM_8_SHA256",
|
||||||
"TLS_AES_128_CCM_SHA256")));
|
"TLS_AES_128_CCM_SHA256")));
|
||||||
// Protocols
|
|
||||||
static final String PROTOCOL_SSL_V2_HELLO = "SSLv2Hello";
|
/**
|
||||||
static final String PROTOCOL_SSL_V2 = "SSLv2";
|
* GMSSL Protocol Version
|
||||||
static final String PROTOCOL_SSL_V3 = "SSLv3";
|
*/
|
||||||
static final String PROTOCOL_TLS_V1 = "TLSv1";
|
|
||||||
static final String PROTOCOL_TLS_V1_1 = "TLSv1.1";
|
|
||||||
static final String PROTOCOL_TLS_V1_2 = "TLSv1.2";
|
|
||||||
static final String PROTOCOL_TLS_V1_3 = "TLSv1.3";
|
|
||||||
static final int GMSSL_PROTOCOL_VERSION = 0x101;
|
static final int GMSSL_PROTOCOL_VERSION = 0x101;
|
||||||
|
|
||||||
static final String INVALID_CIPHER = "SSL_NULL_WITH_NULL_NULL";
|
static final String INVALID_CIPHER = "SSL_NULL_WITH_NULL_NULL";
|
||||||
@ -157,7 +153,7 @@ final class SslUtils {
|
|||||||
private static boolean isTLSv13SupportedByJDK0(Provider provider) {
|
private static boolean isTLSv13SupportedByJDK0(Provider provider) {
|
||||||
try {
|
try {
|
||||||
return arrayContains(newInitContext(provider)
|
return arrayContains(newInitContext(provider)
|
||||||
.getSupportedSSLParameters().getProtocols(), PROTOCOL_TLS_V1_3);
|
.getSupportedSSLParameters().getProtocols(), SslProtocols.TLS_v1_3);
|
||||||
} catch (Throwable cause) {
|
} catch (Throwable cause) {
|
||||||
logger.debug("Unable to detect if JDK SSLEngine with provider {} supports TLSv1.3, assuming no",
|
logger.debug("Unable to detect if JDK SSLEngine with provider {} supports TLSv1.3, assuming no",
|
||||||
provider, cause);
|
provider, cause);
|
||||||
@ -178,7 +174,7 @@ final class SslUtils {
|
|||||||
private static boolean isTLSv13EnabledByJDK0(Provider provider) {
|
private static boolean isTLSv13EnabledByJDK0(Provider provider) {
|
||||||
try {
|
try {
|
||||||
return arrayContains(newInitContext(provider)
|
return arrayContains(newInitContext(provider)
|
||||||
.getDefaultSSLParameters().getProtocols(), PROTOCOL_TLS_V1_3);
|
.getDefaultSSLParameters().getProtocols(), SslProtocols.TLS_v1_3);
|
||||||
} catch (Throwable cause) {
|
} catch (Throwable cause) {
|
||||||
logger.debug("Unable to detect if JDK SSLEngine with provider {} enables TLSv1.3 by default," +
|
logger.debug("Unable to detect if JDK SSLEngine with provider {} enables TLSv1.3 by default," +
|
||||||
" assuming no", provider, cause);
|
" assuming no", provider, cause);
|
||||||
@ -211,7 +207,7 @@ final class SslUtils {
|
|||||||
}
|
}
|
||||||
|
|
||||||
private static String getTlsVersion() {
|
private static String getTlsVersion() {
|
||||||
return TLSV1_3_JDK_SUPPORTED ? PROTOCOL_TLS_V1_3 : PROTOCOL_TLS_V1_2;
|
return TLSV1_3_JDK_SUPPORTED ? SslProtocols.TLS_v1_3 : SslProtocols.TLS_v1_2;
|
||||||
}
|
}
|
||||||
|
|
||||||
static boolean arrayContains(String[] array, String value) {
|
static boolean arrayContains(String[] array, String value) {
|
||||||
|
@ -124,7 +124,7 @@ public class CipherSuiteCanaryTest {
|
|||||||
.sslProvider(serverSslProvider)
|
.sslProvider(serverSslProvider)
|
||||||
.ciphers(ciphers)
|
.ciphers(ciphers)
|
||||||
// As this is not a TLSv1.3 cipher we should ensure we talk something else.
|
// As this is not a TLSv1.3 cipher we should ensure we talk something else.
|
||||||
.protocols(SslUtils.PROTOCOL_TLS_V1_2)
|
.protocols(SslProtocols.TLS_v1_2)
|
||||||
.build();
|
.build();
|
||||||
|
|
||||||
final ExecutorService executorService = delegate ? Executors.newCachedThreadPool() : null;
|
final ExecutorService executorService = delegate ? Executors.newCachedThreadPool() : null;
|
||||||
@ -134,7 +134,7 @@ public class CipherSuiteCanaryTest {
|
|||||||
.sslProvider(clientSslProvider)
|
.sslProvider(clientSslProvider)
|
||||||
.ciphers(ciphers)
|
.ciphers(ciphers)
|
||||||
// As this is not a TLSv1.3 cipher we should ensure we talk something else.
|
// As this is not a TLSv1.3 cipher we should ensure we talk something else.
|
||||||
.protocols(SslUtils.PROTOCOL_TLS_V1_2)
|
.protocols(SslProtocols.TLS_v1_2)
|
||||||
.trustManager(InsecureTrustManagerFactory.INSTANCE)
|
.trustManager(InsecureTrustManagerFactory.INSTANCE)
|
||||||
.build();
|
.build();
|
||||||
|
|
||||||
|
@ -37,8 +37,6 @@ import javax.net.ssl.SSLSession;
|
|||||||
import static io.netty.buffer.ByteBufUtil.writeAscii;
|
import static io.netty.buffer.ByteBufUtil.writeAscii;
|
||||||
import static io.netty.buffer.Unpooled.EMPTY_BUFFER;
|
import static io.netty.buffer.Unpooled.EMPTY_BUFFER;
|
||||||
import static io.netty.handler.codec.ByteToMessageDecoder.MERGE_CUMULATOR;
|
import static io.netty.handler.codec.ByteToMessageDecoder.MERGE_CUMULATOR;
|
||||||
import static io.netty.handler.ssl.SslUtils.PROTOCOL_TLS_V1_2;
|
|
||||||
import static io.netty.handler.ssl.SslUtils.PROTOCOL_TLS_V1_3;
|
|
||||||
import static java.nio.charset.StandardCharsets.US_ASCII;
|
import static java.nio.charset.StandardCharsets.US_ASCII;
|
||||||
import static java.util.Arrays.asList;
|
import static java.util.Arrays.asList;
|
||||||
import static org.hamcrest.MatcherAssert.assertThat;
|
import static org.hamcrest.MatcherAssert.assertThat;
|
||||||
@ -62,10 +60,10 @@ public class CloseNotifyTest {
|
|||||||
|
|
||||||
static Collection<Object[]> data() {
|
static Collection<Object[]> data() {
|
||||||
return asList(new Object[][] {
|
return asList(new Object[][] {
|
||||||
{ SslProvider.JDK, PROTOCOL_TLS_V1_2 },
|
{ SslProvider.JDK, SslProtocols.TLS_v1_2 },
|
||||||
{ SslProvider.JDK, PROTOCOL_TLS_V1_3 },
|
{ SslProvider.JDK, SslProtocols.TLS_v1_3 },
|
||||||
{ SslProvider.OPENSSL, PROTOCOL_TLS_V1_2 },
|
{ SslProvider.OPENSSL, SslProtocols.TLS_v1_2 },
|
||||||
{ SslProvider.OPENSSL, PROTOCOL_TLS_V1_3 },
|
{ SslProvider.OPENSSL, SslProtocols.TLS_v1_3 },
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -75,7 +73,7 @@ public class CloseNotifyTest {
|
|||||||
public void eventsOrder(SslProvider provider, String protocol) throws Exception {
|
public void eventsOrder(SslProvider provider, String protocol) throws Exception {
|
||||||
assumeTrue(provider != SslProvider.OPENSSL || OpenSsl.isAvailable(), "OpenSSL is not available");
|
assumeTrue(provider != SslProvider.OPENSSL || OpenSsl.isAvailable(), "OpenSSL is not available");
|
||||||
|
|
||||||
if (PROTOCOL_TLS_V1_3.equals(protocol)) {
|
if (SslProtocols.TLS_v1_3.equals(protocol)) {
|
||||||
// Ensure we support TLSv1.3
|
// Ensure we support TLSv1.3
|
||||||
assumeTrue(SslProvider.isTlsv13Supported(provider));
|
assumeTrue(SslProvider.isTlsv13Supported(provider));
|
||||||
}
|
}
|
||||||
@ -144,7 +142,7 @@ public class CloseNotifyTest {
|
|||||||
}
|
}
|
||||||
|
|
||||||
private static boolean jdkTls13(SslProvider provider, String protocol) {
|
private static boolean jdkTls13(SslProvider provider, String protocol) {
|
||||||
return provider == SslProvider.JDK && PROTOCOL_TLS_V1_3.equals(protocol);
|
return provider == SslProvider.JDK && SslProtocols.TLS_v1_3.equals(protocol);
|
||||||
}
|
}
|
||||||
|
|
||||||
private static EmbeddedChannel initChannel(SslProvider provider, String protocol, final boolean useClientMode,
|
private static EmbeddedChannel initChannel(SslProvider provider, String protocol, final boolean useClientMode,
|
||||||
|
@ -25,7 +25,7 @@ import javax.net.ssl.SSLEngine;
|
|||||||
import static org.junit.jupiter.api.Assertions.assertArrayEquals;
|
import static org.junit.jupiter.api.Assertions.assertArrayEquals;
|
||||||
|
|
||||||
public class DelegatingSslContextTest {
|
public class DelegatingSslContextTest {
|
||||||
private static final String[] EXPECTED_PROTOCOLS = { SslUtils.PROTOCOL_TLS_V1_1 };
|
private static final String[] EXPECTED_PROTOCOLS = { SslProtocols.TLS_v1_1 };
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testInitEngineOnNewEngine() throws Exception {
|
public void testInitEngineOnNewEngine() throws Exception {
|
||||||
|
@ -299,7 +299,7 @@ public class JdkSslEngineTest extends SSLEngineTest {
|
|||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testEnablingAnAlreadyDisabledSslProtocol() throws Exception {
|
public void testEnablingAnAlreadyDisabledSslProtocol() throws Exception {
|
||||||
testEnablingAnAlreadyDisabledSslProtocol(new String[]{}, new String[]{ SslUtils.PROTOCOL_TLS_V1_2 });
|
testEnablingAnAlreadyDisabledSslProtocol(new String[]{}, new String[]{ SslProtocols.TLS_v1_2 });
|
||||||
}
|
}
|
||||||
|
|
||||||
@Ignore /* Does the JDK support a "max certificate chain length"? */
|
@Ignore /* Does the JDK support a "max certificate chain length"? */
|
||||||
|
@ -58,11 +58,6 @@ import java.util.Set;
|
|||||||
|
|
||||||
import static io.netty.handler.ssl.OpenSslTestUtils.checkShouldUseKeyManagerFactory;
|
import static io.netty.handler.ssl.OpenSslTestUtils.checkShouldUseKeyManagerFactory;
|
||||||
import static io.netty.handler.ssl.ReferenceCountedOpenSslEngine.MAX_PLAINTEXT_LENGTH;
|
import static io.netty.handler.ssl.ReferenceCountedOpenSslEngine.MAX_PLAINTEXT_LENGTH;
|
||||||
import static io.netty.handler.ssl.SslUtils.PROTOCOL_SSL_V2_HELLO;
|
|
||||||
import static io.netty.handler.ssl.SslUtils.PROTOCOL_SSL_V3;
|
|
||||||
import static io.netty.handler.ssl.SslUtils.PROTOCOL_TLS_V1;
|
|
||||||
import static io.netty.handler.ssl.SslUtils.PROTOCOL_TLS_V1_1;
|
|
||||||
import static io.netty.handler.ssl.SslUtils.PROTOCOL_TLS_V1_2;
|
|
||||||
import static io.netty.internal.tcnative.SSL.SSL_CVERIFY_IGNORED;
|
import static io.netty.internal.tcnative.SSL.SSL_CVERIFY_IGNORED;
|
||||||
import static java.lang.Integer.MAX_VALUE;
|
import static java.lang.Integer.MAX_VALUE;
|
||||||
import static org.junit.Assert.assertArrayEquals;
|
import static org.junit.Assert.assertArrayEquals;
|
||||||
@ -241,8 +236,8 @@ public class OpenSslEngineTest extends SSLEngineTest {
|
|||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testEnablingAnAlreadyDisabledSslProtocol() throws Exception {
|
public void testEnablingAnAlreadyDisabledSslProtocol() throws Exception {
|
||||||
testEnablingAnAlreadyDisabledSslProtocol(new String[]{PROTOCOL_SSL_V2_HELLO},
|
testEnablingAnAlreadyDisabledSslProtocol(new String[]{SslProtocols.SSL_v2_HELLO},
|
||||||
new String[]{PROTOCOL_SSL_V2_HELLO, PROTOCOL_TLS_V1_2});
|
new String[]{SslProtocols.SSL_v2_HELLO, SslProtocols.TLS_v1_2});
|
||||||
}
|
}
|
||||||
@Test
|
@Test
|
||||||
public void testWrapBuffersNoWritePendingError() throws Exception {
|
public void testWrapBuffersNoWritePendingError() throws Exception {
|
||||||
@ -546,24 +541,24 @@ public class OpenSslEngineTest extends SSLEngineTest {
|
|||||||
.sslProvider(sslServerProvider())
|
.sslProvider(sslServerProvider())
|
||||||
.build());
|
.build());
|
||||||
|
|
||||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "AES128-SHA");
|
testWrapWithDifferentSizes(SslProtocols.TLS_v1, "AES128-SHA");
|
||||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "ECDHE-RSA-AES128-SHA");
|
testWrapWithDifferentSizes(SslProtocols.TLS_v1, "ECDHE-RSA-AES128-SHA");
|
||||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "DES-CBC3-SHA");
|
testWrapWithDifferentSizes(SslProtocols.TLS_v1, "DES-CBC3-SHA");
|
||||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "AECDH-DES-CBC3-SHA");
|
testWrapWithDifferentSizes(SslProtocols.TLS_v1, "AECDH-DES-CBC3-SHA");
|
||||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "CAMELLIA128-SHA");
|
testWrapWithDifferentSizes(SslProtocols.TLS_v1, "CAMELLIA128-SHA");
|
||||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "SEED-SHA");
|
testWrapWithDifferentSizes(SslProtocols.TLS_v1, "SEED-SHA");
|
||||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "RC4-MD5");
|
testWrapWithDifferentSizes(SslProtocols.TLS_v1, "RC4-MD5");
|
||||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "AES256-SHA");
|
testWrapWithDifferentSizes(SslProtocols.TLS_v1, "AES256-SHA");
|
||||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "ADH-DES-CBC3-SHA");
|
testWrapWithDifferentSizes(SslProtocols.TLS_v1, "ADH-DES-CBC3-SHA");
|
||||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "EDH-RSA-DES-CBC3-SHA");
|
testWrapWithDifferentSizes(SslProtocols.TLS_v1, "EDH-RSA-DES-CBC3-SHA");
|
||||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "ADH-RC4-MD5");
|
testWrapWithDifferentSizes(SslProtocols.TLS_v1, "ADH-RC4-MD5");
|
||||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "IDEA-CBC-SHA");
|
testWrapWithDifferentSizes(SslProtocols.TLS_v1, "IDEA-CBC-SHA");
|
||||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "RC4-SHA");
|
testWrapWithDifferentSizes(SslProtocols.TLS_v1, "RC4-SHA");
|
||||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "CAMELLIA256-SHA");
|
testWrapWithDifferentSizes(SslProtocols.TLS_v1, "CAMELLIA256-SHA");
|
||||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "AECDH-RC4-SHA");
|
testWrapWithDifferentSizes(SslProtocols.TLS_v1, "AECDH-RC4-SHA");
|
||||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "ECDHE-RSA-DES-CBC3-SHA");
|
testWrapWithDifferentSizes(SslProtocols.TLS_v1, "ECDHE-RSA-DES-CBC3-SHA");
|
||||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "ECDHE-RSA-AES256-SHA");
|
testWrapWithDifferentSizes(SslProtocols.TLS_v1, "ECDHE-RSA-AES256-SHA");
|
||||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "ECDHE-RSA-RC4-SHA");
|
testWrapWithDifferentSizes(SslProtocols.TLS_v1, "ECDHE-RSA-RC4-SHA");
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
@ -577,21 +572,21 @@ public class OpenSslEngineTest extends SSLEngineTest {
|
|||||||
.sslProvider(sslServerProvider())
|
.sslProvider(sslServerProvider())
|
||||||
.build());
|
.build());
|
||||||
|
|
||||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_1, "ECDHE-RSA-AES256-SHA");
|
testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "ECDHE-RSA-AES256-SHA");
|
||||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_1, "AES256-SHA");
|
testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "AES256-SHA");
|
||||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_1, "CAMELLIA256-SHA");
|
testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "CAMELLIA256-SHA");
|
||||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_1, "ECDHE-RSA-AES256-SHA");
|
testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "ECDHE-RSA-AES256-SHA");
|
||||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_1, "SEED-SHA");
|
testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "SEED-SHA");
|
||||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_1, "CAMELLIA128-SHA");
|
testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "CAMELLIA128-SHA");
|
||||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_1, "IDEA-CBC-SHA");
|
testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "IDEA-CBC-SHA");
|
||||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_1, "AECDH-RC4-SHA");
|
testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "AECDH-RC4-SHA");
|
||||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_1, "ADH-RC4-MD5");
|
testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "ADH-RC4-MD5");
|
||||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_1, "RC4-SHA");
|
testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "RC4-SHA");
|
||||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_1, "ECDHE-RSA-DES-CBC3-SHA");
|
testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "ECDHE-RSA-DES-CBC3-SHA");
|
||||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_1, "EDH-RSA-DES-CBC3-SHA");
|
testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "EDH-RSA-DES-CBC3-SHA");
|
||||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_1, "AECDH-DES-CBC3-SHA");
|
testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "AECDH-DES-CBC3-SHA");
|
||||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_1, "ADH-DES-CBC3-SHA");
|
testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "ADH-DES-CBC3-SHA");
|
||||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_1, "DES-CBC3-SHA");
|
testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "DES-CBC3-SHA");
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
@ -605,31 +600,31 @@ public class OpenSslEngineTest extends SSLEngineTest {
|
|||||||
.sslProvider(sslServerProvider())
|
.sslProvider(sslServerProvider())
|
||||||
.build());
|
.build());
|
||||||
|
|
||||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "AES128-SHA");
|
testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "AES128-SHA");
|
||||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "ECDHE-RSA-AES128-SHA");
|
testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "ECDHE-RSA-AES128-SHA");
|
||||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "DES-CBC3-SHA");
|
testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "DES-CBC3-SHA");
|
||||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "AES128-GCM-SHA256");
|
testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "AES128-GCM-SHA256");
|
||||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "ECDHE-RSA-AES256-SHA384");
|
testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "ECDHE-RSA-AES256-SHA384");
|
||||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "AECDH-DES-CBC3-SHA");
|
testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "AECDH-DES-CBC3-SHA");
|
||||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "AES256-GCM-SHA384");
|
testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "AES256-GCM-SHA384");
|
||||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "AES256-SHA256");
|
testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "AES256-SHA256");
|
||||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "ECDHE-RSA-AES128-GCM-SHA256");
|
testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "ECDHE-RSA-AES128-GCM-SHA256");
|
||||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "ECDHE-RSA-AES128-SHA256");
|
testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "ECDHE-RSA-AES128-SHA256");
|
||||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "CAMELLIA128-SHA");
|
testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "CAMELLIA128-SHA");
|
||||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "SEED-SHA");
|
testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "SEED-SHA");
|
||||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "RC4-MD5");
|
testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "RC4-MD5");
|
||||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "AES256-SHA");
|
testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "AES256-SHA");
|
||||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "ADH-DES-CBC3-SHA");
|
testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "ADH-DES-CBC3-SHA");
|
||||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "EDH-RSA-DES-CBC3-SHA");
|
testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "EDH-RSA-DES-CBC3-SHA");
|
||||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "ADH-RC4-MD5");
|
testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "ADH-RC4-MD5");
|
||||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "RC4-SHA");
|
testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "RC4-SHA");
|
||||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "CAMELLIA256-SHA");
|
testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "CAMELLIA256-SHA");
|
||||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "AES128-SHA256");
|
testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "AES128-SHA256");
|
||||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "AECDH-RC4-SHA");
|
testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "AECDH-RC4-SHA");
|
||||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "ECDHE-RSA-DES-CBC3-SHA");
|
testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "ECDHE-RSA-DES-CBC3-SHA");
|
||||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "ECDHE-RSA-AES256-GCM-SHA384");
|
testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "ECDHE-RSA-AES256-GCM-SHA384");
|
||||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "ECDHE-RSA-AES256-SHA");
|
testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "ECDHE-RSA-AES256-SHA");
|
||||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "ECDHE-RSA-RC4-SHA");
|
testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "ECDHE-RSA-RC4-SHA");
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
@ -643,31 +638,31 @@ public class OpenSslEngineTest extends SSLEngineTest {
|
|||||||
.sslProvider(sslServerProvider())
|
.sslProvider(sslServerProvider())
|
||||||
.build());
|
.build());
|
||||||
|
|
||||||
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "ADH-AES128-SHA");
|
testWrapWithDifferentSizes(SslProtocols.SSL_v3, "ADH-AES128-SHA");
|
||||||
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "ADH-CAMELLIA128-SHA");
|
testWrapWithDifferentSizes(SslProtocols.SSL_v3, "ADH-CAMELLIA128-SHA");
|
||||||
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "AECDH-AES128-SHA");
|
testWrapWithDifferentSizes(SslProtocols.SSL_v3, "AECDH-AES128-SHA");
|
||||||
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "AECDH-DES-CBC3-SHA");
|
testWrapWithDifferentSizes(SslProtocols.SSL_v3, "AECDH-DES-CBC3-SHA");
|
||||||
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "CAMELLIA128-SHA");
|
testWrapWithDifferentSizes(SslProtocols.SSL_v3, "CAMELLIA128-SHA");
|
||||||
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "DHE-RSA-AES256-SHA");
|
testWrapWithDifferentSizes(SslProtocols.SSL_v3, "DHE-RSA-AES256-SHA");
|
||||||
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "SEED-SHA");
|
testWrapWithDifferentSizes(SslProtocols.SSL_v3, "SEED-SHA");
|
||||||
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "RC4-MD5");
|
testWrapWithDifferentSizes(SslProtocols.SSL_v3, "RC4-MD5");
|
||||||
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "ADH-AES256-SHA");
|
testWrapWithDifferentSizes(SslProtocols.SSL_v3, "ADH-AES256-SHA");
|
||||||
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "ADH-SEED-SHA");
|
testWrapWithDifferentSizes(SslProtocols.SSL_v3, "ADH-SEED-SHA");
|
||||||
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "ADH-DES-CBC3-SHA");
|
testWrapWithDifferentSizes(SslProtocols.SSL_v3, "ADH-DES-CBC3-SHA");
|
||||||
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "EDH-RSA-DES-CBC3-SHA");
|
testWrapWithDifferentSizes(SslProtocols.SSL_v3, "EDH-RSA-DES-CBC3-SHA");
|
||||||
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "ADH-RC4-MD5");
|
testWrapWithDifferentSizes(SslProtocols.SSL_v3, "ADH-RC4-MD5");
|
||||||
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "IDEA-CBC-SHA");
|
testWrapWithDifferentSizes(SslProtocols.SSL_v3, "IDEA-CBC-SHA");
|
||||||
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "DHE-RSA-AES128-SHA");
|
testWrapWithDifferentSizes(SslProtocols.SSL_v3, "DHE-RSA-AES128-SHA");
|
||||||
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "RC4-SHA");
|
testWrapWithDifferentSizes(SslProtocols.SSL_v3, "RC4-SHA");
|
||||||
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "CAMELLIA256-SHA");
|
testWrapWithDifferentSizes(SslProtocols.SSL_v3, "CAMELLIA256-SHA");
|
||||||
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "AECDH-RC4-SHA");
|
testWrapWithDifferentSizes(SslProtocols.SSL_v3, "AECDH-RC4-SHA");
|
||||||
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "DHE-RSA-SEED-SHA");
|
testWrapWithDifferentSizes(SslProtocols.SSL_v3, "DHE-RSA-SEED-SHA");
|
||||||
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "AECDH-AES256-SHA");
|
testWrapWithDifferentSizes(SslProtocols.SSL_v3, "AECDH-AES256-SHA");
|
||||||
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "ECDHE-RSA-DES-CBC3-SHA");
|
testWrapWithDifferentSizes(SslProtocols.SSL_v3, "ECDHE-RSA-DES-CBC3-SHA");
|
||||||
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "ADH-CAMELLIA256-SHA");
|
testWrapWithDifferentSizes(SslProtocols.SSL_v3, "ADH-CAMELLIA256-SHA");
|
||||||
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "DHE-RSA-CAMELLIA256-SHA");
|
testWrapWithDifferentSizes(SslProtocols.SSL_v3, "DHE-RSA-CAMELLIA256-SHA");
|
||||||
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "DHE-RSA-CAMELLIA128-SHA");
|
testWrapWithDifferentSizes(SslProtocols.SSL_v3, "DHE-RSA-CAMELLIA128-SHA");
|
||||||
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "ECDHE-RSA-RC4-SHA");
|
testWrapWithDifferentSizes(SslProtocols.SSL_v3, "ECDHE-RSA-RC4-SHA");
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
@ -1394,22 +1389,22 @@ public class OpenSslEngineTest extends SSLEngineTest {
|
|||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testDefaultTLS1NotAcceptedByDefaultServer() throws Exception {
|
public void testDefaultTLS1NotAcceptedByDefaultServer() throws Exception {
|
||||||
testDefaultTLS1NotAcceptedByDefault(null, PROTOCOL_TLS_V1);
|
testDefaultTLS1NotAcceptedByDefault(null, SslProtocols.TLS_v1);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testDefaultTLS11NotAcceptedByDefaultServer() throws Exception {
|
public void testDefaultTLS11NotAcceptedByDefaultServer() throws Exception {
|
||||||
testDefaultTLS1NotAcceptedByDefault(null, PROTOCOL_TLS_V1_1);
|
testDefaultTLS1NotAcceptedByDefault(null, SslProtocols.TLS_v1_1);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testDefaultTLS1NotAcceptedByDefaultClient() throws Exception {
|
public void testDefaultTLS1NotAcceptedByDefaultClient() throws Exception {
|
||||||
testDefaultTLS1NotAcceptedByDefault(PROTOCOL_TLS_V1, null);
|
testDefaultTLS1NotAcceptedByDefault(SslProtocols.TLS_v1, null);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testDefaultTLS11NotAcceptedByDefaultClient() throws Exception {
|
public void testDefaultTLS11NotAcceptedByDefaultClient() throws Exception {
|
||||||
testDefaultTLS1NotAcceptedByDefault(PROTOCOL_TLS_V1_1, null);
|
testDefaultTLS1NotAcceptedByDefault(SslProtocols.TLS_v1_1, null);
|
||||||
}
|
}
|
||||||
|
|
||||||
private void testDefaultTLS1NotAcceptedByDefault(String clientProtocol, String serverProtocol) throws Exception {
|
private void testDefaultTLS1NotAcceptedByDefault(String clientProtocol, String serverProtocol) throws Exception {
|
||||||
|
@ -145,7 +145,7 @@ public class OpenSslPrivateKeyMethodTest {
|
|||||||
.sslProvider(SslProvider.OPENSSL)
|
.sslProvider(SslProvider.OPENSSL)
|
||||||
.ciphers(ciphers)
|
.ciphers(ciphers)
|
||||||
// As this is not a TLSv1.3 cipher we should ensure we talk something else.
|
// As this is not a TLSv1.3 cipher we should ensure we talk something else.
|
||||||
.protocols(SslUtils.PROTOCOL_TLS_V1_2)
|
.protocols(SslProtocols.TLS_v1_2)
|
||||||
.option(OpenSslContextOption.PRIVATE_KEY_METHOD, method)
|
.option(OpenSslContextOption.PRIVATE_KEY_METHOD, method)
|
||||||
.build();
|
.build();
|
||||||
}
|
}
|
||||||
@ -155,7 +155,7 @@ public class OpenSslPrivateKeyMethodTest {
|
|||||||
.sslProvider(SslProvider.JDK)
|
.sslProvider(SslProvider.JDK)
|
||||||
.ciphers(Collections.singletonList(RFC_CIPHER_NAME))
|
.ciphers(Collections.singletonList(RFC_CIPHER_NAME))
|
||||||
// As this is not a TLSv1.3 cipher we should ensure we talk something else.
|
// As this is not a TLSv1.3 cipher we should ensure we talk something else.
|
||||||
.protocols(SslUtils.PROTOCOL_TLS_V1_2)
|
.protocols(SslProtocols.TLS_v1_2)
|
||||||
.trustManager(InsecureTrustManagerFactory.INSTANCE)
|
.trustManager(InsecureTrustManagerFactory.INSTANCE)
|
||||||
.build();
|
.build();
|
||||||
}
|
}
|
||||||
|
@ -13,17 +13,13 @@
|
|||||||
* License for the specific language governing permissions and limitations
|
* License for the specific language governing permissions and limitations
|
||||||
* under the License.
|
* under the License.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
package io.netty.handler.ssl;
|
package io.netty.handler.ssl;
|
||||||
|
|
||||||
import org.junit.Assume;
|
|
||||||
import org.junit.BeforeClass;
|
import org.junit.BeforeClass;
|
||||||
|
|
||||||
import javax.net.ssl.SSLException;
|
import javax.net.ssl.SSLException;
|
||||||
import java.io.File;
|
import java.io.File;
|
||||||
|
|
||||||
import static org.junit.Assume.assumeTrue;
|
|
||||||
|
|
||||||
public class OpenSslServerContextTest extends SslContextTest {
|
public class OpenSslServerContextTest extends SslContextTest {
|
||||||
|
|
||||||
@BeforeClass
|
@BeforeClass
|
||||||
|
@ -405,7 +405,7 @@ public class ParameterizedSslHandlerTest {
|
|||||||
// Use TLSv1.2 as we depend on the fact that the handshake
|
// Use TLSv1.2 as we depend on the fact that the handshake
|
||||||
// is done in an extra round trip in the test which
|
// is done in an extra round trip in the test which
|
||||||
// is not true in TLSv1.3
|
// is not true in TLSv1.3
|
||||||
.protocols(SslUtils.PROTOCOL_TLS_V1_2)
|
.protocols(SslProtocols.TLS_v1_2)
|
||||||
.build();
|
.build();
|
||||||
|
|
||||||
final SslContext sslClientCtx = SslContextBuilder.forClient()
|
final SslContext sslClientCtx = SslContextBuilder.forClient()
|
||||||
@ -414,7 +414,7 @@ public class ParameterizedSslHandlerTest {
|
|||||||
// Use TLSv1.2 as we depend on the fact that the handshake
|
// Use TLSv1.2 as we depend on the fact that the handshake
|
||||||
// is done in an extra round trip in the test which
|
// is done in an extra round trip in the test which
|
||||||
// is not true in TLSv1.3
|
// is not true in TLSv1.3
|
||||||
.protocols(SslUtils.PROTOCOL_TLS_V1_2)
|
.protocols(SslProtocols.TLS_v1_2)
|
||||||
.build();
|
.build();
|
||||||
|
|
||||||
EventLoopGroup group = new NioEventLoopGroup();
|
EventLoopGroup group = new NioEventLoopGroup();
|
||||||
|
@ -50,7 +50,7 @@ public abstract class RenegotiateTest {
|
|||||||
try {
|
try {
|
||||||
final SslContext context = SslContextBuilder.forServer(cert.key(), cert.cert())
|
final SslContext context = SslContextBuilder.forServer(cert.key(), cert.cert())
|
||||||
.sslProvider(serverSslProvider())
|
.sslProvider(serverSslProvider())
|
||||||
.protocols(SslUtils.PROTOCOL_TLS_V1_2)
|
.protocols(SslProtocols.TLS_v1_2)
|
||||||
.build();
|
.build();
|
||||||
|
|
||||||
ServerBootstrap sb = new ServerBootstrap();
|
ServerBootstrap sb = new ServerBootstrap();
|
||||||
@ -105,7 +105,7 @@ public abstract class RenegotiateTest {
|
|||||||
final SslContext clientContext = SslContextBuilder.forClient()
|
final SslContext clientContext = SslContextBuilder.forClient()
|
||||||
.trustManager(InsecureTrustManagerFactory.INSTANCE)
|
.trustManager(InsecureTrustManagerFactory.INSTANCE)
|
||||||
.sslProvider(SslProvider.JDK)
|
.sslProvider(SslProvider.JDK)
|
||||||
.protocols(SslUtils.PROTOCOL_TLS_V1_2)
|
.protocols(SslProtocols.TLS_v1_2)
|
||||||
.build();
|
.build();
|
||||||
|
|
||||||
Bootstrap bootstrap = new Bootstrap();
|
Bootstrap bootstrap = new Bootstrap();
|
||||||
|
@ -184,9 +184,9 @@ public abstract class SSLEngineTest {
|
|||||||
|
|
||||||
static final class ProtocolCipherCombo {
|
static final class ProtocolCipherCombo {
|
||||||
private static final ProtocolCipherCombo TLSV12 = new ProtocolCipherCombo(
|
private static final ProtocolCipherCombo TLSV12 = new ProtocolCipherCombo(
|
||||||
PROTOCOL_TLS_V1_2, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256");
|
SslProtocols.TLS_v1_2, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256");
|
||||||
private static final ProtocolCipherCombo TLSV13 = new ProtocolCipherCombo(
|
private static final ProtocolCipherCombo TLSV13 = new ProtocolCipherCombo(
|
||||||
PROTOCOL_TLS_V1_3, "TLS_AES_128_GCM_SHA256");
|
SslProtocols.TLS_v1_3, "TLS_AES_128_GCM_SHA256");
|
||||||
final String protocol;
|
final String protocol;
|
||||||
final String cipher;
|
final String cipher;
|
||||||
|
|
||||||
@ -532,13 +532,13 @@ public abstract class SSLEngineTest {
|
|||||||
// due to no shared/supported cipher.
|
// due to no shared/supported cipher.
|
||||||
clientSslCtx = wrapContext(SslContextBuilder.forClient()
|
clientSslCtx = wrapContext(SslContextBuilder.forClient()
|
||||||
.trustManager(InsecureTrustManagerFactory.INSTANCE)
|
.trustManager(InsecureTrustManagerFactory.INSTANCE)
|
||||||
.protocols(PROTOCOL_TLS_V1_3, PROTOCOL_TLS_V1_2, PROTOCOL_TLS_V1)
|
.protocols(SslProtocols.TLS_v1_3, SslProtocols.TLS_v1_2, SslProtocols.TLS_v1)
|
||||||
.sslContextProvider(clientSslContextProvider())
|
.sslContextProvider(clientSslContextProvider())
|
||||||
.sslProvider(sslClientProvider())
|
.sslProvider(sslClientProvider())
|
||||||
.build());
|
.build());
|
||||||
|
|
||||||
serverSslCtx = wrapContext(SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
|
serverSslCtx = wrapContext(SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
|
||||||
.protocols(PROTOCOL_TLS_V1_3, PROTOCOL_TLS_V1_2, PROTOCOL_TLS_V1)
|
.protocols(SslProtocols.TLS_v1_3, SslProtocols.TLS_v1_2, SslProtocols.TLS_v1)
|
||||||
.sslContextProvider(serverSslContextProvider())
|
.sslContextProvider(serverSslContextProvider())
|
||||||
.sslProvider(sslServerProvider())
|
.sslProvider(sslServerProvider())
|
||||||
.build());
|
.build());
|
||||||
@ -1513,7 +1513,7 @@ public abstract class SSLEngineTest {
|
|||||||
assertArrayEquals(protocols1, enabledProtocols);
|
assertArrayEquals(protocols1, enabledProtocols);
|
||||||
|
|
||||||
// Enable a protocol that is currently disabled
|
// Enable a protocol that is currently disabled
|
||||||
sslEngine.setEnabledProtocols(new String[]{ PROTOCOL_TLS_V1_2 });
|
sslEngine.setEnabledProtocols(new String[]{ SslProtocols.TLS_v1_2 });
|
||||||
|
|
||||||
// The protocol that was just enabled should be returned
|
// The protocol that was just enabled should be returned
|
||||||
enabledProtocols = sslEngine.getEnabledProtocols();
|
enabledProtocols = sslEngine.getEnabledProtocols();
|
||||||
@ -1584,7 +1584,7 @@ public abstract class SSLEngineTest {
|
|||||||
if (!clientHandshakeFinished ||
|
if (!clientHandshakeFinished ||
|
||||||
// After the handshake completes it is possible we have more data that was send by the server as
|
// After the handshake completes it is possible we have more data that was send by the server as
|
||||||
// the server will send session updates after the handshake. In this case continue to unwrap.
|
// the server will send session updates after the handshake. In this case continue to unwrap.
|
||||||
SslUtils.PROTOCOL_TLS_V1_3.equals(clientEngine.getSession().getProtocol())) {
|
SslProtocols.TLS_v1_3.equals(clientEngine.getSession().getProtocol())) {
|
||||||
int clientAppReadBufferPos = clientAppReadBuffer.position();
|
int clientAppReadBufferPos = clientAppReadBuffer.position();
|
||||||
clientResult = clientEngine.unwrap(sTOc, clientAppReadBuffer);
|
clientResult = clientEngine.unwrap(sTOc, clientAppReadBuffer);
|
||||||
|
|
||||||
@ -1700,7 +1700,7 @@ public abstract class SSLEngineTest {
|
|||||||
if (serverApn.protocol() == Protocol.NPN || serverApn.protocol() == Protocol.NPN_AND_ALPN) {
|
if (serverApn.protocol() == Protocol.NPN || serverApn.protocol() == Protocol.NPN_AND_ALPN) {
|
||||||
// NPN is not really well supported with TLSv1.3 so force to use TLSv1.2
|
// NPN is not really well supported with TLSv1.3 so force to use TLSv1.2
|
||||||
// See https://github.com/openssl/openssl/issues/3665
|
// See https://github.com/openssl/openssl/issues/3665
|
||||||
serverCtxBuilder.protocols(PROTOCOL_TLS_V1_2);
|
serverCtxBuilder.protocols(SslProtocols.TLS_v1_2);
|
||||||
}
|
}
|
||||||
|
|
||||||
SslContextBuilder clientCtxBuilder = SslContextBuilder.forClient()
|
SslContextBuilder clientCtxBuilder = SslContextBuilder.forClient()
|
||||||
@ -1715,7 +1715,7 @@ public abstract class SSLEngineTest {
|
|||||||
if (clientApn.protocol() == Protocol.NPN || clientApn.protocol() == Protocol.NPN_AND_ALPN) {
|
if (clientApn.protocol() == Protocol.NPN || clientApn.protocol() == Protocol.NPN_AND_ALPN) {
|
||||||
// NPN is not really well supported with TLSv1.3 so force to use TLSv1.2
|
// NPN is not really well supported with TLSv1.3 so force to use TLSv1.2
|
||||||
// See https://github.com/openssl/openssl/issues/3665
|
// See https://github.com/openssl/openssl/issues/3665
|
||||||
clientCtxBuilder.protocols(PROTOCOL_TLS_V1_2);
|
clientCtxBuilder.protocols(SslProtocols.TLS_v1_2);
|
||||||
}
|
}
|
||||||
|
|
||||||
setupHandlers(wrapContext(serverCtxBuilder.build()), wrapContext(clientCtxBuilder.build()));
|
setupHandlers(wrapContext(serverCtxBuilder.build()), wrapContext(clientCtxBuilder.build()));
|
||||||
@ -2043,9 +2043,9 @@ public abstract class SSLEngineTest {
|
|||||||
if (provider != null) {
|
if (provider != null) {
|
||||||
// conscrypt not correctly filters out TLSv1 and TLSv1.1 which is required now by the JDK.
|
// conscrypt not correctly filters out TLSv1 and TLSv1.1 which is required now by the JDK.
|
||||||
// https://github.com/google/conscrypt/issues/1013
|
// https://github.com/google/conscrypt/issues/1013
|
||||||
return new String[] { PROTOCOL_TLS_V1_2 };
|
return new String[] { SslProtocols.TLS_v1_2 };
|
||||||
}
|
}
|
||||||
return new String[] {PROTOCOL_TLS_V1_2, PROTOCOL_TLS_V1};
|
return new String[] {SslProtocols.TLS_v1_2, SslProtocols.TLS_v1};
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
@ -2333,7 +2333,7 @@ public abstract class SSLEngineTest {
|
|||||||
.sslContextProvider(clientSslContextProvider())
|
.sslContextProvider(clientSslContextProvider())
|
||||||
.sslProvider(sslClientProvider())
|
.sslProvider(sslClientProvider())
|
||||||
// This test only works for non TLSv1.3 for now
|
// This test only works for non TLSv1.3 for now
|
||||||
.protocols(PROTOCOL_TLS_V1_2)
|
.protocols(SslProtocols.TLS_v1_2)
|
||||||
.build());
|
.build());
|
||||||
SSLEngine client = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
|
SSLEngine client = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
|
||||||
|
|
||||||
@ -2342,7 +2342,7 @@ public abstract class SSLEngineTest {
|
|||||||
.sslContextProvider(serverSslContextProvider())
|
.sslContextProvider(serverSslContextProvider())
|
||||||
.sslProvider(sslServerProvider())
|
.sslProvider(sslServerProvider())
|
||||||
// This test only works for non TLSv1.3 for now
|
// This test only works for non TLSv1.3 for now
|
||||||
.protocols(PROTOCOL_TLS_V1_2)
|
.protocols(SslProtocols.TLS_v1_2)
|
||||||
.build());
|
.build());
|
||||||
SSLEngine server = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
|
SSLEngine server = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
|
||||||
|
|
||||||
@ -2803,12 +2803,13 @@ public abstract class SSLEngineTest {
|
|||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testDisableProtocols() throws Exception {
|
public void testDisableProtocols() throws Exception {
|
||||||
testDisableProtocols(PROTOCOL_SSL_V2, PROTOCOL_SSL_V2);
|
testDisableProtocols(SslProtocols.SSL_v2, SslProtocols.SSL_v2);
|
||||||
testDisableProtocols(PROTOCOL_SSL_V3, PROTOCOL_SSL_V2, PROTOCOL_SSL_V3);
|
testDisableProtocols(SslProtocols.SSL_v3, SslProtocols.SSL_v2, SslProtocols.SSL_v3);
|
||||||
testDisableProtocols(PROTOCOL_TLS_V1, PROTOCOL_SSL_V2, PROTOCOL_SSL_V3, PROTOCOL_TLS_V1);
|
testDisableProtocols(SslProtocols.TLS_v1, SslProtocols.SSL_v2, SslProtocols.SSL_v3, SslProtocols.TLS_v1);
|
||||||
testDisableProtocols(PROTOCOL_TLS_V1_1, PROTOCOL_SSL_V2, PROTOCOL_SSL_V3, PROTOCOL_TLS_V1, PROTOCOL_TLS_V1_1);
|
testDisableProtocols(SslProtocols.TLS_v1_1, SslProtocols.SSL_v2, SslProtocols.SSL_v3, SslProtocols.TLS_v1,
|
||||||
testDisableProtocols(PROTOCOL_TLS_V1_2, PROTOCOL_SSL_V2,
|
SslProtocols.TLS_v1_1);
|
||||||
PROTOCOL_SSL_V3, PROTOCOL_TLS_V1, PROTOCOL_TLS_V1_1, PROTOCOL_TLS_V1_2);
|
testDisableProtocols(SslProtocols.TLS_v1_2, SslProtocols.SSL_v2,
|
||||||
|
SslProtocols.SSL_v3, SslProtocols.TLS_v1, SslProtocols.TLS_v1_1, SslProtocols.TLS_v1_2);
|
||||||
}
|
}
|
||||||
|
|
||||||
private void testDisableProtocols(String protocol, String... disabledProtocols) throws Exception {
|
private void testDisableProtocols(String protocol, String... disabledProtocols) throws Exception {
|
||||||
@ -2832,7 +2833,7 @@ public abstract class SSLEngineTest {
|
|||||||
for (String disabled : disabledProtocols) {
|
for (String disabled : disabledProtocols) {
|
||||||
supported.remove(disabled);
|
supported.remove(disabled);
|
||||||
}
|
}
|
||||||
if (supported.contains(PROTOCOL_SSL_V2_HELLO) && supported.size() == 1) {
|
if (supported.contains(SslProtocols.SSL_v2_HELLO) && supported.size() == 1) {
|
||||||
// It's not allowed to set only PROTOCOL_SSL_V2_HELLO if using JDK SSLEngine.
|
// It's not allowed to set only PROTOCOL_SSL_V2_HELLO if using JDK SSLEngine.
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
@ -4010,9 +4011,9 @@ public abstract class SSLEngineTest {
|
|||||||
}
|
}
|
||||||
|
|
||||||
assertEquals(SslProvider.isTlsv13EnabledByDefault(sslClientProvider(), clientSslContextProvider()),
|
assertEquals(SslProvider.isTlsv13EnabledByDefault(sslClientProvider(), clientSslContextProvider()),
|
||||||
arrayContains(clientProtocols, PROTOCOL_TLS_V1_3));
|
arrayContains(clientProtocols, SslProtocols.TLS_v1_3));
|
||||||
assertEquals(SslProvider.isTlsv13EnabledByDefault(sslServerProvider(), serverSslContextProvider()),
|
assertEquals(SslProvider.isTlsv13EnabledByDefault(sslServerProvider(), serverSslContextProvider()),
|
||||||
arrayContains(serverProtocols, PROTOCOL_TLS_V1_3));
|
arrayContains(serverProtocols, SslProtocols.TLS_v1_3));
|
||||||
}
|
}
|
||||||
|
|
||||||
protected SSLEngine wrapEngine(SSLEngine engine) {
|
protected SSLEngine wrapEngine(SSLEngine engine) {
|
||||||
|
@ -611,7 +611,7 @@ public class SniHandlerTest {
|
|||||||
* This is a {@link SslHandler} that will call {@code release()} on the {@link SslContext} when
|
* This is a {@link SslHandler} that will call {@code release()} on the {@link SslContext} when
|
||||||
* the client disconnects.
|
* the client disconnects.
|
||||||
*
|
*
|
||||||
* @see SniHandlerTest#testReplaceHandler()
|
* @see SniHandlerTest#testReplaceHandler(SslProvider)
|
||||||
*/
|
*/
|
||||||
private static class CustomSslHandler extends SslHandler {
|
private static class CustomSslHandler extends SslHandler {
|
||||||
private final SslContext sslContext;
|
private final SslContext sslContext;
|
||||||
|
@ -836,7 +836,7 @@ public class SslHandlerTest {
|
|||||||
@Timeout(value = 10000, unit = TimeUnit.MILLISECONDS)
|
@Timeout(value = 10000, unit = TimeUnit.MILLISECONDS)
|
||||||
public void testHandshakeFailedByWriteBeforeChannelActive() throws Exception {
|
public void testHandshakeFailedByWriteBeforeChannelActive() throws Exception {
|
||||||
final SslContext sslClientCtx = SslContextBuilder.forClient()
|
final SslContext sslClientCtx = SslContextBuilder.forClient()
|
||||||
.protocols(SslUtils.PROTOCOL_SSL_V3)
|
.protocols(SslProtocols.SSL_v3)
|
||||||
.trustManager(InsecureTrustManagerFactory.INSTANCE)
|
.trustManager(InsecureTrustManagerFactory.INSTANCE)
|
||||||
.sslProvider(SslProvider.JDK).build();
|
.sslProvider(SslProvider.JDK).build();
|
||||||
|
|
||||||
@ -1145,27 +1145,27 @@ public class SslHandlerTest {
|
|||||||
@Test
|
@Test
|
||||||
@Timeout(value = 5000, unit = TimeUnit.MILLISECONDS)
|
@Timeout(value = 5000, unit = TimeUnit.MILLISECONDS)
|
||||||
public void testSessionTicketsWithTLSv12() throws Throwable {
|
public void testSessionTicketsWithTLSv12() throws Throwable {
|
||||||
testSessionTickets(SslProvider.OPENSSL, SslUtils.PROTOCOL_TLS_V1_2, true);
|
testSessionTickets(SslProvider.OPENSSL, SslProtocols.TLS_v1_2, true);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
@Timeout(value = 5000, unit = TimeUnit.MILLISECONDS)
|
@Timeout(value = 5000, unit = TimeUnit.MILLISECONDS)
|
||||||
public void testSessionTicketsWithTLSv13() throws Throwable {
|
public void testSessionTicketsWithTLSv13() throws Throwable {
|
||||||
assumeTrue(SslProvider.isTlsv13Supported(SslProvider.OPENSSL));
|
assumeTrue(SslProvider.isTlsv13Supported(SslProvider.OPENSSL));
|
||||||
testSessionTickets(SslProvider.OPENSSL, SslUtils.PROTOCOL_TLS_V1_3, true);
|
testSessionTickets(SslProvider.OPENSSL, SslProtocols.TLS_v1_3, true);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
@Timeout(value = 5000, unit = TimeUnit.MILLISECONDS)
|
@Timeout(value = 5000, unit = TimeUnit.MILLISECONDS)
|
||||||
public void testSessionTicketsWithTLSv12AndNoKey() throws Throwable {
|
public void testSessionTicketsWithTLSv12AndNoKey() throws Throwable {
|
||||||
testSessionTickets(SslProvider.OPENSSL, SslUtils.PROTOCOL_TLS_V1_2, false);
|
testSessionTickets(SslProvider.OPENSSL, SslProtocols.TLS_v1_2, false);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
@Timeout(value = 5000, unit = TimeUnit.MILLISECONDS)
|
@Timeout(value = 5000, unit = TimeUnit.MILLISECONDS)
|
||||||
public void testSessionTicketsWithTLSv13AndNoKey() throws Throwable {
|
public void testSessionTicketsWithTLSv13AndNoKey() throws Throwable {
|
||||||
assumeTrue(OpenSsl.isTlsv13Supported());
|
assumeTrue(OpenSsl.isTlsv13Supported());
|
||||||
testSessionTickets(SslProvider.OPENSSL, SslUtils.PROTOCOL_TLS_V1_3, false);
|
testSessionTickets(SslProvider.OPENSSL, SslProtocols.TLS_v1_3, false);
|
||||||
}
|
}
|
||||||
|
|
||||||
private static void testSessionTickets(SslProvider provider, String protocol, boolean withKey) throws Throwable {
|
private static void testSessionTickets(SslProvider provider, String protocol, boolean withKey) throws Throwable {
|
||||||
@ -1223,7 +1223,7 @@ public class SslHandlerTest {
|
|||||||
// This test only works for non TLSv1.3 as TLSv1.3 will establish sessions after
|
// This test only works for non TLSv1.3 as TLSv1.3 will establish sessions after
|
||||||
// the handshake is done.
|
// the handshake is done.
|
||||||
// See https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_sess_set_get_cb.html
|
// See https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_sess_set_get_cb.html
|
||||||
if (!SslUtils.PROTOCOL_TLS_V1_3.equals(engine.getSession().getProtocol())) {
|
if (!SslProtocols.TLS_v1_3.equals(engine.getSession().getProtocol())) {
|
||||||
// First should not re-use the session
|
// First should not re-use the session
|
||||||
try {
|
try {
|
||||||
assertEquals(handshakeCount > 1, engine.isSessionReused());
|
assertEquals(handshakeCount > 1, engine.isSessionReused());
|
||||||
@ -1297,7 +1297,7 @@ public class SslHandlerTest {
|
|||||||
// This test only works for non TLSv1.3 as TLSv1.3 will establish sessions after
|
// This test only works for non TLSv1.3 as TLSv1.3 will establish sessions after
|
||||||
// the handshake is done.
|
// the handshake is done.
|
||||||
// See https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_sess_set_get_cb.html
|
// See https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_sess_set_get_cb.html
|
||||||
if (!SslUtils.PROTOCOL_TLS_V1_3.equals(engine.getSession().getProtocol())) {
|
if (!SslProtocols.TLS_v1_3.equals(engine.getSession().getProtocol())) {
|
||||||
assertEquals(isReused, engine.isSessionReused());
|
assertEquals(isReused, engine.isSessionReused());
|
||||||
}
|
}
|
||||||
Object obj = queue.take();
|
Object obj = queue.take();
|
||||||
@ -1472,11 +1472,11 @@ public class SslHandlerTest {
|
|||||||
if (tls13) {
|
if (tls13) {
|
||||||
clientCipher = "TLS_AES_128_GCM_SHA256";
|
clientCipher = "TLS_AES_128_GCM_SHA256";
|
||||||
serverCipher = "TLS_AES_256_GCM_SHA384";
|
serverCipher = "TLS_AES_256_GCM_SHA384";
|
||||||
protocol = SslUtils.PROTOCOL_TLS_V1_3;
|
protocol = SslProtocols.TLS_v1_3;
|
||||||
} else {
|
} else {
|
||||||
clientCipher = "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256";
|
clientCipher = "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256";
|
||||||
serverCipher = "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384";
|
serverCipher = "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384";
|
||||||
protocol = SslUtils.PROTOCOL_TLS_V1_2;
|
protocol = SslProtocols.TLS_v1_2;
|
||||||
}
|
}
|
||||||
final SslContext sslClientCtx = SslContextBuilder.forClient()
|
final SslContext sslClientCtx = SslContextBuilder.forClient()
|
||||||
.trustManager(InsecureTrustManagerFactory.INSTANCE)
|
.trustManager(InsecureTrustManagerFactory.INSTANCE)
|
||||||
@ -1566,26 +1566,26 @@ public class SslHandlerTest {
|
|||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testHandshakeEventsTls12JDK() throws Exception {
|
public void testHandshakeEventsTls12JDK() throws Exception {
|
||||||
testHandshakeEvents(SslProvider.JDK, SslUtils.PROTOCOL_TLS_V1_2);
|
testHandshakeEvents(SslProvider.JDK, SslProtocols.TLS_v1_2);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testHandshakeEventsTls12Openssl() throws Exception {
|
public void testHandshakeEventsTls12Openssl() throws Exception {
|
||||||
OpenSsl.ensureAvailability();
|
OpenSsl.ensureAvailability();
|
||||||
testHandshakeEvents(SslProvider.OPENSSL, SslUtils.PROTOCOL_TLS_V1_2);
|
testHandshakeEvents(SslProvider.OPENSSL, SslProtocols.TLS_v1_2);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testHandshakeEventsTls13JDK() throws Exception {
|
public void testHandshakeEventsTls13JDK() throws Exception {
|
||||||
assumeTrue(SslProvider.isTlsv13Supported(SslProvider.JDK));
|
assumeTrue(SslProvider.isTlsv13Supported(SslProvider.JDK));
|
||||||
testHandshakeEvents(SslProvider.JDK, SslUtils.PROTOCOL_TLS_V1_3);
|
testHandshakeEvents(SslProvider.JDK, SslProtocols.TLS_v1_3);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testHandshakeEventsTls13Openssl() throws Exception {
|
public void testHandshakeEventsTls13Openssl() throws Exception {
|
||||||
OpenSsl.ensureAvailability();
|
OpenSsl.ensureAvailability();
|
||||||
assumeTrue(SslProvider.isTlsv13Supported(SslProvider.OPENSSL));
|
assumeTrue(SslProvider.isTlsv13Supported(SslProvider.OPENSSL));
|
||||||
testHandshakeEvents(SslProvider.OPENSSL, SslUtils.PROTOCOL_TLS_V1_3);
|
testHandshakeEvents(SslProvider.OPENSSL, SslProtocols.TLS_v1_3);
|
||||||
}
|
}
|
||||||
|
|
||||||
private void testHandshakeEvents(SslProvider provider, String protocol) throws Exception {
|
private void testHandshakeEvents(SslProvider provider, String protocol) throws Exception {
|
||||||
|
Loading…
Reference in New Issue
Block a user