Use SslProtocols and Ciphers constant
This commit is contained in:
parent
0b2e955aff
commit
fac6c19958
758
handler/src/main/java/io/netty/handler/ssl/Ciphers.java
Normal file
758
handler/src/main/java/io/netty/handler/ssl/Ciphers.java
Normal file
@ -0,0 +1,758 @@
|
||||
/*
|
||||
* Copyright 2021 The Netty Project
|
||||
*
|
||||
* The Netty Project licenses this file to you under the Apache License,
|
||||
* version 2.0 (the "License"); you may not use this file except in compliance
|
||||
* with the License. You may obtain a copy of the License at:
|
||||
*
|
||||
* https://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
* License for the specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
package io.netty.handler.ssl;
|
||||
|
||||
import io.netty.util.internal.ObjectUtil;
|
||||
|
||||
import java.util.Arrays;
|
||||
|
||||
/**
|
||||
* Cipher suites
|
||||
*/
|
||||
public final class Ciphers {
|
||||
|
||||
/**
|
||||
* TLS_AES_256_GCM_SHA384
|
||||
*/
|
||||
public static final String TLS_AES_256_GCM_SHA384 = "TLS_AES_256_GCM_SHA384";
|
||||
|
||||
/**
|
||||
* TLS_CHACHA20_POLY1305_SHA256
|
||||
*/
|
||||
public static final String TLS_CHACHA20_POLY1305_SHA256 = "TLS_CHACHA20_POLY1305_SHA256";
|
||||
|
||||
/**
|
||||
* TLS_AES_128_GCM_SHA256
|
||||
*/
|
||||
public static final String TLS_AES_128_GCM_SHA256 = "TLS_AES_128_GCM_SHA256";
|
||||
|
||||
/**
|
||||
* TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
|
||||
*/
|
||||
public static final String TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384";
|
||||
|
||||
/**
|
||||
* TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
|
||||
*/
|
||||
public static final String TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384";
|
||||
|
||||
/**
|
||||
* TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
|
||||
*/
|
||||
public static final String TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 = "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384";
|
||||
|
||||
/**
|
||||
* TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
|
||||
*/
|
||||
public static final String TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384";
|
||||
|
||||
/**
|
||||
* TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
|
||||
*/
|
||||
public static final String TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 =
|
||||
"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256";
|
||||
|
||||
/**
|
||||
* TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
|
||||
*/
|
||||
public static final String TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 =
|
||||
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256";
|
||||
|
||||
/**
|
||||
* TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
|
||||
*/
|
||||
public static final String TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256";
|
||||
|
||||
/**
|
||||
* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_CCM8
|
||||
*/
|
||||
public static final String TLS_ECDHE_ECDSA_WITH_AES_256_CBC_CCM8 = "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_CCM8";
|
||||
|
||||
/**
|
||||
* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_CCM
|
||||
*/
|
||||
public static final String TLS_ECDHE_ECDSA_WITH_AES_256_CBC_CCM = "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_CCM";
|
||||
|
||||
/**
|
||||
* TLS_DHE_RSA_WITH_AES_256_CBC_CCM8
|
||||
*/
|
||||
public static final String TLS_DHE_RSA_WITH_AES_256_CBC_CCM8 = "TLS_DHE_RSA_WITH_AES_256_CBC_CCM8";
|
||||
|
||||
/**
|
||||
* TLS_DHE_RSA_WITH_AES_256_CBC_CCM
|
||||
*/
|
||||
public static final String TLS_DHE_RSA_WITH_AES_256_CBC_CCM = "TLS_DHE_RSA_WITH_AES_256_CBC_CCM";
|
||||
|
||||
/**
|
||||
* TLS_ECDHE_ECDSA_WITH_ARIA256_GCM_SHA384
|
||||
*/
|
||||
public static final String TLS_ECDHE_ECDSA_WITH_ARIA256_GCM_SHA384 = "TLS_ECDHE_ECDSA_WITH_ARIA256_GCM_SHA384";
|
||||
|
||||
/**
|
||||
* TLS_RSA_WITH_ECDHE_ARIA256_GCM_SHA384
|
||||
*/
|
||||
public static final String TLS_RSA_WITH_ECDHE_ARIA256_GCM_SHA384 = "TLS_RSA_WITH_ECDHE_ARIA256_GCM_SHA384";
|
||||
|
||||
/**
|
||||
* TLS_DHE_DSS_WITH_ARIA256_GCM_SHA384
|
||||
*/
|
||||
public static final String TLS_DHE_DSS_WITH_ARIA256_GCM_SHA384 = "TLS_DHE_DSS_WITH_ARIA256_GCM_SHA384";
|
||||
|
||||
/**
|
||||
* TLS_DHE_RSA_WITH_ARIA256_GCM_SHA384
|
||||
*/
|
||||
public static final String TLS_DHE_RSA_WITH_ARIA256_GCM_SHA384 = "TLS_DHE_RSA_WITH_ARIA256_GCM_SHA384";
|
||||
|
||||
/**
|
||||
* TLS_DH_anon_WITH_AES_256_GCM_SHA384
|
||||
*/
|
||||
public static final String TLS_DH_anon_WITH_AES_256_GCM_SHA384 = "TLS_DH_anon_WITH_AES_256_GCM_SHA384";
|
||||
|
||||
/**
|
||||
* TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
|
||||
*/
|
||||
public static final String TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256";
|
||||
|
||||
/**
|
||||
* TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
|
||||
*/
|
||||
public static final String TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256";
|
||||
|
||||
/**
|
||||
* TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
|
||||
*/
|
||||
public static final String TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 = "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256";
|
||||
|
||||
/**
|
||||
* TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
|
||||
*/
|
||||
public static final String TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256";
|
||||
|
||||
/**
|
||||
* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_CCM8
|
||||
*/
|
||||
public static final String TLS_ECDHE_ECDSA_WITH_AES_128_CBC_CCM8 = "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_CCM8";
|
||||
|
||||
/**
|
||||
* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_CCM
|
||||
*/
|
||||
public static final String TLS_ECDHE_ECDSA_WITH_AES_128_CBC_CCM = "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_CCM";
|
||||
|
||||
/**
|
||||
* TLS_DHE_RSA_WITH_AES_128_CBC_CCM8
|
||||
*/
|
||||
public static final String TLS_DHE_RSA_WITH_AES_128_CBC_CCM8 = "TLS_DHE_RSA_WITH_AES_128_CBC_CCM8";
|
||||
|
||||
/**
|
||||
* TLS_DHE_RSA_WITH_AES_128_CBC_CCM
|
||||
*/
|
||||
public static final String TLS_DHE_RSA_WITH_AES_128_CBC_CCM = "TLS_DHE_RSA_WITH_AES_128_CBC_CCM";
|
||||
|
||||
/**
|
||||
* TLS_ECDHE_ECDSA_WITH_ARIA128_GCM_SHA256
|
||||
*/
|
||||
public static final String TLS_ECDHE_ECDSA_WITH_ARIA128_GCM_SHA256 = "TLS_ECDHE_ECDSA_WITH_ARIA128_GCM_SHA256";
|
||||
|
||||
/**
|
||||
* TLS_RSA_WITH_ECDHE_ARIA128_GCM_SHA256
|
||||
*/
|
||||
public static final String TLS_RSA_WITH_ECDHE_ARIA128_GCM_SHA256 = "TLS_RSA_WITH_ECDHE_ARIA128_GCM_SHA256";
|
||||
|
||||
/**
|
||||
* TLS_DHE_DSS_WITH_ARIA128_GCM_SHA256
|
||||
*/
|
||||
public static final String TLS_DHE_DSS_WITH_ARIA128_GCM_SHA256 = "TLS_DHE_DSS_WITH_ARIA128_GCM_SHA256";
|
||||
|
||||
/**
|
||||
* TLS_DHE_RSA_WITH_ARIA128_GCM_SHA256
|
||||
*/
|
||||
public static final String TLS_DHE_RSA_WITH_ARIA128_GCM_SHA256 = "TLS_DHE_RSA_WITH_ARIA128_GCM_SHA256";
|
||||
|
||||
/**
|
||||
* TLS_DH_anon_WITH_AES_128_GCM_SHA256
|
||||
*/
|
||||
public static final String TLS_DH_anon_WITH_AES_128_GCM_SHA256 = "TLS_DH_anon_WITH_AES_128_GCM_SHA256";
|
||||
|
||||
/**
|
||||
* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
|
||||
*/
|
||||
public static final String TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 = "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384";
|
||||
|
||||
/**
|
||||
* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
|
||||
*/
|
||||
public static final String TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 = "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384";
|
||||
|
||||
/**
|
||||
* TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
|
||||
*/
|
||||
public static final String TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256";
|
||||
|
||||
/**
|
||||
* TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
|
||||
*/
|
||||
public static final String TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 = "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256";
|
||||
|
||||
/**
|
||||
* TLS_ECDHE_ECDSA_WITH_CAMELLIA256_SHA384
|
||||
*/
|
||||
public static final String TLS_ECDHE_ECDSA_WITH_CAMELLIA256_SHA384 = "TLS_ECDHE_ECDSA_WITH_CAMELLIA256_SHA384";
|
||||
|
||||
/**
|
||||
* TLS_ECDHE_RSA_WITH_CAMELLIA256_SHA384
|
||||
*/
|
||||
public static final String TLS_ECDHE_RSA_WITH_CAMELLIA256_SHA384 = "TLS_ECDHE_RSA_WITH_CAMELLIA256_SHA384";
|
||||
|
||||
/**
|
||||
* TLS_DHE_RSA_WITH_CAMELLIA256_SHA256
|
||||
*/
|
||||
public static final String TLS_DHE_RSA_WITH_CAMELLIA256_SHA256 = "TLS_DHE_RSA_WITH_CAMELLIA256_SHA256";
|
||||
|
||||
/**
|
||||
* TLS_DHE_DSS_WITH_CAMELLIA256_SHA256
|
||||
*/
|
||||
public static final String TLS_DHE_DSS_WITH_CAMELLIA256_SHA256 = "TLS_DHE_DSS_WITH_CAMELLIA256_SHA256";
|
||||
|
||||
/**
|
||||
* TLS_DH_anon_WITH_AES_256_CBC_SHA256
|
||||
*/
|
||||
public static final String TLS_DH_anon_WITH_AES_256_CBC_SHA256 = "TLS_DH_anon_WITH_AES_256_CBC_SHA256";
|
||||
|
||||
/**
|
||||
* TLS_DH_anon_WITH_CAMELLIA256_SHA256
|
||||
*/
|
||||
public static final String TLS_DH_anon_WITH_CAMELLIA256_SHA256 = "TLS_DH_anon_WITH_CAMELLIA256_SHA256";
|
||||
|
||||
/**
|
||||
* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
|
||||
*/
|
||||
public static final String TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256";
|
||||
|
||||
/**
|
||||
* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
|
||||
*/
|
||||
public static final String TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256";
|
||||
|
||||
/**
|
||||
* TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
|
||||
*/
|
||||
public static final String TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256";
|
||||
|
||||
/**
|
||||
* TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
|
||||
*/
|
||||
public static final String TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 = "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256";
|
||||
|
||||
/**
|
||||
* TLS_ECDHE_ECDSA_WITH_CAMELLIA128_SHA256
|
||||
*/
|
||||
public static final String TLS_ECDHE_ECDSA_WITH_CAMELLIA128_SHA256 = "TLS_ECDHE_ECDSA_WITH_CAMELLIA128_SHA256";
|
||||
|
||||
/**
|
||||
* TLS_ECDHE_RSA_WITH_CAMELLIA128_SHA256
|
||||
*/
|
||||
public static final String TLS_ECDHE_RSA_WITH_CAMELLIA128_SHA256 = "TLS_ECDHE_RSA_WITH_CAMELLIA128_SHA256";
|
||||
|
||||
/**
|
||||
* TLS_DHE_RSA_WITH_CAMELLIA128_SHA256
|
||||
*/
|
||||
public static final String TLS_DHE_RSA_WITH_CAMELLIA128_SHA256 = "TLS_DHE_RSA_WITH_CAMELLIA128_SHA256";
|
||||
|
||||
/**
|
||||
* TLS_DHE_DSS_WITH_CAMELLIA128_SHA256
|
||||
*/
|
||||
public static final String TLS_DHE_DSS_WITH_CAMELLIA128_SHA256 = "TLS_DHE_DSS_WITH_CAMELLIA128_SHA256";
|
||||
|
||||
/**
|
||||
* TLS_DH_anon_WITH_AES_128_CBC_SHA256
|
||||
*/
|
||||
public static final String TLS_DH_anon_WITH_AES_128_CBC_SHA256 = "TLS_DH_anon_WITH_AES_128_CBC_SHA256";
|
||||
|
||||
/**
|
||||
* TLS_DH_anon_WITH_CAMELLIA128_SHA256
|
||||
*/
|
||||
public static final String TLS_DH_anon_WITH_CAMELLIA128_SHA256 = "TLS_DH_anon_WITH_CAMELLIA128_SHA256";
|
||||
|
||||
/**
|
||||
* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
|
||||
*/
|
||||
public static final String TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA";
|
||||
|
||||
/**
|
||||
* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
|
||||
*/
|
||||
public static final String TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA";
|
||||
|
||||
/**
|
||||
* TLS_DHE_RSA_WITH_AES_256_CBC_SHA
|
||||
*/
|
||||
public static final String TLS_DHE_RSA_WITH_AES_256_CBC_SHA = "TLS_DHE_RSA_WITH_AES_256_CBC_SHA";
|
||||
|
||||
/**
|
||||
* TLS_DHE_DSS_WITH_AES_256_CBC_SHA
|
||||
*/
|
||||
public static final String TLS_DHE_DSS_WITH_AES_256_CBC_SHA = "TLS_DHE_DSS_WITH_AES_256_CBC_SHA";
|
||||
|
||||
/**
|
||||
* TLS_DHE_RSA_WITH_CAMELLIA256_SHA
|
||||
*/
|
||||
public static final String TLS_DHE_RSA_WITH_CAMELLIA256_SHA = "TLS_DHE_RSA_WITH_CAMELLIA256_SHA";
|
||||
|
||||
/**
|
||||
* TLS_DHE_DSS_WITH_CAMELLIA256_SHA
|
||||
*/
|
||||
public static final String TLS_DHE_DSS_WITH_CAMELLIA256_SHA = "TLS_DHE_DSS_WITH_CAMELLIA256_SHA";
|
||||
|
||||
/**
|
||||
* TLS_ECDH_anon_WITH_AES_256_CBC_SHA
|
||||
*/
|
||||
public static final String TLS_ECDH_anon_WITH_AES_256_CBC_SHA = "TLS_ECDH_anon_WITH_AES_256_CBC_SHA";
|
||||
|
||||
/**
|
||||
* TLS_DH_anon_WITH_AES_256_CBC_SHA
|
||||
*/
|
||||
public static final String TLS_DH_anon_WITH_AES_256_CBC_SHA = "TLS_DH_anon_WITH_AES_256_CBC_SHA";
|
||||
|
||||
/**
|
||||
* TLS_DH_anon_WITH_CAMELLIA256_SHA
|
||||
*/
|
||||
public static final String TLS_DH_anon_WITH_CAMELLIA256_SHA = "TLS_DH_anon_WITH_CAMELLIA256_SHA";
|
||||
|
||||
/**
|
||||
* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
|
||||
*/
|
||||
public static final String TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA = "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA";
|
||||
|
||||
/**
|
||||
* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
|
||||
*/
|
||||
public static final String TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA";
|
||||
|
||||
/**
|
||||
* TLS_DHE_RSA_WITH_AES_128_CBC_SHA
|
||||
*/
|
||||
public static final String TLS_DHE_RSA_WITH_AES_128_CBC_SHA = "TLS_DHE_RSA_WITH_AES_128_CBC_SHA";
|
||||
|
||||
/**
|
||||
* TLS_DHE_DSS_WITH_AES_128_CBC_SHA
|
||||
*/
|
||||
public static final String TLS_DHE_DSS_WITH_AES_128_CBC_SHA = "TLS_DHE_DSS_WITH_AES_128_CBC_SHA";
|
||||
|
||||
/**
|
||||
* TLS_DHE_RSA_WITH_SEED_SHA
|
||||
*/
|
||||
public static final String TLS_DHE_RSA_WITH_SEED_SHA = "TLS_DHE_RSA_WITH_SEED_SHA";
|
||||
|
||||
/**
|
||||
* TLS_DHE_DSS_WITH_SEED_SHA
|
||||
*/
|
||||
public static final String TLS_DHE_DSS_WITH_SEED_SHA = "TLS_DHE_DSS_WITH_SEED_SHA";
|
||||
|
||||
/**
|
||||
* TLS_DHE_RSA_WITH_CAMELLIA128_SHA
|
||||
*/
|
||||
public static final String TLS_DHE_RSA_WITH_CAMELLIA128_SHA = "TLS_DHE_RSA_WITH_CAMELLIA128_SHA";
|
||||
|
||||
/**
|
||||
* TLS_DHE_DSS_WITH_CAMELLIA128_SHA
|
||||
*/
|
||||
public static final String TLS_DHE_DSS_WITH_CAMELLIA128_SHA = "TLS_DHE_DSS_WITH_CAMELLIA128_SHA";
|
||||
|
||||
/**
|
||||
* TLS_ECDH_anon_WITH_AES_128_CBC_SHA
|
||||
*/
|
||||
public static final String TLS_ECDH_anon_WITH_AES_128_CBC_SHA = "TLS_ECDH_anon_WITH_AES_128_CBC_SHA";
|
||||
|
||||
/**
|
||||
* TLS_DH_anon_WITH_AES_128_CBC_SHA
|
||||
*/
|
||||
public static final String TLS_DH_anon_WITH_AES_128_CBC_SHA = "TLS_DH_anon_WITH_AES_128_CBC_SHA";
|
||||
|
||||
/**
|
||||
* TLS_DH_anon_WITH_SEED_SHA
|
||||
*/
|
||||
public static final String TLS_DH_anon_WITH_SEED_SHA = "TLS_DH_anon_WITH_SEED_SHA";
|
||||
|
||||
/**
|
||||
* TLS_DH_anon_WITH_CAMELLIA128_SHA
|
||||
*/
|
||||
public static final String TLS_DH_anon_WITH_CAMELLIA128_SHA = "TLS_DH_anon_WITH_CAMELLIA128_SHA";
|
||||
|
||||
/**
|
||||
* TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
|
||||
*/
|
||||
public static final String TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 = "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384";
|
||||
|
||||
/**
|
||||
* TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
|
||||
*/
|
||||
public static final String TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 = "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384";
|
||||
|
||||
/**
|
||||
* TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256
|
||||
*/
|
||||
public static final String TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256 = "TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256";
|
||||
|
||||
/**
|
||||
* TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256
|
||||
*/
|
||||
public static final String TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 = "TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256";
|
||||
|
||||
/**
|
||||
* TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256
|
||||
*/
|
||||
public static final String TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 =
|
||||
"TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256";
|
||||
|
||||
/**
|
||||
* TLS_DHE_PSK_WITH_AES_256_CBC_CCM8
|
||||
*/
|
||||
public static final String TLS_DHE_PSK_WITH_AES_256_CBC_CCM8 = "TLS_DHE_PSK_WITH_AES_256_CBC_CCM8";
|
||||
|
||||
/**
|
||||
* TLS_DHE_PSK_WITH_AES_256_CBC_CCM
|
||||
*/
|
||||
public static final String TLS_DHE_PSK_WITH_AES_256_CBC_CCM = "TLS_DHE_PSK_WITH_AES_256_CBC_CCM";
|
||||
|
||||
/**
|
||||
* TLS_RSA_PSK_WITH_ARIA256_GCM_SHA384
|
||||
*/
|
||||
public static final String TLS_RSA_PSK_WITH_ARIA256_GCM_SHA384 = "TLS_RSA_PSK_WITH_ARIA256_GCM_SHA384";
|
||||
|
||||
/**
|
||||
* TLS_DHE_PSK_WITH_ARIA256_GCM_SHA384
|
||||
*/
|
||||
public static final String TLS_DHE_PSK_WITH_ARIA256_GCM_SHA384 = "TLS_DHE_PSK_WITH_ARIA256_GCM_SHA384";
|
||||
|
||||
/**
|
||||
* TLS_RSA_WITH_AES_256_GCM_SHA384
|
||||
*/
|
||||
public static final String TLS_RSA_WITH_AES_256_GCM_SHA384 = "TLS_RSA_WITH_AES_256_GCM_SHA384";
|
||||
|
||||
/**
|
||||
* TLS_RSA_WITH_AES_256_CBC_CCM8
|
||||
*/
|
||||
public static final String TLS_RSA_WITH_AES_256_CBC_CCM8 = "TLS_RSA_WITH_AES_256_CBC_CCM8";
|
||||
|
||||
/**
|
||||
* TLS_RSA_WITH_AES_256_CBC_CCM
|
||||
*/
|
||||
public static final String TLS_RSA_WITH_AES_256_CBC_CCM = "TLS_RSA_WITH_AES_256_CBC_CCM";
|
||||
|
||||
/**
|
||||
* TLS_RSA_WITH_ARIA256_GCM_SHA384
|
||||
*/
|
||||
public static final String TLS_RSA_WITH_ARIA256_GCM_SHA384 = "TLS_RSA_WITH_ARIA256_GCM_SHA384";
|
||||
|
||||
/**
|
||||
* TLS_PSK_WITH_AES_256_GCM_SHA384
|
||||
*/
|
||||
public static final String TLS_PSK_WITH_AES_256_GCM_SHA384 = "TLS_PSK_WITH_AES_256_GCM_SHA384";
|
||||
|
||||
/**
|
||||
* TLS_PSK_WITH_CHACHA20_POLY1305_SHA256
|
||||
*/
|
||||
public static final String TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 = "TLS_PSK_WITH_CHACHA20_POLY1305_SHA256";
|
||||
|
||||
/**
|
||||
* TLS_PSK_WITH_AES_256_CBC_CCM8
|
||||
*/
|
||||
public static final String TLS_PSK_WITH_AES_256_CBC_CCM8 = "TLS_PSK_WITH_AES_256_CBC_CCM8";
|
||||
|
||||
/**
|
||||
* TLS_PSK_WITH_AES_256_CBC_CCM
|
||||
*/
|
||||
public static final String TLS_PSK_WITH_AES_256_CBC_CCM = "TLS_PSK_WITH_AES_256_CBC_CCM";
|
||||
|
||||
/**
|
||||
* TLS_PSK_WITH_ARIA256_GCM_SHA384
|
||||
*/
|
||||
public static final String TLS_PSK_WITH_ARIA256_GCM_SHA384 = "TLS_PSK_WITH_ARIA256_GCM_SHA384";
|
||||
|
||||
/**
|
||||
* TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
|
||||
*/
|
||||
public static final String TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 = "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256";
|
||||
|
||||
/**
|
||||
* TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
|
||||
*/
|
||||
public static final String TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 = "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256";
|
||||
|
||||
/**
|
||||
* TLS_DHE_PSK_WITH_AES_128_CBC_CCM8
|
||||
*/
|
||||
public static final String TLS_DHE_PSK_WITH_AES_128_CBC_CCM8 = "TLS_DHE_PSK_WITH_AES_128_CBC_CCM8";
|
||||
|
||||
/**
|
||||
* TLS_DHE_PSK_WITH_AES_128_CBC_CCM
|
||||
*/
|
||||
public static final String TLS_DHE_PSK_WITH_AES_128_CBC_CCM = "TLS_DHE_PSK_WITH_AES_128_CBC_CCM";
|
||||
|
||||
/**
|
||||
* TLS_RSA_PSK_WITH_ARIA128_GCM_SHA256
|
||||
*/
|
||||
public static final String TLS_RSA_PSK_WITH_ARIA128_GCM_SHA256 = "TLS_RSA_PSK_WITH_ARIA128_GCM_SHA256";
|
||||
|
||||
/**
|
||||
* TLS_DHE_PSK_WITH_ARIA128_GCM_SHA256
|
||||
*/
|
||||
public static final String TLS_DHE_PSK_WITH_ARIA128_GCM_SHA256 = "TLS_DHE_PSK_WITH_ARIA128_GCM_SHA256";
|
||||
|
||||
/**
|
||||
* TLS_RSA_WITH_AES_128_GCM_SHA256
|
||||
*/
|
||||
public static final String TLS_RSA_WITH_AES_128_GCM_SHA256 = "TLS_RSA_WITH_AES_128_GCM_SHA256";
|
||||
|
||||
/**
|
||||
* TLS_RSA_WITH_AES_128_CBC_CCM8
|
||||
*/
|
||||
public static final String TLS_RSA_WITH_AES_128_CBC_CCM8 = "TLS_RSA_WITH_AES_128_CBC_CCM8";
|
||||
|
||||
/**
|
||||
* TLS_RSA_WITH_AES_128_CBC_CCM
|
||||
*/
|
||||
public static final String TLS_RSA_WITH_AES_128_CBC_CCM = "TLS_RSA_WITH_AES_128_CBC_CCM";
|
||||
|
||||
/**
|
||||
* TLS_RSA_WITH_ARIA128_GCM_SHA256
|
||||
*/
|
||||
public static final String TLS_RSA_WITH_ARIA128_GCM_SHA256 = "TLS_RSA_WITH_ARIA128_GCM_SHA256";
|
||||
|
||||
/**
|
||||
* TLS_PSK_WITH_AES_128_GCM_SHA256
|
||||
*/
|
||||
public static final String TLS_PSK_WITH_AES_128_GCM_SHA256 = "TLS_PSK_WITH_AES_128_GCM_SHA256";
|
||||
|
||||
/**
|
||||
* TLS_PSK_WITH_AES_128_CBC_CCM8
|
||||
*/
|
||||
public static final String TLS_PSK_WITH_AES_128_CBC_CCM8 = "TLS_PSK_WITH_AES_128_CBC_CCM8";
|
||||
|
||||
/**
|
||||
* TLS_PSK_WITH_AES_128_CBC_CCM
|
||||
*/
|
||||
public static final String TLS_PSK_WITH_AES_128_CBC_CCM = "TLS_PSK_WITH_AES_128_CBC_CCM";
|
||||
|
||||
/**
|
||||
* TLS_PSK_WITH_ARIA128_GCM_SHA256
|
||||
*/
|
||||
public static final String TLS_PSK_WITH_ARIA128_GCM_SHA256 = "TLS_PSK_WITH_ARIA128_GCM_SHA256";
|
||||
|
||||
/**
|
||||
* TLS_RSA_WITH_AES_256_CBC_SHA256
|
||||
*/
|
||||
public static final String TLS_RSA_WITH_AES_256_CBC_SHA256 = "TLS_RSA_WITH_AES_256_CBC_SHA256";
|
||||
|
||||
/**
|
||||
* TLS_RSA_WITH_CAMELLIA256_SHA256
|
||||
*/
|
||||
public static final String TLS_RSA_WITH_CAMELLIA256_SHA256 = "TLS_RSA_WITH_CAMELLIA256_SHA256";
|
||||
|
||||
/**
|
||||
* TLS_RSA_WITH_AES_128_CBC_SHA256
|
||||
*/
|
||||
public static final String TLS_RSA_WITH_AES_128_CBC_SHA256 = "TLS_RSA_WITH_AES_128_CBC_SHA256";
|
||||
|
||||
/**
|
||||
* TLS_RSA_WITH_CAMELLIA128_SHA256
|
||||
*/
|
||||
public static final String TLS_RSA_WITH_CAMELLIA128_SHA256 = "TLS_RSA_WITH_CAMELLIA128_SHA256";
|
||||
|
||||
/**
|
||||
* TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
|
||||
*/
|
||||
public static final String TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 = "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384";
|
||||
|
||||
/**
|
||||
* TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
|
||||
*/
|
||||
public static final String TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA = "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA";
|
||||
|
||||
/**
|
||||
* TLS_SRP_DSS_WITH_AES_256_CBC_SHA
|
||||
*/
|
||||
public static final String TLS_SRP_DSS_WITH_AES_256_CBC_SHA = "TLS_SRP_DSS_WITH_AES_256_CBC_SHA";
|
||||
|
||||
/**
|
||||
* TLS_SRP_RSA_WITH_AES_256_CBC_SHA
|
||||
*/
|
||||
public static final String TLS_SRP_RSA_WITH_AES_256_CBC_SHA = "TLS_SRP_RSA_WITH_AES_256_CBC_SHA";
|
||||
|
||||
/**
|
||||
* TLS_SRP_WITH_AES_256_CBC_SHA
|
||||
*/
|
||||
public static final String TLS_SRP_WITH_AES_256_CBC_SHA = "TLS_SRP_WITH_AES_256_CBC_SHA";
|
||||
|
||||
/**
|
||||
* TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
|
||||
*/
|
||||
public static final String TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 = "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384";
|
||||
|
||||
/**
|
||||
* TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
|
||||
*/
|
||||
public static final String TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 = "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384";
|
||||
|
||||
/**
|
||||
* TLS_RSA_PSK_WITH_AES_256_CBC_SHA
|
||||
*/
|
||||
public static final String TLS_RSA_PSK_WITH_AES_256_CBC_SHA = "TLS_RSA_PSK_WITH_AES_256_CBC_SHA";
|
||||
|
||||
/**
|
||||
* TLS_DHE_PSK_WITH_AES_256_CBC_SHA
|
||||
*/
|
||||
public static final String TLS_DHE_PSK_WITH_AES_256_CBC_SHA = "TLS_DHE_PSK_WITH_AES_256_CBC_SHA";
|
||||
|
||||
/**
|
||||
* TLS_ECDHE_PSK_WITH_CAMELLIA256_SHA384
|
||||
*/
|
||||
public static final String TLS_ECDHE_PSK_WITH_CAMELLIA256_SHA384 = "TLS_ECDHE_PSK_WITH_CAMELLIA256_SHA384";
|
||||
|
||||
/**
|
||||
* TLS_RSA_PSK_WITH_CAMELLIA256_SHA384
|
||||
*/
|
||||
public static final String TLS_RSA_PSK_WITH_CAMELLIA256_SHA384 = "TLS_RSA_PSK_WITH_CAMELLIA256_SHA384";
|
||||
|
||||
/**
|
||||
* TLS_DHE_PSK_WITH_CAMELLIA256_SHA384
|
||||
*/
|
||||
public static final String TLS_DHE_PSK_WITH_CAMELLIA256_SHA384 = "TLS_DHE_PSK_WITH_CAMELLIA256_SHA384";
|
||||
|
||||
/**
|
||||
* TLS_RSA_WITH_AES_256_CBC_SHA
|
||||
*/
|
||||
public static final String TLS_RSA_WITH_AES_256_CBC_SHA = "TLS_RSA_WITH_AES_256_CBC_SHA";
|
||||
|
||||
/**
|
||||
* TLS_RSA_WITH_CAMELLIA256_SHA
|
||||
*/
|
||||
public static final String TLS_RSA_WITH_CAMELLIA256_SHA = "TLS_RSA_WITH_CAMELLIA256_SHA";
|
||||
|
||||
/**
|
||||
* TLS_PSK_WITH_AES_256_CBC_SHA384
|
||||
*/
|
||||
public static final String TLS_PSK_WITH_AES_256_CBC_SHA384 = "TLS_PSK_WITH_AES_256_CBC_SHA384";
|
||||
|
||||
/**
|
||||
* TLS_PSK_WITH_AES_256_CBC_SHA
|
||||
*/
|
||||
public static final String TLS_PSK_WITH_AES_256_CBC_SHA = "TLS_PSK_WITH_AES_256_CBC_SHA";
|
||||
|
||||
/**
|
||||
* TLS_PSK_WITH_CAMELLIA256_SHA384
|
||||
*/
|
||||
public static final String TLS_PSK_WITH_CAMELLIA256_SHA384 = "TLS_PSK_WITH_CAMELLIA256_SHA384";
|
||||
|
||||
/**
|
||||
* TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
|
||||
*/
|
||||
public static final String TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 = "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256";
|
||||
|
||||
/**
|
||||
* TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
|
||||
*/
|
||||
public static final String TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA = "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA";
|
||||
|
||||
/**
|
||||
* TLS_SRP_DSS_WITH_AES_128_CBC_SHA
|
||||
*/
|
||||
public static final String TLS_SRP_DSS_WITH_AES_128_CBC_SHA = "TLS_SRP_DSS_WITH_AES_128_CBC_SHA";
|
||||
|
||||
/**
|
||||
* TLS_SRP_RSA_WITH_AES_128_CBC_SHA
|
||||
*/
|
||||
public static final String TLS_SRP_RSA_WITH_AES_128_CBC_SHA = "TLS_SRP_RSA_WITH_AES_128_CBC_SHA";
|
||||
|
||||
/**
|
||||
* TLS_SRP_WITH_AES_128_CBC_SHA
|
||||
*/
|
||||
public static final String TLS_SRP_WITH_AES_128_CBC_SHA = "TLS_SRP_WITH_AES_128_CBC_SHA";
|
||||
|
||||
/**
|
||||
* TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
|
||||
*/
|
||||
public static final String TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 = "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256";
|
||||
|
||||
/**
|
||||
* TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
|
||||
*/
|
||||
public static final String TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 = "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256";
|
||||
|
||||
/**
|
||||
* TLS_RSA_PSK_WITH_AES_128_CBC_SHA
|
||||
*/
|
||||
public static final String TLS_RSA_PSK_WITH_AES_128_CBC_SHA = "TLS_RSA_PSK_WITH_AES_128_CBC_SHA";
|
||||
|
||||
/**
|
||||
* TLS_DHE_PSK_WITH_AES_128_CBC_SHA
|
||||
*/
|
||||
public static final String TLS_DHE_PSK_WITH_AES_128_CBC_SHA = "TLS_DHE_PSK_WITH_AES_128_CBC_SHA";
|
||||
|
||||
/**
|
||||
* TLS_ECDHE_PSK_WITH_CAMELLIA128_SHA256
|
||||
*/
|
||||
public static final String TLS_ECDHE_PSK_WITH_CAMELLIA128_SHA256 = "TLS_ECDHE_PSK_WITH_CAMELLIA128_SHA256";
|
||||
|
||||
/**
|
||||
* TLS_RSA_PSK_WITH_CAMELLIA128_SHA256
|
||||
*/
|
||||
public static final String TLS_RSA_PSK_WITH_CAMELLIA128_SHA256 = "TLS_RSA_PSK_WITH_CAMELLIA128_SHA256";
|
||||
|
||||
/**
|
||||
* TLS_DHE_PSK_WITH_CAMELLIA128_SHA256
|
||||
*/
|
||||
public static final String TLS_DHE_PSK_WITH_CAMELLIA128_SHA256 = "TLS_DHE_PSK_WITH_CAMELLIA128_SHA256";
|
||||
|
||||
/**
|
||||
* TLS_RSA_WITH_AES_128_CBC_SHA
|
||||
*/
|
||||
public static final String TLS_RSA_WITH_AES_128_CBC_SHA = "TLS_RSA_WITH_AES_128_CBC_SHA";
|
||||
|
||||
/**
|
||||
* TLS_RSA_WITH_SEED_SHA
|
||||
*/
|
||||
public static final String TLS_RSA_WITH_SEED_SHA = "TLS_RSA_WITH_SEED_SHA";
|
||||
|
||||
/**
|
||||
* TLS_RSA_WITH_CAMELLIA128_SHA
|
||||
*/
|
||||
public static final String TLS_RSA_WITH_CAMELLIA128_SHA = "TLS_RSA_WITH_CAMELLIA128_SHA";
|
||||
|
||||
/**
|
||||
* TLS_RSA_WITH_IDEA_CBC_SHA
|
||||
*/
|
||||
public static final String TLS_RSA_WITH_IDEA_CBC_SHA = "TLS_RSA_WITH_IDEA_CBC_SHA";
|
||||
|
||||
/**
|
||||
* TLS_PSK_WITH_AES_128_CBC_SHA256
|
||||
*/
|
||||
public static final String TLS_PSK_WITH_AES_128_CBC_SHA256 = "TLS_PSK_WITH_AES_128_CBC_SHA256";
|
||||
|
||||
/**
|
||||
* TLS_PSK_WITH_AES_128_CBC_SHA
|
||||
*/
|
||||
public static final String TLS_PSK_WITH_AES_128_CBC_SHA = "TLS_PSK_WITH_AES_128_CBC_SHA";
|
||||
|
||||
/**
|
||||
* TLS_PSK_WITH_CAMELLIA128_SHA256
|
||||
*/
|
||||
public static final String TLS_PSK_WITH_CAMELLIA128_SHA256 = "TLS_PSK_WITH_CAMELLIA128_SHA256";
|
||||
|
||||
private Ciphers() {
|
||||
// Prevent outside initialization
|
||||
}
|
||||
}
|
@ -107,8 +107,8 @@ public class JdkSslContext extends SslContext {
|
||||
List<String> protocols = new ArrayList<String>();
|
||||
addIfSupported(
|
||||
supportedProtocolsSet, protocols,
|
||||
SslUtils.PROTOCOL_TLS_V1_3, SslUtils.PROTOCOL_TLS_V1_2,
|
||||
SslUtils.PROTOCOL_TLS_V1_1, SslUtils.PROTOCOL_TLS_V1);
|
||||
SslProtocols.TLS_v1_3, SslProtocols.TLS_v1_2,
|
||||
SslProtocols.TLS_v1_1, SslProtocols.TLS_v1);
|
||||
|
||||
if (!protocols.isEmpty()) {
|
||||
return protocols.toArray(EmptyArrays.EMPTY_STRINGS);
|
||||
@ -154,7 +154,7 @@ public class JdkSslContext extends SslContext {
|
||||
|
||||
private static boolean isTlsV13Supported(String[] protocols) {
|
||||
for (String protocol: protocols) {
|
||||
if (SslUtils.PROTOCOL_TLS_V1_3.equals(protocol)) {
|
||||
if (SslProtocols.TLS_v1_3.equals(protocol)) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
@ -348,26 +348,26 @@ public final class OpenSsl {
|
||||
|
||||
Set<String> protocols = new LinkedHashSet<String>(6);
|
||||
// Seems like there is no way to explicitly disable SSLv2Hello in openssl so it is always enabled
|
||||
protocols.add(PROTOCOL_SSL_V2_HELLO);
|
||||
protocols.add(SslProtocols.SSL_v2_HELLO);
|
||||
if (doesSupportProtocol(SSL.SSL_PROTOCOL_SSLV2, SSL.SSL_OP_NO_SSLv2)) {
|
||||
protocols.add(PROTOCOL_SSL_V2);
|
||||
protocols.add(SslProtocols.SSL_v2);
|
||||
}
|
||||
if (doesSupportProtocol(SSL.SSL_PROTOCOL_SSLV3, SSL.SSL_OP_NO_SSLv3)) {
|
||||
protocols.add(PROTOCOL_SSL_V3);
|
||||
protocols.add(SslProtocols.SSL_v3);
|
||||
}
|
||||
if (doesSupportProtocol(SSL.SSL_PROTOCOL_TLSV1, SSL.SSL_OP_NO_TLSv1)) {
|
||||
protocols.add(PROTOCOL_TLS_V1);
|
||||
protocols.add(SslProtocols.TLS_v1);
|
||||
}
|
||||
if (doesSupportProtocol(SSL.SSL_PROTOCOL_TLSV1_1, SSL.SSL_OP_NO_TLSv1_1)) {
|
||||
protocols.add(PROTOCOL_TLS_V1_1);
|
||||
protocols.add(SslProtocols.TLS_v1_1);
|
||||
}
|
||||
if (doesSupportProtocol(SSL.SSL_PROTOCOL_TLSV1_2, SSL.SSL_OP_NO_TLSv1_2)) {
|
||||
protocols.add(PROTOCOL_TLS_V1_2);
|
||||
protocols.add(SslProtocols.TLS_v1_2);
|
||||
}
|
||||
|
||||
// This is only supported by java11 and later.
|
||||
if (tlsv13Supported && doesSupportProtocol(SSL.SSL_PROTOCOL_TLSV1_3, SSL.SSL_OP_NO_TLSv1_3)) {
|
||||
protocols.add(PROTOCOL_TLS_V1_3);
|
||||
protocols.add(SslProtocols.TLS_v1_3);
|
||||
TLSV13_SUPPORTED = true;
|
||||
} else {
|
||||
TLSV13_SUPPORTED = false;
|
||||
|
@ -66,7 +66,7 @@ final class OpenSslTlsv13X509ExtendedTrustManager extends X509ExtendedTrustManag
|
||||
|
||||
private static SSLEngine wrapEngine(final SSLEngine engine) {
|
||||
final SSLSession session = engine.getHandshakeSession();
|
||||
if (session != null && SslUtils.PROTOCOL_TLS_V1_3.equals(session.getProtocol())) {
|
||||
if (session != null && SslProtocols.TLS_v1_3.equals(session.getProtocol())) {
|
||||
return new JdkSslEngine(engine) {
|
||||
@Override
|
||||
public String getNegotiatedApplicationProtocol() {
|
||||
@ -93,7 +93,7 @@ final class OpenSslTlsv13X509ExtendedTrustManager extends X509ExtendedTrustManag
|
||||
|
||||
@Override
|
||||
public String getProtocol() {
|
||||
return SslUtils.PROTOCOL_TLS_V1_2;
|
||||
return SslProtocols.TLS_v1_2;
|
||||
}
|
||||
};
|
||||
} else {
|
||||
@ -181,7 +181,7 @@ final class OpenSslTlsv13X509ExtendedTrustManager extends X509ExtendedTrustManag
|
||||
|
||||
@Override
|
||||
public String getProtocol() {
|
||||
return SslUtils.PROTOCOL_TLS_V1_2;
|
||||
return SslProtocols.TLS_v1_2;
|
||||
}
|
||||
|
||||
@Override
|
||||
|
@ -65,13 +65,6 @@ import javax.net.ssl.SSLSessionBindingListener;
|
||||
import javax.security.cert.X509Certificate;
|
||||
|
||||
import static io.netty.handler.ssl.OpenSsl.memoryAddress;
|
||||
import static io.netty.handler.ssl.SslUtils.PROTOCOL_SSL_V2;
|
||||
import static io.netty.handler.ssl.SslUtils.PROTOCOL_SSL_V2_HELLO;
|
||||
import static io.netty.handler.ssl.SslUtils.PROTOCOL_SSL_V3;
|
||||
import static io.netty.handler.ssl.SslUtils.PROTOCOL_TLS_V1;
|
||||
import static io.netty.handler.ssl.SslUtils.PROTOCOL_TLS_V1_1;
|
||||
import static io.netty.handler.ssl.SslUtils.PROTOCOL_TLS_V1_2;
|
||||
import static io.netty.handler.ssl.SslUtils.PROTOCOL_TLS_V1_3;
|
||||
import static io.netty.handler.ssl.SslUtils.SSL_RECORD_HEADER_LENGTH;
|
||||
import static io.netty.util.internal.ObjectUtil.checkNotNull;
|
||||
import static io.netty.util.internal.ObjectUtil.checkNotNullArrayParam;
|
||||
@ -360,7 +353,7 @@ public class ReferenceCountedOpenSslEngine extends SSLEngine implements Referenc
|
||||
SSL.setMode(ssl, SSL.getMode(ssl) | SSL.SSL_MODE_ENABLE_PARTIAL_WRITE);
|
||||
}
|
||||
|
||||
if (isProtocolEnabled(SSL.getOptions(ssl), SSL.SSL_OP_NO_TLSv1_3, PROTOCOL_TLS_V1_3)) {
|
||||
if (isProtocolEnabled(SSL.getOptions(ssl), SSL.SSL_OP_NO_TLSv1_3, SslProtocols.TLS_v1_3)) {
|
||||
final boolean enableTickets = clientMode ?
|
||||
ReferenceCountedOpenSslContext.CLIENT_ENABLE_SESSION_TICKET_TLSV13 :
|
||||
ReferenceCountedOpenSslContext.SERVER_ENABLE_SESSION_TICKET_TLSV13;
|
||||
@ -1368,7 +1361,7 @@ public class ReferenceCountedOpenSslEngine extends SSLEngine implements Referenc
|
||||
if (!isDestroyed() && SSL.getHandshakeCount(ssl) > 1 &&
|
||||
// As we may count multiple handshakes when TLSv1.3 is used we should just ignore this here as
|
||||
// renegotiation is not supported in TLSv1.3 as per spec.
|
||||
!SslUtils.PROTOCOL_TLS_V1_3.equals(session.getProtocol()) && handshakeState == HandshakeState.FINISHED) {
|
||||
!SslProtocols.TLS_v1_3.equals(session.getProtocol()) && handshakeState == HandshakeState.FINISHED) {
|
||||
// TODO: In future versions me may also want to send a fatal_alert to the client and so notify it
|
||||
// that the renegotiation failed.
|
||||
shutdown();
|
||||
@ -1556,7 +1549,7 @@ public class ReferenceCountedOpenSslEngine extends SSLEngine implements Referenc
|
||||
if (!isDestroyed()) {
|
||||
enabled = SSL.getCiphers(ssl);
|
||||
int opts = SSL.getOptions(ssl);
|
||||
if (isProtocolEnabled(opts, SSL.SSL_OP_NO_TLSv1_3, PROTOCOL_TLS_V1_3)) {
|
||||
if (isProtocolEnabled(opts, SSL.SSL_OP_NO_TLSv1_3, SslProtocols.TLS_v1_3)) {
|
||||
extraCiphers = OpenSsl.EXTRA_SUPPORTED_TLS_1_3_CIPHERS;
|
||||
tls13Enabled = true;
|
||||
} else {
|
||||
@ -1618,16 +1611,16 @@ public class ReferenceCountedOpenSslEngine extends SSLEngine implements Referenc
|
||||
// We have no ciphers that are compatible with none-TLSv1.3, let us explicit disable all other
|
||||
// protocols.
|
||||
if (cipherSuiteSpec.isEmpty()) {
|
||||
protocols.remove(PROTOCOL_TLS_V1);
|
||||
protocols.remove(PROTOCOL_TLS_V1_1);
|
||||
protocols.remove(PROTOCOL_TLS_V1_2);
|
||||
protocols.remove(PROTOCOL_SSL_V3);
|
||||
protocols.remove(PROTOCOL_SSL_V2);
|
||||
protocols.remove(PROTOCOL_SSL_V2_HELLO);
|
||||
protocols.remove(SslProtocols.TLS_v1);
|
||||
protocols.remove(SslProtocols.TLS_v1_1);
|
||||
protocols.remove(SslProtocols.TLS_v1_2);
|
||||
protocols.remove(SslProtocols.SSL_v3);
|
||||
protocols.remove(SslProtocols.SSL_v2);
|
||||
protocols.remove(SslProtocols.SSL_v2_HELLO);
|
||||
}
|
||||
// We have no ciphers that are compatible with TLSv1.3, let us explicit disable it.
|
||||
if (cipherSuiteSpecTLSv13.isEmpty()) {
|
||||
protocols.remove(PROTOCOL_TLS_V1_3);
|
||||
protocols.remove(SslProtocols.TLS_v1_3);
|
||||
}
|
||||
// Update the protocols but not cache the value. We only cache when we call it from the user
|
||||
// code or when we construct the engine.
|
||||
@ -1650,7 +1643,7 @@ public class ReferenceCountedOpenSslEngine extends SSLEngine implements Referenc
|
||||
public final String[] getEnabledProtocols() {
|
||||
List<String> enabled = new ArrayList<String>(6);
|
||||
// Seems like there is no way to explicit disable SSLv2Hello in openssl so it is always enabled
|
||||
enabled.add(PROTOCOL_SSL_V2_HELLO);
|
||||
enabled.add(SslProtocols.SSL_v2_HELLO);
|
||||
|
||||
int opts;
|
||||
synchronized (this) {
|
||||
@ -1660,23 +1653,23 @@ public class ReferenceCountedOpenSslEngine extends SSLEngine implements Referenc
|
||||
return enabled.toArray(new String[0]);
|
||||
}
|
||||
}
|
||||
if (isProtocolEnabled(opts, SSL.SSL_OP_NO_TLSv1, PROTOCOL_TLS_V1)) {
|
||||
enabled.add(PROTOCOL_TLS_V1);
|
||||
if (isProtocolEnabled(opts, SSL.SSL_OP_NO_TLSv1, SslProtocols.TLS_v1)) {
|
||||
enabled.add(SslProtocols.TLS_v1);
|
||||
}
|
||||
if (isProtocolEnabled(opts, SSL.SSL_OP_NO_TLSv1_1, PROTOCOL_TLS_V1_1)) {
|
||||
enabled.add(PROTOCOL_TLS_V1_1);
|
||||
if (isProtocolEnabled(opts, SSL.SSL_OP_NO_TLSv1_1, SslProtocols.TLS_v1_1)) {
|
||||
enabled.add(SslProtocols.TLS_v1_1);
|
||||
}
|
||||
if (isProtocolEnabled(opts, SSL.SSL_OP_NO_TLSv1_2, PROTOCOL_TLS_V1_2)) {
|
||||
enabled.add(PROTOCOL_TLS_V1_2);
|
||||
if (isProtocolEnabled(opts, SSL.SSL_OP_NO_TLSv1_2, SslProtocols.TLS_v1_2)) {
|
||||
enabled.add(SslProtocols.TLS_v1_2);
|
||||
}
|
||||
if (isProtocolEnabled(opts, SSL.SSL_OP_NO_TLSv1_3, PROTOCOL_TLS_V1_3)) {
|
||||
enabled.add(PROTOCOL_TLS_V1_3);
|
||||
if (isProtocolEnabled(opts, SSL.SSL_OP_NO_TLSv1_3, SslProtocols.TLS_v1_3)) {
|
||||
enabled.add(SslProtocols.TLS_v1_3);
|
||||
}
|
||||
if (isProtocolEnabled(opts, SSL.SSL_OP_NO_SSLv2, PROTOCOL_SSL_V2)) {
|
||||
enabled.add(PROTOCOL_SSL_V2);
|
||||
if (isProtocolEnabled(opts, SSL.SSL_OP_NO_SSLv2, SslProtocols.SSL_v2)) {
|
||||
enabled.add(SslProtocols.SSL_v2);
|
||||
}
|
||||
if (isProtocolEnabled(opts, SSL.SSL_OP_NO_SSLv3, PROTOCOL_SSL_V3)) {
|
||||
enabled.add(PROTOCOL_SSL_V3);
|
||||
if (isProtocolEnabled(opts, SSL.SSL_OP_NO_SSLv3, SslProtocols.SSL_v3)) {
|
||||
enabled.add(SslProtocols.SSL_v3);
|
||||
}
|
||||
return enabled.toArray(new String[0]);
|
||||
}
|
||||
@ -1710,42 +1703,42 @@ public class ReferenceCountedOpenSslEngine extends SSLEngine implements Referenc
|
||||
if (!OpenSsl.SUPPORTED_PROTOCOLS_SET.contains(p)) {
|
||||
throw new IllegalArgumentException("Protocol " + p + " is not supported.");
|
||||
}
|
||||
if (p.equals(PROTOCOL_SSL_V2)) {
|
||||
if (p.equals(SslProtocols.SSL_v2)) {
|
||||
if (minProtocolIndex > OPENSSL_OP_NO_PROTOCOL_INDEX_SSLV2) {
|
||||
minProtocolIndex = OPENSSL_OP_NO_PROTOCOL_INDEX_SSLV2;
|
||||
}
|
||||
if (maxProtocolIndex < OPENSSL_OP_NO_PROTOCOL_INDEX_SSLV2) { // lgtm[java/constant-comparison]
|
||||
maxProtocolIndex = OPENSSL_OP_NO_PROTOCOL_INDEX_SSLV2;
|
||||
}
|
||||
} else if (p.equals(PROTOCOL_SSL_V3)) {
|
||||
} else if (p.equals(SslProtocols.SSL_v3)) {
|
||||
if (minProtocolIndex > OPENSSL_OP_NO_PROTOCOL_INDEX_SSLV3) {
|
||||
minProtocolIndex = OPENSSL_OP_NO_PROTOCOL_INDEX_SSLV3;
|
||||
}
|
||||
if (maxProtocolIndex < OPENSSL_OP_NO_PROTOCOL_INDEX_SSLV3) {
|
||||
maxProtocolIndex = OPENSSL_OP_NO_PROTOCOL_INDEX_SSLV3;
|
||||
}
|
||||
} else if (p.equals(PROTOCOL_TLS_V1)) {
|
||||
} else if (p.equals(SslProtocols.TLS_v1)) {
|
||||
if (minProtocolIndex > OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1) {
|
||||
minProtocolIndex = OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1;
|
||||
}
|
||||
if (maxProtocolIndex < OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1) {
|
||||
maxProtocolIndex = OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1;
|
||||
}
|
||||
} else if (p.equals(PROTOCOL_TLS_V1_1)) {
|
||||
} else if (p.equals(SslProtocols.TLS_v1_1)) {
|
||||
if (minProtocolIndex > OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1_1) {
|
||||
minProtocolIndex = OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1_1;
|
||||
}
|
||||
if (maxProtocolIndex < OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1_1) {
|
||||
maxProtocolIndex = OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1_1;
|
||||
}
|
||||
} else if (p.equals(PROTOCOL_TLS_V1_2)) {
|
||||
} else if (p.equals(SslProtocols.TLS_v1_2)) {
|
||||
if (minProtocolIndex > OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1_2) {
|
||||
minProtocolIndex = OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1_2;
|
||||
}
|
||||
if (maxProtocolIndex < OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1_2) {
|
||||
maxProtocolIndex = OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1_2;
|
||||
}
|
||||
} else if (p.equals(PROTOCOL_TLS_V1_3)) {
|
||||
} else if (p.equals(SslProtocols.TLS_v1_3)) {
|
||||
if (minProtocolIndex > OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1_3) {
|
||||
minProtocolIndex = OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1_3;
|
||||
}
|
||||
|
61
handler/src/main/java/io/netty/handler/ssl/SslProtocols.java
Normal file
61
handler/src/main/java/io/netty/handler/ssl/SslProtocols.java
Normal file
@ -0,0 +1,61 @@
|
||||
/*
|
||||
* Copyright 2021 The Netty Project
|
||||
*
|
||||
* The Netty Project licenses this file to you under the Apache License,
|
||||
* version 2.0 (the "License"); you may not use this file except in compliance
|
||||
* with the License. You may obtain a copy of the License at:
|
||||
*
|
||||
* https://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
* License for the specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
package io.netty.handler.ssl;
|
||||
|
||||
/**
|
||||
* SSL/TLS protocols
|
||||
*/
|
||||
public final class SslProtocols {
|
||||
|
||||
/**
|
||||
* SSL v2 Hello
|
||||
*/
|
||||
public static final String SSL_v2_HELLO = "SSLv2Hello";
|
||||
|
||||
/**
|
||||
* SSL v2
|
||||
*/
|
||||
public static final String SSL_v2 = "SSLv2";
|
||||
|
||||
/**
|
||||
* SSLv3
|
||||
*/
|
||||
public static final String SSL_v3 = "SSLv3";
|
||||
|
||||
/**
|
||||
* TLS v1
|
||||
*/
|
||||
public static final String TLS_v1 = "TLSv1";
|
||||
|
||||
/**
|
||||
* TLS v1.1
|
||||
*/
|
||||
public static final String TLS_v1_1 = "TLSv1.1";
|
||||
|
||||
/**
|
||||
* TLS v1.2
|
||||
*/
|
||||
public static final String TLS_v1_2 = "TLSv1.2";
|
||||
|
||||
/**
|
||||
* TLS v1.3
|
||||
*/
|
||||
public static final String TLS_v1_3 = "TLSv1.3";
|
||||
|
||||
private SslProtocols() {
|
||||
// Prevent outside initialization
|
||||
}
|
||||
}
|
@ -56,14 +56,10 @@ final class SslUtils {
|
||||
asList("TLS_AES_256_GCM_SHA384", "TLS_CHACHA20_POLY1305_SHA256",
|
||||
"TLS_AES_128_GCM_SHA256", "TLS_AES_128_CCM_8_SHA256",
|
||||
"TLS_AES_128_CCM_SHA256")));
|
||||
// Protocols
|
||||
static final String PROTOCOL_SSL_V2_HELLO = "SSLv2Hello";
|
||||
static final String PROTOCOL_SSL_V2 = "SSLv2";
|
||||
static final String PROTOCOL_SSL_V3 = "SSLv3";
|
||||
static final String PROTOCOL_TLS_V1 = "TLSv1";
|
||||
static final String PROTOCOL_TLS_V1_1 = "TLSv1.1";
|
||||
static final String PROTOCOL_TLS_V1_2 = "TLSv1.2";
|
||||
static final String PROTOCOL_TLS_V1_3 = "TLSv1.3";
|
||||
|
||||
/**
|
||||
* GMSSL Protocol Version
|
||||
*/
|
||||
static final int GMSSL_PROTOCOL_VERSION = 0x101;
|
||||
|
||||
static final String INVALID_CIPHER = "SSL_NULL_WITH_NULL_NULL";
|
||||
@ -157,7 +153,7 @@ final class SslUtils {
|
||||
private static boolean isTLSv13SupportedByJDK0(Provider provider) {
|
||||
try {
|
||||
return arrayContains(newInitContext(provider)
|
||||
.getSupportedSSLParameters().getProtocols(), PROTOCOL_TLS_V1_3);
|
||||
.getSupportedSSLParameters().getProtocols(), SslProtocols.TLS_v1_3);
|
||||
} catch (Throwable cause) {
|
||||
logger.debug("Unable to detect if JDK SSLEngine with provider {} supports TLSv1.3, assuming no",
|
||||
provider, cause);
|
||||
@ -178,7 +174,7 @@ final class SslUtils {
|
||||
private static boolean isTLSv13EnabledByJDK0(Provider provider) {
|
||||
try {
|
||||
return arrayContains(newInitContext(provider)
|
||||
.getDefaultSSLParameters().getProtocols(), PROTOCOL_TLS_V1_3);
|
||||
.getDefaultSSLParameters().getProtocols(), SslProtocols.TLS_v1_3);
|
||||
} catch (Throwable cause) {
|
||||
logger.debug("Unable to detect if JDK SSLEngine with provider {} enables TLSv1.3 by default," +
|
||||
" assuming no", provider, cause);
|
||||
@ -211,7 +207,7 @@ final class SslUtils {
|
||||
}
|
||||
|
||||
private static String getTlsVersion() {
|
||||
return TLSV1_3_JDK_SUPPORTED ? PROTOCOL_TLS_V1_3 : PROTOCOL_TLS_V1_2;
|
||||
return TLSV1_3_JDK_SUPPORTED ? SslProtocols.TLS_v1_3 : SslProtocols.TLS_v1_2;
|
||||
}
|
||||
|
||||
static boolean arrayContains(String[] array, String value) {
|
||||
|
@ -124,7 +124,7 @@ public class CipherSuiteCanaryTest {
|
||||
.sslProvider(serverSslProvider)
|
||||
.ciphers(ciphers)
|
||||
// As this is not a TLSv1.3 cipher we should ensure we talk something else.
|
||||
.protocols(SslUtils.PROTOCOL_TLS_V1_2)
|
||||
.protocols(SslProtocols.TLS_v1_2)
|
||||
.build();
|
||||
|
||||
final ExecutorService executorService = delegate ? Executors.newCachedThreadPool() : null;
|
||||
@ -134,7 +134,7 @@ public class CipherSuiteCanaryTest {
|
||||
.sslProvider(clientSslProvider)
|
||||
.ciphers(ciphers)
|
||||
// As this is not a TLSv1.3 cipher we should ensure we talk something else.
|
||||
.protocols(SslUtils.PROTOCOL_TLS_V1_2)
|
||||
.protocols(SslProtocols.TLS_v1_2)
|
||||
.trustManager(InsecureTrustManagerFactory.INSTANCE)
|
||||
.build();
|
||||
|
||||
|
@ -37,8 +37,6 @@ import javax.net.ssl.SSLSession;
|
||||
import static io.netty.buffer.ByteBufUtil.writeAscii;
|
||||
import static io.netty.buffer.Unpooled.EMPTY_BUFFER;
|
||||
import static io.netty.handler.codec.ByteToMessageDecoder.MERGE_CUMULATOR;
|
||||
import static io.netty.handler.ssl.SslUtils.PROTOCOL_TLS_V1_2;
|
||||
import static io.netty.handler.ssl.SslUtils.PROTOCOL_TLS_V1_3;
|
||||
import static java.nio.charset.StandardCharsets.US_ASCII;
|
||||
import static java.util.Arrays.asList;
|
||||
import static org.hamcrest.MatcherAssert.assertThat;
|
||||
@ -62,10 +60,10 @@ public class CloseNotifyTest {
|
||||
|
||||
static Collection<Object[]> data() {
|
||||
return asList(new Object[][] {
|
||||
{ SslProvider.JDK, PROTOCOL_TLS_V1_2 },
|
||||
{ SslProvider.JDK, PROTOCOL_TLS_V1_3 },
|
||||
{ SslProvider.OPENSSL, PROTOCOL_TLS_V1_2 },
|
||||
{ SslProvider.OPENSSL, PROTOCOL_TLS_V1_3 },
|
||||
{ SslProvider.JDK, SslProtocols.TLS_v1_2 },
|
||||
{ SslProvider.JDK, SslProtocols.TLS_v1_3 },
|
||||
{ SslProvider.OPENSSL, SslProtocols.TLS_v1_2 },
|
||||
{ SslProvider.OPENSSL, SslProtocols.TLS_v1_3 },
|
||||
});
|
||||
}
|
||||
|
||||
@ -75,7 +73,7 @@ public class CloseNotifyTest {
|
||||
public void eventsOrder(SslProvider provider, String protocol) throws Exception {
|
||||
assumeTrue(provider != SslProvider.OPENSSL || OpenSsl.isAvailable(), "OpenSSL is not available");
|
||||
|
||||
if (PROTOCOL_TLS_V1_3.equals(protocol)) {
|
||||
if (SslProtocols.TLS_v1_3.equals(protocol)) {
|
||||
// Ensure we support TLSv1.3
|
||||
assumeTrue(SslProvider.isTlsv13Supported(provider));
|
||||
}
|
||||
@ -144,7 +142,7 @@ public class CloseNotifyTest {
|
||||
}
|
||||
|
||||
private static boolean jdkTls13(SslProvider provider, String protocol) {
|
||||
return provider == SslProvider.JDK && PROTOCOL_TLS_V1_3.equals(protocol);
|
||||
return provider == SslProvider.JDK && SslProtocols.TLS_v1_3.equals(protocol);
|
||||
}
|
||||
|
||||
private static EmbeddedChannel initChannel(SslProvider provider, String protocol, final boolean useClientMode,
|
||||
|
@ -25,7 +25,7 @@ import javax.net.ssl.SSLEngine;
|
||||
import static org.junit.jupiter.api.Assertions.assertArrayEquals;
|
||||
|
||||
public class DelegatingSslContextTest {
|
||||
private static final String[] EXPECTED_PROTOCOLS = { SslUtils.PROTOCOL_TLS_V1_1 };
|
||||
private static final String[] EXPECTED_PROTOCOLS = { SslProtocols.TLS_v1_1 };
|
||||
|
||||
@Test
|
||||
public void testInitEngineOnNewEngine() throws Exception {
|
||||
|
@ -299,7 +299,7 @@ public class JdkSslEngineTest extends SSLEngineTest {
|
||||
|
||||
@Test
|
||||
public void testEnablingAnAlreadyDisabledSslProtocol() throws Exception {
|
||||
testEnablingAnAlreadyDisabledSslProtocol(new String[]{}, new String[]{ SslUtils.PROTOCOL_TLS_V1_2 });
|
||||
testEnablingAnAlreadyDisabledSslProtocol(new String[]{}, new String[]{ SslProtocols.TLS_v1_2 });
|
||||
}
|
||||
|
||||
@Ignore /* Does the JDK support a "max certificate chain length"? */
|
||||
|
@ -58,11 +58,6 @@ import java.util.Set;
|
||||
|
||||
import static io.netty.handler.ssl.OpenSslTestUtils.checkShouldUseKeyManagerFactory;
|
||||
import static io.netty.handler.ssl.ReferenceCountedOpenSslEngine.MAX_PLAINTEXT_LENGTH;
|
||||
import static io.netty.handler.ssl.SslUtils.PROTOCOL_SSL_V2_HELLO;
|
||||
import static io.netty.handler.ssl.SslUtils.PROTOCOL_SSL_V3;
|
||||
import static io.netty.handler.ssl.SslUtils.PROTOCOL_TLS_V1;
|
||||
import static io.netty.handler.ssl.SslUtils.PROTOCOL_TLS_V1_1;
|
||||
import static io.netty.handler.ssl.SslUtils.PROTOCOL_TLS_V1_2;
|
||||
import static io.netty.internal.tcnative.SSL.SSL_CVERIFY_IGNORED;
|
||||
import static java.lang.Integer.MAX_VALUE;
|
||||
import static org.junit.Assert.assertArrayEquals;
|
||||
@ -241,8 +236,8 @@ public class OpenSslEngineTest extends SSLEngineTest {
|
||||
|
||||
@Test
|
||||
public void testEnablingAnAlreadyDisabledSslProtocol() throws Exception {
|
||||
testEnablingAnAlreadyDisabledSslProtocol(new String[]{PROTOCOL_SSL_V2_HELLO},
|
||||
new String[]{PROTOCOL_SSL_V2_HELLO, PROTOCOL_TLS_V1_2});
|
||||
testEnablingAnAlreadyDisabledSslProtocol(new String[]{SslProtocols.SSL_v2_HELLO},
|
||||
new String[]{SslProtocols.SSL_v2_HELLO, SslProtocols.TLS_v1_2});
|
||||
}
|
||||
@Test
|
||||
public void testWrapBuffersNoWritePendingError() throws Exception {
|
||||
@ -546,24 +541,24 @@ public class OpenSslEngineTest extends SSLEngineTest {
|
||||
.sslProvider(sslServerProvider())
|
||||
.build());
|
||||
|
||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "AES128-SHA");
|
||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "ECDHE-RSA-AES128-SHA");
|
||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "DES-CBC3-SHA");
|
||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "AECDH-DES-CBC3-SHA");
|
||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "CAMELLIA128-SHA");
|
||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "SEED-SHA");
|
||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "RC4-MD5");
|
||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "AES256-SHA");
|
||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "ADH-DES-CBC3-SHA");
|
||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "EDH-RSA-DES-CBC3-SHA");
|
||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "ADH-RC4-MD5");
|
||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "IDEA-CBC-SHA");
|
||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "RC4-SHA");
|
||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "CAMELLIA256-SHA");
|
||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "AECDH-RC4-SHA");
|
||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "ECDHE-RSA-DES-CBC3-SHA");
|
||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "ECDHE-RSA-AES256-SHA");
|
||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "ECDHE-RSA-RC4-SHA");
|
||||
testWrapWithDifferentSizes(SslProtocols.TLS_v1, "AES128-SHA");
|
||||
testWrapWithDifferentSizes(SslProtocols.TLS_v1, "ECDHE-RSA-AES128-SHA");
|
||||
testWrapWithDifferentSizes(SslProtocols.TLS_v1, "DES-CBC3-SHA");
|
||||
testWrapWithDifferentSizes(SslProtocols.TLS_v1, "AECDH-DES-CBC3-SHA");
|
||||
testWrapWithDifferentSizes(SslProtocols.TLS_v1, "CAMELLIA128-SHA");
|
||||
testWrapWithDifferentSizes(SslProtocols.TLS_v1, "SEED-SHA");
|
||||
testWrapWithDifferentSizes(SslProtocols.TLS_v1, "RC4-MD5");
|
||||
testWrapWithDifferentSizes(SslProtocols.TLS_v1, "AES256-SHA");
|
||||
testWrapWithDifferentSizes(SslProtocols.TLS_v1, "ADH-DES-CBC3-SHA");
|
||||
testWrapWithDifferentSizes(SslProtocols.TLS_v1, "EDH-RSA-DES-CBC3-SHA");
|
||||
testWrapWithDifferentSizes(SslProtocols.TLS_v1, "ADH-RC4-MD5");
|
||||
testWrapWithDifferentSizes(SslProtocols.TLS_v1, "IDEA-CBC-SHA");
|
||||
testWrapWithDifferentSizes(SslProtocols.TLS_v1, "RC4-SHA");
|
||||
testWrapWithDifferentSizes(SslProtocols.TLS_v1, "CAMELLIA256-SHA");
|
||||
testWrapWithDifferentSizes(SslProtocols.TLS_v1, "AECDH-RC4-SHA");
|
||||
testWrapWithDifferentSizes(SslProtocols.TLS_v1, "ECDHE-RSA-DES-CBC3-SHA");
|
||||
testWrapWithDifferentSizes(SslProtocols.TLS_v1, "ECDHE-RSA-AES256-SHA");
|
||||
testWrapWithDifferentSizes(SslProtocols.TLS_v1, "ECDHE-RSA-RC4-SHA");
|
||||
}
|
||||
|
||||
@Test
|
||||
@ -577,21 +572,21 @@ public class OpenSslEngineTest extends SSLEngineTest {
|
||||
.sslProvider(sslServerProvider())
|
||||
.build());
|
||||
|
||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_1, "ECDHE-RSA-AES256-SHA");
|
||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_1, "AES256-SHA");
|
||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_1, "CAMELLIA256-SHA");
|
||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_1, "ECDHE-RSA-AES256-SHA");
|
||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_1, "SEED-SHA");
|
||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_1, "CAMELLIA128-SHA");
|
||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_1, "IDEA-CBC-SHA");
|
||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_1, "AECDH-RC4-SHA");
|
||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_1, "ADH-RC4-MD5");
|
||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_1, "RC4-SHA");
|
||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_1, "ECDHE-RSA-DES-CBC3-SHA");
|
||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_1, "EDH-RSA-DES-CBC3-SHA");
|
||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_1, "AECDH-DES-CBC3-SHA");
|
||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_1, "ADH-DES-CBC3-SHA");
|
||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_1, "DES-CBC3-SHA");
|
||||
testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "ECDHE-RSA-AES256-SHA");
|
||||
testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "AES256-SHA");
|
||||
testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "CAMELLIA256-SHA");
|
||||
testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "ECDHE-RSA-AES256-SHA");
|
||||
testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "SEED-SHA");
|
||||
testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "CAMELLIA128-SHA");
|
||||
testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "IDEA-CBC-SHA");
|
||||
testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "AECDH-RC4-SHA");
|
||||
testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "ADH-RC4-MD5");
|
||||
testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "RC4-SHA");
|
||||
testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "ECDHE-RSA-DES-CBC3-SHA");
|
||||
testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "EDH-RSA-DES-CBC3-SHA");
|
||||
testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "AECDH-DES-CBC3-SHA");
|
||||
testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "ADH-DES-CBC3-SHA");
|
||||
testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "DES-CBC3-SHA");
|
||||
}
|
||||
|
||||
@Test
|
||||
@ -605,31 +600,31 @@ public class OpenSslEngineTest extends SSLEngineTest {
|
||||
.sslProvider(sslServerProvider())
|
||||
.build());
|
||||
|
||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "AES128-SHA");
|
||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "ECDHE-RSA-AES128-SHA");
|
||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "DES-CBC3-SHA");
|
||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "AES128-GCM-SHA256");
|
||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "ECDHE-RSA-AES256-SHA384");
|
||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "AECDH-DES-CBC3-SHA");
|
||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "AES256-GCM-SHA384");
|
||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "AES256-SHA256");
|
||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "ECDHE-RSA-AES128-GCM-SHA256");
|
||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "ECDHE-RSA-AES128-SHA256");
|
||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "CAMELLIA128-SHA");
|
||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "SEED-SHA");
|
||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "RC4-MD5");
|
||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "AES256-SHA");
|
||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "ADH-DES-CBC3-SHA");
|
||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "EDH-RSA-DES-CBC3-SHA");
|
||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "ADH-RC4-MD5");
|
||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "RC4-SHA");
|
||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "CAMELLIA256-SHA");
|
||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "AES128-SHA256");
|
||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "AECDH-RC4-SHA");
|
||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "ECDHE-RSA-DES-CBC3-SHA");
|
||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "ECDHE-RSA-AES256-GCM-SHA384");
|
||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "ECDHE-RSA-AES256-SHA");
|
||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "ECDHE-RSA-RC4-SHA");
|
||||
testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "AES128-SHA");
|
||||
testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "ECDHE-RSA-AES128-SHA");
|
||||
testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "DES-CBC3-SHA");
|
||||
testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "AES128-GCM-SHA256");
|
||||
testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "ECDHE-RSA-AES256-SHA384");
|
||||
testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "AECDH-DES-CBC3-SHA");
|
||||
testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "AES256-GCM-SHA384");
|
||||
testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "AES256-SHA256");
|
||||
testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "ECDHE-RSA-AES128-GCM-SHA256");
|
||||
testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "ECDHE-RSA-AES128-SHA256");
|
||||
testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "CAMELLIA128-SHA");
|
||||
testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "SEED-SHA");
|
||||
testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "RC4-MD5");
|
||||
testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "AES256-SHA");
|
||||
testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "ADH-DES-CBC3-SHA");
|
||||
testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "EDH-RSA-DES-CBC3-SHA");
|
||||
testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "ADH-RC4-MD5");
|
||||
testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "RC4-SHA");
|
||||
testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "CAMELLIA256-SHA");
|
||||
testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "AES128-SHA256");
|
||||
testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "AECDH-RC4-SHA");
|
||||
testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "ECDHE-RSA-DES-CBC3-SHA");
|
||||
testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "ECDHE-RSA-AES256-GCM-SHA384");
|
||||
testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "ECDHE-RSA-AES256-SHA");
|
||||
testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "ECDHE-RSA-RC4-SHA");
|
||||
}
|
||||
|
||||
@Test
|
||||
@ -643,31 +638,31 @@ public class OpenSslEngineTest extends SSLEngineTest {
|
||||
.sslProvider(sslServerProvider())
|
||||
.build());
|
||||
|
||||
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "ADH-AES128-SHA");
|
||||
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "ADH-CAMELLIA128-SHA");
|
||||
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "AECDH-AES128-SHA");
|
||||
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "AECDH-DES-CBC3-SHA");
|
||||
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "CAMELLIA128-SHA");
|
||||
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "DHE-RSA-AES256-SHA");
|
||||
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "SEED-SHA");
|
||||
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "RC4-MD5");
|
||||
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "ADH-AES256-SHA");
|
||||
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "ADH-SEED-SHA");
|
||||
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "ADH-DES-CBC3-SHA");
|
||||
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "EDH-RSA-DES-CBC3-SHA");
|
||||
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "ADH-RC4-MD5");
|
||||
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "IDEA-CBC-SHA");
|
||||
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "DHE-RSA-AES128-SHA");
|
||||
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "RC4-SHA");
|
||||
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "CAMELLIA256-SHA");
|
||||
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "AECDH-RC4-SHA");
|
||||
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "DHE-RSA-SEED-SHA");
|
||||
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "AECDH-AES256-SHA");
|
||||
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "ECDHE-RSA-DES-CBC3-SHA");
|
||||
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "ADH-CAMELLIA256-SHA");
|
||||
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "DHE-RSA-CAMELLIA256-SHA");
|
||||
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "DHE-RSA-CAMELLIA128-SHA");
|
||||
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "ECDHE-RSA-RC4-SHA");
|
||||
testWrapWithDifferentSizes(SslProtocols.SSL_v3, "ADH-AES128-SHA");
|
||||
testWrapWithDifferentSizes(SslProtocols.SSL_v3, "ADH-CAMELLIA128-SHA");
|
||||
testWrapWithDifferentSizes(SslProtocols.SSL_v3, "AECDH-AES128-SHA");
|
||||
testWrapWithDifferentSizes(SslProtocols.SSL_v3, "AECDH-DES-CBC3-SHA");
|
||||
testWrapWithDifferentSizes(SslProtocols.SSL_v3, "CAMELLIA128-SHA");
|
||||
testWrapWithDifferentSizes(SslProtocols.SSL_v3, "DHE-RSA-AES256-SHA");
|
||||
testWrapWithDifferentSizes(SslProtocols.SSL_v3, "SEED-SHA");
|
||||
testWrapWithDifferentSizes(SslProtocols.SSL_v3, "RC4-MD5");
|
||||
testWrapWithDifferentSizes(SslProtocols.SSL_v3, "ADH-AES256-SHA");
|
||||
testWrapWithDifferentSizes(SslProtocols.SSL_v3, "ADH-SEED-SHA");
|
||||
testWrapWithDifferentSizes(SslProtocols.SSL_v3, "ADH-DES-CBC3-SHA");
|
||||
testWrapWithDifferentSizes(SslProtocols.SSL_v3, "EDH-RSA-DES-CBC3-SHA");
|
||||
testWrapWithDifferentSizes(SslProtocols.SSL_v3, "ADH-RC4-MD5");
|
||||
testWrapWithDifferentSizes(SslProtocols.SSL_v3, "IDEA-CBC-SHA");
|
||||
testWrapWithDifferentSizes(SslProtocols.SSL_v3, "DHE-RSA-AES128-SHA");
|
||||
testWrapWithDifferentSizes(SslProtocols.SSL_v3, "RC4-SHA");
|
||||
testWrapWithDifferentSizes(SslProtocols.SSL_v3, "CAMELLIA256-SHA");
|
||||
testWrapWithDifferentSizes(SslProtocols.SSL_v3, "AECDH-RC4-SHA");
|
||||
testWrapWithDifferentSizes(SslProtocols.SSL_v3, "DHE-RSA-SEED-SHA");
|
||||
testWrapWithDifferentSizes(SslProtocols.SSL_v3, "AECDH-AES256-SHA");
|
||||
testWrapWithDifferentSizes(SslProtocols.SSL_v3, "ECDHE-RSA-DES-CBC3-SHA");
|
||||
testWrapWithDifferentSizes(SslProtocols.SSL_v3, "ADH-CAMELLIA256-SHA");
|
||||
testWrapWithDifferentSizes(SslProtocols.SSL_v3, "DHE-RSA-CAMELLIA256-SHA");
|
||||
testWrapWithDifferentSizes(SslProtocols.SSL_v3, "DHE-RSA-CAMELLIA128-SHA");
|
||||
testWrapWithDifferentSizes(SslProtocols.SSL_v3, "ECDHE-RSA-RC4-SHA");
|
||||
}
|
||||
|
||||
@Test
|
||||
@ -1394,22 +1389,22 @@ public class OpenSslEngineTest extends SSLEngineTest {
|
||||
|
||||
@Test
|
||||
public void testDefaultTLS1NotAcceptedByDefaultServer() throws Exception {
|
||||
testDefaultTLS1NotAcceptedByDefault(null, PROTOCOL_TLS_V1);
|
||||
testDefaultTLS1NotAcceptedByDefault(null, SslProtocols.TLS_v1);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testDefaultTLS11NotAcceptedByDefaultServer() throws Exception {
|
||||
testDefaultTLS1NotAcceptedByDefault(null, PROTOCOL_TLS_V1_1);
|
||||
testDefaultTLS1NotAcceptedByDefault(null, SslProtocols.TLS_v1_1);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testDefaultTLS1NotAcceptedByDefaultClient() throws Exception {
|
||||
testDefaultTLS1NotAcceptedByDefault(PROTOCOL_TLS_V1, null);
|
||||
testDefaultTLS1NotAcceptedByDefault(SslProtocols.TLS_v1, null);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testDefaultTLS11NotAcceptedByDefaultClient() throws Exception {
|
||||
testDefaultTLS1NotAcceptedByDefault(PROTOCOL_TLS_V1_1, null);
|
||||
testDefaultTLS1NotAcceptedByDefault(SslProtocols.TLS_v1_1, null);
|
||||
}
|
||||
|
||||
private void testDefaultTLS1NotAcceptedByDefault(String clientProtocol, String serverProtocol) throws Exception {
|
||||
|
@ -145,7 +145,7 @@ public class OpenSslPrivateKeyMethodTest {
|
||||
.sslProvider(SslProvider.OPENSSL)
|
||||
.ciphers(ciphers)
|
||||
// As this is not a TLSv1.3 cipher we should ensure we talk something else.
|
||||
.protocols(SslUtils.PROTOCOL_TLS_V1_2)
|
||||
.protocols(SslProtocols.TLS_v1_2)
|
||||
.option(OpenSslContextOption.PRIVATE_KEY_METHOD, method)
|
||||
.build();
|
||||
}
|
||||
@ -155,7 +155,7 @@ public class OpenSslPrivateKeyMethodTest {
|
||||
.sslProvider(SslProvider.JDK)
|
||||
.ciphers(Collections.singletonList(RFC_CIPHER_NAME))
|
||||
// As this is not a TLSv1.3 cipher we should ensure we talk something else.
|
||||
.protocols(SslUtils.PROTOCOL_TLS_V1_2)
|
||||
.protocols(SslProtocols.TLS_v1_2)
|
||||
.trustManager(InsecureTrustManagerFactory.INSTANCE)
|
||||
.build();
|
||||
}
|
||||
|
@ -13,17 +13,13 @@
|
||||
* License for the specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
|
||||
package io.netty.handler.ssl;
|
||||
|
||||
import org.junit.Assume;
|
||||
import org.junit.BeforeClass;
|
||||
|
||||
import javax.net.ssl.SSLException;
|
||||
import java.io.File;
|
||||
|
||||
import static org.junit.Assume.assumeTrue;
|
||||
|
||||
public class OpenSslServerContextTest extends SslContextTest {
|
||||
|
||||
@BeforeClass
|
||||
|
@ -405,7 +405,7 @@ public class ParameterizedSslHandlerTest {
|
||||
// Use TLSv1.2 as we depend on the fact that the handshake
|
||||
// is done in an extra round trip in the test which
|
||||
// is not true in TLSv1.3
|
||||
.protocols(SslUtils.PROTOCOL_TLS_V1_2)
|
||||
.protocols(SslProtocols.TLS_v1_2)
|
||||
.build();
|
||||
|
||||
final SslContext sslClientCtx = SslContextBuilder.forClient()
|
||||
@ -414,7 +414,7 @@ public class ParameterizedSslHandlerTest {
|
||||
// Use TLSv1.2 as we depend on the fact that the handshake
|
||||
// is done in an extra round trip in the test which
|
||||
// is not true in TLSv1.3
|
||||
.protocols(SslUtils.PROTOCOL_TLS_V1_2)
|
||||
.protocols(SslProtocols.TLS_v1_2)
|
||||
.build();
|
||||
|
||||
EventLoopGroup group = new NioEventLoopGroup();
|
||||
|
@ -50,7 +50,7 @@ public abstract class RenegotiateTest {
|
||||
try {
|
||||
final SslContext context = SslContextBuilder.forServer(cert.key(), cert.cert())
|
||||
.sslProvider(serverSslProvider())
|
||||
.protocols(SslUtils.PROTOCOL_TLS_V1_2)
|
||||
.protocols(SslProtocols.TLS_v1_2)
|
||||
.build();
|
||||
|
||||
ServerBootstrap sb = new ServerBootstrap();
|
||||
@ -105,7 +105,7 @@ public abstract class RenegotiateTest {
|
||||
final SslContext clientContext = SslContextBuilder.forClient()
|
||||
.trustManager(InsecureTrustManagerFactory.INSTANCE)
|
||||
.sslProvider(SslProvider.JDK)
|
||||
.protocols(SslUtils.PROTOCOL_TLS_V1_2)
|
||||
.protocols(SslProtocols.TLS_v1_2)
|
||||
.build();
|
||||
|
||||
Bootstrap bootstrap = new Bootstrap();
|
||||
|
@ -184,9 +184,9 @@ public abstract class SSLEngineTest {
|
||||
|
||||
static final class ProtocolCipherCombo {
|
||||
private static final ProtocolCipherCombo TLSV12 = new ProtocolCipherCombo(
|
||||
PROTOCOL_TLS_V1_2, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256");
|
||||
SslProtocols.TLS_v1_2, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256");
|
||||
private static final ProtocolCipherCombo TLSV13 = new ProtocolCipherCombo(
|
||||
PROTOCOL_TLS_V1_3, "TLS_AES_128_GCM_SHA256");
|
||||
SslProtocols.TLS_v1_3, "TLS_AES_128_GCM_SHA256");
|
||||
final String protocol;
|
||||
final String cipher;
|
||||
|
||||
@ -532,13 +532,13 @@ public abstract class SSLEngineTest {
|
||||
// due to no shared/supported cipher.
|
||||
clientSslCtx = wrapContext(SslContextBuilder.forClient()
|
||||
.trustManager(InsecureTrustManagerFactory.INSTANCE)
|
||||
.protocols(PROTOCOL_TLS_V1_3, PROTOCOL_TLS_V1_2, PROTOCOL_TLS_V1)
|
||||
.protocols(SslProtocols.TLS_v1_3, SslProtocols.TLS_v1_2, SslProtocols.TLS_v1)
|
||||
.sslContextProvider(clientSslContextProvider())
|
||||
.sslProvider(sslClientProvider())
|
||||
.build());
|
||||
|
||||
serverSslCtx = wrapContext(SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
|
||||
.protocols(PROTOCOL_TLS_V1_3, PROTOCOL_TLS_V1_2, PROTOCOL_TLS_V1)
|
||||
.protocols(SslProtocols.TLS_v1_3, SslProtocols.TLS_v1_2, SslProtocols.TLS_v1)
|
||||
.sslContextProvider(serverSslContextProvider())
|
||||
.sslProvider(sslServerProvider())
|
||||
.build());
|
||||
@ -1513,7 +1513,7 @@ public abstract class SSLEngineTest {
|
||||
assertArrayEquals(protocols1, enabledProtocols);
|
||||
|
||||
// Enable a protocol that is currently disabled
|
||||
sslEngine.setEnabledProtocols(new String[]{ PROTOCOL_TLS_V1_2 });
|
||||
sslEngine.setEnabledProtocols(new String[]{ SslProtocols.TLS_v1_2 });
|
||||
|
||||
// The protocol that was just enabled should be returned
|
||||
enabledProtocols = sslEngine.getEnabledProtocols();
|
||||
@ -1584,7 +1584,7 @@ public abstract class SSLEngineTest {
|
||||
if (!clientHandshakeFinished ||
|
||||
// After the handshake completes it is possible we have more data that was send by the server as
|
||||
// the server will send session updates after the handshake. In this case continue to unwrap.
|
||||
SslUtils.PROTOCOL_TLS_V1_3.equals(clientEngine.getSession().getProtocol())) {
|
||||
SslProtocols.TLS_v1_3.equals(clientEngine.getSession().getProtocol())) {
|
||||
int clientAppReadBufferPos = clientAppReadBuffer.position();
|
||||
clientResult = clientEngine.unwrap(sTOc, clientAppReadBuffer);
|
||||
|
||||
@ -1700,7 +1700,7 @@ public abstract class SSLEngineTest {
|
||||
if (serverApn.protocol() == Protocol.NPN || serverApn.protocol() == Protocol.NPN_AND_ALPN) {
|
||||
// NPN is not really well supported with TLSv1.3 so force to use TLSv1.2
|
||||
// See https://github.com/openssl/openssl/issues/3665
|
||||
serverCtxBuilder.protocols(PROTOCOL_TLS_V1_2);
|
||||
serverCtxBuilder.protocols(SslProtocols.TLS_v1_2);
|
||||
}
|
||||
|
||||
SslContextBuilder clientCtxBuilder = SslContextBuilder.forClient()
|
||||
@ -1715,7 +1715,7 @@ public abstract class SSLEngineTest {
|
||||
if (clientApn.protocol() == Protocol.NPN || clientApn.protocol() == Protocol.NPN_AND_ALPN) {
|
||||
// NPN is not really well supported with TLSv1.3 so force to use TLSv1.2
|
||||
// See https://github.com/openssl/openssl/issues/3665
|
||||
clientCtxBuilder.protocols(PROTOCOL_TLS_V1_2);
|
||||
clientCtxBuilder.protocols(SslProtocols.TLS_v1_2);
|
||||
}
|
||||
|
||||
setupHandlers(wrapContext(serverCtxBuilder.build()), wrapContext(clientCtxBuilder.build()));
|
||||
@ -2043,9 +2043,9 @@ public abstract class SSLEngineTest {
|
||||
if (provider != null) {
|
||||
// conscrypt not correctly filters out TLSv1 and TLSv1.1 which is required now by the JDK.
|
||||
// https://github.com/google/conscrypt/issues/1013
|
||||
return new String[] { PROTOCOL_TLS_V1_2 };
|
||||
return new String[] { SslProtocols.TLS_v1_2 };
|
||||
}
|
||||
return new String[] {PROTOCOL_TLS_V1_2, PROTOCOL_TLS_V1};
|
||||
return new String[] {SslProtocols.TLS_v1_2, SslProtocols.TLS_v1};
|
||||
}
|
||||
|
||||
@Test
|
||||
@ -2333,7 +2333,7 @@ public abstract class SSLEngineTest {
|
||||
.sslContextProvider(clientSslContextProvider())
|
||||
.sslProvider(sslClientProvider())
|
||||
// This test only works for non TLSv1.3 for now
|
||||
.protocols(PROTOCOL_TLS_V1_2)
|
||||
.protocols(SslProtocols.TLS_v1_2)
|
||||
.build());
|
||||
SSLEngine client = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
|
||||
|
||||
@ -2342,7 +2342,7 @@ public abstract class SSLEngineTest {
|
||||
.sslContextProvider(serverSslContextProvider())
|
||||
.sslProvider(sslServerProvider())
|
||||
// This test only works for non TLSv1.3 for now
|
||||
.protocols(PROTOCOL_TLS_V1_2)
|
||||
.protocols(SslProtocols.TLS_v1_2)
|
||||
.build());
|
||||
SSLEngine server = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
|
||||
|
||||
@ -2803,12 +2803,13 @@ public abstract class SSLEngineTest {
|
||||
|
||||
@Test
|
||||
public void testDisableProtocols() throws Exception {
|
||||
testDisableProtocols(PROTOCOL_SSL_V2, PROTOCOL_SSL_V2);
|
||||
testDisableProtocols(PROTOCOL_SSL_V3, PROTOCOL_SSL_V2, PROTOCOL_SSL_V3);
|
||||
testDisableProtocols(PROTOCOL_TLS_V1, PROTOCOL_SSL_V2, PROTOCOL_SSL_V3, PROTOCOL_TLS_V1);
|
||||
testDisableProtocols(PROTOCOL_TLS_V1_1, PROTOCOL_SSL_V2, PROTOCOL_SSL_V3, PROTOCOL_TLS_V1, PROTOCOL_TLS_V1_1);
|
||||
testDisableProtocols(PROTOCOL_TLS_V1_2, PROTOCOL_SSL_V2,
|
||||
PROTOCOL_SSL_V3, PROTOCOL_TLS_V1, PROTOCOL_TLS_V1_1, PROTOCOL_TLS_V1_2);
|
||||
testDisableProtocols(SslProtocols.SSL_v2, SslProtocols.SSL_v2);
|
||||
testDisableProtocols(SslProtocols.SSL_v3, SslProtocols.SSL_v2, SslProtocols.SSL_v3);
|
||||
testDisableProtocols(SslProtocols.TLS_v1, SslProtocols.SSL_v2, SslProtocols.SSL_v3, SslProtocols.TLS_v1);
|
||||
testDisableProtocols(SslProtocols.TLS_v1_1, SslProtocols.SSL_v2, SslProtocols.SSL_v3, SslProtocols.TLS_v1,
|
||||
SslProtocols.TLS_v1_1);
|
||||
testDisableProtocols(SslProtocols.TLS_v1_2, SslProtocols.SSL_v2,
|
||||
SslProtocols.SSL_v3, SslProtocols.TLS_v1, SslProtocols.TLS_v1_1, SslProtocols.TLS_v1_2);
|
||||
}
|
||||
|
||||
private void testDisableProtocols(String protocol, String... disabledProtocols) throws Exception {
|
||||
@ -2832,7 +2833,7 @@ public abstract class SSLEngineTest {
|
||||
for (String disabled : disabledProtocols) {
|
||||
supported.remove(disabled);
|
||||
}
|
||||
if (supported.contains(PROTOCOL_SSL_V2_HELLO) && supported.size() == 1) {
|
||||
if (supported.contains(SslProtocols.SSL_v2_HELLO) && supported.size() == 1) {
|
||||
// It's not allowed to set only PROTOCOL_SSL_V2_HELLO if using JDK SSLEngine.
|
||||
return;
|
||||
}
|
||||
@ -4010,9 +4011,9 @@ public abstract class SSLEngineTest {
|
||||
}
|
||||
|
||||
assertEquals(SslProvider.isTlsv13EnabledByDefault(sslClientProvider(), clientSslContextProvider()),
|
||||
arrayContains(clientProtocols, PROTOCOL_TLS_V1_3));
|
||||
arrayContains(clientProtocols, SslProtocols.TLS_v1_3));
|
||||
assertEquals(SslProvider.isTlsv13EnabledByDefault(sslServerProvider(), serverSslContextProvider()),
|
||||
arrayContains(serverProtocols, PROTOCOL_TLS_V1_3));
|
||||
arrayContains(serverProtocols, SslProtocols.TLS_v1_3));
|
||||
}
|
||||
|
||||
protected SSLEngine wrapEngine(SSLEngine engine) {
|
||||
|
@ -611,7 +611,7 @@ public class SniHandlerTest {
|
||||
* This is a {@link SslHandler} that will call {@code release()} on the {@link SslContext} when
|
||||
* the client disconnects.
|
||||
*
|
||||
* @see SniHandlerTest#testReplaceHandler()
|
||||
* @see SniHandlerTest#testReplaceHandler(SslProvider)
|
||||
*/
|
||||
private static class CustomSslHandler extends SslHandler {
|
||||
private final SslContext sslContext;
|
||||
|
@ -836,7 +836,7 @@ public class SslHandlerTest {
|
||||
@Timeout(value = 10000, unit = TimeUnit.MILLISECONDS)
|
||||
public void testHandshakeFailedByWriteBeforeChannelActive() throws Exception {
|
||||
final SslContext sslClientCtx = SslContextBuilder.forClient()
|
||||
.protocols(SslUtils.PROTOCOL_SSL_V3)
|
||||
.protocols(SslProtocols.SSL_v3)
|
||||
.trustManager(InsecureTrustManagerFactory.INSTANCE)
|
||||
.sslProvider(SslProvider.JDK).build();
|
||||
|
||||
@ -1145,27 +1145,27 @@ public class SslHandlerTest {
|
||||
@Test
|
||||
@Timeout(value = 5000, unit = TimeUnit.MILLISECONDS)
|
||||
public void testSessionTicketsWithTLSv12() throws Throwable {
|
||||
testSessionTickets(SslProvider.OPENSSL, SslUtils.PROTOCOL_TLS_V1_2, true);
|
||||
testSessionTickets(SslProvider.OPENSSL, SslProtocols.TLS_v1_2, true);
|
||||
}
|
||||
|
||||
@Test
|
||||
@Timeout(value = 5000, unit = TimeUnit.MILLISECONDS)
|
||||
public void testSessionTicketsWithTLSv13() throws Throwable {
|
||||
assumeTrue(SslProvider.isTlsv13Supported(SslProvider.OPENSSL));
|
||||
testSessionTickets(SslProvider.OPENSSL, SslUtils.PROTOCOL_TLS_V1_3, true);
|
||||
testSessionTickets(SslProvider.OPENSSL, SslProtocols.TLS_v1_3, true);
|
||||
}
|
||||
|
||||
@Test
|
||||
@Timeout(value = 5000, unit = TimeUnit.MILLISECONDS)
|
||||
public void testSessionTicketsWithTLSv12AndNoKey() throws Throwable {
|
||||
testSessionTickets(SslProvider.OPENSSL, SslUtils.PROTOCOL_TLS_V1_2, false);
|
||||
testSessionTickets(SslProvider.OPENSSL, SslProtocols.TLS_v1_2, false);
|
||||
}
|
||||
|
||||
@Test
|
||||
@Timeout(value = 5000, unit = TimeUnit.MILLISECONDS)
|
||||
public void testSessionTicketsWithTLSv13AndNoKey() throws Throwable {
|
||||
assumeTrue(OpenSsl.isTlsv13Supported());
|
||||
testSessionTickets(SslProvider.OPENSSL, SslUtils.PROTOCOL_TLS_V1_3, false);
|
||||
testSessionTickets(SslProvider.OPENSSL, SslProtocols.TLS_v1_3, false);
|
||||
}
|
||||
|
||||
private static void testSessionTickets(SslProvider provider, String protocol, boolean withKey) throws Throwable {
|
||||
@ -1223,7 +1223,7 @@ public class SslHandlerTest {
|
||||
// This test only works for non TLSv1.3 as TLSv1.3 will establish sessions after
|
||||
// the handshake is done.
|
||||
// See https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_sess_set_get_cb.html
|
||||
if (!SslUtils.PROTOCOL_TLS_V1_3.equals(engine.getSession().getProtocol())) {
|
||||
if (!SslProtocols.TLS_v1_3.equals(engine.getSession().getProtocol())) {
|
||||
// First should not re-use the session
|
||||
try {
|
||||
assertEquals(handshakeCount > 1, engine.isSessionReused());
|
||||
@ -1297,7 +1297,7 @@ public class SslHandlerTest {
|
||||
// This test only works for non TLSv1.3 as TLSv1.3 will establish sessions after
|
||||
// the handshake is done.
|
||||
// See https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_sess_set_get_cb.html
|
||||
if (!SslUtils.PROTOCOL_TLS_V1_3.equals(engine.getSession().getProtocol())) {
|
||||
if (!SslProtocols.TLS_v1_3.equals(engine.getSession().getProtocol())) {
|
||||
assertEquals(isReused, engine.isSessionReused());
|
||||
}
|
||||
Object obj = queue.take();
|
||||
@ -1472,11 +1472,11 @@ public class SslHandlerTest {
|
||||
if (tls13) {
|
||||
clientCipher = "TLS_AES_128_GCM_SHA256";
|
||||
serverCipher = "TLS_AES_256_GCM_SHA384";
|
||||
protocol = SslUtils.PROTOCOL_TLS_V1_3;
|
||||
protocol = SslProtocols.TLS_v1_3;
|
||||
} else {
|
||||
clientCipher = "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256";
|
||||
serverCipher = "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384";
|
||||
protocol = SslUtils.PROTOCOL_TLS_V1_2;
|
||||
protocol = SslProtocols.TLS_v1_2;
|
||||
}
|
||||
final SslContext sslClientCtx = SslContextBuilder.forClient()
|
||||
.trustManager(InsecureTrustManagerFactory.INSTANCE)
|
||||
@ -1566,26 +1566,26 @@ public class SslHandlerTest {
|
||||
|
||||
@Test
|
||||
public void testHandshakeEventsTls12JDK() throws Exception {
|
||||
testHandshakeEvents(SslProvider.JDK, SslUtils.PROTOCOL_TLS_V1_2);
|
||||
testHandshakeEvents(SslProvider.JDK, SslProtocols.TLS_v1_2);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testHandshakeEventsTls12Openssl() throws Exception {
|
||||
OpenSsl.ensureAvailability();
|
||||
testHandshakeEvents(SslProvider.OPENSSL, SslUtils.PROTOCOL_TLS_V1_2);
|
||||
testHandshakeEvents(SslProvider.OPENSSL, SslProtocols.TLS_v1_2);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testHandshakeEventsTls13JDK() throws Exception {
|
||||
assumeTrue(SslProvider.isTlsv13Supported(SslProvider.JDK));
|
||||
testHandshakeEvents(SslProvider.JDK, SslUtils.PROTOCOL_TLS_V1_3);
|
||||
testHandshakeEvents(SslProvider.JDK, SslProtocols.TLS_v1_3);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testHandshakeEventsTls13Openssl() throws Exception {
|
||||
OpenSsl.ensureAvailability();
|
||||
assumeTrue(SslProvider.isTlsv13Supported(SslProvider.OPENSSL));
|
||||
testHandshakeEvents(SslProvider.OPENSSL, SslUtils.PROTOCOL_TLS_V1_3);
|
||||
testHandshakeEvents(SslProvider.OPENSSL, SslProtocols.TLS_v1_3);
|
||||
}
|
||||
|
||||
private void testHandshakeEvents(SslProvider provider, String protocol) throws Exception {
|
||||
|
Loading…
Reference in New Issue
Block a user