Example 1 with NamedGroupType
use of sun.security.ssl.NamedGroupType in project Bytecoder by mirkosertic.
the class Handshaker method isActivatable.
private boolean isActivatable(CipherSuite suite, Map<NamedGroupType, Boolean> cachedStatus) {
if (algorithmConstraints.permits(EnumSet.of(CryptoPrimitive.KEY_AGREEMENT), suite.name, null)) {
boolean available = true;
NamedGroupType groupType = suite.keyExchange.groupType;
if (groupType != NAMED_GROUP_NONE) {
Boolean checkedStatus = cachedStatus.get(groupType);
if (checkedStatus == null) {
available = SupportedGroupsExtension.isActivatable(algorithmConstraints, groupType);
cachedStatus.put(groupType, available);
if (!available && debug != null && Debug.isOn("verbose")) {
System.out.println("No activated named group");
}
} else {
available = checkedStatus.booleanValue();
}
if (!available && debug != null && Debug.isOn("verbose")) {
System.out.println("No active named group, ignore " + suite);
}
return available;
} else {
return true;
}
} else if (debug != null && Debug.isOn("verbose")) {
System.out.println("Ignoring disabled cipher suite: " + suite);
}
return false;
}
Also used :
NamedGroupType(sun.security.ssl.NamedGroupType)
Example 2 with NamedGroupType
use of sun.security.ssl.NamedGroupType in project Bytecoder by mirkosertic.
the class Handshaker method getActiveProtocols.
/*
* Get the active protocol versions.
*
* In TLS 1.1, many weak or vulnerable cipher suites were obsoleted,
* such as TLS_RSA_EXPORT_WITH_RC4_40_MD5. The implementation MUST NOT
* negotiate these cipher suites in TLS 1.1 or later mode.
*
* For example, if "TLS_RSA_EXPORT_WITH_RC4_40_MD5" is the
* only enabled cipher suite, the client cannot request TLS 1.1 or
* later, even though TLS 1.1 or later is enabled. We need to create a
* subset of the enabled protocols, called the active protocols, which
* contains protocols appropriate to the list of enabled Ciphersuites.
*
* Return empty list instead of null if no active protocol versions.
*/
ProtocolList getActiveProtocols() {
if (activeProtocols == null) {
boolean enabledSSL20Hello = false;
boolean checkedCurves = false;
boolean hasCurves = false;
ArrayList<ProtocolVersion> protocols = new ArrayList<>(4);
for (ProtocolVersion protocol : enabledProtocols.collection()) {
// Need not to check the SSL20Hello protocol.
if (protocol.v == ProtocolVersion.SSL20Hello.v) {
enabledSSL20Hello = true;
continue;
}
if (!algorithmConstraints.permits(EnumSet.of(CryptoPrimitive.KEY_AGREEMENT), protocol.name, null)) {
if (debug != null && Debug.isOn("verbose")) {
System.out.println("Ignoring disabled protocol: " + protocol);
}
continue;
}
boolean found = false;
Map<NamedGroupType, Boolean> cachedStatus = new EnumMap<>(NamedGroupType.class);
for (CipherSuite suite : enabledCipherSuites.collection()) {
if (suite.isAvailable() && (!protocol.obsoletes(suite)) && protocol.supports(suite)) {
if (isActivatable(suite, cachedStatus)) {
protocols.add(protocol);
found = true;
break;
}
} else if (debug != null && Debug.isOn("verbose")) {
System.out.println("Ignoring unsupported cipher suite: " + suite + " for " + protocol);
}
}
if (!found && (debug != null) && Debug.isOn("handshake")) {
System.out.println("No available cipher suite for " + protocol);
}
}
if (!protocols.isEmpty() && enabledSSL20Hello) {
protocols.add(ProtocolVersion.SSL20Hello);
}
activeProtocols = new ProtocolList(protocols);
}
return activeProtocols;
}
Also used :
NamedGroupType(sun.security.ssl.NamedGroupType)
CipherSuite(sun.security.ssl.CipherSuite)
Example 3 with NamedGroupType
use of sun.security.ssl.NamedGroupType in project Bytecoder by mirkosertic.
the class Handshaker method getActiveCipherSuites.
/**
* Get the active cipher suites.
*
* In TLS 1.1, many weak or vulnerable cipher suites were obsoleted,
* such as TLS_RSA_EXPORT_WITH_RC4_40_MD5. The implementation MUST NOT
* negotiate these cipher suites in TLS 1.1 or later mode.
*
* Therefore, when the active protocols only include TLS 1.1 or later,
* the client cannot request to negotiate those obsoleted cipher
* suites. That is, the obsoleted suites should not be included in the
* client hello. So we need to create a subset of the enabled cipher
* suites, the active cipher suites, which does not contain obsoleted
* cipher suites of the minimum active protocol.
*
* Return empty list instead of null if no active cipher suites.
*/
CipherSuiteList getActiveCipherSuites() {
if (activeCipherSuites == null) {
if (activeProtocols == null) {
activeProtocols = getActiveProtocols();
}
ArrayList<CipherSuite> suites = new ArrayList<>();
if (!(activeProtocols.collection().isEmpty()) && activeProtocols.min.v != ProtocolVersion.NONE.v) {
Map<NamedGroupType, Boolean> cachedStatus = new EnumMap<>(NamedGroupType.class);
for (CipherSuite suite : enabledCipherSuites.collection()) {
if (suite.isAvailable() && (!activeProtocols.min.obsoletes(suite)) && activeProtocols.max.supports(suite)) {
if (isActivatable(suite, cachedStatus)) {
suites.add(suite);
}
} else if (debug != null && Debug.isOn("verbose")) {
if (activeProtocols.min.obsoletes(suite)) {
System.out.println("Ignoring obsoleted cipher suite: " + suite);
} else {
System.out.println("Ignoring unsupported cipher suite: " + suite);
}
}
}
}
activeCipherSuites = new CipherSuiteList(suites);
}
return activeCipherSuites;
}
Also used :
NamedGroupType(sun.security.ssl.NamedGroupType)
CipherSuite(sun.security.ssl.CipherSuite)
Aggregations
