diff options
author | Bjørn Christian Seime <bjorn.christian@seime.no> | 2018-11-07 10:58:53 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-11-07 10:58:53 +0100 |
commit | 95ffa3196cc6719a6295ad3ba7cee366499864f1 (patch) | |
tree | 4efaa8de3cccaef4f58a1025522de4f1d85d1e86 /jrt | |
parent | 9863899ffe849ad7af74759977fbf2640b0add93 (diff) | |
parent | 2fee9978ee7c93b3eafdc79c2f3553d8d0117bb1 (diff) |
Merge pull request #7585 from vespa-engine/bjorncs/accepted-ciphers
Bjorncs/accepted ciphers
Diffstat (limited to 'jrt')
-rw-r--r-- | jrt/src/com/yahoo/jrt/TlsCryptoEngine.java | 22 |
1 files changed, 16 insertions, 6 deletions
diff --git a/jrt/src/com/yahoo/jrt/TlsCryptoEngine.java b/jrt/src/com/yahoo/jrt/TlsCryptoEngine.java index b3daf5c296d..25a154be107 100644 --- a/jrt/src/com/yahoo/jrt/TlsCryptoEngine.java +++ b/jrt/src/com/yahoo/jrt/TlsCryptoEngine.java @@ -2,17 +2,15 @@ package com.yahoo.jrt; import com.yahoo.security.SslContextBuilder; -import com.yahoo.security.X509CertificateUtils; import com.yahoo.security.tls.TransportSecurityOptions; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLEngine; -import java.io.IOException; -import java.io.UncheckedIOException; import java.nio.channels.SocketChannel; -import java.nio.file.Files; -import java.security.cert.X509Certificate; +import java.util.Arrays; +import java.util.Collections; import java.util.List; +import java.util.logging.Logger; /** * A {@link CryptoSocket} that creates {@link TlsCryptoSocket} instances. @@ -21,21 +19,33 @@ import java.util.List; */ public class TlsCryptoEngine implements CryptoEngine { + private static final Logger log = Logger.getLogger(TlsCryptoEngine.class.getName()); + private final SSLContext sslContext; + private final List<String> acceptedCiphers; public TlsCryptoEngine(SSLContext sslContext) { + this(sslContext, Collections.emptyList()); + } + + public TlsCryptoEngine(SSLContext sslContext, List<String> acceptedCiphers) { this.sslContext = sslContext; + this.acceptedCiphers = acceptedCiphers; } public TlsCryptoEngine(TransportSecurityOptions options) { - this(createSslContext(options)); + this(createSslContext(options), options.getAcceptedCiphers()); } @Override public TlsCryptoSocket createCryptoSocket(SocketChannel channel, boolean isServer) { SSLEngine sslEngine = sslContext.createSSLEngine(); + log.fine(() -> String.format("Supported ciphers: %s", Arrays.toString(sslEngine.getSupportedCipherSuites()))); sslEngine.setNeedClientAuth(true); sslEngine.setUseClientMode(!isServer); + if (!acceptedCiphers.isEmpty()) { + sslEngine.setEnabledCipherSuites(acceptedCiphers.toArray(new String[0])); + } return new TlsCryptoSocket(channel, sslEngine); } |