473294 - Fixed include cipher suites support for wildcards

This commit is contained in:
Greg Wilkins 2015-07-23 09:36:19 +10:00
parent 830b126e43
commit 085ec933c5
2 changed files with 11 additions and 6 deletions

View File

@ -1247,19 +1247,22 @@ public class SslContextFactory extends AbstractLifeCycle
protected void processIncludeCipherSuites(String[] supportedCipherSuites, List<String> selected_ciphers)
{
ciphers: for (String cipherSuite : _includeCipherSuites)
for (String cipherSuite : _includeCipherSuites)
{
Pattern p = Pattern.compile(cipherSuite);
boolean added=false;
for (String supportedCipherSuite : supportedCipherSuites)
{
Matcher m = p.matcher(supportedCipherSuite);
if (m.matches())
{
added=true;
selected_ciphers.add(supportedCipherSuite);
continue ciphers;
}
}
LOG.info("Cipher {} not supported",cipherSuite);
if (!added)
LOG.info("No Cipher matching '{}' is supported",cipherSuite);
}
}

View File

@ -28,6 +28,7 @@ import static org.junit.Assert.assertTrue;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyStore;
import java.util.Arrays;
import javax.net.ssl.SSLEngine;
@ -204,13 +205,14 @@ public class SslContextFactoryTest
@Test
public void testSetIncludeCipherSuitesRegex() throws Exception
{
cf.setIncludeCipherSuites(".*RC4.*");
Log.getLogger(SslContextFactory.class).setDebugEnabled(true);
cf.setIncludeCipherSuites(".*ECDHE.*",".*WIBBLE.*");
cf.start();
SSLEngine sslEngine = cf.newSSLEngine();
String[] enabledCipherSuites = sslEngine.getEnabledCipherSuites();
assertThat("At least 1 cipherSuite is enabled", enabledCipherSuites.length, greaterThan(0));
assertThat("At least 1 cipherSuite is enabled", enabledCipherSuites.length, greaterThan(1));
for (String enabledCipherSuite : enabledCipherSuites)
assertThat("CipherSuite contains RC4", enabledCipherSuite.contains("RC4"), is(true));
assertThat("CipherSuite contains ECDHE", enabledCipherSuite.contains("ECDHE"), is(true));
}
@Test