430951 Improved ordering of SSL ciphers

jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java

@@ -41,6 +41,7 @@ import java.util.Collections;
 import java.util.LinkedHashSet;
 import java.util.List;
 import java.util.Set;
+import java.util.concurrent.CopyOnWriteArrayList;
 import java.util.concurrent.CopyOnWriteArraySet;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
@@ -121,7 +122,7 @@ public class SslContextFactory extends AbstractLifeCycle
     /** Excluded cipher suites. */
     private final Set<String> _excludeCipherSuites = new LinkedHashSet<>();
     /** Included cipher suites. */
-    private Set<String> _includeCipherSuites = null;
+    private List<String> _includeCipherSuites = null;
 
     /** Keystore path. */
     private String _keyStorePath;
@@ -428,7 +429,7 @@ public class SslContextFactory extends AbstractLifeCycle
     public void setIncludeCipherSuites(String... cipherSuites)
     {
         checkNotStarted();
-        _includeCipherSuites = new LinkedHashSet<>(Arrays.asList(cipherSuites));
+        _includeCipherSuites = new CopyOnWriteArrayList<>(Arrays.asList(cipherSuites));
     }
 
     /**
@@ -1073,7 +1074,7 @@ public class SslContextFactory extends AbstractLifeCycle
      */
     public String[] selectCipherSuites(String[] enabledCipherSuites, String[] supportedCipherSuites)
     {
-        Set<String> selected_ciphers = new CopyOnWriteArraySet<>();
+        List<String> selected_ciphers = new CopyOnWriteArrayList<>(); // TODO is this the most efficient?
 
         // Set the starting ciphers - either from the included or enabled list
         if (_includeCipherSuites!=null)
@@ -1083,13 +1084,15 @@ public class SslContextFactory extends AbstractLifeCycle
 
         removeExcludedCipherSuites(selected_ciphers);
 
+        // TODO could we cache these results?
         return selected_ciphers.toArray(new String[selected_ciphers.size()]);
     }
 
-    private void processIncludeCipherSuites(String[] supportedCipherSuites, Set<String> selected_ciphers)
+    private void processIncludeCipherSuites(String[] supportedCipherSuites, List<String> selected_ciphers)
     {
         for (String cipherSuite : _includeCipherSuites)
         {
+            // TODO precompile these patterns to make accepting faster
             Pattern p = Pattern.compile(cipherSuite);
             for (String supportedCipherSuite : supportedCipherSuites)
             {
@@ -1100,7 +1103,7 @@ public class SslContextFactory extends AbstractLifeCycle
         }
     }
 
-    private void removeExcludedCipherSuites(Set<String> selected_ciphers)
+    private void removeExcludedCipherSuites(List<String> selected_ciphers)
     {
         for (String excludeCipherSuite : _excludeCipherSuites)
         {