430951 Improved ordering of SSL ciphers

2014-12-31 15:45:08 +01:00 · 2014-12-31 15:45:08 +01:00 · 58faca9e09
parent a79b154d1b
commit 58faca9e09
1 changed files with 8 additions and 5 deletions
--- a/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java
+++ b/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java
@ -41,6 +41,7 @@ import java.util.Collections;
 import java.util.LinkedHashSet;
 import java.util.List;
 import java.util.Set;
+import java.util.concurrent.CopyOnWriteArrayList;
 import java.util.concurrent.CopyOnWriteArraySet;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
@ -121,7 +122,7 @@ public class SslContextFactory extends AbstractLifeCycle
    /** Excluded cipher suites. */
    private final Set<String> _excludeCipherSuites = new LinkedHashSet<>();
    /** Included cipher suites. */
-    private Set<String> _includeCipherSuites = null;
+    private List<String> _includeCipherSuites = null;

    /** Keystore path. */
    private String _keyStorePath;
@ -428,7 +429,7 @@ public class SslContextFactory extends AbstractLifeCycle
    public void setIncludeCipherSuites(String... cipherSuites)
    {
        checkNotStarted();
-        _includeCipherSuites = new LinkedHashSet<>(Arrays.asList(cipherSuites));
+        _includeCipherSuites = new CopyOnWriteArrayList<>(Arrays.asList(cipherSuites));
    }

    /**
@ -1073,7 +1074,7 @@ public class SslContextFactory extends AbstractLifeCycle
     */
    public String[] selectCipherSuites(String[] enabledCipherSuites, String[] supportedCipherSuites)
    {
-        Set<String> selected_ciphers = new CopyOnWriteArraySet<>();
+        List<String> selected_ciphers = new CopyOnWriteArrayList<>(); // TODO is this the most efficient?

        // Set the starting ciphers - either from the included or enabled list
        if (_includeCipherSuites!=null)
@ -1083,13 +1084,15 @@ public class SslContextFactory extends AbstractLifeCycle

        removeExcludedCipherSuites(selected_ciphers);

+        // TODO could we cache these results?
        return selected_ciphers.toArray(new String[selected_ciphers.size()]);
    }

-    private void processIncludeCipherSuites(String[] supportedCipherSuites, Set<String> selected_ciphers)
+    private void processIncludeCipherSuites(String[] supportedCipherSuites, List<String> selected_ciphers)
    {
        for (String cipherSuite : _includeCipherSuites)
        {
+            // TODO precompile these patterns to make accepting faster
            Pattern p = Pattern.compile(cipherSuite);
            for (String supportedCipherSuite : supportedCipherSuites)
            {
@ -1100,7 +1103,7 @@ public class SslContextFactory extends AbstractLifeCycle
        }
    }

-    private void removeExcludedCipherSuites(Set<String> selected_ciphers)
+    private void removeExcludedCipherSuites(List<String> selected_ciphers)
    {
        for (String excludeCipherSuite : _excludeCipherSuites)
        {