Eclipse
/
jetty.project
mirror of https://github.com/jetty/jetty.project.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

370137 - SslContextFactory does not respect order for [included|excluded]Protocols() and [included|excluded]CipherSuites().

This commit is contained in:
Simone Bordet 2012-01-30 16:40:04 +01:00
parent cacc5aefa2
commit ebae11da68
1 changed files with 22 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java
View File

@ -35,7 +35,7 @@ import java.security.cert.X509CertSelector;
import java.util.Arrays; import java.util.Arrays;
import java.util.Collection; import java.util.Collection;
import java.util.Collections; import java.util.Collections;
import java.util.HashSet; import java.util.LinkedHashSet;
import java.util.List; import java.util.List;
import java.util.Set; import java.util.Set;
import javax.net.ssl.CertPathTrustManagerParameters; import javax.net.ssl.CertPathTrustManagerParameters;
@ -107,13 +107,12 @@ public class SslContextFactory extends AbstractLifeCycle
public static final String PASSWORD_PROPERTY = "org.eclipse.jetty.ssl.password"; public static final String PASSWORD_PROPERTY = "org.eclipse.jetty.ssl.password";
/** Excluded protocols. */ /** Excluded protocols. */
private final Set<String> _excludeProtocols = new HashSet<String>(); private final Set<String> _excludeProtocols = new LinkedHashSet<String>();
// private final Set<String> _excludeProtocols = new HashSet<String>(Collections.singleton("SSLv2Hello"));
/** Included protocols. */ /** Included protocols. */
private Set<String> _includeProtocols = null; private Set<String> _includeProtocols = null;
/** Excluded cipher suites. */ /** Excluded cipher suites. */
private final Set<String> _excludeCipherSuites = new HashSet<String>(); private final Set<String> _excludeCipherSuites = new LinkedHashSet<String>();
/** Included cipher suites. */ /** Included cipher suites. */
private Set<String> _includeCipherSuites = null; private Set<String> _includeCipherSuites = null;
@ -210,6 +209,8 @@ public class SslContextFactory extends AbstractLifeCycle
/** /**
* Construct an instance of SslContextFactory * Construct an instance of SslContextFactory
* Default constructor for use in XmlConfiguration files * Default constructor for use in XmlConfiguration files
* @param trustAll whether to blindly trust all certificates
* @see #setTrustAll(boolean)
*/ */
public SslContextFactory(boolean trustAll) public SslContextFactory(boolean trustAll)
{ {
@ -313,7 +314,7 @@ public class SslContextFactory extends AbstractLifeCycle
/* ------------------------------------------------------------ */ /* ------------------------------------------------------------ */
/** /**
* @param Protocols * @param protocols
* The array of protocol names to exclude from * The array of protocol names to exclude from
* {@link SSLEngine#setEnabledProtocols(String[])} * {@link SSLEngine#setEnabledProtocols(String[])}
*/ */
@ -347,7 +348,7 @@ public class SslContextFactory extends AbstractLifeCycle
/* ------------------------------------------------------------ */ /* ------------------------------------------------------------ */
/** /**
* @param Protocols * @param protocols
* The array of protocol names to include in * The array of protocol names to include in
* {@link SSLEngine#setEnabledProtocols(String[])} * {@link SSLEngine#setEnabledProtocols(String[])}
*/ */
@ -355,7 +356,7 @@ public class SslContextFactory extends AbstractLifeCycle
{ {
checkNotStarted(); checkNotStarted();
_includeProtocols = new HashSet<String>(Arrays.asList(protocols)); _includeProtocols = new LinkedHashSet<String>(Arrays.asList(protocols));
} }
/* ------------------------------------------------------------ */ /* ------------------------------------------------------------ */
@ -411,7 +412,7 @@ public class SslContextFactory extends AbstractLifeCycle
{ {
checkNotStarted(); checkNotStarted();
_includeCipherSuites = new HashSet<String>(Arrays.asList(cipherSuites)); _includeCipherSuites = new LinkedHashSet<String>(Arrays.asList(cipherSuites));
} }
/* ------------------------------------------------------------ */ /* ------------------------------------------------------------ */
@ -444,7 +445,7 @@ public class SslContextFactory extends AbstractLifeCycle
/* ------------------------------------------------------------ */ /* ------------------------------------------------------------ */
/** /**
* @param keyStorePath * @param keyStorePath the file system path or URL of the keystore
* @deprecated Use {@link #setKeyStorePath(String)} * @deprecated Use {@link #setKeyStorePath(String)}
*/ */
@Deprecated @Deprecated
@ -1003,7 +1004,7 @@ public class SslContextFactory extends AbstractLifeCycle
* Override this method to provide alternate way to load a keystore. * Override this method to provide alternate way to load a keystore.
* *
* @return the key store instance * @return the key store instance
* @throws Exception * @throws Exception if the keystore cannot be loaded
*/ */
protected KeyStore loadKeyStore() throws Exception protected KeyStore loadKeyStore() throws Exception
{ {
@ -1017,7 +1018,7 @@ public class SslContextFactory extends AbstractLifeCycle
* Override this method to provide alternate way to load a truststore. * Override this method to provide alternate way to load a truststore.
* *
* @return the key store instance * @return the key store instance
* @throws Exception * @throws Exception if the truststore cannot be loaded
*/ */
protected KeyStore loadTrustStore() throws Exception protected KeyStore loadTrustStore() throws Exception
{ {
@ -1040,7 +1041,7 @@ public class SslContextFactory extends AbstractLifeCycle
* @param storeProvider keystore provider * @param storeProvider keystore provider
* @param storePassword keystore password * @param storePassword keystore password
* @return created keystore * @return created keystore
* @throws Exception * @throws Exception if the keystore cannot be obtained
* *
* @deprecated * @deprecated
*/ */
@ -1059,7 +1060,7 @@ public class SslContextFactory extends AbstractLifeCycle
* *
* @param crlPath path of certificate revocation list file * @param crlPath path of certificate revocation list file
* @return Collection of CRL's * @return Collection of CRL's
* @throws Exception * @throws Exception if the certificate revocation list cannot be loaded
*/ */
protected Collection<? extends CRL> loadCRL(String crlPath) throws Exception protected Collection<? extends CRL> loadCRL(String crlPath) throws Exception
{ {
@ -1199,16 +1200,16 @@ public class SslContextFactory extends AbstractLifeCycle
/* ------------------------------------------------------------ */ /* ------------------------------------------------------------ */
/** /**
* Select cipher suites to be used by the connector * Select protocols to be used by the connector
* based on configured inclusion and exclusion lists * based on configured inclusion and exclusion lists
* as well as enabled and supported cipher suite lists. * as well as enabled and supported protocols.
* @param enabledCipherSuites Array of enabled cipher suites * @param enabledProtocols Array of enabled protocols
* @param supportedCipherSuites Array of supported cipher suites * @param supportedProtocols Array of supported protocols
* @return Array of cipher suites to enable * @return Array of protocols to enable
*/ */
public String[] selectProtocols(String[] enabledProtocols, String[] supportedProtocols) public String[] selectProtocols(String[] enabledProtocols, String[] supportedProtocols)
{ {
Set<String> selected_protocols = new HashSet<String>(); Set<String> selected_protocols = new LinkedHashSet<String>();
// Set the starting protocols - either from the included or enabled list // Set the starting protocols - either from the included or enabled list
if (_includeProtocols!=null) if (_includeProtocols!=null)
@ -1240,7 +1241,7 @@ public class SslContextFactory extends AbstractLifeCycle
*/ */
public String[] selectCipherSuites(String[] enabledCipherSuites, String[] supportedCipherSuites) public String[] selectCipherSuites(String[] enabledCipherSuites, String[] supportedCipherSuites)
{ {
Set<String> selected_ciphers = new HashSet<String>(); Set<String> selected_ciphers = new LinkedHashSet<String>();
// Set the starting ciphers - either from the included or enabled list // Set the starting ciphers - either from the included or enabled list
if (_includeCipherSuites!=null) if (_includeCipherSuites!=null)