public void testCipherSuitesFilter() throws Exception { SSLContext controlContext = SSLContext.getInstance("TLS"); controlContext.init(null, null, null); SSLEngine controlEngine = controlContext.createSSLEngine(); SSLSocket controlSocket = (SSLSocket) controlContext.getSocketFactory().createSocket(); SSLServerSocket controlServerSocket = (SSLServerSocket) controlContext.getServerSocketFactory().createServerSocket(); // default SSLContextParameters scp = new SSLContextParameters(); SSLContext context = scp.createSSLContext(); CipherSuitesParameters csp = new CipherSuitesParameters(); scp.setCipherSuites(csp); SSLEngine engine = context.createSSLEngine(); SSLSocket socket = (SSLSocket) context.getSocketFactory().createSocket(); SSLServerSocket serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket(); assertTrue( Arrays.equals(controlEngine.getEnabledCipherSuites(), engine.getEnabledCipherSuites())); assertTrue( Arrays.equals(controlSocket.getEnabledCipherSuites(), socket.getEnabledCipherSuites())); assertTrue( Arrays.equals( this.getDefaultCipherSuiteIncludes(controlServerSocket.getSupportedCipherSuites()), serverSocket.getEnabledCipherSuites())); // empty filter FilterParameters filter = new FilterParameters(); scp.setCipherSuitesFilter(filter); context = scp.createSSLContext(); engine = context.createSSLEngine(); socket = (SSLSocket) context.getSocketFactory().createSocket(); serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket(); assertEquals(0, engine.getEnabledCipherSuites().length); assertEquals(0, socket.getEnabledCipherSuites().length); assertEquals(0, serverSocket.getEnabledCipherSuites().length); // explicit filter filter.getInclude().add(".*"); context = scp.createSSLContext(); engine = context.createSSLEngine(); socket = (SSLSocket) context.getSocketFactory().createSocket(); serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket(); assertEquals(0, engine.getEnabledCipherSuites().length); assertEquals(0, socket.getEnabledCipherSuites().length); assertEquals(0, serverSocket.getEnabledCipherSuites().length); // explicit filter with excludes (excludes overrides) filter.getExclude().add(".*"); context = scp.createSSLContext(); engine = context.createSSLEngine(); socket = (SSLSocket) context.getSocketFactory().createSocket(); serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket(); assertEquals(0, engine.getEnabledCipherSuites().length); assertEquals(0, socket.getEnabledCipherSuites().length); assertEquals(0, serverSocket.getEnabledCipherSuites().length); // explicit filter single include filter.getInclude().clear(); filter.getExclude().clear(); csp.getCipherSuite().add("TLS_RSA_WITH_AES_128_CBC_SHA"); filter.getInclude().add("TLS.*"); context = scp.createSSLContext(); engine = context.createSSLEngine(); socket = (SSLSocket) context.getSocketFactory().createSocket(); serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket(); // not all platforms/JDKs have these cipher suites if (!isPlatform("aix")) { assertTrue(engine.getEnabledCipherSuites().length >= 1); assertStartsWith(engine.getEnabledCipherSuites(), "TLS"); assertTrue(socket.getEnabledCipherSuites().length >= 1); assertStartsWith(socket.getEnabledCipherSuites(), "TLS"); assertTrue(serverSocket.getEnabledCipherSuites().length >= 1); assertStartsWith(serverSocket.getEnabledCipherSuites(), "TLS"); } }
public void testCipherSuites() throws Exception { SSLContext controlContext = SSLContext.getInstance("TLS"); controlContext.init(null, null, null); SSLEngine controlEngine = controlContext.createSSLEngine(); SSLSocket controlSocket = (SSLSocket) controlContext.getSocketFactory().createSocket(); SSLServerSocket controlServerSocket = (SSLServerSocket) controlContext.getServerSocketFactory().createServerSocket(); // default SSLContextParameters scp = new SSLContextParameters(); SSLContext context = scp.createSSLContext(); SSLEngine engine = context.createSSLEngine(); SSLSocket socket = (SSLSocket) context.getSocketFactory().createSocket(); SSLServerSocket serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket(); assertTrue( Arrays.equals(controlEngine.getEnabledCipherSuites(), engine.getEnabledCipherSuites())); assertTrue( Arrays.equals(controlSocket.getEnabledCipherSuites(), socket.getEnabledCipherSuites())); assertTrue( Arrays.equals( this.getDefaultCipherSuiteIncludes(controlServerSocket.getSupportedCipherSuites()), serverSocket.getEnabledCipherSuites())); // empty csp CipherSuitesParameters csp = new CipherSuitesParameters(); scp.setCipherSuites(csp); context = scp.createSSLContext(); engine = context.createSSLEngine(); socket = (SSLSocket) context.getSocketFactory().createSocket(); serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket(); assertEquals(0, engine.getEnabledCipherSuites().length); assertEquals(0, socket.getEnabledCipherSuites().length); assertEquals(0, serverSocket.getEnabledCipherSuites().length); // explicit csp csp.getCipherSuite().add(controlEngine.getEnabledCipherSuites()[0]); context = scp.createSSLContext(); engine = context.createSSLEngine(); socket = (SSLSocket) context.getSocketFactory().createSocket(); serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket(); assertEquals(1, engine.getEnabledCipherSuites().length); assertEquals(controlEngine.getEnabledCipherSuites()[0], engine.getEnabledCipherSuites()[0]); assertEquals(1, socket.getEnabledCipherSuites().length); assertEquals(controlEngine.getEnabledCipherSuites()[0], socket.getEnabledCipherSuites()[0]); assertEquals(1, serverSocket.getEnabledCipherSuites().length); assertEquals( controlEngine.getEnabledCipherSuites()[0], serverSocket.getEnabledCipherSuites()[0]); // explicit csp overrides filter FilterParameters filter = new FilterParameters(); filter.getInclude().add(".*"); scp.setCipherSuitesFilter(filter); context = scp.createSSLContext(); engine = context.createSSLEngine(); socket = (SSLSocket) context.getSocketFactory().createSocket(); serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket(); assertEquals(1, engine.getEnabledCipherSuites().length); assertEquals(controlEngine.getEnabledCipherSuites()[0], engine.getEnabledCipherSuites()[0]); assertEquals(1, socket.getEnabledCipherSuites().length); assertEquals(controlEngine.getEnabledCipherSuites()[0], socket.getEnabledCipherSuites()[0]); assertEquals(1, socket.getEnabledCipherSuites().length); assertEquals( controlEngine.getEnabledCipherSuites()[0], serverSocket.getEnabledCipherSuites()[0]); }