< prev index next >
src/java.base/share/classes/sun/security/ssl/SSLConfiguration.java
Print this page
rev 52899 : 8232424: More constrained algorithms
Reviewed-by: jnimeh, rhalade, ahgross
*** 50,60 ****
/**
* SSL/(D)TLS configuration.
*/
final class SSLConfiguration implements Cloneable {
// configurations with SSLParameters
! AlgorithmConstraints algorithmConstraints;
List<ProtocolVersion> enabledProtocols;
List<CipherSuite> enabledCipherSuites;
ClientAuthType clientAuthType;
String identificationProtocol;
List<SNIServerName> serverNames;
--- 50,60 ----
/**
* SSL/(D)TLS configuration.
*/
final class SSLConfiguration implements Cloneable {
// configurations with SSLParameters
! AlgorithmConstraints userSpecifiedAlgorithmConstraints;
List<ProtocolVersion> enabledProtocols;
List<CipherSuite> enabledCipherSuites;
ClientAuthType clientAuthType;
String identificationProtocol;
List<SNIServerName> serverNames;
*** 115,125 ****
}
SSLConfiguration(SSLContextImpl sslContext, boolean isClientMode) {
// Configurations with SSLParameters, default values.
! this.algorithmConstraints = SSLAlgorithmConstraints.DEFAULT;
this.enabledProtocols =
sslContext.getDefaultProtocolVersions(!isClientMode);
this.enabledCipherSuites =
sslContext.getDefaultCipherSuites(!isClientMode);
this.clientAuthType = ClientAuthType.CLIENT_AUTH_NONE;
--- 115,126 ----
}
SSLConfiguration(SSLContextImpl sslContext, boolean isClientMode) {
// Configurations with SSLParameters, default values.
! this.userSpecifiedAlgorithmConstraints =
! SSLAlgorithmConstraints.DEFAULT;
this.enabledProtocols =
sslContext.getDefaultProtocolVersions(!isClientMode);
this.enabledCipherSuites =
sslContext.getDefaultCipherSuites(!isClientMode);
this.clientAuthType = ClientAuthType.CLIENT_AUTH_NONE;
*** 152,162 ****
}
SSLParameters getSSLParameters() {
SSLParameters params = new SSLParameters();
! params.setAlgorithmConstraints(this.algorithmConstraints);
params.setProtocols(ProtocolVersion.toStringArray(enabledProtocols));
params.setCipherSuites(CipherSuite.namesOf(enabledCipherSuites));
switch (this.clientAuthType) {
case CLIENT_AUTH_REQUIRED:
params.setNeedClientAuth(true);
--- 153,163 ----
}
SSLParameters getSSLParameters() {
SSLParameters params = new SSLParameters();
! params.setAlgorithmConstraints(this.userSpecifiedAlgorithmConstraints);
params.setProtocols(ProtocolVersion.toStringArray(enabledProtocols));
params.setCipherSuites(CipherSuite.namesOf(enabledCipherSuites));
switch (this.clientAuthType) {
case CLIENT_AUTH_REQUIRED:
params.setNeedClientAuth(true);
*** 192,202 ****
}
void setSSLParameters(SSLParameters params) {
AlgorithmConstraints ac = params.getAlgorithmConstraints();
if (ac != null) {
! this.algorithmConstraints = ac;
} // otherwise, use the default value
String[] sa = params.getCipherSuites();
if (sa != null) {
this.enabledCipherSuites = CipherSuite.validValuesOf(sa);
--- 193,203 ----
}
void setSSLParameters(SSLParameters params) {
AlgorithmConstraints ac = params.getAlgorithmConstraints();
if (ac != null) {
! this.userSpecifiedAlgorithmConstraints = ac;
} // otherwise, use the default value
String[] sa = params.getCipherSuites();
if (sa != null) {
this.enabledCipherSuites = CipherSuite.validValuesOf(sa);
< prev index next >