1155 for (CipherSuite suite : prefered.collection()) { 1156 if (isNegotiable(proposed, suite) == false) { 1157 continue; 1158 } 1159 1160 if (doClientAuth == ClientAuthType.CLIENT_AUTH_REQUIRED) { 1161 if ((suite.keyExchange == K_DH_ANON) || 1162 (suite.keyExchange == K_ECDH_ANON)) { 1163 continue; 1164 } 1165 } 1166 1167 if (!legacyAlgorithmConstraints.permits(null, suite.name, null)) { 1168 legacySuites.add(suite); 1169 continue; 1170 } 1171 1172 if (trySetCipherSuite(suite) == false) { 1173 continue; 1174 } 1175 return; 1176 } 1177 1178 for (CipherSuite suite : legacySuites) { 1179 if (trySetCipherSuite(suite)) { 1180 return; 1181 } 1182 } 1183 1184 fatalSE(Alerts.alert_handshake_failure, "no cipher suites in common"); 1185 } 1186 1187 /** 1188 * Set the given CipherSuite, if possible. Return the result. 1189 * The call succeeds if the CipherSuite is available and we have 1190 * the necessary certificates to complete the handshake. We don't 1191 * check if the CipherSuite is actually enabled. 1192 * 1193 * If successful, this method also generates ephemeral keys if 1194 * required for this ciphersuite. This may take some time, so this 1195 * method should only be called if you really want to use the 1196 * CipherSuite. 1197 * 1198 * This method is called from chooseCipherSuite() in this class. 1199 */ | 1155 for (CipherSuite suite : prefered.collection()) { 1156 if (isNegotiable(proposed, suite) == false) { 1157 continue; 1158 } 1159 1160 if (doClientAuth == ClientAuthType.CLIENT_AUTH_REQUIRED) { 1161 if ((suite.keyExchange == K_DH_ANON) || 1162 (suite.keyExchange == K_ECDH_ANON)) { 1163 continue; 1164 } 1165 } 1166 1167 if (!legacyAlgorithmConstraints.permits(null, suite.name, null)) { 1168 legacySuites.add(suite); 1169 continue; 1170 } 1171 1172 if (trySetCipherSuite(suite) == false) { 1173 continue; 1174 } 1175 1176 if (debug != null && Debug.isOn("handshake")) { 1177 System.out.println("Standard ciphersuite chosen: " + suite); 1178 } 1179 return; 1180 } 1181 1182 for (CipherSuite suite : legacySuites) { 1183 if (trySetCipherSuite(suite)) { 1184 if (debug != null && Debug.isOn("handshake")) { 1185 System.out.println("Legacy ciphersuite chosen: " + suite); 1186 } 1187 return; 1188 } 1189 } 1190 1191 fatalSE(Alerts.alert_handshake_failure, "no cipher suites in common"); 1192 } 1193 1194 /** 1195 * Set the given CipherSuite, if possible. Return the result. 1196 * The call succeeds if the CipherSuite is available and we have 1197 * the necessary certificates to complete the handshake. We don't 1198 * check if the CipherSuite is actually enabled. 1199 * 1200 * If successful, this method also generates ephemeral keys if 1201 * required for this ciphersuite. This may take some time, so this 1202 * method should only be called if you really want to use the 1203 * CipherSuite. 1204 * 1205 * This method is called from chooseCipherSuite() in this class. 1206 */ |