1155         for (CipherSuite suite : prefered.collection()) {
1156             if (isNegotiable(proposed, suite) == false) {
1157                 continue;
1158             }
1159 
1160             if (doClientAuth == ClientAuthType.CLIENT_AUTH_REQUIRED) {
1161                 if ((suite.keyExchange == K_DH_ANON) ||
1162                     (suite.keyExchange == K_ECDH_ANON)) {
1163                     continue;
1164                 }
1165             }
1166 
1167             if (!legacyAlgorithmConstraints.permits(null, suite.name, null)) {
1168                 legacySuites.add(suite);
1169                 continue;
1170             }
1171 
1172             if (trySetCipherSuite(suite) == false) {
1173                 continue;
1174             }




1175             return;
1176         }
1177 
1178         for (CipherSuite suite : legacySuites) {
1179             if (trySetCipherSuite(suite)) {



1180                 return;
1181             }
1182         }
1183 
1184         fatalSE(Alerts.alert_handshake_failure, "no cipher suites in common");
1185     }
1186 
1187     /**
1188      * Set the given CipherSuite, if possible. Return the result.
1189      * The call succeeds if the CipherSuite is available and we have
1190      * the necessary certificates to complete the handshake. We don't
1191      * check if the CipherSuite is actually enabled.
1192      *
1193      * If successful, this method also generates ephemeral keys if
1194      * required for this ciphersuite. This may take some time, so this
1195      * method should only be called if you really want to use the
1196      * CipherSuite.
1197      *
1198      * This method is called from chooseCipherSuite() in this class.
1199      */

1155         for (CipherSuite suite : prefered.collection()) {
1156             if (isNegotiable(proposed, suite) == false) {
1157                 continue;
1158             }
1159 
1160             if (doClientAuth == ClientAuthType.CLIENT_AUTH_REQUIRED) {
1161                 if ((suite.keyExchange == K_DH_ANON) ||
1162                     (suite.keyExchange == K_ECDH_ANON)) {
1163                     continue;
1164                 }
1165             }
1166 
1167             if (!legacyAlgorithmConstraints.permits(null, suite.name, null)) {
1168                 legacySuites.add(suite);
1169                 continue;
1170             }
1171 
1172             if (trySetCipherSuite(suite) == false) {
1173                 continue;
1174             }
1175 
1176             if (debug != null && Debug.isOn("handshake")) {
1177                 System.out.println("Standard ciphersuite chosen: " + suite);
1178             }
1179             return;
1180         }
1181 
1182         for (CipherSuite suite : legacySuites) {
1183             if (trySetCipherSuite(suite)) {
1184                 if (debug != null && Debug.isOn("handshake")) {
1185                     System.out.println("Legacy ciphersuite chosen: " + suite);
1186                 }
1187                 return;
1188             }
1189         }
1190 
1191         fatalSE(Alerts.alert_handshake_failure, "no cipher suites in common");
1192     }
1193 
1194     /**
1195      * Set the given CipherSuite, if possible. Return the result.
1196      * The call succeeds if the CipherSuite is available and we have
1197      * the necessary certificates to complete the handshake. We don't
1198      * check if the CipherSuite is actually enabled.
1199      *
1200      * If successful, this method also generates ephemeral keys if
1201      * required for this ciphersuite. This may take some time, so this
1202      * method should only be called if you really want to use the
1203      * CipherSuite.
1204      *
1205      * This method is called from chooseCipherSuite() in this class.
1206      */