Polish contribution
Rename the new property to enabledProtocols to align more closely with Undertow and Tomcat’s underlying configuration setting. Closes gh-2109
This commit is contained in:
Andy Wilkinson
parent
766ccd753b
commit
742df6b63b
|
|
@ -42,9 +42,9 @@ public class Ssl {
|
|||
private String[] ciphers;
|
||||
|
||||
/**
|
||||
* Supported SSL protocols.
|
||||
* Enabled SSL protocols.
|
||||
*/
|
||||
private String[] protocols;
|
||||
private String[] enabledProtocols;
|
||||
|
||||
/**
|
||||
* Alias that identifies the key in the key store.
|
||||
|
|
@ -173,6 +173,14 @@ public class Ssl {
|
|||
this.keyStoreProvider = keyStoreProvider;
|
||||
}
|
||||
|
||||
public String[] getEnabledProtocols() {
|
||||
return this.enabledProtocols;
|
||||
}
|
||||
|
||||
public void setEnabledProtocols(String[] enabledProtocols) {
|
||||
this.enabledProtocols = enabledProtocols;
|
||||
}
|
||||
|
||||
public String getTrustStore() {
|
||||
return this.trustStore;
|
||||
}
|
||||
|
|
@ -213,14 +221,6 @@ public class Ssl {
|
|||
this.protocol = protocol;
|
||||
}
|
||||
|
||||
public String[] getProtocols() {
|
||||
return this.protocols;
|
||||
}
|
||||
|
||||
public void setProtocols(String[] protocols) {
|
||||
this.protocols = protocols;
|
||||
}
|
||||
|
||||
/**
|
||||
* Client authentication types.
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -207,13 +207,7 @@ public class JettyEmbeddedServletContainerFactory
|
|||
* @param ssl the ssl details.
|
||||
*/
|
||||
protected void configureSsl(SslContextFactory factory, Ssl ssl) {
|
||||
//Set the default TLS protocol
|
||||
factory.setProtocol(ssl.getProtocol());
|
||||
|
||||
//Assign the supported protocols, if provided
|
||||
if (ssl.getProtocols() != null) {
|
||||
factory.setIncludeProtocols(ssl.getProtocols());
|
||||
}
|
||||
configureSslClientAuth(factory, ssl);
|
||||
configureSslPasswords(factory, ssl);
|
||||
factory.setCertAlias(ssl.getKeyAlias());
|
||||
|
|
@ -221,6 +215,9 @@ public class JettyEmbeddedServletContainerFactory
|
|||
if (ssl.getCiphers() != null) {
|
||||
factory.setIncludeCipherSuites(ssl.getCiphers());
|
||||
}
|
||||
if (ssl.getEnabledProtocols() != null) {
|
||||
factory.setIncludeProtocols(ssl.getEnabledProtocols());
|
||||
}
|
||||
configureSslTrustStore(factory, ssl);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -315,22 +315,17 @@ public class TomcatEmbeddedServletContainerFactory
|
|||
*/
|
||||
protected void configureSsl(AbstractHttp11JsseProtocol<?> protocol, Ssl ssl) {
|
||||
protocol.setSSLEnabled(true);
|
||||
//Set the default TLS protocol
|
||||
protocol.setSslProtocol(ssl.getProtocol());
|
||||
|
||||
//Assign the supported protocols, if provided
|
||||
if (ssl.getProtocols() != null) {
|
||||
String protocols = StringUtils.arrayToCommaDelimitedString(ssl.getProtocols());
|
||||
protocol.setProperty("sslEnabledProtocols", protocols);
|
||||
}
|
||||
|
||||
configureSslClientAuth(protocol, ssl);
|
||||
protocol.setKeystorePass(ssl.getKeyStorePassword());
|
||||
protocol.setKeyPass(ssl.getKeyPassword());
|
||||
protocol.setKeyAlias(ssl.getKeyAlias());
|
||||
configureSslKeyStore(protocol, ssl);
|
||||
String ciphers = StringUtils.arrayToCommaDelimitedString(ssl.getCiphers());
|
||||
protocol.setCiphers(ciphers);
|
||||
protocol.setCiphers(StringUtils.arrayToCommaDelimitedString(ssl.getCiphers()));
|
||||
if (ssl.getEnabledProtocols() != null) {
|
||||
protocol.setProperty("sslEnabledProtocols",
|
||||
StringUtils.arrayToCommaDelimitedString(ssl.getEnabledProtocols()));
|
||||
}
|
||||
configureSslTrustStore(protocol, ssl);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -258,14 +258,15 @@ public class UndertowEmbeddedServletContainerFactory
|
|||
SSLContext sslContext = SSLContext.getInstance(ssl.getProtocol());
|
||||
sslContext.init(getKeyManagers(), getTrustManagers(), null);
|
||||
builder.addHttpsListener(port, getListenAddress(), sslContext);
|
||||
builder.setSocketOption(Options.SSL_CLIENT_AUTH_MODE, getSslClientAuthMode(ssl));
|
||||
|
||||
//Configure the supported TLS protocols and Cipher suites
|
||||
if (ssl.getProtocols() != null) {
|
||||
builder.setSocketOption(Options.SSL_ENABLED_PROTOCOLS, Sequence.of(ssl.getProtocols()));
|
||||
builder.setSocketOption(Options.SSL_CLIENT_AUTH_MODE,
|
||||
getSslClientAuthMode(ssl));
|
||||
if (ssl.getEnabledProtocols() != null) {
|
||||
builder.setSocketOption(Options.SSL_ENABLED_PROTOCOLS,
|
||||
Sequence.of(ssl.getEnabledProtocols()));
|
||||
}
|
||||
if (ssl.getCiphers() != null) {
|
||||
builder.setSocketOption(Options.SSL_ENABLED_CIPHER_SUITES, Sequence.of(ssl.getCiphers()));
|
||||
builder.setSocketOption(Options.SSL_ENABLED_CIPHER_SUITES,
|
||||
Sequence.of(ssl.getCiphers()));
|
||||
}
|
||||
}
|
||||
catch (NoSuchAlgorithmException ex) {
|
||||
|
|
|
|||
|
|
@ -530,7 +530,7 @@ public abstract class AbstractEmbeddedServletContainerFactoryTests {
|
|||
}
|
||||
|
||||
private Ssl getSsl(ClientAuth clientAuth, String keyPassword, String keyStore,
|
||||
String trustStore, String[] protocols, String[] ciphers) {
|
||||
String trustStore, String[] supportedProtocols, String[] ciphers) {
|
||||
Ssl ssl = new Ssl();
|
||||
ssl.setClientAuth(clientAuth);
|
||||
if (keyPassword != null) {
|
||||
|
|
@ -549,17 +549,12 @@ public abstract class AbstractEmbeddedServletContainerFactoryTests {
|
|||
if (ciphers != null) {
|
||||
ssl.setCiphers(ciphers);
|
||||
}
|
||||
if (protocols != null) {
|
||||
ssl.setProtocols(protocols);
|
||||
if (supportedProtocols != null) {
|
||||
ssl.setEnabledProtocols(supportedProtocols);
|
||||
}
|
||||
return ssl;
|
||||
}
|
||||
|
||||
/**
|
||||
* @see <a
|
||||
* href="http://docs.oracle.com/javase/7/docs/technotes/guides/security/SunProviders.html#SunJSSEProvider">
|
||||
* SunJSSE supported Cipher Suites</a>
|
||||
*/
|
||||
protected void testRestrictedSSLProtocolsAndCipherSuites(String[] protocols,
|
||||
String[] ciphers) throws Exception {
|
||||
AbstractEmbeddedServletContainerFactory factory = getFactory();
|
||||
|
|
|
|||
|
|
@ -159,7 +159,7 @@ public class JettyEmbeddedServletContainerFactoryTests
|
|||
ssl.setKeyStorePassword("secret");
|
||||
ssl.setKeyPassword("password");
|
||||
ssl.setCiphers(new String[] { "ALPHA", "BRAVO", "CHARLIE" });
|
||||
ssl.setProtocols(new String[]{ "TLSv1.1", "TLSv1.2" });
|
||||
ssl.setEnabledProtocols(new String[] { "TLSv1.1", "TLSv1.2" });
|
||||
|
||||
JettyEmbeddedServletContainerFactory factory = getFactory();
|
||||
factory.setSsl(ssl);
|
||||
|
|
@ -184,7 +184,7 @@ public class JettyEmbeddedServletContainerFactoryTests
|
|||
ssl.setKeyStorePassword("secret");
|
||||
ssl.setKeyPassword("password");
|
||||
ssl.setCiphers(new String[] { "ALPHA", "BRAVO", "CHARLIE" });
|
||||
ssl.setProtocols(new String[]{ "TLSv1.1" });
|
||||
ssl.setEnabledProtocols(new String[] { "TLSv1.1" });
|
||||
|
||||
JettyEmbeddedServletContainerFactory factory = getFactory();
|
||||
factory.setSsl(ssl);
|
||||
|
|
|
|||
|
|
@ -268,7 +268,7 @@ public class TomcatEmbeddedServletContainerFactoryTests
|
|||
Ssl ssl = new Ssl();
|
||||
ssl.setKeyStore("test.jks");
|
||||
ssl.setKeyStorePassword("secret");
|
||||
ssl.setProtocols(new String[]{ "TLSv1.1", "TLSv1.2" });
|
||||
ssl.setEnabledProtocols(new String[] { "TLSv1.1", "TLSv1.2" });
|
||||
ssl.setCiphers(new String[] { "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "BRAVO" });
|
||||
|
||||
TomcatEmbeddedServletContainerFactory factory = getFactory();
|
||||
|
|
@ -291,7 +291,7 @@ public class TomcatEmbeddedServletContainerFactoryTests
|
|||
Ssl ssl = new Ssl();
|
||||
ssl.setKeyStore("test.jks");
|
||||
ssl.setKeyStorePassword("secret");
|
||||
ssl.setProtocols(new String[]{"TLSv1.2"});
|
||||
ssl.setEnabledProtocols(new String[] { "TLSv1.2" });
|
||||
ssl.setCiphers(new String[] { "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "BRAVO" });
|
||||
|
||||
TomcatEmbeddedServletContainerFactory factory = getFactory();
|
||||
|
|
|
|||
Loading…
Reference in New Issue