Package io.undertow.server.protocol.http

Class ALPNLimitingSSLEngine

  • public class ALPNLimitingSSLEngine
extends javax.net.ssl.SSLEngine
    SSLEngine that will limit the cipher selection to HTTP/2 suitable protocols if the client is offering h2 as an option.

    In theory this is not a perfect solution to the HTTP/2 cipher strength issue, but in practice it should be sufficient as any RFC compliant implementation should be able to negotiate TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

    Author:
    Stuart Douglas

    • Constructor Detail

      • ALPNLimitingSSLEngine

        public ALPNLimitingSSLEngine​(javax.net.ssl.SSLEngine delegate,
                             java.lang.Runnable invalidAlpnRunnable)

    • Method Detail

      • getPeerHost

        public java.lang.String getPeerHost()
        Overrides:
        getPeerHost in class javax.net.ssl.SSLEngine

      • getPeerPort

        public int getPeerPort()
        Overrides:
        getPeerPort in class javax.net.ssl.SSLEngine

      • wrap

        public javax.net.ssl.SSLEngineResult wrap​(java.nio.ByteBuffer src,
                                          java.nio.ByteBuffer dst)
                                   throws javax.net.ssl.SSLException
        Overrides:
        wrap in class javax.net.ssl.SSLEngine
        Throws:
        javax.net.ssl.SSLException

      • wrap

        public javax.net.ssl.SSLEngineResult wrap​(java.nio.ByteBuffer[] srcs,
                                          java.nio.ByteBuffer dst)
                                   throws javax.net.ssl.SSLException
        Overrides:
        wrap in class javax.net.ssl.SSLEngine
        Throws:
        javax.net.ssl.SSLException

      • unwrap

        public javax.net.ssl.SSLEngineResult unwrap​(java.nio.ByteBuffer src,
                                            java.nio.ByteBuffer dst)
                                     throws javax.net.ssl.SSLException
        Overrides:
        unwrap in class javax.net.ssl.SSLEngine
        Throws:
        javax.net.ssl.SSLException

      • unwrap

        public javax.net.ssl.SSLEngineResult unwrap​(java.nio.ByteBuffer src,
                                            java.nio.ByteBuffer[] dsts)
                                     throws javax.net.ssl.SSLException
        Overrides:
        unwrap in class javax.net.ssl.SSLEngine
        Throws:
        javax.net.ssl.SSLException

      • getHandshakeSession

        public javax.net.ssl.SSLSession getHandshakeSession()
        Overrides:
        getHandshakeSession in class javax.net.ssl.SSLEngine

      • getSSLParameters

        public javax.net.ssl.SSLParameters getSSLParameters()
        Overrides:
        getSSLParameters in class javax.net.ssl.SSLEngine

      • setSSLParameters

        public void setSSLParameters​(javax.net.ssl.SSLParameters sslParameters)
        Overrides:
        setSSLParameters in class javax.net.ssl.SSLEngine

      • wrap

        public javax.net.ssl.SSLEngineResult wrap​(java.nio.ByteBuffer[] srcs,
                                          int off,
                                          int len,
                                          java.nio.ByteBuffer dst)
                                   throws javax.net.ssl.SSLException
        Specified by:
        wrap in class javax.net.ssl.SSLEngine
        Throws:
        javax.net.ssl.SSLException

      • unwrap

        public javax.net.ssl.SSLEngineResult unwrap​(java.nio.ByteBuffer byteBuffer,
                                            java.nio.ByteBuffer[] byteBuffers,
                                            int i,
                                            int i1)
                                     throws javax.net.ssl.SSLException
        Specified by:
        unwrap in class javax.net.ssl.SSLEngine
        Throws:
        javax.net.ssl.SSLException

      • getDelegatedTask

        public java.lang.Runnable getDelegatedTask()
        Specified by:
        getDelegatedTask in class javax.net.ssl.SSLEngine

      • closeInbound

        public void closeInbound()
                  throws javax.net.ssl.SSLException
        Specified by:
        closeInbound in class javax.net.ssl.SSLEngine
        Throws:
        javax.net.ssl.SSLException

      • isInboundDone

        public boolean isInboundDone()
        Specified by:
        isInboundDone in class javax.net.ssl.SSLEngine

      • closeOutbound

        public void closeOutbound()
        Specified by:
        closeOutbound in class javax.net.ssl.SSLEngine

      • isOutboundDone

        public boolean isOutboundDone()
        Specified by:
        isOutboundDone in class javax.net.ssl.SSLEngine

      • getSupportedCipherSuites

        public java.lang.String[] getSupportedCipherSuites()
        Specified by:
        getSupportedCipherSuites in class javax.net.ssl.SSLEngine

      • getEnabledCipherSuites

        public java.lang.String[] getEnabledCipherSuites()
        Specified by:
        getEnabledCipherSuites in class javax.net.ssl.SSLEngine

      • setEnabledCipherSuites

        public void setEnabledCipherSuites​(java.lang.String[] strings)
        Specified by:
        setEnabledCipherSuites in class javax.net.ssl.SSLEngine

      • getSupportedProtocols

        public java.lang.String[] getSupportedProtocols()
        Specified by:
        getSupportedProtocols in class javax.net.ssl.SSLEngine

      • getEnabledProtocols

        public java.lang.String[] getEnabledProtocols()
        Specified by:
        getEnabledProtocols in class javax.net.ssl.SSLEngine

      • setEnabledProtocols

        public void setEnabledProtocols​(java.lang.String[] strings)
        Specified by:
        setEnabledProtocols in class javax.net.ssl.SSLEngine

      • getSession

        public javax.net.ssl.SSLSession getSession()
        Specified by:
        getSession in class javax.net.ssl.SSLEngine

      • beginHandshake

        public void beginHandshake()
                    throws javax.net.ssl.SSLException
        Specified by:
        beginHandshake in class javax.net.ssl.SSLEngine
        Throws:
        javax.net.ssl.SSLException

      • getHandshakeStatus

        public javax.net.ssl.SSLEngineResult.HandshakeStatus getHandshakeStatus()
        Specified by:
        getHandshakeStatus in class javax.net.ssl.SSLEngine

      • setUseClientMode

        public void setUseClientMode​(boolean b)
        Specified by:
        setUseClientMode in class javax.net.ssl.SSLEngine

      • getUseClientMode

        public boolean getUseClientMode()
        Specified by:
        getUseClientMode in class javax.net.ssl.SSLEngine

      • setNeedClientAuth

        public void setNeedClientAuth​(boolean b)
        Specified by:
        setNeedClientAuth in class javax.net.ssl.SSLEngine

      • getNeedClientAuth

        public boolean getNeedClientAuth()
        Specified by:
        getNeedClientAuth in class javax.net.ssl.SSLEngine

      • setWantClientAuth

        public void setWantClientAuth​(boolean b)
        Specified by:
        setWantClientAuth in class javax.net.ssl.SSLEngine

      • getWantClientAuth

        public boolean getWantClientAuth()
        Specified by:
        getWantClientAuth in class javax.net.ssl.SSLEngine

      • setEnableSessionCreation

        public void setEnableSessionCreation​(boolean b)
        Specified by:
        setEnableSessionCreation in class javax.net.ssl.SSLEngine

      • getEnableSessionCreation

        public boolean getEnableSessionCreation()
        Specified by:
        getEnableSessionCreation in class javax.net.ssl.SSLEngine