70 * |
70 * |
71 */ |
71 */ |
72 final class CipherSuite implements Comparable<CipherSuite> { |
72 final class CipherSuite implements Comparable<CipherSuite> { |
73 |
73 |
74 // minimum priority for supported CipherSuites |
74 // minimum priority for supported CipherSuites |
75 final static int SUPPORTED_SUITES_PRIORITY = 1; |
75 static final int SUPPORTED_SUITES_PRIORITY = 1; |
76 |
76 |
77 // minimum priority for default enabled CipherSuites |
77 // minimum priority for default enabled CipherSuites |
78 final static int DEFAULT_SUITES_PRIORITY = 300; |
78 static final int DEFAULT_SUITES_PRIORITY = 300; |
79 |
79 |
80 // Flag indicating if CipherSuite availability can change dynamically. |
80 // Flag indicating if CipherSuite availability can change dynamically. |
81 // This is the case when we rely on a JCE cipher implementation that |
81 // This is the case when we rely on a JCE cipher implementation that |
82 // may not be available in the installed JCE providers. |
82 // may not be available in the installed JCE providers. |
83 // It is true because we might not have an ECC implementation. |
83 // It is true because we might not have an ECC implementation. |
84 final static boolean DYNAMIC_AVAILABILITY = true; |
84 static final boolean DYNAMIC_AVAILABILITY = true; |
85 |
85 |
86 private final static boolean ALLOW_ECC = Debug.getBooleanProperty |
86 private static final boolean ALLOW_ECC = Debug.getBooleanProperty |
87 ("com.sun.net.ssl.enableECC", true); |
87 ("com.sun.net.ssl.enableECC", true); |
88 |
88 |
89 // Map Integer(id) -> CipherSuite |
89 // Map Integer(id) -> CipherSuite |
90 // contains all known CipherSuites |
90 // contains all known CipherSuites |
91 private final static Map<Integer,CipherSuite> idMap; |
91 private static final Map<Integer,CipherSuite> idMap; |
92 |
92 |
93 // Map String(name) -> CipherSuite |
93 // Map String(name) -> CipherSuite |
94 // contains only supported CipherSuites (i.e. allowed == true) |
94 // contains only supported CipherSuites (i.e. allowed == true) |
95 private final static Map<String,CipherSuite> nameMap; |
95 private static final Map<String,CipherSuite> nameMap; |
96 |
96 |
97 // Protocol defined CipherSuite name, e.g. SSL_RSA_WITH_RC4_128_MD5 |
97 // Protocol defined CipherSuite name, e.g. SSL_RSA_WITH_RC4_128_MD5 |
98 // we use TLS_* only for new CipherSuites, still SSL_* for old ones |
98 // we use TLS_* only for new CipherSuites, still SSL_* for old ones |
99 final String name; |
99 final String name; |
100 |
100 |
472 B_AES_256(CIPHER_AES, BLOCK_CIPHER, 32, 16, 0, true), |
472 B_AES_256(CIPHER_AES, BLOCK_CIPHER, 32, 16, 0, true), |
473 B_AES_128_GCM(CIPHER_AES_GCM, AEAD_CIPHER, 16, 12, 4, true), |
473 B_AES_128_GCM(CIPHER_AES_GCM, AEAD_CIPHER, 16, 12, 4, true), |
474 B_AES_256_GCM(CIPHER_AES_GCM, AEAD_CIPHER, 32, 12, 4, true); |
474 B_AES_256_GCM(CIPHER_AES_GCM, AEAD_CIPHER, 32, 12, 4, true); |
475 |
475 |
476 // Map BulkCipher -> Boolean(available) |
476 // Map BulkCipher -> Boolean(available) |
477 private final static Map<BulkCipher,Boolean> availableCache = |
477 private static final Map<BulkCipher,Boolean> availableCache = |
478 new HashMap<>(8); |
478 new HashMap<>(8); |
479 |
479 |
480 // descriptive name including key size, e.g. AES/128 |
480 // descriptive name including key size, e.g. AES/128 |
481 final String description; |
481 final String description; |
482 |
482 |
516 // As far as we know, all supported GCM cipher suites use 128-bits |
516 // As far as we know, all supported GCM cipher suites use 128-bits |
517 // authentication tags. |
517 // authentication tags. |
518 final int tagSize = 16; |
518 final int tagSize = 16; |
519 |
519 |
520 // The secure random used to detect the cipher availability. |
520 // The secure random used to detect the cipher availability. |
521 private final static SecureRandom secureRandom; |
521 private static final SecureRandom secureRandom; |
522 |
522 |
523 static { |
523 static { |
524 try { |
524 try { |
525 secureRandom = JsseJce.getSecureRandom(); |
525 secureRandom = JsseJce.getSecureRandom(); |
526 } catch (KeyManagementException kme) { |
526 } catch (KeyManagementException kme) { |
1435 add("TLS_ECDHE_PSK_WITH_NULL_SHA256", 0xc03a); |
1435 add("TLS_ECDHE_PSK_WITH_NULL_SHA256", 0xc03a); |
1436 add("TLS_ECDHE_PSK_WITH_NULL_SHA384", 0xc03b); |
1436 add("TLS_ECDHE_PSK_WITH_NULL_SHA384", 0xc03b); |
1437 } |
1437 } |
1438 |
1438 |
1439 // ciphersuite SSL_NULL_WITH_NULL_NULL |
1439 // ciphersuite SSL_NULL_WITH_NULL_NULL |
1440 final static CipherSuite C_NULL = CipherSuite.valueOf(0, 0); |
1440 static final CipherSuite C_NULL = CipherSuite.valueOf(0, 0); |
1441 |
1441 |
1442 // ciphersuite TLS_EMPTY_RENEGOTIATION_INFO_SCSV |
1442 // ciphersuite TLS_EMPTY_RENEGOTIATION_INFO_SCSV |
1443 final static CipherSuite C_SCSV = CipherSuite.valueOf(0x00, 0xff); |
1443 static final CipherSuite C_SCSV = CipherSuite.valueOf(0x00, 0xff); |
1444 } |
1444 } |