1 /* |
1 /* |
2 * Copyright (c) 2002, 2010, Oracle and/or its affiliates. All rights reserved. |
2 * Copyright (c) 2002, 2011, Oracle and/or its affiliates. All rights reserved. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 * |
4 * |
5 * This code is free software; you can redistribute it and/or modify it |
5 * This code is free software; you can redistribute it and/or modify it |
6 * under the terms of the GNU General Public License version 2 only, as |
6 * under the terms of the GNU General Public License version 2 only, as |
7 * published by the Free Software Foundation. Oracle designates this |
7 * published by the Free Software Foundation. Oracle designates this |
34 * |
34 * |
35 * @author Andreas Sterbenz |
35 * @author Andreas Sterbenz |
36 * @since 1.4.1 |
36 * @since 1.4.1 |
37 */ |
37 */ |
38 final class ProtocolList { |
38 final class ProtocolList { |
39 |
|
40 private static final ProtocolList SUPPORTED; |
|
41 private static final ProtocolList CLIENT_DEFAULT; |
|
42 private static final ProtocolList SERVER_DEFAULT; |
|
43 |
39 |
44 // the sorted protocol version list |
40 // the sorted protocol version list |
45 private final ArrayList<ProtocolVersion> protocols; |
41 private final ArrayList<ProtocolVersion> protocols; |
46 |
42 |
47 private String[] protocolNames; |
43 private String[] protocolNames; |
152 } |
148 } |
153 |
149 |
154 public String toString() { |
150 public String toString() { |
155 return protocols.toString(); |
151 return protocols.toString(); |
156 } |
152 } |
157 |
|
158 /** |
|
159 * Return the list of default enabled protocols. |
|
160 */ |
|
161 static ProtocolList getDefault(boolean isServer) { |
|
162 return isServer ? SERVER_DEFAULT : CLIENT_DEFAULT; |
|
163 } |
|
164 |
|
165 /** |
|
166 * Return whether a protocol list is the original default enabled |
|
167 * protocols. See: SSLSocket/SSLEngine.setEnabledProtocols() |
|
168 */ |
|
169 static boolean isDefaultProtocolList(ProtocolList protocols) { |
|
170 return protocols == CLIENT_DEFAULT || protocols == SERVER_DEFAULT; |
|
171 } |
|
172 |
|
173 /** |
|
174 * Return the list of supported protocols. |
|
175 */ |
|
176 static ProtocolList getSupported() { |
|
177 return SUPPORTED; |
|
178 } |
|
179 |
|
180 static { |
|
181 if (SunJSSE.isFIPS()) { |
|
182 SUPPORTED = new ProtocolList(new String[] { |
|
183 ProtocolVersion.TLS10.name, |
|
184 ProtocolVersion.TLS11.name, |
|
185 ProtocolVersion.TLS12.name |
|
186 }); |
|
187 |
|
188 SERVER_DEFAULT = SUPPORTED; |
|
189 CLIENT_DEFAULT = new ProtocolList(new String[] { |
|
190 ProtocolVersion.TLS10.name |
|
191 }); |
|
192 } else { |
|
193 SUPPORTED = new ProtocolList(new String[] { |
|
194 ProtocolVersion.SSL20Hello.name, |
|
195 ProtocolVersion.SSL30.name, |
|
196 ProtocolVersion.TLS10.name, |
|
197 ProtocolVersion.TLS11.name, |
|
198 ProtocolVersion.TLS12.name |
|
199 }); |
|
200 |
|
201 SERVER_DEFAULT = SUPPORTED; |
|
202 |
|
203 /* |
|
204 * RFC 5246 says that sending SSLv2 backward-compatible |
|
205 * hello SHOULD NOT be done any longer. |
|
206 * |
|
207 * We are not enabling TLS 1.1/1.2 by default yet on clients |
|
208 * out of concern for interop with existing |
|
209 * SSLv3/TLS1.0-only servers. When these versions of TLS |
|
210 * gain more traction, we'll enable them. |
|
211 */ |
|
212 CLIENT_DEFAULT = new ProtocolList(new String[] { |
|
213 ProtocolVersion.SSL30.name, |
|
214 ProtocolVersion.TLS10.name |
|
215 }); |
|
216 } |
|
217 } |
|
218 |
|
219 } |
153 } |