Skip to content

Commit 6e9b628

Browse files
kareskares
committed
[feat] more TLS ciphers - based on OpenJDK 8
using (dummy) engine.getSupportedCipherSuites() these are also expected to be existent on IBM JREs
1 parent cc70738 commit 6e9b628

File tree

1 file changed

+87
-18
lines changed

1 file changed

+87
-18
lines changed

src/main/java/org/jruby/ext/openssl/CipherStrings.java

Lines changed: 87 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -414,21 +414,24 @@ public String getCipherSuite() {
414414
}
415415

416416
Def setCipherSuite(final String suite) {
417-
if ( this.cipherSuite == null ) {
417+
String cipherSuite = this.cipherSuite;
418+
if (cipherSuite == null) {
418419
synchronized (this) {
419-
if ( this.cipherSuite == null ) {
420-
this.cipherSuite = suite; return this;
420+
if (this.cipherSuite == null) {
421+
this.cipherSuite = suite;
422+
return this;
421423
}
422424
}
425+
cipherSuite = suite;
423426
}
424-
if ( suite.equals(this.cipherSuite) ) return this;
427+
if (suite.equals(cipherSuite)) return this;
425428
try {
426429
Def clone = (Def) super.clone();
427430
clone.cipherSuite = suite;
428431
return clone;
429432
}
430433
catch (CloneNotSupportedException e) {
431-
throw new RuntimeException(e); // won't happen
434+
throw new AssertionError(e); // won't happen
432435
}
433436
}
434437

@@ -1673,7 +1676,7 @@ private static Collection<Def> matchingPattern(
16731676
));
16741677

16751678
String name;
1676-
CipherNames = new HashMap<String, Def>(Ciphers.size() + 24, 1);
1679+
CipherNames = new HashMap<String, Def>(Ciphers.size() + 64, 1);
16771680

16781681
SuiteToOSSL = new HashMap<String, String>( 120, 1 );
16791682
SuiteToOSSL.put("SSL_RSA_WITH_NULL_MD5", "NULL-MD5");
@@ -1721,22 +1724,16 @@ private static Collection<Def> matchingPattern(
17211724
SuiteToOSSL.put("TLS_DH_anon_WITH_3DES_EDE_CBC_SHA","ADH-DES-CBC3-SHA");
17221725
SuiteToOSSL.put("TLS_RSA_WITH_AES_128_CBC_SHA", "AES128-SHA");
17231726
SuiteToOSSL.put("TLS_RSA_WITH_AES_256_CBC_SHA", "AES256-SHA");
1724-
SuiteToOSSL.put("TLS_RSA_WITH_AES_128_CBC_SHA256", "AES128-SHA256");
1725-
SuiteToOSSL.put("TLS_RSA_WITH_AES_256_CBC_SHA256", "AES256-SHA256");
17261727
SuiteToOSSL.put("TLS_DH_DSS_WITH_AES_128_CBC_SHA","DH-DSS-AES128-SHA");
17271728
SuiteToOSSL.put("TLS_DH_DSS_WITH_AES_256_CBC_SHA","DH-DSS-AES256-SHA");
17281729
SuiteToOSSL.put("TLS_DH_RSA_WITH_AES_128_CBC_SHA","DH-RSA-AES128-SHA");
17291730
SuiteToOSSL.put("TLS_DH_RSA_WITH_AES_256_CBC_SHA","DH-RSA-AES256-SHA");
17301731
SuiteToOSSL.put("TLS_DHE_DSS_WITH_AES_128_CBC_SHA", "DHE-DSS-AES128-SHA");
1731-
SuiteToOSSL.put("TLS_DHE_DSS_WITH_AES_256_CBC_SHA","DHE-DSS-AES256-SHA");
1732-
SuiteToOSSL.put("TLS_DHE_DSS_WITH_AES_128_CBC_SHA256", "DHE-DSS-AES128-SHA256");
1733-
SuiteToOSSL.put("TLS_DHE_DSS_WITH_AES_256_CBC_SHA256", "DHE-DSS-AES256-SHA256");
1732+
SuiteToOSSL.put("TLS_DHE_DSS_WITH_AES_256_CBC_SHA", "DHE-DSS-AES256-SHA");
17341733
SuiteToOSSL.put("TLS_DHE_RSA_WITH_AES_128_CBC_SHA", "DHE-RSA-AES128-SHA");
1735-
SuiteToOSSL.put("TLS_DHE_RSA_WITH_AES_256_CBC_SHA","DHE-RSA-AES256-SHA");
1736-
SuiteToOSSL.put("TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", "DHE-RSA-AES128-SHA256");
1737-
SuiteToOSSL.put("TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", "DHE-RSA-AES256-SHA256");
1738-
SuiteToOSSL.put("TLS_DH_anon_WITH_AES_128_CBC_SHA","ADH-AES128-SHA");
1739-
SuiteToOSSL.put("TLS_DH_anon_WITH_AES_256_CBC_SHA","ADH-AES256-SHA");
1734+
SuiteToOSSL.put("TLS_DHE_RSA_WITH_AES_256_CBC_SHA", "DHE-RSA-AES256-SHA");
1735+
SuiteToOSSL.put("TLS_DH_anon_WITH_AES_128_CBC_SHA", "ADH-AES128-SHA");
1736+
SuiteToOSSL.put("TLS_DH_anon_WITH_AES_256_CBC_SHA", "ADH-AES256-SHA");
17401737
SuiteToOSSL.put("TLS_DH_anon_WITH_AES_128_CBC_SHA256", "ADH-AES128-SHA256");
17411738
SuiteToOSSL.put("TLS_DH_anon_WITH_AES_256_CBC_SHA256", "ADH-AES256-SHA256");
17421739
SuiteToOSSL.put("TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA","EXP1024-DES-CBC-SHA");
@@ -1925,8 +1922,80 @@ private static Collection<Def> matchingPattern(
19251922

19261923
SuiteToOSSL.put("TLS_ECDH_anon_WITH_RC4_128_SHA", name = "AECDH-RC4-SHA");
19271924
CipherNames.put(name, new Def(name,
1928-
SSL_kECDHE|SSL_aNULL|SSL_RC4|SSL_SHA|SSL_TLSV1,
1929-
SSL_NOT_EXP, 128, 128, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS
1925+
SSL_kECDHE|SSL_aNULL|SSL_RC4|SSL_SHA|SSL_TLSV1,
1926+
SSL_NOT_EXP, 128, 128, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS
1927+
));
1928+
1929+
SuiteToOSSL.put("TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", name = "DHE-RSA-AES128-GCM-SHA256");
1930+
CipherNames.put(name, new Def(name,
1931+
SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
1932+
SSL_NOT_EXP, 128, 256, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS
1933+
));
1934+
1935+
SuiteToOSSL.put("TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", name = "DHE-RSA-AES128-SHA256");
1936+
CipherNames.put(name, new Def(name,
1937+
SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
1938+
SSL_NOT_EXP, 128, 256, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS
1939+
));
1940+
1941+
SuiteToOSSL.put("TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", name = "DHE-RSA-AES256-SHA256");
1942+
CipherNames.put(name, new Def(name,
1943+
SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
1944+
SSL_NOT_EXP, 256, 256, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS
1945+
));
1946+
1947+
SuiteToOSSL.put("TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", name = "DHE-RSA-AES256-GCM-SHA384");
1948+
CipherNames.put(name, new Def(name,
1949+
SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
1950+
SSL_NOT_EXP, 256, 384, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS
1951+
));
1952+
1953+
SuiteToOSSL.put("TLS_DHE_DSS_WITH_AES_128_GCM_SHA256", name = "DHE-DSS-AES128-GCM-SHA256");
1954+
CipherNames.put(name, new Def(name,
1955+
SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1,
1956+
SSL_NOT_EXP, 128, 256, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS
1957+
));
1958+
1959+
SuiteToOSSL.put("TLS_DHE_DSS_WITH_AES_128_CBC_SHA256", name = "DHE-DSS-AES128-SHA256");
1960+
CipherNames.put(name, new Def(name,
1961+
SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1,
1962+
SSL_NOT_EXP, 128, 256, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS
1963+
));
1964+
1965+
SuiteToOSSL.put("TLS_DHE_DSS_WITH_AES_256_CBC_SHA256", name = "DHE-DSS-AES256-SHA256");
1966+
CipherNames.put(name, new Def(name,
1967+
SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1,
1968+
SSL_NOT_EXP, 256, 256, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS
1969+
));
1970+
1971+
SuiteToOSSL.put("TLS_DHE_DSS_WITH_AES_256_GCM_SHA384", name = "DHE-DSS-AES256-GCM-SHA384");
1972+
CipherNames.put(name, new Def(name,
1973+
SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1,
1974+
SSL_NOT_EXP, 256, 384, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS
1975+
));
1976+
1977+
SuiteToOSSL.put("TLS_RSA_WITH_AES_128_GCM_SHA256", name = "AES128-GCM-SHA256");
1978+
CipherNames.put(name, new Def(name,
1979+
SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
1980+
SSL_NOT_EXP, 128, 256, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS
1981+
));
1982+
1983+
SuiteToOSSL.put("TLS_RSA_WITH_AES_128_CBC_SHA256", name = "AES128-SHA256");
1984+
CipherNames.put(name, new Def(name,
1985+
SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
1986+
SSL_NOT_EXP, 128, 256, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS
1987+
));
1988+
1989+
SuiteToOSSL.put("TLS_RSA_WITH_AES_256_CBC_SHA256", name = "AES256-SHA256");
1990+
CipherNames.put(name, new Def(name,
1991+
SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
1992+
SSL_NOT_EXP, 256, 256, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS
1993+
));
1994+
1995+
SuiteToOSSL.put("TLS_RSA_WITH_AES_256_GCM_SHA384", name = "AES256-GCM-SHA384");
1996+
CipherNames.put(name, new Def(name,
1997+
SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
1998+
SSL_NOT_EXP, 256, 384, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS
19301999
));
19312000

19322001
SuiteToOSSL.put("TLS_ECDHE_ECDSA_WITH_NULL_SHA", "ECDHE-ECDSA-NULL-SHA");

0 commit comments

Comments
 (0)