Skip to content

Commit 8cc9736

Browse files
kareskares
committed
put in some more ossl to jsse mappings for SSL/TLS
1 parent 979e994 commit 8cc9736

File tree

1 file changed

+96
-27
lines changed

1 file changed

+96
-27
lines changed

src/main/java/org/jruby/ext/openssl/CipherStrings.java

Lines changed: 96 additions & 27 deletions
Original file line numberDiff line numberDiff line change
@@ -501,7 +501,15 @@ static Collection<Def> matchingCiphers(final String cipherString, final String[]
501501
case '!': case '+': case '-': index++; break;
502502
}
503503

504-
Collection<Def> matching = matching(part.substring(index), all, setSuite);
504+
final Collection<Def> matching;
505+
final String[] defs = part.substring(index).split("[+]");
506+
if ( defs.length == 1 ) {
507+
matching = matchingExact(defs[0], all, setSuite);
508+
}
509+
else {
510+
matching = matching(defs, all, setSuite);
511+
}
512+
505513
if ( matching != null ) {
506514
if ( index > 0 ) {
507515
switch ( part.charAt(0) ) {
@@ -535,10 +543,19 @@ static Collection<Def> matchingCiphers(final String cipherString, final String[]
535543
return matchedList;
536544
}
537545

538-
private static Collection<Def> matching(final String definition, final String[] all,
546+
private static Collection<Def> matchingExact(final String name, final String[] all,
547+
final boolean setSuite) {
548+
final Def pattern = Definitions.get(name);
549+
if ( pattern != null ) {
550+
return matchingPattern(pattern, all, true, setSuite);
551+
}
552+
return null; // Collections.emptyList();
553+
}
554+
555+
private static Collection<Def> matching(final String[] defs, final String[] all,
539556
final boolean setSuite) {
540557
Collection<Def> matching = null;
541-
for ( final String name : definition.split("[+]") ) {
558+
for ( final String name : defs ) {
542559
final Def pattern = Definitions.get(name);
543560
if ( pattern != null ) {
544561
if ( matching == null ) {
@@ -1813,30 +1830,31 @@ private static Collection<Def> matchingPattern(
18131830
CipherNames = new HashMap<String, Def>(Ciphers.size() + 1, 1);
18141831
for ( Def def : Ciphers ) CipherNames.put(def.name, def);
18151832

1816-
SuiteToOSSL = new HashMap<String, String>( 72, 1 );
1817-
SuiteToOSSL.put("SSL_RSA_WITH_NULL_MD5","NULL-MD5");
1818-
SuiteToOSSL.put("SSL_RSA_WITH_NULL_SHA","NULL-SHA");
1819-
SuiteToOSSL.put("SSL_RSA_EXPORT_WITH_RC4_40_MD5","EXP-RC4-MD5");
1820-
SuiteToOSSL.put("SSL_RSA_WITH_RC4_128_MD5","RC4-MD5");
1821-
SuiteToOSSL.put("SSL_RSA_WITH_RC4_128_SHA","RC4-SHA");
1833+
SuiteToOSSL = new HashMap<String, String>( 112, 1 );
1834+
SuiteToOSSL.put("SSL_RSA_WITH_NULL_MD5", "NULL-MD5");
1835+
SuiteToOSSL.put("SSL_RSA_WITH_NULL_SHA", "NULL-SHA");
1836+
SuiteToOSSL.put("SSL_RSA_EXPORT_WITH_RC4_40_MD5", "EXP-RC4-MD5");
1837+
SuiteToOSSL.put("SSL_RSA_WITH_RC4_128_MD5", "RC4-MD5");
1838+
SuiteToOSSL.put("SSL_RSA_WITH_RC4_128_SHA", "RC4-SHA");
18221839
SuiteToOSSL.put("SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5","EXP-RC2-CBC-MD5");
18231840
SuiteToOSSL.put("SSL_RSA_WITH_IDEA_CBC_SHA","IDEA-CBC-SHA");
1824-
SuiteToOSSL.put("SSL_RSA_EXPORT_WITH_DES40_CBC_SHA","EXP-DES-CBC-SHA");
1825-
SuiteToOSSL.put("SSL_RSA_WITH_DES_CBC_SHA","DES-CBC-SHA");
1826-
SuiteToOSSL.put("SSL_RSA_WITH_3DES_EDE_CBC_SHA","DES-CBC3-SHA");
1827-
SuiteToOSSL.put("SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA","EXP-EDH-DSS-DES-CBC-SHA");
1828-
SuiteToOSSL.put("SSL_DHE_DSS_WITH_DES_CBC_SHA","EDH-DSS-CBC-SHA");
1829-
SuiteToOSSL.put("SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA","EDH-DSS-DES-CBC3-SHA");
1830-
SuiteToOSSL.put("SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA","EXP-EDH-RSA-DES-CBC-SHA");
1831-
SuiteToOSSL.put("SSL_DHE_RSA_WITH_DES_CBC_SHA","EDH-RSA-DES-CBC-SHA");
1832-
SuiteToOSSL.put("SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA","EDH-RSA-DES-CBC3-SHA");
1833-
SuiteToOSSL.put("SSL_DH_anon_EXPORT_WITH_RC4_40_MD5","EXP-ADH-RC4-MD5");
1834-
SuiteToOSSL.put("SSL_DH_anon_WITH_RC4_128_MD5","ADH-RC4-MD5");
1835-
SuiteToOSSL.put("SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA","EXP-ADH-DES-CBC-SHA");
1836-
SuiteToOSSL.put("SSL_DH_anon_WITH_DES_CBC_SHA","ADH-DES-CBC-SHA");
1837-
SuiteToOSSL.put("SSL_DH_anon_WITH_3DES_EDE_CBC_SHA","ADH-DES-CBC3-SHA");
1841+
SuiteToOSSL.put("SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", "EXP-DES-CBC-SHA");
1842+
SuiteToOSSL.put("SSL_RSA_WITH_DES_CBC_SHA", "DES-CBC-SHA");
1843+
SuiteToOSSL.put("SSL_RSA_WITH_3DES_EDE_CBC_SHA", "DES-CBC3-SHA");
1844+
SuiteToOSSL.put("SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", "EXP-EDH-DSS-DES-CBC-SHA");
1845+
SuiteToOSSL.put("SSL_DHE_DSS_WITH_DES_CBC_SHA", "EDH-DSS-CBC-SHA");
1846+
SuiteToOSSL.put("SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA", "EDH-DSS-DES-CBC3-SHA");
1847+
SuiteToOSSL.put("SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", "EXP-EDH-RSA-DES-CBC-SHA");
1848+
SuiteToOSSL.put("SSL_DHE_RSA_WITH_DES_CBC_SHA", "EDH-RSA-DES-CBC-SHA");
1849+
SuiteToOSSL.put("SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA", "EDH-RSA-DES-CBC3-SHA");
1850+
SuiteToOSSL.put("SSL_DH_anon_EXPORT_WITH_RC4_40_MD5", "EXP-ADH-RC4-MD5");
1851+
SuiteToOSSL.put("SSL_DH_anon_WITH_RC4_128_MD5", "ADH-RC4-MD5");
1852+
SuiteToOSSL.put("SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA", "EXP-ADH-DES-CBC-SHA");
1853+
SuiteToOSSL.put("SSL_DH_anon_WITH_DES_CBC_SHA", "ADH-DES-CBC-SHA");
1854+
SuiteToOSSL.put("SSL_DH_anon_WITH_3DES_EDE_CBC_SHA", "ADH-DES-CBC3-SHA");
18381855
SuiteToOSSL.put("TLS_RSA_WITH_NULL_MD5","NULL-MD5");
18391856
SuiteToOSSL.put("TLS_RSA_WITH_NULL_SHA","NULL-SHA");
1857+
SuiteToOSSL.put("TLS_RSA_WITH_NULL_SHA256", "NULL-SHA256");
18401858
SuiteToOSSL.put("TLS_RSA_EXPORT_WITH_RC4_40_MD5","EXP-RC4-MD5");
18411859
SuiteToOSSL.put("TLS_RSA_WITH_RC4_128_MD5","RC4-MD5");
18421860
SuiteToOSSL.put("TLS_RSA_WITH_RC4_128_SHA","RC4-SHA");
@@ -1856,18 +1874,26 @@ private static Collection<Def> matchingPattern(
18561874
SuiteToOSSL.put("TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA","EXP-ADH-DES-CBC-SHA");
18571875
SuiteToOSSL.put("TLS_DH_anon_WITH_DES_CBC_SHA","ADH-DES-CBC-SHA");
18581876
SuiteToOSSL.put("TLS_DH_anon_WITH_3DES_EDE_CBC_SHA","ADH-DES-CBC3-SHA");
1859-
SuiteToOSSL.put("TLS_RSA_WITH_AES_128_CBC_SHA","AES128-SHA");
1860-
SuiteToOSSL.put("TLS_RSA_WITH_AES_256_CBC_SHA","AES256-SHA");
1877+
SuiteToOSSL.put("TLS_RSA_WITH_AES_128_CBC_SHA", "AES128-SHA");
1878+
SuiteToOSSL.put("TLS_RSA_WITH_AES_256_CBC_SHA", "AES256-SHA");
1879+
SuiteToOSSL.put("TLS_RSA_WITH_AES_128_CBC_SHA256", "AES128-SHA256");
1880+
SuiteToOSSL.put("TLS_RSA_WITH_AES_256_CBC_SHA256", "AES256-SHA256");
18611881
SuiteToOSSL.put("TLS_DH_DSS_WITH_AES_128_CBC_SHA","DH-DSS-AES128-SHA");
18621882
SuiteToOSSL.put("TLS_DH_DSS_WITH_AES_256_CBC_SHA","DH-DSS-AES256-SHA");
18631883
SuiteToOSSL.put("TLS_DH_RSA_WITH_AES_128_CBC_SHA","DH-RSA-AES128-SHA");
18641884
SuiteToOSSL.put("TLS_DH_RSA_WITH_AES_256_CBC_SHA","DH-RSA-AES256-SHA");
1865-
SuiteToOSSL.put("TLS_DHE_DSS_WITH_AES_128_CBC_SHA","DHE-DSS-AES128-SHA");
1885+
SuiteToOSSL.put("TLS_DHE_DSS_WITH_AES_128_CBC_SHA", "DHE-DSS-AES128-SHA");
18661886
SuiteToOSSL.put("TLS_DHE_DSS_WITH_AES_256_CBC_SHA","DHE-DSS-AES256-SHA");
1867-
SuiteToOSSL.put("TLS_DHE_RSA_WITH_AES_128_CBC_SHA","DHE-RSA-AES128-SHA");
1887+
SuiteToOSSL.put("TLS_DHE_DSS_WITH_AES_128_CBC_SHA256", "DHE-DSS-AES128-SHA256");
1888+
SuiteToOSSL.put("TLS_DHE_DSS_WITH_AES_256_CBC_SHA256", "DHE-DSS-AES256-SHA256");
1889+
SuiteToOSSL.put("TLS_DHE_RSA_WITH_AES_128_CBC_SHA", "DHE-RSA-AES128-SHA");
18681890
SuiteToOSSL.put("TLS_DHE_RSA_WITH_AES_256_CBC_SHA","DHE-RSA-AES256-SHA");
1891+
SuiteToOSSL.put("TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", "DHE-RSA-AES128-SHA256");
1892+
SuiteToOSSL.put("TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", "DHE-RSA-AES256-SHA256");
18691893
SuiteToOSSL.put("TLS_DH_anon_WITH_AES_128_CBC_SHA","ADH-AES128-SHA");
18701894
SuiteToOSSL.put("TLS_DH_anon_WITH_AES_256_CBC_SHA","ADH-AES256-SHA");
1895+
SuiteToOSSL.put("TLS_DH_anon_WITH_AES_128_CBC_SHA256", "ADH-AES128-SHA256");
1896+
SuiteToOSSL.put("TLS_DH_anon_WITH_AES_256_CBC_SHA256", "ADH-AES256-SHA256");
18711897
SuiteToOSSL.put("TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA","EXP1024-DES-CBC-SHA");
18721898
SuiteToOSSL.put("TLS_RSA_EXPORT1024_WITH_RC4_56_SHA","EXP1024-RC4-SHA");
18731899
SuiteToOSSL.put("TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA","EXP1024-DHE-DSS-DES-CBC-SHA");
@@ -1881,6 +1907,49 @@ private static Collection<Def> matchingPattern(
18811907
SuiteToOSSL.put("SSL_CK_DES_64_CBC_WITH_MD5","DES-CBC-MD5");
18821908
SuiteToOSSL.put("SSL_CK_DES_192_EDE3_CBC_WITH_MD5","DES-CBC3-MD5");
18831909

1910+
SuiteToOSSL.put("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", "ECDHE-ECDSA-AES128-SHA");
1911+
SuiteToOSSL.put("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", "ECDHE-ECDSA-AES256-SHA");
1912+
SuiteToOSSL.put("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", "ECDHE-ECDSA-AES128-SHA256");
1913+
SuiteToOSSL.put("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", "ECDHE-RSA-AES128-SHA");
1914+
SuiteToOSSL.put("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", "ECDHE-RSA-AES256-SHA");
1915+
SuiteToOSSL.put("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "ECDHE-RSA-AES128-SHA256");
1916+
SuiteToOSSL.put("TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", "ECDH-ECDSA-AES128-SHA");
1917+
SuiteToOSSL.put("TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", "ECDH-ECDSA-AES256-SHA");
1918+
SuiteToOSSL.put("TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256", "ECDH-ECDSA-AES128-SHA256");
1919+
SuiteToOSSL.put("TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", "ECDH-RSA-AES128-SHA");
1920+
SuiteToOSSL.put("TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", "ECDH-RSA-AES256-SHA");
1921+
SuiteToOSSL.put("TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256", "ECDH-RSA-AES128-SHA256");
1922+
SuiteToOSSL.put("TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", "ECDHE-ECDSA-DES-CBC3-SHA");
1923+
SuiteToOSSL.put("TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", "ECDH-ECDSA-DES-CBC3-SHA");
1924+
SuiteToOSSL.put("TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", "ECDHE-RSA-DES-CBC3-SHA");
1925+
SuiteToOSSL.put("TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", "ECDH-RSA-DES-CBC3-SHA");
1926+
SuiteToOSSL.put("TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", "ECDHE-ECDSA-RC4-SHA");
1927+
SuiteToOSSL.put("TLS_ECDHE_RSA_WITH_RC4_128_SHA", "ECDHE-RSA-RC4-SHA");
1928+
SuiteToOSSL.put("TLS_ECDH_ECDSA_WITH_RC4_128_SHA", "ECDH-ECDSA-RC4-SHA");
1929+
SuiteToOSSL.put("TLS_ECDH_RSA_WITH_RC4_128_SHA", "ECDH-RSA-RC4-SHA");
1930+
SuiteToOSSL.put("TLS_ECDH_anon_WITH_AES_128_CBC_SHA", "AECDH-AES128-SHA");
1931+
SuiteToOSSL.put("TLS_ECDH_anon_WITH_AES_256_CBC_SHA", "AECDH-AES256-SHA");
1932+
SuiteToOSSL.put("TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA", "AECDH-DES-CBC3-SHA");
1933+
SuiteToOSSL.put("TLS_ECDH_anon_WITH_RC4_128_SHA", "AECDH-RC4-SHA");
1934+
SuiteToOSSL.put("TLS_ECDHE_ECDSA_WITH_NULL_SHA", "ECDHE-ECDSA-NULL-SHA");
1935+
SuiteToOSSL.put("TLS_ECDHE_RSA_WITH_NULL_SHA", "ECDHE-RSA-NULL-SHA");
1936+
SuiteToOSSL.put("TLS_ECDH_ECDSA_WITH_NULL_SHA", "ECDH-ECDSA-NULL-SHA");
1937+
SuiteToOSSL.put("TLS_ECDH_RSA_WITH_NULL_SHA", "ECDH-RSA-NULL-SHA");
1938+
SuiteToOSSL.put("TLS_ECDH_anon_WITH_NULL_SHA", "AECDH-NULL-SHA");
1939+
1940+
// left overs supported by Java 7's SSLv3 / TLS v1.2 :
1941+
1942+
// TLS_EMPTY_RENEGOTIATION_INFO_SCSV,
1943+
// TLS_KRB5_WITH_3DES_EDE_CBC_SHA,
1944+
// TLS_KRB5_WITH_3DES_EDE_CBC_MD5,
1945+
// TLS_KRB5_WITH_RC4_128_SHA,
1946+
// TLS_KRB5_WITH_RC4_128_MD5,
1947+
// TLS_KRB5_WITH_DES_CBC_SHA,
1948+
// TLS_KRB5_WITH_DES_CBC_MD5,
1949+
// TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA,
1950+
// TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5,
1951+
// TLS_KRB5_EXPORT_WITH_RC4_40_SHA,
1952+
// TLS_KRB5_EXPORT_WITH_RC4_40_MD5
18841953
}
18851954

18861955
}// CipherStrings

0 commit comments

Comments
 (0)