1 files changed, 22 insertions, 21 deletions

diff --git a/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java b/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java
index 9ad2cb0dd4..785ba1c457 100644
--- a/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java
+++ b/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java
@@ -35,7 +35,7 @@ import java.security.cert.X509CertSelector;
 import java.util.Arrays;
 import java.util.Collection;
 import java.util.Collections;
-import java.util.HashSet;
+import java.util.LinkedHashSet;
 import java.util.List;
 import java.util.Set;
 import javax.net.ssl.CertPathTrustManagerParameters;
@@ -86,7 +86,7 @@ public class SslContextFactory extends AbstractLifeCycle
         {
         }
     }};
-    
+
     private static final Logger LOG = Log.getLogger(SslContextFactory.class);
 
     public static final String DEFAULT_KEYMANAGERFACTORY_ALGORITHM =
@@ -107,13 +107,12 @@ public class SslContextFactory extends AbstractLifeCycle
     public static final String PASSWORD_PROPERTY = "org.eclipse.jetty.ssl.password";
 
     /** Excluded protocols. */
-    private final Set<String> _excludeProtocols = new HashSet<String>();
-    // private final Set<String> _excludeProtocols = new HashSet<String>(Collections.singleton("SSLv2Hello"));
+    private final Set<String> _excludeProtocols = new LinkedHashSet<String>();
     /** Included protocols. */
     private Set<String> _includeProtocols = null;
 
     /** Excluded cipher suites. */
-    private final Set<String> _excludeCipherSuites = new HashSet<String>();
+    private final Set<String> _excludeCipherSuites = new LinkedHashSet<String>();
     /** Included cipher suites. */
     private Set<String> _includeCipherSuites = null;
 
@@ -210,6 +209,8 @@ public class SslContextFactory extends AbstractLifeCycle
     /**
      * Construct an instance of SslContextFactory
      * Default constructor for use in XmlConfiguration files
+     * @param trustAll whether to blindly trust all certificates
+     * @see #setTrustAll(boolean)
      */
     public SslContextFactory(boolean trustAll)
     {
@@ -313,7 +314,7 @@ public class SslContextFactory extends AbstractLifeCycle
 
     /* ------------------------------------------------------------ */
     /**
-     * @param Protocols
+     * @param protocols
      *            The array of protocol names to exclude from
      *            {@link SSLEngine#setEnabledProtocols(String[])}
      */
@@ -347,7 +348,7 @@ public class SslContextFactory extends AbstractLifeCycle
 
     /* ------------------------------------------------------------ */
     /**
-     * @param Protocols
+     * @param protocols
      *            The array of protocol names to include in
      *            {@link SSLEngine#setEnabledProtocols(String[])}
      */
@@ -355,7 +356,7 @@ public class SslContextFactory extends AbstractLifeCycle
     {
         checkNotStarted();
 
-        _includeProtocols = new HashSet<String>(Arrays.asList(protocols));
+        _includeProtocols = new LinkedHashSet<String>(Arrays.asList(protocols));
     }
 
     /* ------------------------------------------------------------ */
@@ -411,7 +412,7 @@ public class SslContextFactory extends AbstractLifeCycle
     {
         checkNotStarted();
 
-        _includeCipherSuites = new HashSet<String>(Arrays.asList(cipherSuites));
+        _includeCipherSuites = new LinkedHashSet<String>(Arrays.asList(cipherSuites));
     }
 
     /* ------------------------------------------------------------ */
@@ -444,7 +445,7 @@ public class SslContextFactory extends AbstractLifeCycle
 
     /* ------------------------------------------------------------ */
     /**
-     * @param keyStorePath
+     * @param keyStorePath the file system path or URL of the keystore
      * @deprecated Use {@link #setKeyStorePath(String)}
      */
     @Deprecated
@@ -1003,7 +1004,7 @@ public class SslContextFactory extends AbstractLifeCycle
      * Override this method to provide alternate way to load a keystore.
      *
      * @return the key store instance
-     * @throws Exception
+     * @throws Exception if the keystore cannot be loaded
      */
     protected KeyStore loadKeyStore() throws Exception
     {
@@ -1017,7 +1018,7 @@ public class SslContextFactory extends AbstractLifeCycle
      * Override this method to provide alternate way to load a truststore.
      *
      * @return the key store instance
-     * @throws Exception
+     * @throws Exception if the truststore cannot be loaded
      */
     protected KeyStore loadTrustStore() throws Exception
     {
@@ -1040,7 +1041,7 @@ public class SslContextFactory extends AbstractLifeCycle
      * @param storeProvider keystore provider
      * @param storePassword keystore password
      * @return created keystore
-     * @throws Exception
+     * @throws Exception if the keystore cannot be obtained
      *
      * @deprecated
      */
@@ -1059,7 +1060,7 @@ public class SslContextFactory extends AbstractLifeCycle
      *
      * @param crlPath path of certificate revocation list file
      * @return Collection of CRL's
-     * @throws Exception
+     * @throws Exception if the certificate revocation list cannot be loaded
      */
     protected Collection<? extends CRL> loadCRL(String crlPath) throws Exception
     {
@@ -1199,16 +1200,16 @@ public class SslContextFactory extends AbstractLifeCycle
 
     /* ------------------------------------------------------------ */
     /**
-     * Select cipher suites to be used by the connector
+     * Select protocols to be used by the connector
      * based on configured inclusion and exclusion lists
-     * as well as enabled and supported cipher suite lists.
-     * @param enabledCipherSuites Array of enabled cipher suites
-     * @param supportedCipherSuites Array of supported cipher suites
-     * @return Array of cipher suites to enable
+     * as well as enabled and supported protocols.
+     * @param enabledProtocols Array of enabled protocols
+     * @param supportedProtocols Array of supported protocols
+     * @return Array of protocols to enable
      */
     public String[] selectProtocols(String[] enabledProtocols, String[] supportedProtocols)
     {
-        Set<String> selected_protocols = new HashSet<String>();
+        Set<String> selected_protocols = new LinkedHashSet<String>();
 
         // Set the starting protocols - either from the included or enabled list
         if (_includeProtocols!=null)
@@ -1240,7 +1241,7 @@ public class SslContextFactory extends AbstractLifeCycle
      */
     public String[] selectCipherSuites(String[] enabledCipherSuites, String[] supportedCipherSuites)
     {
-        Set<String> selected_ciphers = new HashSet<String>();
+        Set<String> selected_ciphers = new LinkedHashSet<String>();
 
         // Set the starting ciphers - either from the included or enabled list
         if (_includeCipherSuites!=null)