diff options
Diffstat (limited to 'jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java')
-rw-r--r-- | jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java | 43 |
1 files changed, 22 insertions, 21 deletions
diff --git a/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java b/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java index 9ad2cb0dd4..785ba1c457 100644 --- a/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java +++ b/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java @@ -35,7 +35,7 @@ import java.security.cert.X509CertSelector; import java.util.Arrays; import java.util.Collection; import java.util.Collections; -import java.util.HashSet; +import java.util.LinkedHashSet; import java.util.List; import java.util.Set; import javax.net.ssl.CertPathTrustManagerParameters; @@ -86,7 +86,7 @@ public class SslContextFactory extends AbstractLifeCycle { } }}; - + private static final Logger LOG = Log.getLogger(SslContextFactory.class); public static final String DEFAULT_KEYMANAGERFACTORY_ALGORITHM = @@ -107,13 +107,12 @@ public class SslContextFactory extends AbstractLifeCycle public static final String PASSWORD_PROPERTY = "org.eclipse.jetty.ssl.password"; /** Excluded protocols. */ - private final Set<String> _excludeProtocols = new HashSet<String>(); - // private final Set<String> _excludeProtocols = new HashSet<String>(Collections.singleton("SSLv2Hello")); + private final Set<String> _excludeProtocols = new LinkedHashSet<String>(); /** Included protocols. */ private Set<String> _includeProtocols = null; /** Excluded cipher suites. */ - private final Set<String> _excludeCipherSuites = new HashSet<String>(); + private final Set<String> _excludeCipherSuites = new LinkedHashSet<String>(); /** Included cipher suites. */ private Set<String> _includeCipherSuites = null; @@ -210,6 +209,8 @@ public class SslContextFactory extends AbstractLifeCycle /** * Construct an instance of SslContextFactory * Default constructor for use in XmlConfiguration files + * @param trustAll whether to blindly trust all certificates + * @see #setTrustAll(boolean) */ public SslContextFactory(boolean trustAll) { @@ -313,7 +314,7 @@ public class SslContextFactory extends AbstractLifeCycle /* ------------------------------------------------------------ */ /** - * @param Protocols + * @param protocols * The array of protocol names to exclude from * {@link SSLEngine#setEnabledProtocols(String[])} */ @@ -347,7 +348,7 @@ public class SslContextFactory extends AbstractLifeCycle /* ------------------------------------------------------------ */ /** - * @param Protocols + * @param protocols * The array of protocol names to include in * {@link SSLEngine#setEnabledProtocols(String[])} */ @@ -355,7 +356,7 @@ public class SslContextFactory extends AbstractLifeCycle { checkNotStarted(); - _includeProtocols = new HashSet<String>(Arrays.asList(protocols)); + _includeProtocols = new LinkedHashSet<String>(Arrays.asList(protocols)); } /* ------------------------------------------------------------ */ @@ -411,7 +412,7 @@ public class SslContextFactory extends AbstractLifeCycle { checkNotStarted(); - _includeCipherSuites = new HashSet<String>(Arrays.asList(cipherSuites)); + _includeCipherSuites = new LinkedHashSet<String>(Arrays.asList(cipherSuites)); } /* ------------------------------------------------------------ */ @@ -444,7 +445,7 @@ public class SslContextFactory extends AbstractLifeCycle /* ------------------------------------------------------------ */ /** - * @param keyStorePath + * @param keyStorePath the file system path or URL of the keystore * @deprecated Use {@link #setKeyStorePath(String)} */ @Deprecated @@ -1003,7 +1004,7 @@ public class SslContextFactory extends AbstractLifeCycle * Override this method to provide alternate way to load a keystore. * * @return the key store instance - * @throws Exception + * @throws Exception if the keystore cannot be loaded */ protected KeyStore loadKeyStore() throws Exception { @@ -1017,7 +1018,7 @@ public class SslContextFactory extends AbstractLifeCycle * Override this method to provide alternate way to load a truststore. * * @return the key store instance - * @throws Exception + * @throws Exception if the truststore cannot be loaded */ protected KeyStore loadTrustStore() throws Exception { @@ -1040,7 +1041,7 @@ public class SslContextFactory extends AbstractLifeCycle * @param storeProvider keystore provider * @param storePassword keystore password * @return created keystore - * @throws Exception + * @throws Exception if the keystore cannot be obtained * * @deprecated */ @@ -1059,7 +1060,7 @@ public class SslContextFactory extends AbstractLifeCycle * * @param crlPath path of certificate revocation list file * @return Collection of CRL's - * @throws Exception + * @throws Exception if the certificate revocation list cannot be loaded */ protected Collection<? extends CRL> loadCRL(String crlPath) throws Exception { @@ -1199,16 +1200,16 @@ public class SslContextFactory extends AbstractLifeCycle /* ------------------------------------------------------------ */ /** - * Select cipher suites to be used by the connector + * Select protocols to be used by the connector * based on configured inclusion and exclusion lists - * as well as enabled and supported cipher suite lists. - * @param enabledCipherSuites Array of enabled cipher suites - * @param supportedCipherSuites Array of supported cipher suites - * @return Array of cipher suites to enable + * as well as enabled and supported protocols. + * @param enabledProtocols Array of enabled protocols + * @param supportedProtocols Array of supported protocols + * @return Array of protocols to enable */ public String[] selectProtocols(String[] enabledProtocols, String[] supportedProtocols) { - Set<String> selected_protocols = new HashSet<String>(); + Set<String> selected_protocols = new LinkedHashSet<String>(); // Set the starting protocols - either from the included or enabled list if (_includeProtocols!=null) @@ -1240,7 +1241,7 @@ public class SslContextFactory extends AbstractLifeCycle */ public String[] selectCipherSuites(String[] enabledCipherSuites, String[] supportedCipherSuites) { - Set<String> selected_ciphers = new HashSet<String>(); + Set<String> selected_ciphers = new LinkedHashSet<String>(); // Set the starting ciphers - either from the included or enabled list if (_includeCipherSuites!=null) |