Uploaded image for project: 'WildFly Elytron'
  1. WildFly Elytron
  2. ELY-793

Using @STRENGTH keyword in CipherSuiteSelector.fromString should cause descending sorting

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • 1.7.0.CR1
    • 1.1.0.Beta14
    • SSL
    • None
    • Hide 
          private static final String[] SUPPORTED_SUITES = new String[] {
        "TLS_RSA_WITH_AES_128_CBC_SHA256",
        "TLS_RSA_WITH_NULL_SHA256",
        "TLS_DH_anon_WITH_AES_128_CBC_SHA256",
        "TLS_ECDH_anon_WITH_NULL_SHA"};

    @Test
    public void testStrengthForComplementofallAndAll() {
        CipherSuiteSelector selector = CipherSuiteSelector.fromString("COMPLEMENTOFALL ALL @STRENGTH");
        List<String> selectedSuites = Arrays.asList(selector.evaluate(SUPPORTED_SUITES));

        assertThat("All supported suites should be selected", selectedSuites.size() == SUPPORTED_SUITES.length);
        assertThat("High strength suites should be at the beginning", selectedSuites.get(0), is("TLS_RSA_WITH_AES_128_CBC_SHA256"));
    }
      Show
      private static final String[] SUPPORTED_SUITES = new String[] { "TLS_RSA_WITH_AES_128_CBC_SHA256", "TLS_RSA_WITH_NULL_SHA256", "TLS_DH_anon_WITH_AES_128_CBC_SHA256", "TLS_ECDH_anon_WITH_NULL_SHA"}; @Test public void testStrengthForComplementofallAndAll() { CipherSuiteSelector selector = CipherSuiteSelector.fromString("COMPLEMENTOFALL ALL @STRENGTH"); List<String> selectedSuites = Arrays.asList(selector.evaluate(SUPPORTED_SUITES)); assertThat("All supported suites should be selected", selectedSuites.size() == SUPPORTED_SUITES.length); assertThat("High strength suites should be at the beginning", selectedSuites.get(0), is("TLS_RSA_WITH_AES_128_CBC_SHA256")); }

    Description

      Using @STRENGTH keyword in CipherSuiteSelector.fromString should cause descending sorting of cipher suites, like OpenSSL does, e.g. openssl ciphers -v 'ALL:!ADH:@STRENGTH'. There is comparator in SortByAlgorithmKeyLengthCipherSuiteSelector [1].

      Or, am I wrong? Are cipher suites in javax.net.ssl.SSLParameters expected in ascending order? (Does it matter?) Will the OpenSSL provider expect ascending order? (Or will it parse cipher string itself?)

      The JavaDoc [2] should mention whether the sorting is ascending or descending.

      [1] https://github.com/wildfly-security/wildfly-elytron/blob/7666231fa76b95c3c97eed0d16968a5f77a7de22/src/main/java/org/wildfly/security/ssl/CipherSuiteSelector.java#L730
      [2] https://github.com/wildfly-security/wildfly-elytron/blob/7666231fa76b95c3c97eed0d16968a5f77a7de22/src/main/java/org/wildfly/security/ssl/CipherSuiteSelector.java#L356

      Attachments

        Activity

          People

            jucook Justin Cook (Inactive)
            okotek@redhat.com Ondrej Kotek
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: