diff --git a/core/src/main/java/io/undertow/Undertow.java b/core/src/main/java/io/undertow/Undertow.java index 406185a..b645705 100644 --- a/core/src/main/java/io/undertow/Undertow.java +++ b/core/src/main/java/io/undertow/Undertow.java @@ -43,6 +43,7 @@ import javax.net.ssl.KeyManager; import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLParameters; import javax.net.ssl.TrustManager; import java.net.Inet4Address; import java.net.InetSocketAddress; @@ -187,6 +188,9 @@ XnioSsl xnioSsl; if (listener.sslContext != null) { xnioSsl = new UndertowXnioSsl(xnio, OptionMap.create(Options.USE_DIRECT_BUFFERS, true), listener.sslContext); + if (listener.sslParameters != null) { + ((UndertowXnioSsl)xnioSsl).setSslParameters(listener.sslParameters); + } } else { xnioSsl = xnio.getSslProvider(listener.keyManagers, listener.trustManagers, OptionMap.create(Options.USE_DIRECT_BUFFERS, true)); } @@ -255,6 +259,7 @@ final TrustManager[] trustManagers; final SSLContext sslContext; final HttpHandler rootHandler; + final SSLParameters sslParameters; private ListenerConfig(final ListenerType type, final int port, final String host, KeyManager[] keyManagers, TrustManager[] trustManagers, HttpHandler rootHandler) { this.type = type; @@ -264,6 +269,7 @@ this.trustManagers = trustManagers; this.rootHandler = rootHandler; this.sslContext = null; + this.sslParameters = null; } private ListenerConfig(final ListenerType type, final int port, final String host, SSLContext sslContext, HttpHandler rootHandler) { @@ -274,6 +280,18 @@ this.keyManagers = null; this.trustManagers = null; this.sslContext = sslContext; + this.sslParameters = null; + } + + private ListenerConfig(final ListenerType type, final int port, final String host, SSLContext sslContext, SSLParameters sslParameters, HttpHandler rootHandler) { + this.type = type; + this.port = port; + this.host = host; + this.rootHandler = rootHandler; + this.keyManagers = null; + this.trustManagers = null; + this.sslContext = sslContext; + this.sslParameters = sslParameters; } } @@ -319,18 +337,18 @@ @Deprecated public Builder addListener(int port, String host) { - listeners.add(new ListenerConfig(ListenerType.HTTP, port, host, null, null, null)); + listeners.add(new ListenerConfig(ListenerType.HTTP, port, host, (KeyManager[])null, null, null)); return this; } @Deprecated public Builder addListener(int port, String host, ListenerType listenerType) { - listeners.add(new ListenerConfig(listenerType, port, host, null, null, null)); + listeners.add(new ListenerConfig(listenerType, port, host, (KeyManager[])null, null, null)); return this; } public Builder addHttpListener(int port, String host) { - listeners.add(new ListenerConfig(ListenerType.HTTP, port, host, null, null, null)); + listeners.add(new ListenerConfig(ListenerType.HTTP, port, host, (KeyManager[])null, null, null)); return this; } @@ -345,12 +363,12 @@ } public Builder addAjpListener(int port, String host) { - listeners.add(new ListenerConfig(ListenerType.AJP, port, host, null, null, null)); + listeners.add(new ListenerConfig(ListenerType.AJP, port, host, (KeyManager[])null, null, null)); return this; } public Builder addHttpListener(int port, String host, HttpHandler rootHandler) { - listeners.add(new ListenerConfig(ListenerType.HTTP, port, host, null, null, rootHandler)); + listeners.add(new ListenerConfig(ListenerType.HTTP, port, host, (KeyManager[])null, null, rootHandler)); return this; } @@ -364,8 +382,13 @@ return this; } + public Builder addHttpsListener(int port, String host, SSLContext sslContext, SSLParameters sslParameters, HttpHandler rootHandler) { + listeners.add(new ListenerConfig(ListenerType.HTTPS, port, host, sslContext, sslParameters, rootHandler)); + return this; + } + public Builder addAjpListener(int port, String host, HttpHandler rootHandler) { - listeners.add(new ListenerConfig(ListenerType.AJP, port, host, null, null, rootHandler)); + listeners.add(new ListenerConfig(ListenerType.AJP, port, host, (KeyManager[])null, null, rootHandler)); return this; } public Builder setBufferSize(final int bufferSize) { diff --git a/core/src/main/java/io/undertow/protocols/ssl/UndertowAcceptingSslChannel.java b/core/src/main/java/io/undertow/protocols/ssl/UndertowAcceptingSslChannel.java index 3930562..f8b5603 100644 --- a/core/src/main/java/io/undertow/protocols/ssl/UndertowAcceptingSslChannel.java +++ b/core/src/main/java/io/undertow/protocols/ssl/UndertowAcceptingSslChannel.java @@ -139,44 +139,48 @@ final SSLEngine engine = ssl.getSslContext().createSSLEngine(getHostNameNoResolve(peerAddress), peerAddress.getPort()); final boolean clientMode = useClientMode != 0; engine.setUseClientMode(clientMode); - if (! clientMode) { - final SslClientAuthMode clientAuthMode = UndertowAcceptingSslChannel.this.clientAuthMode; - if (clientAuthMode != null) switch (clientAuthMode) { - case NOT_REQUESTED: - engine.setNeedClientAuth(false); - engine.setWantClientAuth(false); - break; - case REQUESTED: - engine.setWantClientAuth(true); - break; - case REQUIRED: - engine.setNeedClientAuth(true); - break; - default: throw new IllegalStateException(); - } - } engine.setEnableSessionCreation(enableSessionCreation != 0); - final String[] cipherSuites = UndertowAcceptingSslChannel.this.cipherSuites; - if (cipherSuites != null) { - final Set supported = new HashSet<>(Arrays.asList(engine.getSupportedCipherSuites())); - final List finalList = new ArrayList<>(); - for (String name : cipherSuites) { - if (supported.contains(name)) { - finalList.add(name); + if (ssl.getSslParameters() != null) { + engine.setSSLParameters(ssl.getSslParameters()); + } else { + if (! clientMode) { + final SslClientAuthMode clientAuthMode = UndertowAcceptingSslChannel.this.clientAuthMode; + if (clientAuthMode != null) switch (clientAuthMode) { + case NOT_REQUESTED: + engine.setNeedClientAuth(false); + engine.setWantClientAuth(false); + break; + case REQUESTED: + engine.setWantClientAuth(true); + break; + case REQUIRED: + engine.setNeedClientAuth(true); + break; + default: throw new IllegalStateException(); } } - engine.setEnabledCipherSuites(finalList.toArray(new String[finalList.size()])); - } - final String[] protocols = UndertowAcceptingSslChannel.this.protocols; - if (protocols != null) { - final Set supported = new HashSet<>(Arrays.asList(engine.getSupportedProtocols())); - final List finalList = new ArrayList<>(); - for (String name : protocols) { - if (supported.contains(name)) { - finalList.add(name); + final String[] cipherSuites = UndertowAcceptingSslChannel.this.cipherSuites; + if (cipherSuites != null) { + final Set supported = new HashSet<>(Arrays.asList(engine.getSupportedCipherSuites())); + final List finalList = new ArrayList<>(); + for (String name : cipherSuites) { + if (supported.contains(name)) { + finalList.add(name); + } } + engine.setEnabledCipherSuites(finalList.toArray(new String[finalList.size()])); } - engine.setEnabledProtocols(finalList.toArray(new String[finalList.size()])); + final String[] protocols = UndertowAcceptingSslChannel.this.protocols; + if (protocols != null) { + final Set supported = new HashSet<>(Arrays.asList(engine.getSupportedProtocols())); + final List finalList = new ArrayList<>(); + for (String name : protocols) { + if (supported.contains(name)) { + finalList.add(name); + } + } + engine.setEnabledProtocols(finalList.toArray(new String[finalList.size()])); + } } return accept(tcpConnection, engine); } diff --git a/core/src/main/java/io/undertow/protocols/ssl/UndertowXnioSsl.java b/core/src/main/java/io/undertow/protocols/ssl/UndertowXnioSsl.java index f47f64e..ee6536e 100644 --- a/core/src/main/java/io/undertow/protocols/ssl/UndertowXnioSsl.java +++ b/core/src/main/java/io/undertow/protocols/ssl/UndertowXnioSsl.java @@ -44,6 +44,8 @@ import javax.net.ssl.SSLContext; import javax.net.ssl.SSLEngine; +import javax.net.ssl.SSLParameters; + import java.io.IOException; import java.net.InetSocketAddress; import java.net.SocketAddress; @@ -63,6 +65,7 @@ private final ByteBufferPool bufferPool; private volatile SSLContext sslContext; + private SSLParameters sslParameters; /** * Construct a new instance. @@ -303,6 +306,14 @@ return server; } + public SSLParameters getSslParameters() { + return sslParameters; + } + + public void setSslParameters(SSLParameters sslParameters) { + this.sslParameters = sslParameters; + } + private class StreamConnectionChannelListener implements ChannelListener { private final OptionMap optionMap; private final InetSocketAddress destination;