Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification.
The "tools/SSLTest.java" page has been changed by ChristopherSchultz: https://wiki.apache.org/tomcat/tools/SSLTest.java?action=diff&rev1=3&rev2=4 Comment: Added auto-detection of protocols if none are specified import java.net.Socket; import java.net.SocketTimeoutException; import java.security.NoSuchAlgorithmException; + import java.security.Provider; import java.security.SecureRandom; + import java.security.Security; import java.security.cert.Certificate; import java.security.cert.X509Certificate; import java.util.ArrayList; import java.util.Arrays; + import java.util.Collections; import java.util.HashSet; + import java.util.List; + import java.util.Map.Entry; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLSocket; @@ -187, +192 @@ host = host.substring(0, pos); } + // Enable all algorithms + Security.setProperty("jdk.tls.disabledAlgorithms", ""); + + List<String> supportedProtocols; + + if(null == sslEnabledProtocols) + { + // Auto-detect protocols + ArrayList<String> protocols = new ArrayList<String>(); + // TODO: Allow the specification of a specific provider (or set?) + for(Provider provider : Security.getProviders()) + { + for(Object prop : provider.keySet()) + { + String key = (String)prop; + if(key.startsWith("SSLContext.") + && !key.equals("SSLContext.Default") + && key.matches(".*[0-9].*")) + protocols.add(key.substring("SSLContext.".length())); + else if(key.startsWith("Alg.Alias.SSLContext.") + && key.matches(".*[0-9].*")) + protocols.add(key.substring("Alg.Alias.SSLContext.".length())); + } + } + Collections.sort(protocols); // Should give us a nice sort-order by default + System.err.println("Auto-detected client-supported protocols: " + protocols); + supportedProtocols = protocols; + sslEnabledProtocols = supportedProtocols.toArray(new String[supportedProtocols.size()]); + } + else + { + supportedProtocols = new ArrayList<String>(Arrays.asList(sslEnabledProtocols)); + } + System.out.println("Testing server " + host + ":" + port); - - // Enable *all* algorithms - Security.setProperty("jdk.tls.disabledAlgorithms", ""); SecureRandom rand = new SecureRandom(); @@ -198, +234 @@ System.out.print(String.format(reportFormat, "Supported", "Protocol", "Cipher")); InetSocketAddress address = new InetSocketAddress(host, port); - - ArrayList<String> supportedProtocols = new ArrayList<String>(Arrays.asList(sslEnabledProtocols)); for(String protocol : sslEnabledProtocols) { --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
