configureCipherSuitesForAlgorithm() — netty Function Reference

Architecture documentation for the configureCipherSuitesForAlgorithm() function in JdkDelegatingPrivateKeyMethodTest.java from the netty codebase.

Function java Buffer Allocators called by 1

Entity Profile

Buffer→ Allocators→ configureCipherSuitesForAlgorithm() — netty Function Reference

Dependency Diagram

graph TD
  5a3245c2_68b7_f5a4_493d_f9902be0f416["configureCipherSuitesForAlgorithm()"]
  2ac7122d_91ea_6ce8_76a0_fb9ed7fcbdbc["JdkDelegatingPrivateKeyMethodTest"]
  5a3245c2_68b7_f5a4_493d_f9902be0f416 -->|defined in| 2ac7122d_91ea_6ce8_76a0_fb9ed7fcbdbc
  4a2d9bb8_8e89_f8a6_4ddb_3c1163dd54fe["testAlgorithmSupport()"]
  4a2d9bb8_8e89_f8a6_4ddb_3c1163dd54fe -->|calls| 5a3245c2_68b7_f5a4_493d_f9902be0f416
  style 5a3245c2_68b7_f5a4_493d_f9902be0f416 fill:#6366f1,stroke:#818cf8,color:#fff

Relationship Graph

Source Code

handler/src/test/java/io/netty/handler/ssl/JdkDelegatingPrivateKeyMethodTest.java lines 374–427

    private static void configureCipherSuitesForAlgorithm(SslContextBuilder serverBuilder,
                                                          SslContextBuilder clientBuilder,
                                                          int opensslAlgorithm) {
        // Map each OpenSSL algorithm to a single specific cipher suite
        String cipherSuite;
        String protocol = null;

        // RSA-PSS algorithms - require TLS 1.3
        if (opensslAlgorithm == OpenSslAsyncPrivateKeyMethod.SSL_SIGN_RSA_PSS_RSAE_SHA256) {
            cipherSuite = "TLS_AES_128_GCM_SHA256";  // Forces SHA256 signatures
            protocol = "TLSv1.3";
        } else if (opensslAlgorithm == OpenSslAsyncPrivateKeyMethod.SSL_SIGN_RSA_PSS_RSAE_SHA384) {
            cipherSuite = "TLS_AES_256_GCM_SHA384";  // Forces SHA384 signatures
            protocol = "TLSv1.3";
        } else if (opensslAlgorithm == OpenSslAsyncPrivateKeyMethod.SSL_SIGN_RSA_PSS_RSAE_SHA512) {
            cipherSuite = "TLS_AES_256_GCM_SHA384";  // Best available for SHA512 signatures
            protocol = "TLSv1.3";

        // ECDSA algorithms
        } else if (opensslAlgorithm == OpenSslAsyncPrivateKeyMethod.SSL_SIGN_ECDSA_SHA1) {
            cipherSuite = "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA";  // Forces SHA1 signatures
        } else if (opensslAlgorithm == OpenSslAsyncPrivateKeyMethod.SSL_SIGN_ECDSA_SECP256R1_SHA256) {
            cipherSuite = "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256";  // Forces SHA256 signatures
        } else if (opensslAlgorithm == OpenSslAsyncPrivateKeyMethod.SSL_SIGN_ECDSA_SECP384R1_SHA384) {
            cipherSuite = "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384";  // Forces SHA384 signatures
        } else if (opensslAlgorithm == OpenSslAsyncPrivateKeyMethod.SSL_SIGN_ECDSA_SECP521R1_SHA512) {
            cipherSuite = "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384";  // Use GCM instead of CBC for SHA512

        // RSA PKCS#1 algorithms
        } else if (opensslAlgorithm == OpenSslAsyncPrivateKeyMethod.SSL_SIGN_RSA_PKCS1_SHA1) {
            cipherSuite = "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA";  // Forces SHA1 signatures
        } else if (opensslAlgorithm == OpenSslAsyncPrivateKeyMethod.SSL_SIGN_RSA_PKCS1_SHA256) {
            cipherSuite = "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256";  // Forces SHA256 signatures
        } else if (opensslAlgorithm == OpenSslAsyncPrivateKeyMethod.SSL_SIGN_RSA_PKCS1_SHA384) {
            cipherSuite = "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384";  // Forces SHA384 signatures
        } else if (opensslAlgorithm == OpenSslAsyncPrivateKeyMethod.SSL_SIGN_RSA_PKCS1_SHA512) {
            cipherSuite = "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384";  // Use GCM instead of CBC for SHA512
        } else if (opensslAlgorithm == OpenSslAsyncPrivateKeyMethod.SSL_SIGN_RSA_PKCS1_MD5_SHA1) {
            cipherSuite = "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA";  // Forces MD5+SHA1 signatures
        } else {
            throw new IllegalArgumentException("Unsupported OpenSSL algorithm: " + opensslAlgorithm);
        }

        // Configure both server and client with the same single cipher suite
        List<String> singleCipherSuite = Arrays.asList(cipherSuite);
        serverBuilder.ciphers(singleCipherSuite);
        clientBuilder.ciphers(singleCipherSuite);

        // Set protocol if specified (for TLS 1.3)
        if (protocol != null) {
            serverBuilder.protocols(protocol);
            clientBuilder.protocols(protocol);
        }
    }

Domain

Buffer

Subdomains

Allocators

Defined In

handler/src/test/java/io/netty/handler/ssl/JdkDelegatingPrivateKeyMethodTest.java

Called By

testAlgorithmSupport()

Source

View on GitHub

Frequently Asked Questions

What does configureCipherSuitesForAlgorithm() do?

configureCipherSuitesForAlgorithm() is a function in the netty codebase, defined in handler/src/test/java/io/netty/handler/ssl/JdkDelegatingPrivateKeyMethodTest.java.

Where is configureCipherSuitesForAlgorithm() defined?

configureCipherSuitesForAlgorithm() is defined in handler/src/test/java/io/netty/handler/ssl/JdkDelegatingPrivateKeyMethodTest.java at line 374.

What calls configureCipherSuitesForAlgorithm()?

configureCipherSuitesForAlgorithm() is called by 1 function(s): testAlgorithmSupport.

Analyze Your Own Codebase

Get architecture documentation, dependency graphs, and domain analysis for your codebase in minutes.

Try Supermodel Free