setEnabledCipherSuites() — netty Function Reference
Architecture documentation for the setEnabledCipherSuites() function in ReferenceCountedOpenSslEngine.java from the netty codebase.
Entity Profile
Dependency Diagram
graph TD 6a44e3b1_de89_d0c1_af8e_b0ae68fa3b64["setEnabledCipherSuites()"] df1ad81e_e5bf_85e6_4418_db301b4c3e66["ReferenceCountedOpenSslEngine"] 6a44e3b1_de89_d0c1_af8e_b0ae68fa3b64 -->|defined in| df1ad81e_e5bf_85e6_4418_db301b4c3e66 c2be282d_110e_3809_ba91_f76a8d2a4b03["isEmpty()"] 6a44e3b1_de89_d0c1_af8e_b0ae68fa3b64 -->|calls| c2be282d_110e_3809_ba91_f76a8d2a4b03 5b5b0a36_7b14_f201_640d_10be2c52c8e3["setEnabledProtocols0()"] 6a44e3b1_de89_d0c1_af8e_b0ae68fa3b64 -->|calls| 5b5b0a36_7b14_f201_640d_10be2c52c8e3 style 6a44e3b1_de89_d0c1_af8e_b0ae68fa3b64 fill:#6366f1,stroke:#818cf8,color:#fff
Relationship Graph
Source Code
handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslEngine.java lines 1707–1761
@Override
public final void setEnabledCipherSuites(String[] cipherSuites) {
checkNotNull(cipherSuites, "cipherSuites");
final StringBuilder buf = new StringBuilder();
final StringBuilder bufTLSv13 = new StringBuilder();
CipherSuiteConverter.convertToCipherStrings(Arrays.asList(cipherSuites), buf, bufTLSv13,
OpenSsl.isBoringSSL());
final String cipherSuiteSpec = buf.toString();
final String cipherSuiteSpecTLSv13 = bufTLSv13.toString();
if (!OpenSsl.isTlsv13Supported() && !cipherSuiteSpecTLSv13.isEmpty()) {
throw new IllegalArgumentException("TLSv1.3 is not supported by this java version.");
}
synchronized (this) {
hasTLSv13Cipher = !cipherSuiteSpecTLSv13.isEmpty();
if (!destroyed) {
try {
// Set non TLSv1.3 ciphers.
SSL.setCipherSuites(ssl, cipherSuiteSpec, false);
if (OpenSsl.isTlsv13Supported()) {
// Set TLSv1.3 ciphers.
SSL.setCipherSuites(ssl, OpenSsl.checkTls13Ciphers(logger, cipherSuiteSpecTLSv13), true);
}
// We also need to update the enabled protocols to ensure we disable the protocol if there are
// no compatible ciphers left.
Set<String> protocols = new HashSet<String>(enabledProtocols);
// We have no ciphers that are compatible with none-TLSv1.3, let us explicit disable all other
// protocols.
if (cipherSuiteSpec.isEmpty()) {
protocols.remove(SslProtocols.TLS_v1);
protocols.remove(SslProtocols.TLS_v1_1);
protocols.remove(SslProtocols.TLS_v1_2);
protocols.remove(SslProtocols.SSL_v3);
protocols.remove(SslProtocols.SSL_v2);
protocols.remove(SslProtocols.SSL_v2_HELLO);
}
// We have no ciphers that are compatible with TLSv1.3, let us explicit disable it.
if (cipherSuiteSpecTLSv13.isEmpty()) {
protocols.remove(SslProtocols.TLS_v1_3);
}
// Update the protocols but not cache the value. We only cache when we call it from the user
// code or when we construct the engine.
setEnabledProtocols0(protocols.toArray(EMPTY_STRINGS), !hasTLSv13Cipher);
} catch (Exception e) {
throw new IllegalStateException("failed to enable cipher suites: " + cipherSuiteSpec, e);
}
} else {
throw new IllegalStateException("failed to enable cipher suites: " + cipherSuiteSpec);
}
}
}Domain
Subdomains
Source
Frequently Asked Questions
What does setEnabledCipherSuites() do?
setEnabledCipherSuites() is a function in the netty codebase, defined in handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslEngine.java.
Where is setEnabledCipherSuites() defined?
setEnabledCipherSuites() is defined in handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslEngine.java at line 1707.
What does setEnabledCipherSuites() call?
setEnabledCipherSuites() calls 2 function(s): isEmpty, setEnabledProtocols0.
Analyze Your Own Codebase
Get architecture documentation, dependency graphs, and domain analysis for your codebase in minutes.
Try Supermodel Free