Uploaded image for project: 'WildFly Elytron'
  1. WildFly Elytron
  2. ELY-793

Using @STRENGTH keyword in CipherSuiteSelector.fromString should cause descending sorting

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • 1.7.0.CR1
    • 1.1.0.Beta14
    • SSL
    • None
    • Hide 
          private static final String[] SUPPORTED_SUITES = new String[] {
        "TLS_RSA_WITH_AES_128_CBC_SHA256",
        "TLS_RSA_WITH_NULL_SHA256",
        "TLS_DH_anon_WITH_AES_128_CBC_SHA256",
        "TLS_ECDH_anon_WITH_NULL_SHA"};

    @Test
    public void testStrengthForComplementofallAndAll() {
        CipherSuiteSelector selector = CipherSuiteSelector.fromString("COMPLEMENTOFALL ALL @STRENGTH");
        List<String> selectedSuites = Arrays.asList(selector.evaluate(SUPPORTED_SUITES));

        assertThat("All supported suites should be selected", selectedSuites.size() == SUPPORTED_SUITES.length);
        assertThat("High strength suites should be at the beginning", selectedSuites.get(0), is("TLS_RSA_WITH_AES_128_CBC_SHA256"));
    }
      Show
      private static final String[] SUPPORTED_SUITES = new String[] { "TLS_RSA_WITH_AES_128_CBC_SHA256", "TLS_RSA_WITH_NULL_SHA256", "TLS_DH_anon_WITH_AES_128_CBC_SHA256", "TLS_ECDH_anon_WITH_NULL_SHA"}; @Test public void testStrengthForComplementofallAndAll() { CipherSuiteSelector selector = CipherSuiteSelector.fromString("COMPLEMENTOFALL ALL @STRENGTH"); List<String> selectedSuites = Arrays.asList(selector.evaluate(SUPPORTED_SUITES)); assertThat("All supported suites should be selected", selectedSuites.size() == SUPPORTED_SUITES.length); assertThat("High strength suites should be at the beginning", selectedSuites.get(0), is("TLS_RSA_WITH_AES_128_CBC_SHA256")); }

      Using @STRENGTH keyword in CipherSuiteSelector.fromString should cause descending sorting of cipher suites, like OpenSSL does, e.g. openssl ciphers -v 'ALL:!ADH:@STRENGTH'. There is comparator in SortByAlgorithmKeyLengthCipherSuiteSelector [1].

      Or, am I wrong? Are cipher suites in javax.net.ssl.SSLParameters expected in ascending order? (Does it matter?) Will the OpenSSL provider expect ascending order? (Or will it parse cipher string itself?)

      The JavaDoc [2] should mention whether the sorting is ascending or descending.

      [1] https://github.com/wildfly-security/wildfly-elytron/blob/7666231fa76b95c3c97eed0d16968a5f77a7de22/src/main/java/org/wildfly/security/ssl/CipherSuiteSelector.java#L730
      [2] https://github.com/wildfly-security/wildfly-elytron/blob/7666231fa76b95c3c97eed0d16968a5f77a7de22/src/main/java/org/wildfly/security/ssl/CipherSuiteSelector.java#L356

              jucook Justin Cook (Inactive)
              okotek@redhat.com Ondrej Kotek
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: