Fixes the list of cipher suites supported by the DTLS server so that it...

Fixes the list of cipher suites supported by the DTLS server so that it reflects the capabilities of the actual Bouncy Castle implementations at this time.

Fixes the list of cipher suites supported by the DTLS server so that it...
a9f4661a · Lyubomir Marinov · b8786f6d · a9f4661a · a9f4661a
Commit a9f4661a authored 10 years ago by Lyubomir Marinov
--- a/src/org/jitsi/impl/neomedia/transform/dtls/TlsClientImpl.java
+++ b/src/org/jitsi/impl/neomedia/transform/dtls/TlsClientImpl.java
@@ -80,6 +80,30 @@ int getChosenProtectionProfile()
        return chosenProtectionProfile;
    }

+    /**
+     * {@inheritDoc}
+     *
+     * Overrides the super implementation to explicitly specify cipher suites
+     * which we know to be supported by Bouncy Castle. At the time of this
+     * writing, we know that Bouncy Castle implements Client Key Exchange only
+     * with <tt>TLS_ECDHE_WITH_XXX</tt> and <tt>TLS_RSA_WITH_XXX</tt>.
+     */
+    @Override
+    public int[] getCipherSuites()
+    {
+        return
+            new int[]
+                    {
+/* core/src/main/java/org/bouncycastle/crypto/tls/DefaultTlsClient.java */
+                        CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+                        CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
+                        CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+                        CipherSuite.TLS_RSA_WITH_AES_128_GCM_SHA256,
+                        CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA256,
+                        CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA
+                    };
+    }
+
    /**
     * {@inheritDoc}
     *

--- a/src/org/jitsi/impl/neomedia/transform/dtls/TlsServerImpl.java
+++ b/src/org/jitsi/impl/neomedia/transform/dtls/TlsServerImpl.java
@@ -77,6 +77,42 @@ int getChosenProtectionProfile()
        return chosenProtectionProfile;
    }

+    /**
+     * {@inheritDoc}
+     *
+     * Overrides the super implementation to explicitly specify cipher suites
+     * which we know to be supported by Bouncy Castle. At the time of this
+     * writing, we know that Bouncy Castle implements Client Key Exchange only
+     * with <tt>TLS_ECDHE_WITH_XXX</tt> and <tt>TLS_RSA_WITH_XXX</tt>.
+     */
+    @Override
+    protected int[] getCipherSuites()
+    {
+        return
+            new int[]
+                    {
+/* core/src/main/java/org/bouncycastle/crypto/tls/DefaultTlsServer.java */
+                        CipherSuite.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+                        CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+                        CipherSuite.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
+                        CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
+                        CipherSuite.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+                        CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+                        CipherSuite.TLS_RSA_WITH_AES_256_GCM_SHA384,
+                        CipherSuite.TLS_RSA_WITH_AES_128_GCM_SHA256,
+                        CipherSuite.TLS_RSA_WITH_AES_256_CBC_SHA256,
+                        CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA256,
+                        CipherSuite.TLS_RSA_WITH_AES_256_CBC_SHA,
+                        CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA
+/* core/src/test/java/org/bouncycastle/crypto/tls/test/MockDTLSServer.java */
+//                        CipherSuite.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
+//                        CipherSuite.TLS_ECDHE_RSA_WITH_ESTREAM_SALSA20_SHA1,
+//                        CipherSuite.TLS_ECDHE_RSA_WITH_SALSA20_SHA1,
+//                        CipherSuite.TLS_RSA_WITH_ESTREAM_SALSA20_SHA1,
+//                        CipherSuite.TLS_RSA_WITH_SALSA20_SHA1
+                    };
+    }
+
    /**
     * Gets the <tt>TlsContext</tt> with which this <tt>TlsServer</tt> has been
     * initialized.