diff --git a/src/org/jitsi/impl/neomedia/transform/dtls/TlsClientImpl.java b/src/org/jitsi/impl/neomedia/transform/dtls/TlsClientImpl.java
index cc9c5aaa3fca919e79d2336b6e2bff0aa475ec53..2c3074489716eb82931dab370c3a7420e9706d0e 100644
--- a/src/org/jitsi/impl/neomedia/transform/dtls/TlsClientImpl.java
+++ b/src/org/jitsi/impl/neomedia/transform/dtls/TlsClientImpl.java
@@ -80,6 +80,30 @@ int getChosenProtectionProfile()
return chosenProtectionProfile;
}
+ /**
+ * {@inheritDoc}
+ *
+ * Overrides the super implementation to explicitly specify cipher suites
+ * which we know to be supported by Bouncy Castle. At the time of this
+ * writing, we know that Bouncy Castle implements Client Key Exchange only
+ * with <tt>TLS_ECDHE_WITH_XXX</tt> and <tt>TLS_RSA_WITH_XXX</tt>.
+ */
+ @Override
+ public int[] getCipherSuites()
+ {
+ return
+ new int[]
+ {
+/* core/src/main/java/org/bouncycastle/crypto/tls/DefaultTlsClient.java */
+ CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+ CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
+ CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+ CipherSuite.TLS_RSA_WITH_AES_128_GCM_SHA256,
+ CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA256,
+ CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA
+ };
+ }
+
/**
* {@inheritDoc}
*
diff --git a/src/org/jitsi/impl/neomedia/transform/dtls/TlsServerImpl.java b/src/org/jitsi/impl/neomedia/transform/dtls/TlsServerImpl.java
index e595827cdce4d6bb7ff292fb6b0e4e115a6fb967..c5828c8b56bd85adc7ebb93e629a005644b99cd0 100644
--- a/src/org/jitsi/impl/neomedia/transform/dtls/TlsServerImpl.java
+++ b/src/org/jitsi/impl/neomedia/transform/dtls/TlsServerImpl.java
@@ -77,6 +77,42 @@ int getChosenProtectionProfile()
return chosenProtectionProfile;
}
+ /**
+ * {@inheritDoc}
+ *
+ * Overrides the super implementation to explicitly specify cipher suites
+ * which we know to be supported by Bouncy Castle. At the time of this
+ * writing, we know that Bouncy Castle implements Client Key Exchange only
+ * with <tt>TLS_ECDHE_WITH_XXX</tt> and <tt>TLS_RSA_WITH_XXX</tt>.
+ */
+ @Override
+ protected int[] getCipherSuites()
+ {
+ return
+ new int[]
+ {
+/* core/src/main/java/org/bouncycastle/crypto/tls/DefaultTlsServer.java */
+ CipherSuite.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+ CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+ CipherSuite.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
+ CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
+ CipherSuite.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+ CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+ CipherSuite.TLS_RSA_WITH_AES_256_GCM_SHA384,
+ CipherSuite.TLS_RSA_WITH_AES_128_GCM_SHA256,
+ CipherSuite.TLS_RSA_WITH_AES_256_CBC_SHA256,
+ CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA256,
+ CipherSuite.TLS_RSA_WITH_AES_256_CBC_SHA,
+ CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA
+/* core/src/test/java/org/bouncycastle/crypto/tls/test/MockDTLSServer.java */
+// CipherSuite.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
+// CipherSuite.TLS_ECDHE_RSA_WITH_ESTREAM_SALSA20_SHA1,
+// CipherSuite.TLS_ECDHE_RSA_WITH_SALSA20_SHA1,
+// CipherSuite.TLS_RSA_WITH_ESTREAM_SALSA20_SHA1,
+// CipherSuite.TLS_RSA_WITH_SALSA20_SHA1
+ };
+ }
+
/**
* Gets the <tt>TlsContext</tt> with which this <tt>TlsServer</tt> has been
* initialized.