From a9f4661a948f2b0fb07421cbc4086bd0d924baa8 Mon Sep 17 00:00:00 2001
From: Lyubomir Marinov <lyubomir.marinov@jitsi.org>
Date: Mon, 12 May 2014 10:21:11 +0300
Subject: [PATCH] Fixes the list of cipher suites supported by the DTLS server
so that it reflects the capabilities of the actual Bouncy Castle
implementations at this time.
---
.../transform/dtls/TlsClientImpl.java | 24 +++++++++++++
.../transform/dtls/TlsServerImpl.java | 36 +++++++++++++++++++
2 files changed, 60 insertions(+)
diff --git a/src/org/jitsi/impl/neomedia/transform/dtls/TlsClientImpl.java b/src/org/jitsi/impl/neomedia/transform/dtls/TlsClientImpl.java
index cc9c5aaa..2c307448 100644
--- a/src/org/jitsi/impl/neomedia/transform/dtls/TlsClientImpl.java
+++ b/src/org/jitsi/impl/neomedia/transform/dtls/TlsClientImpl.java
@@ -80,6 +80,30 @@ int getChosenProtectionProfile()
return chosenProtectionProfile;
}
+ /**
+ * {@inheritDoc}
+ *
+ * Overrides the super implementation to explicitly specify cipher suites
+ * which we know to be supported by Bouncy Castle. At the time of this
+ * writing, we know that Bouncy Castle implements Client Key Exchange only
+ * with <tt>TLS_ECDHE_WITH_XXX</tt> and <tt>TLS_RSA_WITH_XXX</tt>.
+ */
+ @Override
+ public int[] getCipherSuites()
+ {
+ return
+ new int[]
+ {
+/* core/src/main/java/org/bouncycastle/crypto/tls/DefaultTlsClient.java */
+ CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+ CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
+ CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+ CipherSuite.TLS_RSA_WITH_AES_128_GCM_SHA256,
+ CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA256,
+ CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA
+ };
+ }
+
/**
* {@inheritDoc}
*
diff --git a/src/org/jitsi/impl/neomedia/transform/dtls/TlsServerImpl.java b/src/org/jitsi/impl/neomedia/transform/dtls/TlsServerImpl.java
index e595827c..c5828c8b 100644
--- a/src/org/jitsi/impl/neomedia/transform/dtls/TlsServerImpl.java
+++ b/src/org/jitsi/impl/neomedia/transform/dtls/TlsServerImpl.java
@@ -77,6 +77,42 @@ int getChosenProtectionProfile()
return chosenProtectionProfile;
}
+ /**
+ * {@inheritDoc}
+ *
+ * Overrides the super implementation to explicitly specify cipher suites
+ * which we know to be supported by Bouncy Castle. At the time of this
+ * writing, we know that Bouncy Castle implements Client Key Exchange only
+ * with <tt>TLS_ECDHE_WITH_XXX</tt> and <tt>TLS_RSA_WITH_XXX</tt>.
+ */
+ @Override
+ protected int[] getCipherSuites()
+ {
+ return
+ new int[]
+ {
+/* core/src/main/java/org/bouncycastle/crypto/tls/DefaultTlsServer.java */
+ CipherSuite.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+ CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+ CipherSuite.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
+ CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
+ CipherSuite.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+ CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+ CipherSuite.TLS_RSA_WITH_AES_256_GCM_SHA384,
+ CipherSuite.TLS_RSA_WITH_AES_128_GCM_SHA256,
+ CipherSuite.TLS_RSA_WITH_AES_256_CBC_SHA256,
+ CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA256,
+ CipherSuite.TLS_RSA_WITH_AES_256_CBC_SHA,
+ CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA
+/* core/src/test/java/org/bouncycastle/crypto/tls/test/MockDTLSServer.java */
+// CipherSuite.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
+// CipherSuite.TLS_ECDHE_RSA_WITH_ESTREAM_SALSA20_SHA1,
+// CipherSuite.TLS_ECDHE_RSA_WITH_SALSA20_SHA1,
+// CipherSuite.TLS_RSA_WITH_ESTREAM_SALSA20_SHA1,
+// CipherSuite.TLS_RSA_WITH_SALSA20_SHA1
+ };
+ }
+
/**
* Gets the <tt>TlsContext</tt> with which this <tt>TlsServer</tt> has been
* initialized.
--
GitLab