1 /* 2 * ==================================================================== 3 * Licensed to the Apache Software Foundation (ASF) under one 4 * or more contributor license agreements. See the NOTICE file 5 * distributed with this work for additional information 6 * regarding copyright ownership. The ASF licenses this file 7 * to you under the Apache License, Version 2.0 (the 8 * "License"); you may not use this file except in compliance 9 * with the License. You may obtain a copy of the License at 10 * 11 * http://www.apache.org/licenses/LICENSE-2.0 12 * 13 * Unless required by applicable law or agreed to in writing, 14 * software distributed under the License is distributed on an 15 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 16 * KIND, either express or implied. See the License for the 17 * specific language governing permissions and limitations 18 * under the License. 19 * ==================================================================== 20 * 21 * This software consists of voluntary contributions made by many 22 * individuals on behalf of the Apache Software Foundation. For more 23 * information on the Apache Software Foundation, please see 24 * <http://www.apache.org/>. 25 * 26 */ 27 28 package org.apache.hc.core5.http.nio.ssl; 29 30 import javax.net.ssl.SSLEngine; 31 import javax.net.ssl.SSLParameters; 32 33 import org.apache.hc.core5.http.ssl.TLS; 34 import org.apache.hc.core5.http.ssl.TlsCiphers; 35 import org.apache.hc.core5.net.NamedEndpoint; 36 import org.apache.hc.core5.reactor.ssl.SSLSessionInitializer; 37 38 /** 39 * HTTP/1.1 TLS support methods 40 * 41 * @since 5.0 42 */ 43 public final class TlsSupport { 44 45 public static SSLSessionInitializerizer.html#SSLSessionInitializer">SSLSessionInitializer enforceStrongSecurity(final SSLSessionInitializer initializer) { 46 return new SSLSessionInitializer() { 47 48 @Override 49 public void initialize(final NamedEndpoint endpoint, final SSLEngine sslEngine) { 50 final SSLParameters sslParameters = sslEngine.getSSLParameters(); 51 sslParameters.setProtocols(TLS.excludeWeak(sslParameters.getProtocols())); 52 sslParameters.setCipherSuites(TlsCiphers.excludeWeak(sslParameters.getCipherSuites())); 53 sslEngine.setSSLParameters(sslParameters); 54 if (initializer != null) { 55 initializer.initialize(endpoint, sslEngine); 56 } 57 } 58 59 }; 60 } 61 62 }