1 /* 2 * ==================================================================== 3 * Licensed to the Apache Software Foundation (ASF) under one 4 * or more contributor license agreements. See the NOTICE file 5 * distributed with this work for additional information 6 * regarding copyright ownership. The ASF licenses this file 7 * to you under the Apache License, Version 2.0 (the 8 * "License"); you may not use this file except in compliance 9 * with the License. You may obtain a copy of the License at 10 * 11 * http://www.apache.org/licenses/LICENSE-2.0 12 * 13 * Unless required by applicable law or agreed to in writing, 14 * software distributed under the License is distributed on an 15 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 16 * KIND, either express or implied. See the License for the 17 * specific language governing permissions and limitations 18 * under the License. 19 * ==================================================================== 20 * 21 * This software consists of voluntary contributions made by many 22 * individuals on behalf of the Apache Software Foundation. For more 23 * information on the Apache Software Foundation, please see 24 * <http://www.apache.org/>. 25 * 26 */ 27 28 package org.apache.hc.core5.http.io.ssl; 29 30 import javax.net.ssl.SSLParameters; 31 32 import org.apache.hc.core5.function.Callback; 33 import org.apache.hc.core5.http.URIScheme; 34 import org.apache.hc.core5.http.ssl.TLS; 35 import org.apache.hc.core5.http.ssl.TlsCiphers; 36 37 /** 38 * Default TLS session setup handler. 39 * 40 * @since 5.0 41 */ 42 public final class DefaultTlsSetupHandler implements Callback<SSLParameters> { 43 44 public final static DefaultTlsSetupHandler SERVER = new DefaultTlsSetupHandler(false); 45 public final static DefaultTlsSetupHandler CLIENT = new DefaultTlsSetupHandler(true); 46 47 private final boolean client; 48 49 public DefaultTlsSetupHandler() { 50 this.client = false; 51 } 52 53 /** 54 * @since 5.3 55 */ 56 public DefaultTlsSetupHandler(final boolean client) { 57 this.client = client; 58 } 59 60 @Override 61 public void execute(final SSLParameters sslParameters) { 62 sslParameters.setProtocols(TLS.excludeWeak(sslParameters.getProtocols())); 63 sslParameters.setCipherSuites(TlsCiphers.excludeWeak(sslParameters.getCipherSuites())); 64 if (client) { 65 sslParameters.setEndpointIdentificationAlgorithm(URIScheme.HTTPS.id); 66 } 67 } 68 69 }