mirror of
https://github.com/github/codeql.git
synced 2026-06-28 08:07:04 +02:00
125 lines
4.2 KiB
Java
125 lines
4.2 KiB
Java
import java.io.IOException;
|
|
import java.security.NoSuchAlgorithmException;
|
|
import javax.net.ssl.SSLContext;
|
|
import javax.net.ssl.SSLEngine;
|
|
import javax.net.ssl.SSLParameters;
|
|
import javax.net.ssl.SSLServerSocket;
|
|
import javax.net.ssl.SSLServerSocketFactory;
|
|
import javax.net.ssl.SSLSocket;
|
|
import javax.net.ssl.SSLSocketFactory;
|
|
|
|
public class UnsafeTlsVersion {
|
|
|
|
public static void testSslContextWithProtocol() throws NoSuchAlgorithmException {
|
|
|
|
// unsafe
|
|
SSLContext.getInstance("SSL"); // $ Alert
|
|
SSLContext.getInstance("SSLv2"); // $ Alert
|
|
SSLContext.getInstance("SSLv3"); // $ Alert
|
|
SSLContext.getInstance("TLS"); // $ Alert
|
|
SSLContext.getInstance("TLSv1"); // $ Alert
|
|
SSLContext.getInstance("TLSv1.1"); // $ Alert
|
|
|
|
// safe
|
|
SSLContext.getInstance("TLSv1.2");
|
|
SSLContext.getInstance("TLSv1.3");
|
|
}
|
|
|
|
public static void testCreateSslParametersWithProtocol(String[] cipherSuites) {
|
|
|
|
// unsafe
|
|
createSslParameters(cipherSuites, "SSLv3"); // $ Source
|
|
createSslParameters(cipherSuites, "TLS"); // $ Source
|
|
createSslParameters(cipherSuites, "TLSv1"); // $ Source
|
|
createSslParameters(cipherSuites, "TLSv1.1"); // $ Source
|
|
createSslParameters(cipherSuites, "TLSv1", "TLSv1.1", "TLSv1.2"); // $ Source
|
|
createSslParameters(cipherSuites, "TLSv1.2");
|
|
|
|
// safe
|
|
createSslParameters(cipherSuites, "TLSv1.2");
|
|
createSslParameters(cipherSuites, "TLSv1.3");
|
|
}
|
|
|
|
public static SSLParameters createSslParameters(String[] cipherSuites, String... protocols) {
|
|
return new SSLParameters(cipherSuites, protocols); // $ Alert
|
|
}
|
|
|
|
public static void testSettingProtocolsForSslParameters() {
|
|
|
|
// unsafe
|
|
new SSLParameters().setProtocols(new String[] { "SSLv3" }); // $ Alert
|
|
new SSLParameters().setProtocols(new String[] { "TLS" }); // $ Alert
|
|
new SSLParameters().setProtocols(new String[] { "TLSv1" }); // $ Alert
|
|
new SSLParameters().setProtocols(new String[] { "TLSv1.1" }); // $ Alert
|
|
|
|
SSLParameters parameters = new SSLParameters();
|
|
parameters.setProtocols(new String[] { "TLSv1.1", "TLSv1.2" }); // $ Alert
|
|
|
|
// safe
|
|
new SSLParameters().setProtocols(new String[] { "TLSv1.2" });
|
|
|
|
parameters = new SSLParameters();
|
|
parameters.setProtocols(new String[] { "TLSv1.2", "TLSv1.3" });
|
|
}
|
|
|
|
public static void testSettingProtocolForSslSocket() throws IOException {
|
|
|
|
// unsafe
|
|
createSslSocket("SSLv3"); // $ Source
|
|
createSslSocket("TLS"); // $ Source
|
|
createSslSocket("TLSv1"); // $ Source
|
|
createSslSocket("TLSv1.1"); // $ Source
|
|
createSslSocket("TLSv1.1", "TLSv1.2"); // $ Source
|
|
|
|
// safe
|
|
createSslSocket("TLSv1.2");
|
|
createSslSocket("TLSv1.3");
|
|
}
|
|
|
|
public static SSLSocket createSslSocket(String... protocols) throws IOException {
|
|
SSLSocket socket = (SSLSocket) SSLSocketFactory.getDefault().createSocket();
|
|
socket.setEnabledProtocols(protocols); // $ Alert
|
|
return socket;
|
|
}
|
|
|
|
public static void testSettingProtocolForSslServerSocket() throws IOException {
|
|
|
|
// unsafe
|
|
createSslServerSocket("SSLv3"); // $ Source
|
|
createSslServerSocket("TLS"); // $ Source
|
|
createSslServerSocket("TLSv1"); // $ Source
|
|
createSslServerSocket("TLSv1.1"); // $ Source
|
|
createSslServerSocket("TLSv1.1", "TLSv1.2"); // $ Source
|
|
|
|
// safe
|
|
createSslServerSocket("TLSv1.2");
|
|
createSslServerSocket("TLSv1.3");
|
|
}
|
|
|
|
public static SSLServerSocket createSslServerSocket(String... protocols) throws IOException {
|
|
SSLServerSocket socket = (SSLServerSocket) SSLServerSocketFactory.getDefault().createServerSocket();
|
|
socket.setEnabledProtocols(protocols); // $ Alert
|
|
return socket;
|
|
}
|
|
|
|
public static void testSettingProtocolForSslEngine() throws NoSuchAlgorithmException {
|
|
|
|
// unsafe
|
|
createSslEngine("SSLv3"); // $ Source
|
|
createSslEngine("TLS"); // $ Source
|
|
createSslEngine("TLSv1"); // $ Source
|
|
createSslEngine("TLSv1.1"); // $ Source
|
|
createSslEngine("TLSv1.1", "TLSv1.2"); // $ Source
|
|
|
|
// safe
|
|
createSslEngine("TLSv1.2");
|
|
createSslEngine("TLSv1.3");
|
|
}
|
|
|
|
public static SSLEngine createSslEngine(String... protocols) throws NoSuchAlgorithmException {
|
|
SSLEngine engine = SSLContext.getDefault().createSSLEngine();
|
|
engine.setEnabledProtocols(protocols); // $ Alert
|
|
return engine;
|
|
}
|
|
}
|