diff --git a/src/main/java/org/jruby/ext/openssl/CipherStrings.java b/src/main/java/org/jruby/ext/openssl/CipherStrings.java index afda2819..c121919b 100644 --- a/src/main/java/org/jruby/ext/openssl/CipherStrings.java +++ b/src/main/java/org/jruby/ext/openssl/CipherStrings.java @@ -562,10 +562,16 @@ static Collection matchingCiphers(final String cipherString, final String[] private static Collection matchingExact(final String name, final String[] all, final boolean setSuite) { - final Def pattern = Definitions.get(name); + Def pattern = Definitions.get(name); if ( pattern != null ) { return matchingPattern(pattern, all, true, setSuite); } + else { + Def cipher = CipherNames.get(name); + if (cipher != null) { + return Collections.singleton(cipher); + } + } return null; // Collections.emptyList(); } diff --git a/src/main/java/org/jruby/ext/openssl/SSLContext.java b/src/main/java/org/jruby/ext/openssl/SSLContext.java index cb02f440..7d1ac22c 100644 --- a/src/main/java/org/jruby/ext/openssl/SSLContext.java +++ b/src/main/java/org/jruby/ext/openssl/SSLContext.java @@ -518,7 +518,11 @@ else if ( ciphers instanceof RubyArray ) { StringBuilder cipherStr = new StringBuilder(); String sep = ""; for ( int i = 0; i < ciphs.size(); i++ ) { - cipherStr.append(sep).append( ciphs.eltInternal(i).toString() ); + IRubyObject elem = ciphs.eltInternal(i); + if (elem instanceof RubyArray) { + elem = ((RubyArray) elem).eltInternal(0); + } + cipherStr.append(sep).append( elem.toString() ); sep = ":"; } this.ciphers = cipherStr.toString(); diff --git a/src/test/ruby/ssl/test_context.rb b/src/test/ruby/ssl/test_context.rb index ef565ff0..52d8de78 100644 --- a/src/test/ruby/ssl/test_context.rb +++ b/src/test/ruby/ssl/test_context.rb @@ -184,6 +184,39 @@ def test_context_ciphers assert_equal [], diff end unless java7? # would need to filter out stuff such as ECDHE-RSA-AES128-GCM-SHA256 + def test_set_ciphers_by_group_name + context = OpenSSL::SSL::SSLContext.new + context.ciphers = "AES" + + actual = context.ciphers.map { |cipher| cipher[0]} + assert actual.include?("ECDHE-RSA-AES128-SHA") + assert actual.include?("ECDHE-ECDSA-AES128-SHA") + assert actual.include?("AES128-SHA") + end + + def test_set_ciphers_by_cipher_name + context = OpenSSL::SSL::SSLContext.new + context.ciphers = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384" + actual = context.ciphers.map { |cipher| cipher[0]} + assert actual.include?("ECDHE-ECDSA-AES128-GCM-SHA256") + assert actual.include?("ECDHE-ECDSA-AES256-GCM-SHA384") + end + + def test_set_ciphers_by_array_of_names + context = OpenSSL::SSL::SSLContext.new + context.ciphers = ["ECDHE-ECDSA-AES128-GCM-SHA256", "ECDHE-ECDSA-AES256-GCM-SHA384"] + actual = context.ciphers.map { |cipher| cipher[0]} + assert actual.include?("ECDHE-ECDSA-AES128-GCM-SHA256") + assert actual.include?("ECDHE-ECDSA-AES256-GCM-SHA384") + end + + def test_set_ciphers_by_array_of_name_version_bits + context = OpenSSL::SSL::SSLContext.new + context.ciphers = [["ECDHE-ECDSA-AES128-GCM-SHA256", "TLSv1.2", 128, 128]] + actual = context.ciphers.map { |cipher| cipher[0]} + assert actual.include?("ECDHE-ECDSA-AES128-GCM-SHA256") + end + def test_set_ciphers_empty_array context = OpenSSL::SSL::SSLContext.new ex = assert_raise(OpenSSL::SSL::SSLError) do