View Javadoc

1   //
2   //  ========================================================================
3   //  Copyright (c) 1995-2016 Mort Bay Consulting Pty. Ltd.
4   //  ------------------------------------------------------------------------
5   //  All rights reserved. This program and the accompanying materials
6   //  are made available under the terms of the Eclipse Public License v1.0
7   //  and Apache License v2.0 which accompanies this distribution.
8   //
9   //      The Eclipse Public License is available at
10  //      http://www.eclipse.org/legal/epl-v10.html
11  //
12  //      The Apache License v2.0 is available at
13  //      http://www.opensource.org/licenses/apache2.0.php
14  //
15  //  You may elect to redistribute this code under either of these licenses.
16  //  ========================================================================
17  //
18  
19  package org.eclipse.jetty.http2;
20  
21  import java.util.Comparator;
22  
23  import org.eclipse.jetty.util.ArrayTrie;
24  import org.eclipse.jetty.util.Trie;
25  
26  public class HTTP2Cipher
27  {
28      public static final Comparator<String> COMPARATOR = new CipherComparator();
29  
30      private final static Trie<Boolean> __blackProtocols = new ArrayTrie<>(6*5);
31      private final static Trie<Boolean> __blackCiphers = new ArrayTrie<>(275*40);
32  
33      static
34      {
35          for (String p : new String[]
36          {
37                  "TLSv1.2","TLSv1.1", "TLSv1", "SSL", "SSLv2", "SSLv3"
38          })
39          {
40              __blackProtocols.put(p,Boolean.TRUE);
41          }
42  
43          for (String c : new String[]
44          {
45              "TLS_NULL_WITH_NULL_NULL",
46              "TLS_RSA_WITH_NULL_MD5",
47              "TLS_RSA_WITH_NULL_SHA",
48              "TLS_RSA_EXPORT_WITH_RC4_40_MD5",
49              "TLS_RSA_WITH_RC4_128_MD5",
50              "TLS_RSA_WITH_RC4_128_SHA",
51              "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5",
52              "TLS_RSA_WITH_IDEA_CBC_SHA",
53              "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA",
54              "TLS_RSA_WITH_DES_CBC_SHA",
55              "TLS_RSA_WITH_3DES_EDE_CBC_SHA",
56              "TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA",
57              "TLS_DH_DSS_WITH_DES_CBC_SHA",
58              "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA",
59              "TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA",
60              "TLS_DH_RSA_WITH_DES_CBC_SHA",
61              "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA",
62              "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA",
63              "TLS_DHE_DSS_WITH_DES_CBC_SHA",
64              "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA",
65              "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
66              "TLS_DHE_RSA_WITH_DES_CBC_SHA",
67              "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
68              "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5",
69              "TLS_DH_anon_WITH_RC4_128_MD5",
70              "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA",
71              "TLS_DH_anon_WITH_DES_CBC_SHA",
72              "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA",
73              "TLS_KRB5_WITH_DES_CBC_SHA",
74              "TLS_KRB5_WITH_3DES_EDE_CBC_SHA",
75              "TLS_KRB5_WITH_RC4_128_SHA",
76              "TLS_KRB5_WITH_IDEA_CBC_SHA",
77              "TLS_KRB5_WITH_DES_CBC_MD5",
78              "TLS_KRB5_WITH_3DES_EDE_CBC_MD5",
79              "TLS_KRB5_WITH_RC4_128_MD5",
80              "TLS_KRB5_WITH_IDEA_CBC_MD5",
81              "TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA",
82              "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA",
83              "TLS_KRB5_EXPORT_WITH_RC4_40_SHA",
84              "TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5",
85              "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5",
86              "TLS_KRB5_EXPORT_WITH_RC4_40_MD5",
87              "TLS_PSK_WITH_NULL_SHA",
88              "TLS_DHE_PSK_WITH_NULL_SHA",
89              "TLS_RSA_PSK_WITH_NULL_SHA",
90              "TLS_RSA_WITH_AES_128_CBC_SHA",
91              "TLS_DH_DSS_WITH_AES_128_CBC_SHA",
92              "TLS_DH_RSA_WITH_AES_128_CBC_SHA",
93              "TLS_DHE_DSS_WITH_AES_128_CBC_SHA",
94              "TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
95              "TLS_DH_anon_WITH_AES_128_CBC_SHA",
96              "TLS_RSA_WITH_AES_256_CBC_SHA",
97              "TLS_DH_DSS_WITH_AES_256_CBC_SHA",
98              "TLS_DH_RSA_WITH_AES_256_CBC_SHA",
99              "TLS_DHE_DSS_WITH_AES_256_CBC_SHA",
100             "TLS_DHE_RSA_WITH_AES_256_CBC_SHA",
101             "TLS_DH_anon_WITH_AES_256_CBC_SHA",
102             "TLS_RSA_WITH_NULL_SHA256",
103             "TLS_RSA_WITH_AES_128_CBC_SHA256",
104             "TLS_RSA_WITH_AES_256_CBC_SHA256",
105             "TLS_DH_DSS_WITH_AES_128_CBC_SHA256",
106             "TLS_DH_RSA_WITH_AES_128_CBC_SHA256",
107             "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256",
108             "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA",
109             "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA",
110             "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA",
111             "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA",
112             "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA",
113             "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA",
114             "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256",
115             "TLS_DH_DSS_WITH_AES_256_CBC_SHA256",
116             "TLS_DH_RSA_WITH_AES_256_CBC_SHA256",
117             "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256",
118             "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256",
119             "TLS_DH_anon_WITH_AES_128_CBC_SHA256",
120             "TLS_DH_anon_WITH_AES_256_CBC_SHA256",
121             "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA",
122             "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA",
123             "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA",
124             "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA",
125             "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA",
126             "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA",
127             "TLS_PSK_WITH_RC4_128_SHA",
128             "TLS_PSK_WITH_3DES_EDE_CBC_SHA",
129             "TLS_PSK_WITH_AES_128_CBC_SHA",
130             "TLS_PSK_WITH_AES_256_CBC_SHA",
131             "TLS_DHE_PSK_WITH_RC4_128_SHA",
132             "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA",
133             "TLS_DHE_PSK_WITH_AES_128_CBC_SHA",
134             "TLS_DHE_PSK_WITH_AES_256_CBC_SHA",
135             "TLS_RSA_PSK_WITH_RC4_128_SHA",
136             "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA",
137             "TLS_RSA_PSK_WITH_AES_128_CBC_SHA",
138             "TLS_RSA_PSK_WITH_AES_256_CBC_SHA",
139             "TLS_RSA_WITH_SEED_CBC_SHA",
140             "TLS_DH_DSS_WITH_SEED_CBC_SHA",
141             "TLS_DH_RSA_WITH_SEED_CBC_SHA",
142             "TLS_DHE_DSS_WITH_SEED_CBC_SHA",
143             "TLS_DHE_RSA_WITH_SEED_CBC_SHA",
144             "TLS_DH_anon_WITH_SEED_CBC_SHA",
145             "TLS_RSA_WITH_AES_128_GCM_SHA256",
146             "TLS_RSA_WITH_AES_256_GCM_SHA384",
147             "TLS_DH_RSA_WITH_AES_128_GCM_SHA256",
148             "TLS_DH_RSA_WITH_AES_256_GCM_SHA384",
149             "TLS_DH_DSS_WITH_AES_128_GCM_SHA256",
150             "TLS_DH_DSS_WITH_AES_256_GCM_SHA384",
151             "TLS_DH_anon_WITH_AES_128_GCM_SHA256",
152             "TLS_DH_anon_WITH_AES_256_GCM_SHA384",
153             "TLS_PSK_WITH_AES_128_GCM_SHA256",
154             "TLS_PSK_WITH_AES_256_GCM_SHA384",
155             "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256",
156             "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384",
157             "TLS_PSK_WITH_AES_128_CBC_SHA256",
158             "TLS_PSK_WITH_AES_256_CBC_SHA384",
159             "TLS_PSK_WITH_NULL_SHA256",
160             "TLS_PSK_WITH_NULL_SHA384",
161             "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256",
162             "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384",
163             "TLS_DHE_PSK_WITH_NULL_SHA256",
164             "TLS_DHE_PSK_WITH_NULL_SHA384",
165             "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256",
166             "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384",
167             "TLS_RSA_PSK_WITH_NULL_SHA256",
168             "TLS_RSA_PSK_WITH_NULL_SHA384",
169             "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256",
170             "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256",
171             "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256",
172             "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256",
173             "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256",
174             "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256",
175             "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256",
176             "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256",
177             "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256",
178             "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256",
179             "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256",
180             "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256",
181             "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
182             "TLS_ECDH_ECDSA_WITH_NULL_SHA",
183             "TLS_ECDH_ECDSA_WITH_RC4_128_SHA",
184             "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA",
185             "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA",
186             "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA",
187             "TLS_ECDHE_ECDSA_WITH_NULL_SHA",
188             "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
189             "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA",
190             "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
191             "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
192             "TLS_ECDH_RSA_WITH_NULL_SHA",
193             "TLS_ECDH_RSA_WITH_RC4_128_SHA",
194             "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA",
195             "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA",
196             "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA",
197             "TLS_ECDHE_RSA_WITH_NULL_SHA",
198             "TLS_ECDHE_RSA_WITH_RC4_128_SHA",
199             "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",
200             "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
201             "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
202             "TLS_ECDH_anon_WITH_NULL_SHA",
203             "TLS_ECDH_anon_WITH_RC4_128_SHA",
204             "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA",
205             "TLS_ECDH_anon_WITH_AES_128_CBC_SHA",
206             "TLS_ECDH_anon_WITH_AES_256_CBC_SHA",
207             "TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA",
208             "TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA",
209             "TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA",
210             "TLS_SRP_SHA_WITH_AES_128_CBC_SHA",
211             "TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA",
212             "TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA",
213             "TLS_SRP_SHA_WITH_AES_256_CBC_SHA",
214             "TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA",
215             "TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA",
216             "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
217             "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
218             "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256",
219             "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384",
220             "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
221             "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
222             "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256",
223             "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384",
224             "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256",
225             "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384",
226             "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256",
227             "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384",
228             "TLS_ECDHE_PSK_WITH_RC4_128_SHA",
229             "TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA",
230             "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA",
231             "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA",
232             "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256",
233             "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384",
234             "TLS_ECDHE_PSK_WITH_NULL_SHA",
235             "TLS_ECDHE_PSK_WITH_NULL_SHA256",
236             "TLS_ECDHE_PSK_WITH_NULL_SHA384",
237             "TLS_RSA_WITH_ARIA_128_CBC_SHA256",
238             "TLS_RSA_WITH_ARIA_256_CBC_SHA384",
239             "TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256",
240             "TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384",
241             "TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256",
242             "TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384",
243             "TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256",
244             "TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384",
245             "TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256",
246             "TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384",
247             "TLS_DH_anon_WITH_ARIA_128_CBC_SHA256",
248             "TLS_DH_anon_WITH_ARIA_256_CBC_SHA384",
249             "TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256",
250             "TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384",
251             "TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256",
252             "TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384",
253             "TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256",
254             "TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384",
255             "TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256",
256             "TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384",
257             "TLS_RSA_WITH_ARIA_128_GCM_SHA256",
258             "TLS_RSA_WITH_ARIA_256_GCM_SHA384",
259             "TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256",
260             "TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384",
261             "TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256",
262             "TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384",
263             "TLS_DH_anon_WITH_ARIA_128_GCM_SHA256",
264             "TLS_DH_anon_WITH_ARIA_256_GCM_SHA384",
265             "TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256",
266             "TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384",
267             "TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256",
268             "TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384",
269             "TLS_PSK_WITH_ARIA_128_CBC_SHA256",
270             "TLS_PSK_WITH_ARIA_256_CBC_SHA384",
271             "TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256",
272             "TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384",
273             "TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256",
274             "TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384",
275             "TLS_PSK_WITH_ARIA_128_GCM_SHA256",
276             "TLS_PSK_WITH_ARIA_256_GCM_SHA384",
277             "TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256",
278             "TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384",
279             "TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256",
280             "TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384",
281             "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256",
282             "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384",
283             "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256",
284             "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384",
285             "TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256",
286             "TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384",
287             "TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256",
288             "TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384",
289             "TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256",
290             "TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384",
291             "TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256",
292             "TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384",
293             "TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256",
294             "TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384",
295             "TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256",
296             "TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384",
297             "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256",
298             "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384",
299             "TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256",
300             "TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384",
301             "TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256",
302             "TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384",
303             "TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256",
304             "TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384",
305             "TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256",
306             "TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384",
307             "TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256",
308             "TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384",
309             "TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256",
310             "TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384",
311             "TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256",
312             "TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384",
313             "TLS_RSA_WITH_AES_128_CCM",
314             "TLS_RSA_WITH_AES_256_CCM",
315             "TLS_RSA_WITH_AES_128_CCM_8",
316             "TLS_RSA_WITH_AES_256_CCM_8",
317             "TLS_PSK_WITH_AES_128_CCM",
318             "TLS_PSK_WITH_AES_256_CCM",
319             "TLS_PSK_WITH_AES_128_CCM_8",
320             "TLS_PSK_WITH_AES_256_CCM_8"
321         })
322         {
323             __blackCiphers.put(c,Boolean.TRUE);
324         }
325     }
326 
327     public static boolean isBlackListProtocol(String tlsProtocol)
328     {
329         Boolean b = __blackProtocols.get(tlsProtocol);
330         return b != null && b;
331     }
332 
333     public static boolean isBlackListCipher(String tlsCipher)
334     {
335         Boolean b = __blackCiphers.get(tlsCipher);
336         return b != null && b;
337     }
338 
339     /**
340      * Comparator that orders non blacklisted ciphers before blacklisted ones.
341      */
342     public static class CipherComparator implements Comparator<String>
343     {
344         @Override
345         public int compare(String c1, String c2)
346         {
347             boolean b1=isBlackListCipher(c1);
348             boolean b2=isBlackListCipher(c2);
349             if (b1==b2)
350                 return 0;
351             if (b1)
352                 return 1;
353             return -1;
354         }
355     }
356 }