1 // ======================================================================== 2 // Copyright (c) 2001-2009 Mort Bay Consulting Pty. Ltd. 3 // ------------------------------------------------------------------------ 4 // All rights reserved. This program and the accompanying materials 5 // are made available under the terms of the Eclipse Public License v1.0 6 // and Apache License v2.0 which accompanies this distribution. 7 // The Eclipse Public License is available at 8 // http://www.eclipse.org/legal/epl-v10.html 9 // The Apache License v2.0 is available at 10 // http://www.opensource.org/licenses/apache2.0.php 11 // You may elect to redistribute this code under either of these licenses. 12 // ======================================================================== 13 14 package org.eclipse.jetty.server.ssl; 15 16 /* --------------------------------------------------------------------- */ 17 /** 18 * Jetty Servlet SSL support utilities. 19 * <p> 20 * A collection of utilities required to support the SSL requirements of the Servlet 2.2 and 2.3 21 * specs. 22 * 23 * <p> 24 * Used by the SSL listener classes. 25 * 26 * 27 */ 28 public class ServletSSL 29 { 30 /* ------------------------------------------------------------ */ 31 /** 32 * Given the name of a TLS/SSL cipher suite, return an int representing it effective stream 33 * cipher key strength. i.e. How much entropy material is in the key material being fed into the 34 * encryption routines. 35 * 36 * <p> 37 * This is based on the information on effective key lengths in RFC 2246 - The TLS Protocol 38 * Version 1.0, Appendix C. CipherSuite definitions: 39 * 40 * <pre> 41 * Effective 42 * Cipher Type Key Bits 43 * 44 * NULL * Stream 0 45 * IDEA_CBC Block 128 46 * RC2_CBC_40 * Block 40 47 * RC4_40 * Stream 40 48 * RC4_128 Stream 128 49 * DES40_CBC * Block 40 50 * DES_CBC Block 56 51 * 3DES_EDE_CBC Block 168 52 * </pre> 53 * 54 * @param cipherSuite String name of the TLS cipher suite. 55 * @return int indicating the effective key entropy bit-length. 56 */ 57 public static int deduceKeyLength(String cipherSuite) 58 { 59 // Roughly ordered from most common to least common. 60 if (cipherSuite == null) 61 return 0; 62 else if (cipherSuite.indexOf("WITH_AES_256_") >= 0) 63 return 256; 64 else if (cipherSuite.indexOf("WITH_RC4_128_") >= 0) 65 return 128; 66 else if (cipherSuite.indexOf("WITH_AES_128_") >= 0) 67 return 128; 68 else if (cipherSuite.indexOf("WITH_RC4_40_") >= 0) 69 return 40; 70 else if (cipherSuite.indexOf("WITH_3DES_EDE_CBC_") >= 0) 71 return 168; 72 else if (cipherSuite.indexOf("WITH_IDEA_CBC_") >= 0) 73 return 128; 74 else if (cipherSuite.indexOf("WITH_RC2_CBC_40_") >= 0) 75 return 40; 76 else if (cipherSuite.indexOf("WITH_DES40_CBC_") >= 0) 77 return 40; 78 else if (cipherSuite.indexOf("WITH_DES_CBC_") >= 0) 79 return 56; 80 else 81 return 0; 82 } 83 }