1 // 2 // ======================================================================== 3 // Copyright (c) 1995-2013 Mort Bay Consulting Pty. Ltd. 4 // ------------------------------------------------------------------------ 5 // All rights reserved. This program and the accompanying materials 6 // are made available under the terms of the Eclipse Public License v1.0 7 // and Apache License v2.0 which accompanies this distribution. 8 // 9 // The Eclipse Public License is available at 10 // http://www.eclipse.org/legal/epl-v10.html 11 // 12 // The Apache License v2.0 is available at 13 // http://www.opensource.org/licenses/apache2.0.php 14 // 15 // You may elect to redistribute this code under either of these licenses. 16 // ======================================================================== 17 // 18 19 package org.eclipse.jetty.server.ssl; 20 21 /* --------------------------------------------------------------------- */ 22 /** 23 * Jetty Servlet SSL support utilities. 24 * <p> 25 * A collection of utilities required to support the SSL requirements of the Servlet 2.2 and 2.3 26 * specs. 27 * 28 * <p> 29 * Used by the SSL listener classes. 30 * 31 * 32 */ 33 public class ServletSSL 34 { 35 /* ------------------------------------------------------------ */ 36 /** 37 * Given the name of a TLS/SSL cipher suite, return an int representing it effective stream 38 * cipher key strength. i.e. How much entropy material is in the key material being fed into the 39 * encryption routines. 40 * 41 * <p> 42 * This is based on the information on effective key lengths in RFC 2246 - The TLS Protocol 43 * Version 1.0, Appendix C. CipherSuite definitions: 44 * 45 * <pre> 46 * Effective 47 * Cipher Type Key Bits 48 * 49 * NULL * Stream 0 50 * IDEA_CBC Block 128 51 * RC2_CBC_40 * Block 40 52 * RC4_40 * Stream 40 53 * RC4_128 Stream 128 54 * DES40_CBC * Block 40 55 * DES_CBC Block 56 56 * 3DES_EDE_CBC Block 168 57 * </pre> 58 * 59 * @param cipherSuite String name of the TLS cipher suite. 60 * @return int indicating the effective key entropy bit-length. 61 */ 62 public static int deduceKeyLength(String cipherSuite) 63 { 64 // Roughly ordered from most common to least common. 65 if (cipherSuite == null) 66 return 0; 67 else if (cipherSuite.indexOf("WITH_AES_256_") >= 0) 68 return 256; 69 else if (cipherSuite.indexOf("WITH_RC4_128_") >= 0) 70 return 128; 71 else if (cipherSuite.indexOf("WITH_AES_128_") >= 0) 72 return 128; 73 else if (cipherSuite.indexOf("WITH_RC4_40_") >= 0) 74 return 40; 75 else if (cipherSuite.indexOf("WITH_3DES_EDE_CBC_") >= 0) 76 return 168; 77 else if (cipherSuite.indexOf("WITH_IDEA_CBC_") >= 0) 78 return 128; 79 else if (cipherSuite.indexOf("WITH_RC2_CBC_40_") >= 0) 80 return 40; 81 else if (cipherSuite.indexOf("WITH_DES40_CBC_") >= 0) 82 return 40; 83 else if (cipherSuite.indexOf("WITH_DES_CBC_") >= 0) 84 return 56; 85 else 86 return 0; 87 } 88 }