io.javalin.community.ssl.TLSConfig Maven / Gradle / Ivy

Go to download
package io.javalin.community.ssl;


import lombok.AccessLevel;
import lombok.Getter;
import lombok.Value;

/**
 * Data class for the SSL configuration.
 *
 * @see Security/Server Side TLS
 */
@Value
public class TLSConfig {

    private static final String GUIDELINES_VERSION = "5.5";

    /**
     * For modern clients that support TLS 1.3, with no need for backwards compatibility
     */
    @Getter(AccessLevel.NONE)
    public static TLSConfig MODERN = new TLSConfig(
        new String[]{"TLS_AES_128_GCM_SHA256", "TLS_AES_256_GCM_SHA384", "TLS_CHACHA20_POLY1305_SHA256"},
        new String[]{"TLSv1.3"});

    /**
     * Recommended configuration for a general-purpose server
     */
    @Getter(AccessLevel.NONE)
    public static TLSConfig INTERMEDIATE = new TLSConfig(
        new String[]{"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256", "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256", "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256"},
        new String[]{"TLSv1.2", "TLSv1.3"});

    /**
     * For services accessed by very old clients or libraries, such as Internet Explorer 8 (Windows XP), Java 6, or OpenSSL 0.9.8
     */
    @Getter(AccessLevel.NONE)
    public static TLSConfig OLD = new TLSConfig(
        new String[]{"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256", "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256", "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", "TLS_RSA_WITH_AES_128_GCM_SHA256", "TLS_RSA_WITH_AES_256_GCM_SHA384", "TLS_RSA_WITH_AES_128_CBC_SHA256", "TLS_RSA_WITH_AES_256_CBC_SHA256", "TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_RSA_WITH_AES_256_CBC_SHA", "TLS_RSA_WITH_3DES_EDE_CBC_SHA"},
        new String[]{"TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"});


    /**
     * String array of cipher suites to use, following the guidelines in the  Jetty documentation.
     */
    String[] cipherSuites;

    /**
     * String array of protocols to use, following the guidelines in the  Jetty documentation.
     */
    String[] protocols;
}