UNDERTOW-1027 Check enabled protocols as well as ciphers when determi…

…ning ALPN avaibility
undertow-io · Mar 21, 2017 · 94ee3aa · 94ee3aa
1 parent 217beed
commit 94ee3aa
Showing 1 changed file with 15 additions and 0 deletions.
diff --git a/core/src/main/java/io/undertow/server/protocol/http/AlpnOpenListener.java b/core/src/main/java/io/undertow/server/protocol/http/AlpnOpenListener.java
@@ -63,6 +63,7 @@ public class AlpnOpenListener implements ChannelListener<StreamConnection>, Open
      * HTTP/2 required cipher. Not strictly part of ALPN but it can live here for now till we have a better solution.
      */
     public static final String REQUIRED_CIPHER = "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256";
+    public static final String REQUIRED_PROTOCOL = "TLSv1.2";
 
     private final ALPNManager alpnManager = ALPNManager.INSTANCE; //todo: configurable
     private final ByteBufferPool bufferPool;
@@ -251,6 +252,20 @@ public void handleEvent(final StreamConnection channel) {
     }
 
     public static boolean engineSupportsHTTP2(SSLEngine engine) {
+        //check to make sure the engine meets the minimum requirements for HTTP/2
+        //if not then ALPN will not be attempted
+        String[] protcols = engine.getEnabledProtocols();
+        boolean found = false;
+        for(String proto : protcols) {
+            if(proto.equals(REQUIRED_PROTOCOL)) {
+                found = true;
+                break;
+            }
+        }
+        if(!found) {
+            return false;
+        }
+
         String[] ciphers = engine.getEnabledCipherSuites();
         for (String i : ciphers) {
             if (i.equals(REQUIRED_CIPHER)) {