temporary workaround, see AsyncHttpClient#1511

Author: slandelle

client/src/main/java/org/asynchttpclient/netty/ssl/DefaultSslEngineFactory.java

@@ -20,33 +20,14 @@
 import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
 import org.asynchttpclient.AsyncHttpClientConfig;
 
-import javax.net.ssl.SSLContext;
 import javax.net.ssl.SSLEngine;
 import javax.net.ssl.SSLException;
 import java.util.Arrays;
-import java.util.List;
 
 import static org.asynchttpclient.util.MiscUtils.isNonEmpty;
 
 public class DefaultSslEngineFactory extends SslEngineFactoryBase {
 
-  // TODO replace with a custom CipherSuiteFilter once https://github.com/netty/netty/issues/7673 is fixed
-  private static final List<String> JDK_SUPPORTED_CIPHER_SUITES;
-
-  static {
-    SSLContext context;
-    try {
-      context = SSLContext.getInstance("TLS");
-      context.init(null, null, null);
-    } catch (Exception e) {
-      throw new Error("Failed to initialize the default SSL context", e);
-    }
-
-    SSLEngine engine = context.createSSLEngine();
-
-    JDK_SUPPORTED_CIPHER_SUITES = Arrays.asList(engine.getSupportedCipherSuites());
-  }
-
   private volatile SslContext sslContext;
 
   private SslContext buildSslContext(AsyncHttpClientConfig config) throws SSLException {
@@ -65,8 +46,8 @@ private SslContext buildSslContext(AsyncHttpClientConfig config) throws SSLExcep
 
     if (isNonEmpty(config.getEnabledCipherSuites())) {
       sslContextBuilder.ciphers(Arrays.asList(config.getEnabledCipherSuites()));
-    } else if (!config.isFilterInsecureCipherSuites() && !config.isUseOpenSsl()) {
-      sslContextBuilder.ciphers(JDK_SUPPORTED_CIPHER_SUITES);
+    } else if (!config.isFilterInsecureCipherSuites()) {
+      sslContextBuilder.ciphers(null, IdentityCipherSuiteFilterWorkaround.INSTANCE);
     }
 
     if (config.isUseInsecureTrustManager()) {

client/src/main/java/org/asynchttpclient/netty/ssl/IdentityCipherSuiteFilterWorkaround.java

@@ -0,0 +1,36 @@
+/*
+ * Copyright (c) 2018 AsyncHttpClient Project. All rights reserved.
+ *
+ * This program is licensed to you under the Apache License Version 2.0,
+ * and you may not use this file except in compliance with the Apache License Version 2.0.
+ * You may obtain a copy of the Apache License Version 2.0 at
+ *     http://www.apache.org/licenses/LICENSE-2.0.
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the Apache License Version 2.0 is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Apache License Version 2.0 for the specific language governing permissions and limitations there under.
+ */
+package org.asynchttpclient.netty.ssl;
+
+import io.netty.handler.ssl.CipherSuiteFilter;
+
+import java.util.List;
+import java.util.Set;
+
+// workaround for https://github.com/netty/netty/pull/7691
+class IdentityCipherSuiteFilterWorkaround implements CipherSuiteFilter {
+  static final IdentityCipherSuiteFilterWorkaround INSTANCE = new IdentityCipherSuiteFilterWorkaround();
+
+  private IdentityCipherSuiteFilterWorkaround() { }
+
+  @Override
+  public String[] filterCipherSuites(Iterable<String> ciphers, List<String> defaultCiphers,
+                                     Set<String> supportedCiphers) {
+    if (ciphers == null) {
+      return supportedCiphers.toArray(new String[supportedCiphers.size()]);
+    } else {
+      throw new UnsupportedOperationException();
+    }
+  }
+}