Added option to filter out not supported ciphers and protocols

CHANGELOG.md

@@ -3,6 +3,9 @@
 This list is not intended to be all-encompassing - it will document major and breaking API
 changes with their rationale when appropriate:
 
+### v8.1.4
+- Bug-fix Filter out unsupported ciphers and protocols
+
 ### v8.1.3
 - Added default hostname verifier in HostnameVerifierUtils
 - Marked a method in HostnameVerifierUtils as deprecated

README.md

@@ -23,25 +23,25 @@ Hey, hello there 👋 Welcome, I hope you will like this library ❤️ Feel fre
 <dependency>
     <groupId>io.github.hakky54</groupId>
   <artifactId>sslcontext-kickstart</artifactId>
-  <version>8.1.3</version>
+  <version>8.1.4</version>
 </dependency>
 ```
 ### Install with Gradle
 ```groovy
-implementation 'io.github.hakky54:sslcontext-kickstart:8.1.3'
+implementation 'io.github.hakky54:sslcontext-kickstart:8.1.4'
 ```
 ### Install with Gradle Kotlin DSL
 ```kotlin
-implementation("io.github.hakky54:sslcontext-kickstart:8.1.3")
+implementation("io.github.hakky54:sslcontext-kickstart:8.1.4")
 ```
 ### Install with Scala SBT
 ```
-libraryDependencies += "io.github.hakky54" % "sslcontext-kickstart" % "8.1.3"
+libraryDependencies += "io.github.hakky54" % "sslcontext-kickstart" % "8.1.4"
 ```
 ### Install with Apache Ivy
 ```xml
 
-<dependency org="io.github.hakky54" name="sslcontext-kickstart" rev="8.1.3"/>
+<dependency org="io.github.hakky54" name="sslcontext-kickstart" rev="8.1.4"/>
 ```
 
 ## Table of contents
@@ -712,7 +712,7 @@ Add the dependency below to use this feature, it also includes the core features
 <dependency>
     <groupId>io.github.hakky54</groupId>
   <artifactId>sslcontext-kickstart-for-pem</artifactId>
-  <version>8.1.3</version>
+  <version>8.1.4</version>
 </dependency>
 ```
 ##### Loading pem files from the classpath
@@ -1067,7 +1067,7 @@ Some know http clients which relay on netty libraries are: [Spring WebFlux WebCl
 <dependency>
     <groupId>io.github.hakky54</groupId>
   <artifactId>sslcontext-kickstart-for-netty</artifactId>
-  <version>8.1.3</version>
+  <version>8.1.4</version>
 </dependency>
 ```
 Example setup for Spring WebClient with Netty:
@@ -1105,7 +1105,7 @@ public class App {
 <dependency>
     <groupId>io.github.hakky54</groupId>
   <artifactId>sslcontext-kickstart-for-jetty</artifactId>
-  <version>8.1.3</version>
+  <version>8.1.4</version>
 </dependency>
 ```
 Example setup for [Spring WebFlux WebClient Jetty](https://docs.spring.io/spring/docs/current/spring-framework-reference/web-reactive.html):
@@ -1143,7 +1143,7 @@ However it is still possible to configure the http client with their custom conf
 <dependency>
     <groupId>io.github.hakky54</groupId>
   <artifactId>sslcontext-kickstart-for-apache4</artifactId>
-  <version>8.1.3</version>
+  <version>8.1.4</version>
 </dependency>
 ```
 ```java
@@ -1174,7 +1174,7 @@ public class App {
 <dependency>
     <groupId>io.github.hakky54</groupId>
   <artifactId>sslcontext-kickstart-for-apache5</artifactId>
-  <version>8.1.3</version>
+  <version>8.1.4</version>
 </dependency>
 ```
 ```java

sslcontext-kickstart/src/main/java/nl/altindag/ssl/SSLFactory.java

@@ -846,9 +846,7 @@ public SSLFactory build() {
                 SSLSessionUtils.updateSessionCacheSize(baseSslContext, sessionCacheSizeInBytes);
             }
 
-            sslParameters.setCipherSuites(ciphers.isEmpty() ? null : ciphers.stream().distinct().toArray(String[]::new));
-            sslParameters.setProtocols(protocols.isEmpty() ? null : protocols.stream().distinct().toArray(String[]::new));
-            SSLParameters baseSslParameters = SSLParametersUtils.merge(sslParameters, baseSslContext.getDefaultSSLParameters());
+            SSLParameters baseSslParameters = createSslParameters(baseSslContext);
             SSLContext sslContext = new FenixSSLContext(baseSslContext, baseSslParameters);
 
             HostnameVerifier hostnameVerifier = Optional.ofNullable(hostnameVerifierEnhancer)
@@ -901,5 +899,35 @@ private X509ExtendedTrustManager createTrustManager() {
                     .build();
         }
 
+        private SSLParameters createSslParameters(SSLContext sslContext) {
+            SSLParameters defaultSSLParameters = sslContext.getDefaultSSLParameters();
+            List<String> defaultCiphers = Arrays.asList(defaultSSLParameters.getCipherSuites());
+            List<String> defaultProtocols = Arrays.asList(defaultSSLParameters.getProtocols());
+
+            List<String> preferredCiphers = ciphers.stream()
+                    .distinct()
+                    .filter(defaultCiphers::contains)
+                    .collect(Collectors.toList());
+
+            if (preferredCiphers.isEmpty()) {
+                sslParameters.setCipherSuites(defaultCiphers.stream().toArray(String[]::new));
+            } else {
+                sslParameters.setCipherSuites(preferredCiphers.stream().toArray(String[]::new));
+            }
+
+            List<String> preferredProtocols = protocols.stream()
+                    .distinct()
+                    .filter(defaultProtocols::contains)
+                    .collect(Collectors.toList());
+
+            if (preferredProtocols.isEmpty()) {
+                sslParameters.setProtocols(defaultProtocols.stream().toArray(String[]::new));
+            } else {
+                sslParameters.setProtocols(preferredProtocols.stream().toArray(String[]::new));
+            }
+
+            return SSLParametersUtils.merge(sslParameters, defaultSSLParameters);
+        }
+
     }
 }

sslcontext-kickstart/src/test/java/nl/altindag/ssl/SSLFactoryShould.java

@@ -1340,14 +1340,14 @@ void buildSSLFactoryWithSystemPropertyDerivedIdentityAndTrustMaterialWithSecurit
     @Test
     void buildSSLFactoryWithSystemPropertyDerivedProtocol() {
         String propertyName = "https.protocols";
-        System.setProperty(propertyName, "TLSv1.2,   ,TLSv1.1");
+        System.setProperty(propertyName, "TLSv1.2,   ");
 
         SSLFactory sslFactory = SSLFactory.builder()
                 .withDefaultTrustMaterial()
                 .withSystemPropertyDerivedProtocols()
                 .build();
 
-        assertThat(sslFactory.getProtocols()).containsExactly("TLSv1.2", "TLSv1.1");
+        assertThat(sslFactory.getProtocols()).containsExactly("TLSv1.2");
         System.clearProperty(propertyName);
     }
 
@@ -1554,14 +1554,14 @@ void returnSpecifiedCiphersAndProtocolsWithinSslParameters() {
         SSLFactory sslFactory = SSLFactory.builder()
                 .withDefaultTrustMaterial()
                 .withCiphers("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384")
-                .withProtocols("TLSv1.2", "TLSv1.1")
+                .withProtocols("TLSv1.2")
                 .build();
 
         assertThat(sslFactory.getSslContext()).isNotNull();
         assertThat(sslFactory.getSslParameters().getCipherSuites())
                 .containsExactlyInAnyOrder("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384");
         assertThat(sslFactory.getSslParameters().getProtocols())
-                .containsExactlyInAnyOrder("TLSv1.2", "TLSv1.1");
+                .contains("TLSv1.2");
         assertThat(sslFactory.getSslParameters())
                 .isNotEqualTo(sslFactory.getSslContext().getDefaultSSLParameters());
     }
@@ -1580,11 +1580,11 @@ void returnDefaultProtocolsWhenNoneSpecified() {
     void returnSpecifiedProtocols() {
         SSLFactory sslFactory = SSLFactory.builder()
                 .withDefaultTrustMaterial()
-                .withProtocols("TLSv1.2", "TLSv1.1")
+                .withProtocols("TLSv1.2")
                 .build();
 
         assertThat(sslFactory.getSslContext()).isNotNull();
-        assertThat(sslFactory.getProtocols()).containsExactlyInAnyOrder("TLSv1.2", "TLSv1.1");
+        assertThat(sslFactory.getProtocols()).contains("TLSv1.2");
     }
 
     @Test