private synchronized void renegotiate() throws SSLException {
    clearLastError();
    int code;
    if (SSL.getVersion(ssl).equals(Constants.SSL_PROTO_TLSv1_3)) {
        code = SSL.verifyClientPostHandshake(ssl);
    } else {
        code = SSL.renegotiate(ssl);
    }
    if (code <= 0) {
        checkLastError();
    }
    handshakeFinished = false;
    peerCerts = null;
    x509PeerCerts = null;
    currentHandshake = SSL.getHandshakeCount(ssl);
    int code2 = SSL.doHandshake(ssl);
    if (code2 <= 0) {
        checkLastError();
    }
}
 

@Override
public synchronized String[] getEnabledProtocols() {
    if (destroyed) {
        return new String[0];
    }
    List<String> enabled = new ArrayList<>();
    // Seems like there is no way to explicitly disable SSLv2Hello in OpenSSL so it is always enabled
    enabled.add(Constants.SSL_PROTO_SSLv2Hello);
    int opts = SSL.getOptions(ssl);
    if ((opts & SSL.SSL_OP_NO_TLSv1) == 0) {
        enabled.add(Constants.SSL_PROTO_TLSv1);
    }
    if ((opts & SSL.SSL_OP_NO_TLSv1_1) == 0) {
        enabled.add(Constants.SSL_PROTO_TLSv1_1);
    }
    if ((opts & SSL.SSL_OP_NO_TLSv1_2) == 0) {
        enabled.add(Constants.SSL_PROTO_TLSv1_2);
    }
    if ((opts & SSL.SSL_OP_NO_SSLv2) == 0) {
        enabled.add(Constants.SSL_PROTO_SSLv2);
    }
    if ((opts & SSL.SSL_OP_NO_SSLv3) == 0) {
        enabled.add(Constants.SSL_PROTO_SSLv3);
    }
    int size = enabled.size();
    if (size == 0) {
        return new String[0];
    } else {
        return enabled.toArray(new String[size]);
    }
}
 

@Override
public SSLUtil getSSLUtil(SSLHostConfigCertificate certificate) {
    SSLHostConfig sslHostConfig = certificate.getSSLHostConfig();
    if (sslHostConfig.getProtocols().size() == 1 &&
            sslHostConfig.getProtocols().contains(PROPERTY_VALUE)) {
        if (JreCompat.isJre8Available()) {
            sslHostConfig.setProtocols(Constants.SSL_PROTO_TLSv1_2);
        } else {
            sslHostConfig.setProtocols(Constants.SSL_PROTO_TLSv1);
        }
        return super.getSSLUtil(certificate);
    } else {
        return null;
    }
}
 

@Override
public synchronized void setEnabledProtocols(String[] protocols) {
    if (initialized) {
        return;
    }
    if (protocols == null) {
        // This is correct from the API docs
        throw new IllegalArgumentException();
    }
    if (destroyed) {
        return;
    }
    boolean sslv2 = false;
    boolean sslv3 = false;
    boolean tlsv1 = false;
    boolean tlsv1_1 = false;
    boolean tlsv1_2 = false;
    for (String p : protocols) {
        if (!IMPLEMENTED_PROTOCOLS_SET.contains(p)) {
            throw new IllegalArgumentException(sm.getString("engine.unsupportedProtocol", p));
        }
        if (p.equals(Constants.SSL_PROTO_SSLv2)) {
            sslv2 = true;
        } else if (p.equals(Constants.SSL_PROTO_SSLv3)) {
            sslv3 = true;
        } else if (p.equals(Constants.SSL_PROTO_TLSv1)) {
            tlsv1 = true;
        } else if (p.equals(Constants.SSL_PROTO_TLSv1_1)) {
            tlsv1_1 = true;
        } else if (p.equals(Constants.SSL_PROTO_TLSv1_2)) {
            tlsv1_2 = true;
        }
    }
    // Enable all and then disable what we not want
    SSL.setOptions(ssl, SSL.SSL_OP_ALL);

    if (!sslv2) {
        SSL.setOptions(ssl, SSL.SSL_OP_NO_SSLv2);
    }
    if (!sslv3) {
        SSL.setOptions(ssl, SSL.SSL_OP_NO_SSLv3);
    }
    if (!tlsv1) {
        SSL.setOptions(ssl, SSL.SSL_OP_NO_TLSv1);
    }
    if (!tlsv1_1) {
        SSL.setOptions(ssl, SSL.SSL_OP_NO_TLSv1_1);
    }
    if (!tlsv1_2) {
        SSL.setOptions(ssl, SSL.SSL_OP_NO_TLSv1_2);
    }
}