ZOOKEEPER-3229: [TLS] add AES-256 ciphers to default cipher list

- Add AES-256 cipher suites
- Add AES-128-...-SHA cipher suites (for compatibility with Netty OpenSSL transport)
- code cleanup: split up the suites into CBC and GCM ciphers and put them in different order when constructing java8 / java9 defaults.

Author: Ilya Maykov <ilyam@fb.com>

Reviewers: andor@apache.org

Closes #744 from ivmaykov/ZOOKEEPER-3229

zookeeper-server/src/main/java/org/apache/zookeeper/common/X509Util.java

@@ -81,18 +81,40 @@ public abstract class X509Util implements Closeable, AutoCloseable {
     }
 
     static final String DEFAULT_PROTOCOL = "TLSv1.2";
-    private static final String[] DEFAULT_CIPHERS_JAVA8 = {
-            "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
-            "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
-            "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
-            "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
-    };
-    private static final String[] DEFAULT_CIPHERS_JAVA9 = {
+    private static String[] getGCMCiphers() {
+        return new String[] {
             "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
             "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
+            "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
+            "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
+        };
+    }
+
+    private static String[] getCBCCiphers() {
+        return new String[] {
             "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
-            "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"
-    };
+            "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
+            "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
+            "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
+            "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
+            "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
+            "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
+            "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
+        };
+    }
+
+    private static String[] concatArrays(String[] left, String[] right) {
+        String[] result = new String[left.length + right.length];
+        System.arraycopy(left, 0, result, 0, left.length);
+        System.arraycopy(right, 0, result, left.length, right.length);
+        return result;
+    }
+
+    // On Java 8, prefer CBC ciphers since AES-NI support is lacking and GCM is slower than CBC.
+    private static final String[] DEFAULT_CIPHERS_JAVA8 = concatArrays(getCBCCiphers(), getGCMCiphers());
+    // On Java 9 and later, prefer GCM ciphers due to improved AES-NI support.
+    // Note that this performance assumption might not hold true for architectures other than x86_64.
+    private static final String[] DEFAULT_CIPHERS_JAVA9 = concatArrays(getGCMCiphers(), getCBCCiphers());
 
     public static final int DEFAULT_HANDSHAKE_DETECTION_TIMEOUT_MILLIS = 5000;