stan/jdk-24
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

8168261: Use server cipher suites preference by default

Browse Source 
Reviewed-by: mullan
This commit is contained in:
Xue-Lei Andrew Fan 2019-04-01 16:50:17 -07:00
parent 07991d3f2d
commit 2eb8492163
3 changed files with 123 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/java.base/share/classes/javax/net/ssl/SSLContextSpi.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1999, 2015, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1999, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -194,10 +194,9 @@ public abstract class SSLContextSpi {
*/
protected SSLParameters engineGetSupportedSSLParameters() {
SSLSocket socket = getDefaultSocket();
SSLParameters params = new SSLParameters();
SSLParameters params = socket.getSSLParameters();
params.setCipherSuites(socket.getSupportedCipherSuites());
params.setProtocols(socket.getSupportedProtocols());
return params;
}
}

2
src/java.base/share/classes/sun/security/ssl/SSLConfiguration.java
View File

@ -126,7 +126,7 @@ final class SSLConfiguration implements Cloneable {
this.identificationProtocol = null;
this.serverNames = Collections.<SNIServerName>emptyList();
this.sniMatchers = Collections.<SNIMatcher>emptyList();
this.preferLocalCipherSuites = false;
this.preferLocalCipherSuites = true;
this.applicationProtocols = new String[0];
this.enableRetransmissions = sslContext.isDTLS();

120
test/jdk/sun/security/ssl/SSLContextImpl/DefaultCipherSuitePreference.java Normal file
View File

@ -0,0 +1,120 @@
/*
* Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
// SunJSSE does not support dynamic system properties, no way to re-use
// system properties in samevm/agentvm mode.
/*
* @test
* @bug 8168261
* @summary Use server cipher suites preference by default
* @run main/othervm DefaultCipherSuitePreference
*/
import javax.net.SocketFactory;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
public class DefaultCipherSuitePreference {
private static final String[] contextAlgorithms = {
"Default", "SSL", "TLS", "SSLv3", "TLSv1",
"TLSv1.1", "TLSv1.2", "TLSv1.3"
};
public static void main(String[] args) throws Exception {
for (String algorithm : contextAlgorithms) {
System.out.println("Checking SSLContext of " + algorithm);
SSLContext sslContext = SSLContext.getInstance(algorithm);
// Default SSLContext is initialized automatically.
if (!algorithm.equals("Default")) {
// Use default TK, KM and random.
sslContext.init((KeyManager[])null, (TrustManager[])null, null);
}
//
// Check SSLContext
//
// Check default SSLParameters of SSLContext
checkDefaultCipherSuitePreference(
sslContext.getDefaultSSLParameters(),
"SSLContext.getDefaultSSLParameters()");
// Check supported SSLParameters of SSLContext
checkDefaultCipherSuitePreference(
sslContext.getSupportedSSLParameters(),
"SSLContext.getSupportedSSLParameters()");
//
// Check SSLEngine
//
// Check SSLParameters of SSLEngine
SSLEngine engine = sslContext.createSSLEngine();
engine.setUseClientMode(true);
checkDefaultCipherSuitePreference(
engine.getSSLParameters(),
"client mode SSLEngine.getSSLParameters()");
engine.setUseClientMode(false);
checkDefaultCipherSuitePreference(
engine.getSSLParameters(),
"server mode SSLEngine.getSSLParameters()");
//
// Check SSLSocket
//
// Check SSLParameters of SSLSocket
SocketFactory fac = sslContext.getSocketFactory();
SSLSocket socket = (SSLSocket)fac.createSocket();
checkDefaultCipherSuitePreference(
socket.getSSLParameters(),
"SSLSocket.getSSLParameters()");
//
// Check SSLServerSocket
//
// Check SSLParameters of SSLServerSocket
SSLServerSocketFactory sf = sslContext.getServerSocketFactory();
SSLServerSocket ssocket = (SSLServerSocket)sf.createServerSocket();
checkDefaultCipherSuitePreference(
ssocket.getSSLParameters(),
"SSLServerSocket.getSSLParameters()");
}
}
private static void checkDefaultCipherSuitePreference(
SSLParameters parameters, String context) throws Exception {
if (!parameters.getUseCipherSuitesOrder()) {
throw new Exception(
"The local cipher suite preference is not honored " +
"in the connection populated SSLParameters object (" +
context + ")");
}
}
}