stan/jdk-24
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

8190492: Remove SSLv2Hello and SSLv3 from default enabled TLS protocols

Browse Source 
Reviewed-by: mullan, wetmore, xuelei
This commit is contained in:
Rajan Halade 2019-12-09 21:38:12 -08:00
parent 63ba804f4f
commit 5fc46f3c50
13 changed files with 210 additions and 166 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java
View File

@ -550,9 +550,7 @@ public abstract class SSLContextImpl extends SSLContextSpi {
ProtocolVersion.TLS13,
ProtocolVersion.TLS12,
ProtocolVersion.TLS11,
ProtocolVersion.TLS10,
ProtocolVersion.SSL30,
ProtocolVersion.SSL20Hello
ProtocolVersion.TLS10
});
supportedCipherSuites = getApplicableSupportedCipherSuites(
@ -609,8 +607,7 @@ public abstract class SSLContextImpl extends SSLContextSpi {
static {
clientDefaultProtocols = getAvailableProtocols(
new ProtocolVersion[] {
ProtocolVersion.TLS10,
ProtocolVersion.SSL30
ProtocolVersion.TLS10
});
clientDefaultCipherSuites = getApplicableEnabledCipherSuites(
@ -641,8 +638,7 @@ public abstract class SSLContextImpl extends SSLContextSpi {
clientDefaultProtocols = getAvailableProtocols(
new ProtocolVersion[] {
ProtocolVersion.TLS11,
ProtocolVersion.TLS10,
ProtocolVersion.SSL30
ProtocolVersion.TLS10
});
clientDefaultCipherSuites = getApplicableEnabledCipherSuites(
@ -675,8 +671,7 @@ public abstract class SSLContextImpl extends SSLContextSpi {
new ProtocolVersion[] {
ProtocolVersion.TLS12,
ProtocolVersion.TLS11,
ProtocolVersion.TLS10,
ProtocolVersion.SSL30
ProtocolVersion.TLS10
});
clientDefaultCipherSuites = getApplicableEnabledCipherSuites(
@ -709,8 +704,7 @@ public abstract class SSLContextImpl extends SSLContextSpi {
ProtocolVersion.TLS13,
ProtocolVersion.TLS12,
ProtocolVersion.TLS11,
ProtocolVersion.TLS10,
ProtocolVersion.SSL30
ProtocolVersion.TLS10
});
clientDefaultCipherSuites = getApplicableEnabledCipherSuites(
@ -853,18 +847,16 @@ public abstract class SSLContextImpl extends SSLContextSpi {
ProtocolVersion.TLS13,
ProtocolVersion.TLS12,
ProtocolVersion.TLS11,
ProtocolVersion.TLS10,
ProtocolVersion.SSL30
ProtocolVersion.TLS10
};
} else {
// default server protocols
candidates = new ProtocolVersion[] {
ProtocolVersion.TLS13,
ProtocolVersion.TLS12,
ProtocolVersion.TLS11,
ProtocolVersion.TLS10,
ProtocolVersion.SSL30,
ProtocolVersion.SSL20Hello
ProtocolVersion.TLS10
};
}
} else {

9
test/jdk/javax/net/ssl/SSLEngine/NoAuthClientAuth.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -28,7 +28,7 @@
/*
* @test
* @bug 4495742
* @bug 4495742 8190492
* @summary Demonstrate SSLEngine switch from no client auth to client auth.
* @run main/othervm NoAuthClientAuth SSLv3
* @run main/othervm NoAuthClientAuth TLSv1
@ -304,6 +304,11 @@ public class NoAuthClientAuth {
serverEngine.setUseClientMode(false);
serverEngine.setNeedClientAuth(false);
// Enable all supported protocols on server side to test SSLv3
if ("SSLv3".equals(tlsProtocol)) {
serverEngine.setEnabledProtocols(serverEngine.getSupportedProtocols());
}
/*
* Similar to above, but using client mode instead.
*/

7
test/jdk/javax/net/ssl/ServerName/SSLEngineExplorer.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2012, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -28,7 +28,7 @@
/*
* @test
* @bug 7068321
* @bug 7068321 8190492
* @summary Support TLS Server Name Indication (SNI) Extension in JSSE Server
* @library ../SSLEngine ../templates
* @build SSLEngineService SSLCapabilities SSLExplorer
@ -80,6 +80,9 @@ public class SSLEngineExplorer extends SSLEngineService {
// create SSLEngine.
SSLEngine ssle = createSSLEngine(false);
// Enable all supported protocols on server side to test SSLv3
ssle.setEnabledProtocols(ssle.getSupportedProtocols());
// Create a server socket channel.
InetSocketAddress isa =
new InetSocketAddress(InetAddress.getLocalHost(), serverPort);

7
test/jdk/javax/net/ssl/ServerName/SSLSocketExplorer.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2012, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -28,7 +28,7 @@
/**
* @test
* @bug 7068321
* @bug 7068321 8190492
* @summary Support TLS Server Name Indication (SNI) Extension in JSSE Server
* @library ../templates
* @build SSLCapabilities SSLExplorer
@ -148,6 +148,9 @@ public class SSLSocketExplorer {
new ByteArrayInputStream(buffer, 0, position);
SSLSocket sslSocket = (SSLSocket)sslsf.createSocket(socket, bais, true);
// Enable all supported protocols on server side to test SSLv3
sslSocket.setEnabledProtocols(sslSocket.getSupportedProtocols());
InputStream sslIS = sslSocket.getInputStream();
OutputStream sslOS = sslSocket.getOutputStream();

6
test/jdk/javax/net/ssl/sanity/interop/JSSEServer.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2002, 2018, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2002, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -51,6 +51,10 @@ class JSSEServer extends CipherTest.Server {
serverSocket
= (SSLServerSocket) factory.createServerSocket(CipherTest.serverPort);
CipherTest.serverPort = serverSocket.getLocalPort();
// JDK-8190492: Enable all supported protocols on server side to test SSLv3
serverSocket.setEnabledProtocols(serverSocket.getSupportedProtocols());
serverSocket.setEnabledCipherSuites(factory.getSupportedCipherSuites());
serverSocket.setWantClientAuth(true);
}

6
test/jdk/sun/security/pkcs11/sslecc/JSSEServer.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2002, 2017, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2002, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -52,6 +52,10 @@ class JSSEServer extends CipherTest.Server {
serverSocket = (SSLServerSocket)factory.createServerSocket(0);
serverSocket.setSoTimeout(CipherTest.TIMEOUT);
CipherTest.serverPort = serverSocket.getLocalPort();
// JDK-8190492: Enable all supported protocols on server side to test SSLv3
serverSocket.setEnabledProtocols(serverSocket.getSupportedProtocols());
serverSocket.setEnabledCipherSuites(factory.getSupportedCipherSuites());
serverSocket.setWantClientAuth(true);
}

7
test/jdk/sun/security/ssl/ProtocolVersion/HttpsProtocols.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2002, 2014, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2002, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -23,7 +23,7 @@
/*
* @test
* @bug 4671289
* @bug 4671289 8190492
* @summary passing https.protocols from command line doesn't work.
* @run main/othervm -Dhttps.protocols=SSLv3 HttpsProtocols
* @author Brad Wetmore
@ -88,6 +88,9 @@ public class HttpsProtocols implements HostnameVerifier {
SSLServerSocket sslServerSocket =
(SSLServerSocket) sslssf.createServerSocket(serverPort);
// Enable all supported protocols on server side to test SSLv3
sslServerSocket.setEnabledProtocols(sslServerSocket.getSupportedProtocols());
serverPort = sslServerSocket.getLocalPort();
/*

68
test/jdk/sun/security/ssl/SSLContextImpl/CustomizedDefaultProtocols.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2013, 2018, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2013, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -26,7 +26,7 @@
/*
* @test
* @bug 7093640
* @bug 7093640 8190492
* @summary Enable TLS 1.1 and TLS 1.2 by default in client side of SunJSSE
* @run main/othervm -Djdk.tls.client.protocols="SSLv3,TLSv1,TLSv1.1"
* CustomizedDefaultProtocols
@ -54,15 +54,15 @@ public class CustomizedDefaultProtocols {
TLS_CV_02("TLS",
new String[] {"SSLv3", "TLSv1", "TLSv1.1"}),
TLS_CV_03("SSLv3",
new String[] {"SSLv3", "TLSv1"}),
new String[] {"TLSv1"}),
TLS_CV_04("TLSv1",
new String[] {"SSLv3", "TLSv1"}),
new String[] {"TLSv1"}),
TLS_CV_05("TLSv1.1",
new String[] {"SSLv3", "TLSv1", "TLSv1.1"}),
new String[] {"TLSv1", "TLSv1.1"}),
TLS_CV_06("TLSv1.2",
new String[] {"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2"}),
new String[] {"TLSv1", "TLSv1.1", "TLSv1.2"}),
TLS_CV_07("TLSv1.3",
new String[] {"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}),
new String[] {"TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}),
TLS_CV_08("Default",
new String[] {"SSLv3", "TLSv1", "TLSv1.1"});
@ -70,6 +70,8 @@ public class CustomizedDefaultProtocols {
final String[] enabledProtocols;
final static String[] supportedProtocols = new String[] {
"SSLv2Hello", "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"};
final static String[] serverDefaultProtocols = new String[] {
"TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"};
ContextVersion(String contextVersion, String[] enabledProtocols) {
this.contextVersion = contextVersion;
@ -80,16 +82,17 @@ public class CustomizedDefaultProtocols {
private static boolean checkProtocols(String[] target, String[] expected) {
boolean success = true;
if (target.length == 0) {
System.out.println("\tError: No protocols");
System.out.println("\t\t\t*** Error: No protocols");
success = false;
}
if (!protocolEquals(target, expected)) {
System.out.println("\tError: Expected to get protocols " +
System.out.println("\t\t\t*** Error: Expected to get protocols " +
Arrays.toString(expected));
success = false;
}
System.out.println("\t Protocols found " + Arrays.toString(target));
System.out.println("\t\t\t Protocols found " + Arrays.toString(target));
System.out.println("\t\t\t--> Protocol check passed!!");
return success;
}
@ -114,10 +117,11 @@ public class CustomizedDefaultProtocols {
private static boolean checkCipherSuites(String[] target) {
boolean success = true;
if (target.length == 0) {
System.out.println("\tError: No cipher suites");
System.out.println("\t\t\t*** Error: No cipher suites");
success = false;
}
System.out.println("\t\t\t--> Cipher check passed!!");
return success;
}
@ -128,7 +132,8 @@ public class CustomizedDefaultProtocols {
boolean failed = false;
for (ContextVersion cv : ContextVersion.values()) {
System.out.println("Checking SSLContext of " + cv.contextVersion);
System.out.println("\n\nChecking SSLContext of " + cv.contextVersion);
System.out.println("============================");
SSLContext context = SSLContext.getInstance(cv.contextVersion);
// Default SSLContext is initialized automatically.
@ -142,6 +147,7 @@ public class CustomizedDefaultProtocols {
//
// Check default SSLParameters of SSLContext
System.out.println("\tChecking default SSLParameters");
System.out.println("\t\tChecking SSLContext.getDefaultSSLParameters().getProtocols");
SSLParameters parameters = context.getDefaultSSLParameters();
String[] protocols = parameters.getProtocols();
@ -151,7 +157,7 @@ public class CustomizedDefaultProtocols {
failed |= !checkCipherSuites(ciphers);
// Check supported SSLParameters of SSLContext
System.out.println("\tChecking supported SSLParameters");
System.out.println("\t\tChecking supported SSLParameters");
parameters = context.getSupportedSSLParameters();
protocols = parameters.getProtocols();
@ -166,7 +172,7 @@ public class CustomizedDefaultProtocols {
// Check SSLParameters of SSLEngine
System.out.println();
System.out.println("\tChecking SSLEngine of this SSLContext");
System.out.println("\tChecking SSLEngine.getSSLParameters()");
System.out.println("\t\tChecking SSLEngine.getSSLParameters()");
SSLEngine engine = context.createSSLEngine();
engine.setUseClientMode(true);
parameters = engine.getSSLParameters();
@ -177,20 +183,20 @@ public class CustomizedDefaultProtocols {
ciphers = parameters.getCipherSuites();
failed |= !checkCipherSuites(ciphers);
System.out.println("\tChecking SSLEngine.getEnabledProtocols()");
System.out.println("\t\tChecking SSLEngine.getEnabledProtocols()");
protocols = engine.getEnabledProtocols();
failed |= !checkProtocols(protocols, cv.enabledProtocols);
System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()");
System.out.println("\t\tChecking SSLEngine.getEnabledCipherSuites()");
ciphers = engine.getEnabledCipherSuites();
failed |= !checkCipherSuites(ciphers);
System.out.println("\tChecking SSLEngine.getSupportedProtocols()");
System.out.println("\t\tChecking SSLEngine.getSupportedProtocols()");
protocols = engine.getSupportedProtocols();
failed |= !checkProtocols(protocols, cv.supportedProtocols);
System.out.println(
"\tChecking SSLEngine.getSupportedCipherSuites()");
"\t\tChecking SSLEngine.getSupportedCipherSuites()");
ciphers = engine.getSupportedCipherSuites();
failed |= !checkCipherSuites(ciphers);
@ -200,7 +206,7 @@ public class CustomizedDefaultProtocols {
// Check SSLParameters of SSLSocket
System.out.println();
System.out.println("\tChecking SSLSocket of this SSLContext");
System.out.println("\tChecking SSLSocket.getSSLParameters()");
System.out.println("\t\tChecking SSLSocket.getSSLParameters()");
SocketFactory fac = context.getSocketFactory();
SSLSocket socket = (SSLSocket)fac.createSocket();
parameters = socket.getSSLParameters();
@ -211,20 +217,20 @@ public class CustomizedDefaultProtocols {
ciphers = parameters.getCipherSuites();
failed |= !checkCipherSuites(ciphers);
System.out.println("\tChecking SSLEngine.getEnabledProtocols()");
System.out.println("\t\tChecking SSLEngine.getEnabledProtocols()");
protocols = socket.getEnabledProtocols();
failed |= !checkProtocols(protocols, cv.enabledProtocols);
System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()");
System.out.println("\t\tChecking SSLEngine.getEnabledCipherSuites()");
ciphers = socket.getEnabledCipherSuites();
failed |= !checkCipherSuites(ciphers);
System.out.println("\tChecking SSLEngine.getSupportedProtocols()");
System.out.println("\t\tChecking SSLEngine.getSupportedProtocols()");
protocols = socket.getSupportedProtocols();
failed |= !checkProtocols(protocols, cv.supportedProtocols);
System.out.println(
"\tChecking SSLEngine.getSupportedCipherSuites()");
"\t\tChecking SSLEngine.getSupportedCipherSuites()");
ciphers = socket.getSupportedCipherSuites();
failed |= !checkCipherSuites(ciphers);
@ -234,39 +240,37 @@ public class CustomizedDefaultProtocols {
// Check SSLParameters of SSLServerSocket
System.out.println();
System.out.println("\tChecking SSLServerSocket of this SSLContext");
System.out.println("\tChecking SSLServerSocket.getSSLParameters()");
System.out.println("\t\tChecking SSLServerSocket.getSSLParameters()");
SSLServerSocketFactory sf = context.getServerSocketFactory();
SSLServerSocket ssocket = (SSLServerSocket)sf.createServerSocket();
parameters = ssocket.getSSLParameters();
protocols = parameters.getProtocols();
failed |= !checkProtocols(protocols, cv.supportedProtocols);
failed |= !checkProtocols(protocols, cv.serverDefaultProtocols);
ciphers = parameters.getCipherSuites();
failed |= !checkCipherSuites(ciphers);
System.out.println("\tChecking SSLEngine.getEnabledProtocols()");
System.out.println("\t\tChecking SSLEngine.getEnabledProtocols()");
protocols = ssocket.getEnabledProtocols();
failed |= !checkProtocols(protocols, cv.supportedProtocols);
failed |= !checkProtocols(protocols, cv.serverDefaultProtocols);
System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()");
System.out.println("\t\tChecking SSLEngine.getEnabledCipherSuites()");
ciphers = ssocket.getEnabledCipherSuites();
failed |= !checkCipherSuites(ciphers);
System.out.println("\tChecking SSLEngine.getSupportedProtocols()");
System.out.println("\t\tChecking SSLEngine.getSupportedProtocols()");
protocols = ssocket.getSupportedProtocols();
failed |= !checkProtocols(protocols, cv.supportedProtocols);
System.out.println(
"\tChecking SSLEngine.getSupportedCipherSuites()");
"\t\tChecking SSLEngine.getSupportedCipherSuites()");
ciphers = ssocket.getSupportedCipherSuites();
failed |= !checkCipherSuites(ciphers);
}
if (failed) {
throw new Exception("Run into problems, see log for more details");
} else {
System.out.println("\t... Success");
}
}
}

80
test/jdk/sun/security/ssl/SSLContextImpl/CustomizedServerDefaultProtocols.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2018, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -26,6 +26,7 @@
/*
* @test
* @bug 8196584 8190492
* @summary Test jdk.tls.server.protocols with TLS
* @run main/othervm -Djdk.tls.server.protocols="SSLv3,TLSv1,TLSv1.1"
* CustomizedServerDefaultProtocols
@ -48,32 +49,34 @@ public class CustomizedServerDefaultProtocols {
final static String[] supportedProtocols = new String[]{
"SSLv2Hello", "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"};
final static String[] serverDefaultProtocols = new String[] {
"TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"};
enum ContextVersion {
TLS_CV_01("SSL",
new String[]{"SSLv3", "TLSv1", "TLSv1.1"},
new String[]{"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}),
new String[]{"TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}),
TLS_CV_02("TLS",
new String[]{"SSLv3", "TLSv1", "TLSv1.1"},
new String[]{"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}),
new String[]{"TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}),
TLS_CV_03("SSLv3",
supportedProtocols,
new String[]{"SSLv3", "TLSv1"}),
serverDefaultProtocols,
new String[]{"TLSv1"}),
TLS_CV_04("TLSv1",
supportedProtocols,
new String[]{"SSLv3", "TLSv1"}),
serverDefaultProtocols,
new String[]{"TLSv1"}),
TLS_CV_05("TLSv1.1",
supportedProtocols,
new String[]{"SSLv3", "TLSv1", "TLSv1.1"}),
serverDefaultProtocols,
new String[]{"TLSv1", "TLSv1.1"}),
TLS_CV_06("TLSv1.2",
supportedProtocols,
new String[]{"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2"}),
serverDefaultProtocols,
new String[]{"TLSv1", "TLSv1.1", "TLSv1.2"}),
TLS_CV_07("TLSv1.3",
supportedProtocols,
new String[]{"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}),
serverDefaultProtocols,
new String[]{"TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}),
TLS_CV_08("Default",
new String[]{"SSLv3", "TLSv1", "TLSv1.1"},
new String[]{"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"});
new String[]{"TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"});
final String contextVersion;
final String[] serverEnabledProtocols;
@ -90,16 +93,18 @@ public class CustomizedServerDefaultProtocols {
private static boolean checkProtocols(String[] target, String[] expected) {
boolean success = true;
if (target.length == 0) {
System.out.println("\tError: No protocols");
System.out.println("\t\t\t*** Error: No protocols");
success = false;
}
if (!protocolEquals(target, expected)) {
System.out.println("\tError: Expected to get protocols " +
System.out.println("\t\t\t*** Error: Expected to get protocols " +
Arrays.toString(expected));
success = false;
}
System.out.println("\t Protocols found " + Arrays.toString(target));
System.out.println("\t\t\t Protocols found " + Arrays.toString(target));
System.out.println("\t\t\t--> Protocol check passed!!");
return success;
}
@ -123,10 +128,11 @@ public class CustomizedServerDefaultProtocols {
private static boolean checkCipherSuites(String[] target) {
boolean success = true;
if (target.length == 0) {
System.out.println("\tError: No cipher suites");
System.out.println("\t\t\t*** Error: No cipher suites");
success = false;
}
System.out.println("\t\t\t--> Cipher check passed!!");
return success;
}
@ -145,7 +151,8 @@ public class CustomizedServerDefaultProtocols {
boolean failed = false;
for (ContextVersion cv : ContextVersion.values()) {
System.out.println("Checking SSLContext of " + cv.contextVersion);
System.out.println("\n\nChecking SSLContext of " + cv.contextVersion);
System.out.println("============================");
SSLContext context = SSLContext.getInstance(cv.contextVersion);
// Default SSLContext is initialized automatically.
@ -159,6 +166,7 @@ public class CustomizedServerDefaultProtocols {
//
// Check default SSLParameters of SSLContext
System.out.println("\tChecking default SSLParameters");
System.out.println("\t\tChecking SSLContext.getDefaultSSLParameters().getProtocols");
SSLParameters parameters = context.getDefaultSSLParameters();
String[] protocols = parameters.getProtocols();
@ -168,7 +176,7 @@ public class CustomizedServerDefaultProtocols {
failed |= !checkCipherSuites(ciphers);
// Check supported SSLParameters of SSLContext
System.out.println("\tChecking supported SSLParameters");
System.out.println("\t\tChecking supported SSLParameters");
parameters = context.getSupportedSSLParameters();
protocols = parameters.getProtocols();
@ -183,7 +191,7 @@ public class CustomizedServerDefaultProtocols {
// Check SSLParameters of SSLEngine
System.out.println();
System.out.println("\tChecking SSLEngine of this SSLContext");
System.out.println("\tChecking SSLEngine.getSSLParameters()");
System.out.println("\t\tChecking SSLEngine.getSSLParameters()");
SSLEngine engine = context.createSSLEngine();
engine.setUseClientMode(true);
parameters = engine.getSSLParameters();
@ -194,20 +202,20 @@ public class CustomizedServerDefaultProtocols {
ciphers = parameters.getCipherSuites();
failed |= !checkCipherSuites(ciphers);
System.out.println("\tChecking SSLEngine.getEnabledProtocols()");
System.out.println("\t\tChecking SSLEngine.getEnabledProtocols()");
protocols = engine.getEnabledProtocols();
failed |= !checkProtocols(protocols, cv.clientEnabledProtocols);
System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()");
System.out.println("\t\tChecking SSLEngine.getEnabledCipherSuites()");
ciphers = engine.getEnabledCipherSuites();
failed |= !checkCipherSuites(ciphers);
System.out.println("\tChecking SSLEngine.getSupportedProtocols()");
System.out.println("\t\tChecking SSLEngine.getSupportedProtocols()");
protocols = engine.getSupportedProtocols();
failed |= !checkProtocols(protocols, supportedProtocols);
System.out.println(
"\tChecking SSLEngine.getSupportedCipherSuites()");
"\t\tChecking SSLEngine.getSupportedCipherSuites()");
ciphers = engine.getSupportedCipherSuites();
failed |= !checkCipherSuites(ciphers);
@ -217,7 +225,7 @@ public class CustomizedServerDefaultProtocols {
// Check SSLParameters of SSLSocket
System.out.println();
System.out.println("\tChecking SSLSocket of this SSLContext");
System.out.println("\tChecking SSLSocket.getSSLParameters()");
System.out.println("\t\tChecking SSLSocket.getSSLParameters()");
SocketFactory fac = context.getSocketFactory();
SSLSocket socket = (SSLSocket) fac.createSocket();
parameters = socket.getSSLParameters();
@ -228,20 +236,20 @@ public class CustomizedServerDefaultProtocols {
ciphers = parameters.getCipherSuites();
failed |= !checkCipherSuites(ciphers);
System.out.println("\tChecking SSLSocket.getEnabledProtocols()");
System.out.println("\t\tChecking SSLSocket.getEnabledProtocols()");
protocols = socket.getEnabledProtocols();
failed |= !checkProtocols(protocols, cv.clientEnabledProtocols);
System.out.println("\tChecking SSLSocket.getEnabledCipherSuites()");
System.out.println("\t\tChecking SSLSocket.getEnabledCipherSuites()");
ciphers = socket.getEnabledCipherSuites();
failed |= !checkCipherSuites(ciphers);
System.out.println("\tChecking SSLSocket.getSupportedProtocols()");
System.out.println("\t\tChecking SSLSocket.getSupportedProtocols()");
protocols = socket.getSupportedProtocols();
failed |= !checkProtocols(protocols, supportedProtocols);
System.out.println(
"\tChecking SSLSocket.getSupportedCipherSuites()");
"\t\tChecking SSLSocket.getSupportedCipherSuites()");
ciphers = socket.getSupportedCipherSuites();
failed |= !checkCipherSuites(ciphers);
@ -251,7 +259,7 @@ public class CustomizedServerDefaultProtocols {
// Check SSLParameters of SSLServerSocket
System.out.println();
System.out.println("\tChecking SSLServerSocket of this SSLContext");
System.out.println("\tChecking SSLServerSocket.getSSLParameters()");
System.out.println("\t\tChecking SSLServerSocket.getSSLParameters()");
SSLServerSocketFactory sf = context.getServerSocketFactory();
SSLServerSocket ssocket = (SSLServerSocket) sf.createServerSocket();
parameters = ssocket.getSSLParameters();
@ -262,27 +270,25 @@ public class CustomizedServerDefaultProtocols {
ciphers = parameters.getCipherSuites();
failed |= !checkCipherSuites(ciphers);
System.out.println("\tChecking SSLEngine.getEnabledProtocols()");
System.out.println("\t\tChecking SSLEngine.getEnabledProtocols()");
protocols = ssocket.getEnabledProtocols();
failed |= !checkProtocols(protocols, cv.serverEnabledProtocols);
System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()");
System.out.println("\t\tChecking SSLEngine.getEnabledCipherSuites()");
ciphers = ssocket.getEnabledCipherSuites();
failed |= !checkCipherSuites(ciphers);
System.out.println("\tChecking SSLEngine.getSupportedProtocols()");
System.out.println("\t\tChecking SSLEngine.getSupportedProtocols()");
protocols = ssocket.getSupportedProtocols();
failed |= !checkProtocols(protocols, supportedProtocols);
System.out.println(
"\tChecking SSLEngine.getSupportedCipherSuites()");
"\t\tChecking SSLEngine.getSupportedCipherSuites()");
ciphers = ssocket.getSupportedCipherSuites();
failed |= !checkCipherSuites(ciphers);
if (failed) {
throw new Exception("Run into problems, see log for more details");
} else {
System.out.println("\t... Success");
}
}
}

72
test/jdk/sun/security/ssl/SSLContextImpl/DefaultEnabledProtocols.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2013, 2018, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2013, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -49,26 +49,28 @@ import javax.net.ssl.TrustManager;
public class DefaultEnabledProtocols {
enum ContextVersion {
TLS_CV_01("SSL",
new String[] {"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}),
new String[] {"TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}),
TLS_CV_02("TLS",
new String[] {"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}),
new String[] {"TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}),
TLS_CV_03("SSLv3",
new String[] {"SSLv3", "TLSv1"}),
new String[] {"TLSv1"}),
TLS_CV_04("TLSv1",
new String[] {"SSLv3", "TLSv1"}),
new String[] {"TLSv1"}),
TLS_CV_05("TLSv1.1",
new String[] {"SSLv3", "TLSv1", "TLSv1.1"}),
new String[] {"TLSv1", "TLSv1.1"}),
TLS_CV_06("TLSv1.2",
new String[] {"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2"}),
new String[] {"TLSv1", "TLSv1.1", "TLSv1.2"}),
TLS_CV_07("TLSv1.3",
new String[] {"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}),
new String[] {"TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}),
TLS_CV_08("Default",
new String[] {"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"});
new String[] {"TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"});
final String contextVersion;
final String[] enabledProtocols;
final static String[] supportedProtocols = new String[] {
"SSLv2Hello", "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"};
final static String[] serverDefaultProtocols = new String[] {
"TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"};
ContextVersion(String contextVersion, String[] enabledProtocols) {
this.contextVersion = contextVersion;
@ -79,16 +81,17 @@ public class DefaultEnabledProtocols {
private static boolean checkProtocols(String[] target, String[] expected) {
boolean success = true;
if (target.length == 0) {
System.out.println("\tError: No protocols");
System.out.println("\t\t\t*** Error: No protocols");
success = false;
}
if (!protocolEquals(target, expected)) {
System.out.println("\tError: Expected to get protocols " +
System.out.println("\t\t\t*** Error: Expected to get protocols " +
Arrays.toString(expected));
success = false;
}
System.out.println("\t Protocols found " + Arrays.toString(target));
System.out.println("\t\t\t Protocols found " + Arrays.toString(target));
System.out.println("\t\t\t--> Protocol check passed!!");
return success;
}
@ -107,13 +110,14 @@ public class DefaultEnabledProtocols {
}
}
System.out.println("\t\t\t--> Cipher check passed!!");
return true;
}
private static boolean checkCipherSuites(String[] target) {
boolean success = true;
if (target.length == 0) {
System.out.println("\tError: No cipher suites");
System.out.println("\t\t\t*** Error: No cipher suites");
success = false;
}
@ -127,7 +131,8 @@ public class DefaultEnabledProtocols {
boolean failed = false;
for (ContextVersion cv : ContextVersion.values()) {
System.out.println("Checking SSLContext of " + cv.contextVersion);
System.out.println("\n\nChecking SSLContext of " + cv.contextVersion);
System.out.println("============================");
SSLContext context = SSLContext.getInstance(cv.contextVersion);
// Default SSLContext is initialized automatically.
@ -141,6 +146,7 @@ public class DefaultEnabledProtocols {
//
// Check default SSLParameters of SSLContext
System.out.println("\tChecking default SSLParameters");
System.out.println("\t\tChecking SSLContext.getDefaultSSLParameters().getProtocols");
SSLParameters parameters = context.getDefaultSSLParameters();
String[] protocols = parameters.getProtocols();
@ -150,7 +156,7 @@ public class DefaultEnabledProtocols {
failed |= !checkCipherSuites(ciphers);
// Check supported SSLParameters of SSLContext
System.out.println("\tChecking supported SSLParameters");
System.out.println("\t\tChecking SSLContext.getSupportedSSLParameters().getProtocols()");
parameters = context.getSupportedSSLParameters();
protocols = parameters.getProtocols();
@ -165,7 +171,7 @@ public class DefaultEnabledProtocols {
// Check SSLParameters of SSLEngine
System.out.println();
System.out.println("\tChecking SSLEngine of this SSLContext");
System.out.println("\tChecking SSLEngine.getSSLParameters()");
System.out.println("\t\tChecking SSLEngine.getSSLParameters()");
SSLEngine engine = context.createSSLEngine();
engine.setUseClientMode(true);
parameters = engine.getSSLParameters();
@ -176,20 +182,20 @@ public class DefaultEnabledProtocols {
ciphers = parameters.getCipherSuites();
failed |= !checkCipherSuites(ciphers);
System.out.println("\tChecking SSLEngine.getEnabledProtocols()");
System.out.println("\t\tChecking SSLEngine.getEnabledProtocols()");
protocols = engine.getEnabledProtocols();
failed |= !checkProtocols(protocols, cv.enabledProtocols);
System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()");
System.out.println("\t\tChecking SSLEngine.getEnabledCipherSuites()");
ciphers = engine.getEnabledCipherSuites();
failed |= !checkCipherSuites(ciphers);
System.out.println("\tChecking SSLEngine.getSupportedProtocols()");
System.out.println("\t\tChecking SSLEngine.getSupportedProtocols()");
protocols = engine.getSupportedProtocols();
failed |= !checkProtocols(protocols, cv.supportedProtocols);
System.out.println(
"\tChecking SSLEngine.getSupportedCipherSuites()");
"\t\tChecking SSLEngine.getSupportedCipherSuites()");
ciphers = engine.getSupportedCipherSuites();
failed |= !checkCipherSuites(ciphers);
@ -199,7 +205,7 @@ public class DefaultEnabledProtocols {
// Check SSLParameters of SSLSocket
System.out.println();
System.out.println("\tChecking SSLSocket of this SSLContext");
System.out.println("\tChecking SSLSocket.getSSLParameters()");
System.out.println("\t\tChecking SSLSocket.getSSLParameters()");
SocketFactory fac = context.getSocketFactory();
SSLSocket socket = (SSLSocket)fac.createSocket();
parameters = socket.getSSLParameters();
@ -210,20 +216,20 @@ public class DefaultEnabledProtocols {
ciphers = parameters.getCipherSuites();
failed |= !checkCipherSuites(ciphers);
System.out.println("\tChecking SSLEngine.getEnabledProtocols()");
System.out.println("\t\tChecking SSLEngine.getEnabledProtocols()");
protocols = socket.getEnabledProtocols();
failed |= !checkProtocols(protocols, cv.enabledProtocols);
System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()");
System.out.println("\t\tChecking SSLEngine.getEnabledCipherSuites()");
ciphers = socket.getEnabledCipherSuites();
failed |= !checkCipherSuites(ciphers);
System.out.println("\tChecking SSLEngine.getSupportedProtocols()");
System.out.println("\t\tChecking SSLEngine.getSupportedProtocols()");
protocols = socket.getSupportedProtocols();
failed |= !checkProtocols(protocols, cv.supportedProtocols);
System.out.println(
"\tChecking SSLEngine.getSupportedCipherSuites()");
"\t\tChecking SSLEngine.getSupportedCipherSuites()");
ciphers = socket.getSupportedCipherSuites();
failed |= !checkCipherSuites(ciphers);
@ -233,39 +239,37 @@ public class DefaultEnabledProtocols {
// Check SSLParameters of SSLServerSocket
System.out.println();
System.out.println("\tChecking SSLServerSocket of this SSLContext");
System.out.println("\tChecking SSLServerSocket.getSSLParameters()");
System.out.println("\t\tChecking SSLServerSocket.getSSLParameters()");
SSLServerSocketFactory sf = context.getServerSocketFactory();
SSLServerSocket ssocket = (SSLServerSocket)sf.createServerSocket();
parameters = ssocket.getSSLParameters();
protocols = parameters.getProtocols();
failed |= !checkProtocols(protocols, cv.supportedProtocols);
failed |= !checkProtocols(protocols, cv.serverDefaultProtocols);
ciphers = parameters.getCipherSuites();
failed |= !checkCipherSuites(ciphers);
System.out.println("\tChecking SSLEngine.getEnabledProtocols()");
System.out.println("\t\tChecking SSLEngine.getEnabledProtocols()");
protocols = ssocket.getEnabledProtocols();
failed |= !checkProtocols(protocols, cv.supportedProtocols);
failed |= !checkProtocols(protocols, cv.serverDefaultProtocols);
System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()");
System.out.println("\t\tChecking SSLEngine.getEnabledCipherSuites()");
ciphers = ssocket.getEnabledCipherSuites();
failed |= !checkCipherSuites(ciphers);
System.out.println("\tChecking SSLEngine.getSupportedProtocols()");
System.out.println("\t\tChecking SSLEngine.getSupportedProtocols()");
protocols = ssocket.getSupportedProtocols();
failed |= !checkProtocols(protocols, cv.supportedProtocols);
System.out.println(
"\tChecking SSLEngine.getSupportedCipherSuites()");
"\t\tChecking SSLEngine.getSupportedCipherSuites()");
ciphers = ssocket.getSupportedCipherSuites();
failed |= !checkCipherSuites(ciphers);
}
if (failed) {
throw new Exception("Run into problems, see log for more details");
} else {
System.out.println("\t... Success");
}
}
}

70
test/jdk/sun/security/ssl/SSLContextImpl/NoOldVersionContext.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2013, 2018, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2013, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -26,7 +26,7 @@
/*
* @test
* @bug 7093640
* @bug 7093640 8190492
* @summary Enable TLS 1.1 and TLS 1.2 by default in client side of SunJSSE
* @run main/othervm -Djdk.tls.client.protocols="TLSv1,TLSv1.1,TLSv1.2"
* NoOldVersionContext
@ -54,15 +54,15 @@ public class NoOldVersionContext {
TLS_CV_02("TLS",
new String[] {"TLSv1", "TLSv1.1", "TLSv1.2"}),
TLS_CV_03("SSLv3",
new String[] {"SSLv3", "TLSv1"}),
new String[] {"TLSv1"}),
TLS_CV_04("TLSv1",
new String[] {"SSLv3", "TLSv1"}),
new String[] {"TLSv1"}),
TLS_CV_05("TLSv1.1",
new String[] {"SSLv3", "TLSv1", "TLSv1.1"}),
new String[] {"TLSv1", "TLSv1.1"}),
TLS_CV_06("TLSv1.2",
new String[] {"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2"}),
new String[] {"TLSv1", "TLSv1.1", "TLSv1.2"}),
TLS_CV_07("TLSv1.3",
new String[] {"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}),
new String[] {"TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}),
TLS_CV_08("Default",
new String[] {"TLSv1", "TLSv1.1", "TLSv1.2"});
@ -70,6 +70,8 @@ public class NoOldVersionContext {
final String[] enabledProtocols;
final static String[] supportedProtocols = new String[] {
"SSLv2Hello", "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"};
final static String[] serverDefaultProtocols = new String[] {
"TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"};
ContextVersion(String contextVersion, String[] enabledProtocols) {
this.contextVersion = contextVersion;
@ -80,14 +82,14 @@ public class NoOldVersionContext {
private static boolean checkProtocols(String[] target, String[] expected) {
boolean success = true;
if (target.length == 0) {
System.out.println("\tError: No protocols");
System.out.println("\t\t\t*** Error: No protocols");
success = false;
}
if (!protocolEquals(target, expected)) {
System.out.println("\tError: Expected to get protocols " +
System.out.println("\t\t\t*** Error: Expected to get protocols " +
Arrays.toString(expected));
System.out.println("\tError: The actual protocols " +
System.out.println("\t\t\t*** Error: The actual protocols " +
Arrays.toString(target));
success = false;
}
@ -109,16 +111,18 @@ public class NoOldVersionContext {
}
}
System.out.println("\t\t\t--> Protocol check passed!!");
return true;
}
private static boolean checkCipherSuites(String[] target) {
boolean success = true;
if (target.length == 0) {
System.out.println("\tError: No cipher suites");
System.out.println("\t\t\t*** Error: No cipher suites");
success = false;
}
System.out.println("\t\t\t--> Cipher check passed!!");
return success;
}
@ -129,7 +133,8 @@ public class NoOldVersionContext {
boolean failed = false;
for (ContextVersion cv : ContextVersion.values()) {
System.out.println("Checking SSLContext of " + cv.contextVersion);
System.out.println("\n\nChecking SSLContext of " + cv.contextVersion);
System.out.println("============================");
SSLContext context = SSLContext.getInstance(cv.contextVersion);
// Default SSLContext is initialized automatically.
@ -143,6 +148,7 @@ public class NoOldVersionContext {
//
// Check default SSLParameters of SSLContext
System.out.println("\tChecking default SSLParameters");
System.out.println("\t\tChecking SSLContext.getDefaultSSLParameters().getProtocols");
SSLParameters parameters = context.getDefaultSSLParameters();
String[] protocols = parameters.getProtocols();
@ -152,7 +158,7 @@ public class NoOldVersionContext {
failed |= !checkCipherSuites(ciphers);
// Check supported SSLParameters of SSLContext
System.out.println("\tChecking supported SSLParameters");
System.out.println("\t\tChecking SSLContext.getSupportedSSLParameters().getProtocols()");
parameters = context.getSupportedSSLParameters();
protocols = parameters.getProtocols();
@ -166,8 +172,8 @@ public class NoOldVersionContext {
//
// Check SSLParameters of SSLEngine
System.out.println();
System.out.println("\tChecking SSLEngine of this SSLContext");
System.out.println("\tChecking SSLEngine.getSSLParameters()");
System.out.println("\tChecking SSLEngine of this SSLContext - client mode");
System.out.println("\t\tChecking SSLEngine.getSSLParameters()");
SSLEngine engine = context.createSSLEngine();
engine.setUseClientMode(true);
parameters = engine.getSSLParameters();
@ -178,20 +184,20 @@ public class NoOldVersionContext {
ciphers = parameters.getCipherSuites();
failed |= !checkCipherSuites(ciphers);
System.out.println("\tChecking SSLEngine.getEnabledProtocols()");
System.out.println("\t\tChecking SSLEngine.getEnabledProtocols()");
protocols = engine.getEnabledProtocols();
failed |= !checkProtocols(protocols, cv.enabledProtocols);
System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()");
System.out.println("\t\tChecking SSLEngine.getEnabledCipherSuites()");
ciphers = engine.getEnabledCipherSuites();
failed |= !checkCipherSuites(ciphers);
System.out.println("\tChecking SSLEngine.getSupportedProtocols()");
System.out.println("\t\tChecking SSLEngine.getSupportedProtocols()");
protocols = engine.getSupportedProtocols();
failed |= !checkProtocols(protocols, cv.supportedProtocols);
System.out.println(
"\tChecking SSLEngine.getSupportedCipherSuites()");
"\t\tChecking SSLEngine.getSupportedCipherSuites()");
ciphers = engine.getSupportedCipherSuites();
failed |= !checkCipherSuites(ciphers);
@ -201,7 +207,7 @@ public class NoOldVersionContext {
// Check SSLParameters of SSLSocket
System.out.println();
System.out.println("\tChecking SSLSocket of this SSLContext");
System.out.println("\tChecking SSLSocket.getSSLParameters()");
System.out.println("\t\tChecking SSLSocket.getSSLParameters()");
SocketFactory fac = context.getSocketFactory();
SSLSocket socket = (SSLSocket)fac.createSocket();
parameters = socket.getSSLParameters();
@ -212,20 +218,20 @@ public class NoOldVersionContext {
ciphers = parameters.getCipherSuites();
failed |= !checkCipherSuites(ciphers);
System.out.println("\tChecking SSLEngine.getEnabledProtocols()");
System.out.println("\t\tChecking SSLEngine.getEnabledProtocols()");
protocols = socket.getEnabledProtocols();
failed |= !checkProtocols(protocols, cv.enabledProtocols);
System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()");
System.out.println("\t\tChecking SSLEngine.getEnabledCipherSuites()");
ciphers = socket.getEnabledCipherSuites();
failed |= !checkCipherSuites(ciphers);
System.out.println("\tChecking SSLEngine.getSupportedProtocols()");
System.out.println("\t\tChecking SSLEngine.getSupportedProtocols()");
protocols = socket.getSupportedProtocols();
failed |= !checkProtocols(protocols, cv.supportedProtocols);
System.out.println(
"\tChecking SSLEngine.getSupportedCipherSuites()");
"\t\tChecking SSLEngine.getSupportedCipherSuites()");
ciphers = socket.getSupportedCipherSuites();
failed |= !checkCipherSuites(ciphers);
@ -235,39 +241,37 @@ public class NoOldVersionContext {
// Check SSLParameters of SSLServerSocket
System.out.println();
System.out.println("\tChecking SSLServerSocket of this SSLContext");
System.out.println("\tChecking SSLServerSocket.getSSLParameters()");
System.out.println("\t\tChecking SSLServerSocket.getSSLParameters()");
SSLServerSocketFactory sf = context.getServerSocketFactory();
SSLServerSocket ssocket = (SSLServerSocket)sf.createServerSocket();
parameters = ssocket.getSSLParameters();
protocols = parameters.getProtocols();
failed |= !checkProtocols(protocols, cv.supportedProtocols);
failed |= !checkProtocols(protocols, cv.serverDefaultProtocols);
ciphers = parameters.getCipherSuites();
failed |= !checkCipherSuites(ciphers);
System.out.println("\tChecking SSLEngine.getEnabledProtocols()");
System.out.println("\t\tChecking SSLEngine.getEnabledProtocols()");
protocols = ssocket.getEnabledProtocols();
failed |= !checkProtocols(protocols, cv.supportedProtocols);
failed |= !checkProtocols(protocols, cv.serverDefaultProtocols);
System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()");
System.out.println("\t\tChecking SSLEngine.getEnabledCipherSuites()");
ciphers = ssocket.getEnabledCipherSuites();
failed |= !checkCipherSuites(ciphers);
System.out.println("\tChecking SSLEngine.getSupportedProtocols()");
System.out.println("\t\tChecking SSLEngine.getSupportedProtocols()");
protocols = ssocket.getSupportedProtocols();
failed |= !checkProtocols(protocols, cv.supportedProtocols);
System.out.println(
"\tChecking SSLEngine.getSupportedCipherSuites()");
"\t\tChecking SSLEngine.getSupportedCipherSuites()");
ciphers = ssocket.getSupportedCipherSuites();
failed |= !checkCipherSuites(ciphers);
}
if (failed) {
throw new Exception("Run into problems, see log for more details");
} else {
System.out.println("\t... Success");
}
}
}

10
test/jdk/sun/security/ssl/SSLSocketImpl/InvalidateServerSessionRenegotiate.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2001, 2011, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2001, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -28,7 +28,7 @@
/*
* @test
* @bug 4403428
* @bug 4403428 8190492
* @summary Invalidating JSSE session on server causes SSLProtocolException
* @run main/othervm InvalidateServerSessionRenegotiate SSLv3
* @run main/othervm InvalidateServerSessionRenegotiate TLSv1
@ -120,6 +120,12 @@ public class InvalidateServerSessionRenegotiate implements
SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept();
sslSocket.addHandshakeCompletedListener(this);
// Enable all supported protocols on server side to test SSLv3
if ("SSLv3".equals(tlsProtocol)) {
sslSocket.setEnabledProtocols(sslSocket.getSupportedProtocols());
}
InputStream sslIS = sslSocket.getInputStream();
OutputStream sslOS = sslSocket.getOutputStream();

10
test/jdk/sun/security/ssl/SSLSocketImpl/NoImpactServerRenego.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2013, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -26,7 +26,7 @@
/*
* @test
* @bug 7188658
* @bug 7188658 8190492
* @summary Add possibility to disable client initiated renegotiation
* @run main/othervm -Djdk.tls.rejectClientInitiatedRenegotiation=true
* NoImpactServerRenego SSLv3
@ -121,6 +121,12 @@ public class NoImpactServerRenego implements
SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept();
sslSocket.addHandshakeCompletedListener(this);
// Enable all supported protocols on server side to test SSLv3
if ("SSLv3".equals(tlsProtocol)) {
sslSocket.setEnabledProtocols(sslSocket.getSupportedProtocols());
}
InputStream sslIS = sslSocket.getInputStream();
OutputStream sslOS = sslSocket.getOutputStream();