stan/jdk-24
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

8190492: Remove SSLv2Hello and SSLv3 from default enabled TLS protocols

Browse Source 
Reviewed-by: mullan, wetmore, xuelei
This commit is contained in:
Rajan Halade 2019-12-09 21:38:12 -08:00
parent 63ba804f4f
commit 5fc46f3c50
13 changed files with 210 additions and 166 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java
View File

@ -550,9 +550,7 @@ public abstract class SSLContextImpl extends SSLContextSpi {
ProtocolVersion.TLS13, ProtocolVersion.TLS13,
ProtocolVersion.TLS12, ProtocolVersion.TLS12,
ProtocolVersion.TLS11, ProtocolVersion.TLS11,
ProtocolVersion.TLS10, ProtocolVersion.TLS10
ProtocolVersion.SSL30,
ProtocolVersion.SSL20Hello
}); });
supportedCipherSuites = getApplicableSupportedCipherSuites( supportedCipherSuites = getApplicableSupportedCipherSuites(
@ -609,8 +607,7 @@ public abstract class SSLContextImpl extends SSLContextSpi {
static { static {
clientDefaultProtocols = getAvailableProtocols( clientDefaultProtocols = getAvailableProtocols(
new ProtocolVersion[] { new ProtocolVersion[] {
ProtocolVersion.TLS10, ProtocolVersion.TLS10
ProtocolVersion.SSL30
}); });
clientDefaultCipherSuites = getApplicableEnabledCipherSuites( clientDefaultCipherSuites = getApplicableEnabledCipherSuites(
@ -641,8 +638,7 @@ public abstract class SSLContextImpl extends SSLContextSpi {
clientDefaultProtocols = getAvailableProtocols( clientDefaultProtocols = getAvailableProtocols(
new ProtocolVersion[] { new ProtocolVersion[] {
ProtocolVersion.TLS11, ProtocolVersion.TLS11,
ProtocolVersion.TLS10, ProtocolVersion.TLS10
ProtocolVersion.SSL30
}); });
clientDefaultCipherSuites = getApplicableEnabledCipherSuites( clientDefaultCipherSuites = getApplicableEnabledCipherSuites(
@ -675,8 +671,7 @@ public abstract class SSLContextImpl extends SSLContextSpi {
new ProtocolVersion[] { new ProtocolVersion[] {
ProtocolVersion.TLS12, ProtocolVersion.TLS12,
ProtocolVersion.TLS11, ProtocolVersion.TLS11,
ProtocolVersion.TLS10, ProtocolVersion.TLS10
ProtocolVersion.SSL30
}); });
clientDefaultCipherSuites = getApplicableEnabledCipherSuites( clientDefaultCipherSuites = getApplicableEnabledCipherSuites(
@ -709,8 +704,7 @@ public abstract class SSLContextImpl extends SSLContextSpi {
ProtocolVersion.TLS13, ProtocolVersion.TLS13,
ProtocolVersion.TLS12, ProtocolVersion.TLS12,
ProtocolVersion.TLS11, ProtocolVersion.TLS11,
ProtocolVersion.TLS10, ProtocolVersion.TLS10
ProtocolVersion.SSL30
}); });
clientDefaultCipherSuites = getApplicableEnabledCipherSuites( clientDefaultCipherSuites = getApplicableEnabledCipherSuites(
@ -853,18 +847,16 @@ public abstract class SSLContextImpl extends SSLContextSpi {
ProtocolVersion.TLS13, ProtocolVersion.TLS13,
ProtocolVersion.TLS12, ProtocolVersion.TLS12,
ProtocolVersion.TLS11, ProtocolVersion.TLS11,
ProtocolVersion.TLS10, ProtocolVersion.TLS10
ProtocolVersion.SSL30
}; };
} else { } else {
// default server protocols
candidates = new ProtocolVersion[] { candidates = new ProtocolVersion[] {
ProtocolVersion.TLS13, ProtocolVersion.TLS13,
ProtocolVersion.TLS12, ProtocolVersion.TLS12,
ProtocolVersion.TLS11, ProtocolVersion.TLS11,
ProtocolVersion.TLS10, ProtocolVersion.TLS10
ProtocolVersion.SSL30,
ProtocolVersion.SSL20Hello
}; };
} }
} else { } else {

9
test/jdk/javax/net/ssl/SSLEngine/NoAuthClientAuth.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2003, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -28,7 +28,7 @@
/* /*
* @test * @test
* @bug 4495742 * @bug 4495742 8190492
* @summary Demonstrate SSLEngine switch from no client auth to client auth. * @summary Demonstrate SSLEngine switch from no client auth to client auth.
* @run main/othervm NoAuthClientAuth SSLv3 * @run main/othervm NoAuthClientAuth SSLv3
* @run main/othervm NoAuthClientAuth TLSv1 * @run main/othervm NoAuthClientAuth TLSv1
@ -304,6 +304,11 @@ public class NoAuthClientAuth {
serverEngine.setUseClientMode(false); serverEngine.setUseClientMode(false);
serverEngine.setNeedClientAuth(false); serverEngine.setNeedClientAuth(false);
// Enable all supported protocols on server side to test SSLv3
if ("SSLv3".equals(tlsProtocol)) {
serverEngine.setEnabledProtocols(serverEngine.getSupportedProtocols());
}
/* /*
* Similar to above, but using client mode instead. * Similar to above, but using client mode instead.
*/ */

7
test/jdk/javax/net/ssl/ServerName/SSLEngineExplorer.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2012, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -28,7 +28,7 @@
/* /*
* @test * @test
* @bug 7068321 * @bug 7068321 8190492
* @summary Support TLS Server Name Indication (SNI) Extension in JSSE Server * @summary Support TLS Server Name Indication (SNI) Extension in JSSE Server
* @library ../SSLEngine ../templates * @library ../SSLEngine ../templates
* @build SSLEngineService SSLCapabilities SSLExplorer * @build SSLEngineService SSLCapabilities SSLExplorer
@ -80,6 +80,9 @@ public class SSLEngineExplorer extends SSLEngineService {
// create SSLEngine. // create SSLEngine.
SSLEngine ssle = createSSLEngine(false); SSLEngine ssle = createSSLEngine(false);
// Enable all supported protocols on server side to test SSLv3
ssle.setEnabledProtocols(ssle.getSupportedProtocols());
// Create a server socket channel. // Create a server socket channel.
InetSocketAddress isa = InetSocketAddress isa =
new InetSocketAddress(InetAddress.getLocalHost(), serverPort); new InetSocketAddress(InetAddress.getLocalHost(), serverPort);

7
test/jdk/javax/net/ssl/ServerName/SSLSocketExplorer.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2012, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -28,7 +28,7 @@
/** /**
* @test * @test
* @bug 7068321 * @bug 7068321 8190492
* @summary Support TLS Server Name Indication (SNI) Extension in JSSE Server * @summary Support TLS Server Name Indication (SNI) Extension in JSSE Server
* @library ../templates * @library ../templates
* @build SSLCapabilities SSLExplorer * @build SSLCapabilities SSLExplorer
@ -148,6 +148,9 @@ public class SSLSocketExplorer {
new ByteArrayInputStream(buffer, 0, position); new ByteArrayInputStream(buffer, 0, position);
SSLSocket sslSocket = (SSLSocket)sslsf.createSocket(socket, bais, true); SSLSocket sslSocket = (SSLSocket)sslsf.createSocket(socket, bais, true);
// Enable all supported protocols on server side to test SSLv3
sslSocket.setEnabledProtocols(sslSocket.getSupportedProtocols());
InputStream sslIS = sslSocket.getInputStream(); InputStream sslIS = sslSocket.getInputStream();
OutputStream sslOS = sslSocket.getOutputStream(); OutputStream sslOS = sslSocket.getOutputStream();

6
test/jdk/javax/net/ssl/sanity/interop/JSSEServer.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2002, 2018, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2002, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -51,6 +51,10 @@ class JSSEServer extends CipherTest.Server {
serverSocket serverSocket
= (SSLServerSocket) factory.createServerSocket(CipherTest.serverPort); = (SSLServerSocket) factory.createServerSocket(CipherTest.serverPort);
CipherTest.serverPort = serverSocket.getLocalPort(); CipherTest.serverPort = serverSocket.getLocalPort();
// JDK-8190492: Enable all supported protocols on server side to test SSLv3
serverSocket.setEnabledProtocols(serverSocket.getSupportedProtocols());
serverSocket.setEnabledCipherSuites(factory.getSupportedCipherSuites()); serverSocket.setEnabledCipherSuites(factory.getSupportedCipherSuites());
serverSocket.setWantClientAuth(true); serverSocket.setWantClientAuth(true);
} }

6
test/jdk/sun/security/pkcs11/sslecc/JSSEServer.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2002, 2017, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2002, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -52,6 +52,10 @@ class JSSEServer extends CipherTest.Server {
serverSocket = (SSLServerSocket)factory.createServerSocket(0); serverSocket = (SSLServerSocket)factory.createServerSocket(0);
serverSocket.setSoTimeout(CipherTest.TIMEOUT); serverSocket.setSoTimeout(CipherTest.TIMEOUT);
CipherTest.serverPort = serverSocket.getLocalPort(); CipherTest.serverPort = serverSocket.getLocalPort();
// JDK-8190492: Enable all supported protocols on server side to test SSLv3
serverSocket.setEnabledProtocols(serverSocket.getSupportedProtocols());
serverSocket.setEnabledCipherSuites(factory.getSupportedCipherSuites()); serverSocket.setEnabledCipherSuites(factory.getSupportedCipherSuites());
serverSocket.setWantClientAuth(true); serverSocket.setWantClientAuth(true);
} }

7
test/jdk/sun/security/ssl/ProtocolVersion/HttpsProtocols.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2002, 2014, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2002, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -23,7 +23,7 @@
/* /*
* @test * @test
* @bug 4671289 * @bug 4671289 8190492
* @summary passing https.protocols from command line doesn't work. * @summary passing https.protocols from command line doesn't work.
* @run main/othervm -Dhttps.protocols=SSLv3 HttpsProtocols * @run main/othervm -Dhttps.protocols=SSLv3 HttpsProtocols
* @author Brad Wetmore * @author Brad Wetmore
@ -88,6 +88,9 @@ public class HttpsProtocols implements HostnameVerifier {
SSLServerSocket sslServerSocket = SSLServerSocket sslServerSocket =
(SSLServerSocket) sslssf.createServerSocket(serverPort); (SSLServerSocket) sslssf.createServerSocket(serverPort);
// Enable all supported protocols on server side to test SSLv3
sslServerSocket.setEnabledProtocols(sslServerSocket.getSupportedProtocols());
serverPort = sslServerSocket.getLocalPort(); serverPort = sslServerSocket.getLocalPort();
/* /*

68
test/jdk/sun/security/ssl/SSLContextImpl/CustomizedDefaultProtocols.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2013, 2018, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2013, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -26,7 +26,7 @@
/* /*
* @test * @test
* @bug 7093640 * @bug 7093640 8190492
* @summary Enable TLS 1.1 and TLS 1.2 by default in client side of SunJSSE * @summary Enable TLS 1.1 and TLS 1.2 by default in client side of SunJSSE
* @run main/othervm -Djdk.tls.client.protocols="SSLv3,TLSv1,TLSv1.1" * @run main/othervm -Djdk.tls.client.protocols="SSLv3,TLSv1,TLSv1.1"
* CustomizedDefaultProtocols * CustomizedDefaultProtocols
@ -54,15 +54,15 @@ public class CustomizedDefaultProtocols {
TLS_CV_02("TLS", TLS_CV_02("TLS",
new String[] {"SSLv3", "TLSv1", "TLSv1.1"}), new String[] {"SSLv3", "TLSv1", "TLSv1.1"}),
TLS_CV_03("SSLv3", TLS_CV_03("SSLv3",
new String[] {"SSLv3", "TLSv1"}), new String[] {"TLSv1"}),
TLS_CV_04("TLSv1", TLS_CV_04("TLSv1",
new String[] {"SSLv3", "TLSv1"}), new String[] {"TLSv1"}),
TLS_CV_05("TLSv1.1", TLS_CV_05("TLSv1.1",
new String[] {"SSLv3", "TLSv1", "TLSv1.1"}), new String[] {"TLSv1", "TLSv1.1"}),
TLS_CV_06("TLSv1.2", TLS_CV_06("TLSv1.2",
new String[] {"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2"}), new String[] {"TLSv1", "TLSv1.1", "TLSv1.2"}),
TLS_CV_07("TLSv1.3", TLS_CV_07("TLSv1.3",
new String[] {"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}), new String[] {"TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}),
TLS_CV_08("Default", TLS_CV_08("Default",
new String[] {"SSLv3", "TLSv1", "TLSv1.1"}); new String[] {"SSLv3", "TLSv1", "TLSv1.1"});
@ -70,6 +70,8 @@ public class CustomizedDefaultProtocols {
final String[] enabledProtocols; final String[] enabledProtocols;
final static String[] supportedProtocols = new String[] { final static String[] supportedProtocols = new String[] {
"SSLv2Hello", "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}; "SSLv2Hello", "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"};
final static String[] serverDefaultProtocols = new String[] {
"TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"};
ContextVersion(String contextVersion, String[] enabledProtocols) { ContextVersion(String contextVersion, String[] enabledProtocols) {
this.contextVersion = contextVersion; this.contextVersion = contextVersion;
@ -80,16 +82,17 @@ public class CustomizedDefaultProtocols {
private static boolean checkProtocols(String[] target, String[] expected) { private static boolean checkProtocols(String[] target, String[] expected) {
boolean success = true; boolean success = true;
if (target.length == 0) { if (target.length == 0) {
System.out.println("\tError: No protocols"); System.out.println("\t\t\t*** Error: No protocols");
success = false; success = false;
} }
if (!protocolEquals(target, expected)) { if (!protocolEquals(target, expected)) {
System.out.println("\tError: Expected to get protocols " + System.out.println("\t\t\t*** Error: Expected to get protocols " +
Arrays.toString(expected)); Arrays.toString(expected));
success = false; success = false;
} }
System.out.println("\t Protocols found " + Arrays.toString(target)); System.out.println("\t\t\t Protocols found " + Arrays.toString(target));
System.out.println("\t\t\t--> Protocol check passed!!");
return success; return success;
} }
@ -114,10 +117,11 @@ public class CustomizedDefaultProtocols {
private static boolean checkCipherSuites(String[] target) { private static boolean checkCipherSuites(String[] target) {
boolean success = true; boolean success = true;
if (target.length == 0) { if (target.length == 0) {
System.out.println("\tError: No cipher suites"); System.out.println("\t\t\t*** Error: No cipher suites");
success = false; success = false;
} }
System.out.println("\t\t\t--> Cipher check passed!!");
return success; return success;
} }
@ -128,7 +132,8 @@ public class CustomizedDefaultProtocols {
boolean failed = false; boolean failed = false;
for (ContextVersion cv : ContextVersion.values()) { for (ContextVersion cv : ContextVersion.values()) {
System.out.println("Checking SSLContext of " + cv.contextVersion); System.out.println("\n\nChecking SSLContext of " + cv.contextVersion);
System.out.println("============================");
SSLContext context = SSLContext.getInstance(cv.contextVersion); SSLContext context = SSLContext.getInstance(cv.contextVersion);
// Default SSLContext is initialized automatically. // Default SSLContext is initialized automatically.
@ -142,6 +147,7 @@ public class CustomizedDefaultProtocols {
// //
// Check default SSLParameters of SSLContext // Check default SSLParameters of SSLContext
System.out.println("\tChecking default SSLParameters"); System.out.println("\tChecking default SSLParameters");
System.out.println("\t\tChecking SSLContext.getDefaultSSLParameters().getProtocols");
SSLParameters parameters = context.getDefaultSSLParameters(); SSLParameters parameters = context.getDefaultSSLParameters();
String[] protocols = parameters.getProtocols(); String[] protocols = parameters.getProtocols();
@ -151,7 +157,7 @@ public class CustomizedDefaultProtocols {
failed |= !checkCipherSuites(ciphers); failed |= !checkCipherSuites(ciphers);
// Check supported SSLParameters of SSLContext // Check supported SSLParameters of SSLContext
System.out.println("\tChecking supported SSLParameters"); System.out.println("\t\tChecking supported SSLParameters");
parameters = context.getSupportedSSLParameters(); parameters = context.getSupportedSSLParameters();
protocols = parameters.getProtocols(); protocols = parameters.getProtocols();
@ -166,7 +172,7 @@ public class CustomizedDefaultProtocols {
// Check SSLParameters of SSLEngine // Check SSLParameters of SSLEngine
System.out.println(); System.out.println();
System.out.println("\tChecking SSLEngine of this SSLContext"); System.out.println("\tChecking SSLEngine of this SSLContext");
System.out.println("\tChecking SSLEngine.getSSLParameters()"); System.out.println("\t\tChecking SSLEngine.getSSLParameters()");
SSLEngine engine = context.createSSLEngine(); SSLEngine engine = context.createSSLEngine();
engine.setUseClientMode(true); engine.setUseClientMode(true);
parameters = engine.getSSLParameters(); parameters = engine.getSSLParameters();
@ -177,20 +183,20 @@ public class CustomizedDefaultProtocols {
ciphers = parameters.getCipherSuites(); ciphers = parameters.getCipherSuites();
failed |= !checkCipherSuites(ciphers); failed |= !checkCipherSuites(ciphers);
System.out.println("\tChecking SSLEngine.getEnabledProtocols()"); System.out.println("\t\tChecking SSLEngine.getEnabledProtocols()");
protocols = engine.getEnabledProtocols(); protocols = engine.getEnabledProtocols();
failed |= !checkProtocols(protocols, cv.enabledProtocols); failed |= !checkProtocols(protocols, cv.enabledProtocols);
System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()"); System.out.println("\t\tChecking SSLEngine.getEnabledCipherSuites()");
ciphers = engine.getEnabledCipherSuites(); ciphers = engine.getEnabledCipherSuites();
failed |= !checkCipherSuites(ciphers); failed |= !checkCipherSuites(ciphers);
System.out.println("\tChecking SSLEngine.getSupportedProtocols()"); System.out.println("\t\tChecking SSLEngine.getSupportedProtocols()");
protocols = engine.getSupportedProtocols(); protocols = engine.getSupportedProtocols();
failed |= !checkProtocols(protocols, cv.supportedProtocols); failed |= !checkProtocols(protocols, cv.supportedProtocols);
System.out.println( System.out.println(
"\tChecking SSLEngine.getSupportedCipherSuites()"); "\t\tChecking SSLEngine.getSupportedCipherSuites()");
ciphers = engine.getSupportedCipherSuites(); ciphers = engine.getSupportedCipherSuites();
failed |= !checkCipherSuites(ciphers); failed |= !checkCipherSuites(ciphers);
@ -200,7 +206,7 @@ public class CustomizedDefaultProtocols {
// Check SSLParameters of SSLSocket // Check SSLParameters of SSLSocket
System.out.println(); System.out.println();
System.out.println("\tChecking SSLSocket of this SSLContext"); System.out.println("\tChecking SSLSocket of this SSLContext");
System.out.println("\tChecking SSLSocket.getSSLParameters()"); System.out.println("\t\tChecking SSLSocket.getSSLParameters()");
SocketFactory fac = context.getSocketFactory(); SocketFactory fac = context.getSocketFactory();
SSLSocket socket = (SSLSocket)fac.createSocket(); SSLSocket socket = (SSLSocket)fac.createSocket();
parameters = socket.getSSLParameters(); parameters = socket.getSSLParameters();
@ -211,20 +217,20 @@ public class CustomizedDefaultProtocols {
ciphers = parameters.getCipherSuites(); ciphers = parameters.getCipherSuites();
failed |= !checkCipherSuites(ciphers); failed |= !checkCipherSuites(ciphers);
System.out.println("\tChecking SSLEngine.getEnabledProtocols()"); System.out.println("\t\tChecking SSLEngine.getEnabledProtocols()");
protocols = socket.getEnabledProtocols(); protocols = socket.getEnabledProtocols();
failed |= !checkProtocols(protocols, cv.enabledProtocols); failed |= !checkProtocols(protocols, cv.enabledProtocols);
System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()"); System.out.println("\t\tChecking SSLEngine.getEnabledCipherSuites()");
ciphers = socket.getEnabledCipherSuites(); ciphers = socket.getEnabledCipherSuites();
failed |= !checkCipherSuites(ciphers); failed |= !checkCipherSuites(ciphers);
System.out.println("\tChecking SSLEngine.getSupportedProtocols()"); System.out.println("\t\tChecking SSLEngine.getSupportedProtocols()");
protocols = socket.getSupportedProtocols(); protocols = socket.getSupportedProtocols();
failed |= !checkProtocols(protocols, cv.supportedProtocols); failed |= !checkProtocols(protocols, cv.supportedProtocols);
System.out.println( System.out.println(
"\tChecking SSLEngine.getSupportedCipherSuites()"); "\t\tChecking SSLEngine.getSupportedCipherSuites()");
ciphers = socket.getSupportedCipherSuites(); ciphers = socket.getSupportedCipherSuites();
failed |= !checkCipherSuites(ciphers); failed |= !checkCipherSuites(ciphers);
@ -234,39 +240,37 @@ public class CustomizedDefaultProtocols {
// Check SSLParameters of SSLServerSocket // Check SSLParameters of SSLServerSocket
System.out.println(); System.out.println();
System.out.println("\tChecking SSLServerSocket of this SSLContext"); System.out.println("\tChecking SSLServerSocket of this SSLContext");
System.out.println("\tChecking SSLServerSocket.getSSLParameters()"); System.out.println("\t\tChecking SSLServerSocket.getSSLParameters()");
SSLServerSocketFactory sf = context.getServerSocketFactory(); SSLServerSocketFactory sf = context.getServerSocketFactory();
SSLServerSocket ssocket = (SSLServerSocket)sf.createServerSocket(); SSLServerSocket ssocket = (SSLServerSocket)sf.createServerSocket();
parameters = ssocket.getSSLParameters(); parameters = ssocket.getSSLParameters();
protocols = parameters.getProtocols(); protocols = parameters.getProtocols();
failed |= !checkProtocols(protocols, cv.supportedProtocols); failed |= !checkProtocols(protocols, cv.serverDefaultProtocols);
ciphers = parameters.getCipherSuites(); ciphers = parameters.getCipherSuites();
failed |= !checkCipherSuites(ciphers); failed |= !checkCipherSuites(ciphers);
System.out.println("\tChecking SSLEngine.getEnabledProtocols()"); System.out.println("\t\tChecking SSLEngine.getEnabledProtocols()");
protocols = ssocket.getEnabledProtocols(); protocols = ssocket.getEnabledProtocols();
failed |= !checkProtocols(protocols, cv.supportedProtocols); failed |= !checkProtocols(protocols, cv.serverDefaultProtocols);
System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()"); System.out.println("\t\tChecking SSLEngine.getEnabledCipherSuites()");
ciphers = ssocket.getEnabledCipherSuites(); ciphers = ssocket.getEnabledCipherSuites();
failed |= !checkCipherSuites(ciphers); failed |= !checkCipherSuites(ciphers);
System.out.println("\tChecking SSLEngine.getSupportedProtocols()"); System.out.println("\t\tChecking SSLEngine.getSupportedProtocols()");
protocols = ssocket.getSupportedProtocols(); protocols = ssocket.getSupportedProtocols();
failed |= !checkProtocols(protocols, cv.supportedProtocols); failed |= !checkProtocols(protocols, cv.supportedProtocols);
System.out.println( System.out.println(
"\tChecking SSLEngine.getSupportedCipherSuites()"); "\t\tChecking SSLEngine.getSupportedCipherSuites()");
ciphers = ssocket.getSupportedCipherSuites(); ciphers = ssocket.getSupportedCipherSuites();
failed |= !checkCipherSuites(ciphers); failed |= !checkCipherSuites(ciphers);
} }
if (failed) { if (failed) {
throw new Exception("Run into problems, see log for more details"); throw new Exception("Run into problems, see log for more details");
} else {
System.out.println("\t... Success");
} }
} }
} }

80
test/jdk/sun/security/ssl/SSLContextImpl/CustomizedServerDefaultProtocols.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2018, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -26,6 +26,7 @@
/* /*
* @test * @test
* @bug 8196584 8190492
* @summary Test jdk.tls.server.protocols with TLS * @summary Test jdk.tls.server.protocols with TLS
* @run main/othervm -Djdk.tls.server.protocols="SSLv3,TLSv1,TLSv1.1" * @run main/othervm -Djdk.tls.server.protocols="SSLv3,TLSv1,TLSv1.1"
* CustomizedServerDefaultProtocols * CustomizedServerDefaultProtocols
@ -48,32 +49,34 @@ public class CustomizedServerDefaultProtocols {
final static String[] supportedProtocols = new String[]{ final static String[] supportedProtocols = new String[]{
"SSLv2Hello", "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}; "SSLv2Hello", "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"};
final static String[] serverDefaultProtocols = new String[] {
"TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"};
enum ContextVersion { enum ContextVersion {
TLS_CV_01("SSL", TLS_CV_01("SSL",
new String[]{"SSLv3", "TLSv1", "TLSv1.1"}, new String[]{"SSLv3", "TLSv1", "TLSv1.1"},
new String[]{"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}), new String[]{"TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}),
TLS_CV_02("TLS", TLS_CV_02("TLS",
new String[]{"SSLv3", "TLSv1", "TLSv1.1"}, new String[]{"SSLv3", "TLSv1", "TLSv1.1"},
new String[]{"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}), new String[]{"TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}),
TLS_CV_03("SSLv3", TLS_CV_03("SSLv3",
supportedProtocols, serverDefaultProtocols,
new String[]{"SSLv3", "TLSv1"}), new String[]{"TLSv1"}),
TLS_CV_04("TLSv1", TLS_CV_04("TLSv1",
supportedProtocols, serverDefaultProtocols,
new String[]{"SSLv3", "TLSv1"}), new String[]{"TLSv1"}),
TLS_CV_05("TLSv1.1", TLS_CV_05("TLSv1.1",
supportedProtocols, serverDefaultProtocols,
new String[]{"SSLv3", "TLSv1", "TLSv1.1"}), new String[]{"TLSv1", "TLSv1.1"}),
TLS_CV_06("TLSv1.2", TLS_CV_06("TLSv1.2",
supportedProtocols, serverDefaultProtocols,
new String[]{"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2"}), new String[]{"TLSv1", "TLSv1.1", "TLSv1.2"}),
TLS_CV_07("TLSv1.3", TLS_CV_07("TLSv1.3",
supportedProtocols, serverDefaultProtocols,
new String[]{"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}), new String[]{"TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}),
TLS_CV_08("Default", TLS_CV_08("Default",
new String[]{"SSLv3", "TLSv1", "TLSv1.1"}, new String[]{"SSLv3", "TLSv1", "TLSv1.1"},
new String[]{"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}); new String[]{"TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"});
final String contextVersion; final String contextVersion;
final String[] serverEnabledProtocols; final String[] serverEnabledProtocols;
@ -90,16 +93,18 @@ public class CustomizedServerDefaultProtocols {
private static boolean checkProtocols(String[] target, String[] expected) { private static boolean checkProtocols(String[] target, String[] expected) {
boolean success = true; boolean success = true;
if (target.length == 0) { if (target.length == 0) {
System.out.println("\tError: No protocols"); System.out.println("\t\t\t*** Error: No protocols");
success = false; success = false;
} }
if (!protocolEquals(target, expected)) { if (!protocolEquals(target, expected)) {
System.out.println("\tError: Expected to get protocols " + System.out.println("\t\t\t*** Error: Expected to get protocols " +
Arrays.toString(expected)); Arrays.toString(expected));
success = false; success = false;
} }
System.out.println("\t Protocols found " + Arrays.toString(target)); System.out.println("\t\t\t Protocols found " + Arrays.toString(target));
System.out.println("\t\t\t--> Protocol check passed!!");
return success; return success;
} }
@ -123,10 +128,11 @@ public class CustomizedServerDefaultProtocols {
private static boolean checkCipherSuites(String[] target) { private static boolean checkCipherSuites(String[] target) {
boolean success = true; boolean success = true;
if (target.length == 0) { if (target.length == 0) {
System.out.println("\tError: No cipher suites"); System.out.println("\t\t\t*** Error: No cipher suites");
success = false; success = false;
} }
System.out.println("\t\t\t--> Cipher check passed!!");
return success; return success;
} }
@ -145,7 +151,8 @@ public class CustomizedServerDefaultProtocols {
boolean failed = false; boolean failed = false;
for (ContextVersion cv : ContextVersion.values()) { for (ContextVersion cv : ContextVersion.values()) {
System.out.println("Checking SSLContext of " + cv.contextVersion); System.out.println("\n\nChecking SSLContext of " + cv.contextVersion);
System.out.println("============================");
SSLContext context = SSLContext.getInstance(cv.contextVersion); SSLContext context = SSLContext.getInstance(cv.contextVersion);
// Default SSLContext is initialized automatically. // Default SSLContext is initialized automatically.
@ -159,6 +166,7 @@ public class CustomizedServerDefaultProtocols {
// //
// Check default SSLParameters of SSLContext // Check default SSLParameters of SSLContext
System.out.println("\tChecking default SSLParameters"); System.out.println("\tChecking default SSLParameters");
System.out.println("\t\tChecking SSLContext.getDefaultSSLParameters().getProtocols");
SSLParameters parameters = context.getDefaultSSLParameters(); SSLParameters parameters = context.getDefaultSSLParameters();
String[] protocols = parameters.getProtocols(); String[] protocols = parameters.getProtocols();
@ -168,7 +176,7 @@ public class CustomizedServerDefaultProtocols {
failed |= !checkCipherSuites(ciphers); failed |= !checkCipherSuites(ciphers);
// Check supported SSLParameters of SSLContext // Check supported SSLParameters of SSLContext
System.out.println("\tChecking supported SSLParameters"); System.out.println("\t\tChecking supported SSLParameters");
parameters = context.getSupportedSSLParameters(); parameters = context.getSupportedSSLParameters();
protocols = parameters.getProtocols(); protocols = parameters.getProtocols();
@ -183,7 +191,7 @@ public class CustomizedServerDefaultProtocols {
// Check SSLParameters of SSLEngine // Check SSLParameters of SSLEngine
System.out.println(); System.out.println();
System.out.println("\tChecking SSLEngine of this SSLContext"); System.out.println("\tChecking SSLEngine of this SSLContext");
System.out.println("\tChecking SSLEngine.getSSLParameters()"); System.out.println("\t\tChecking SSLEngine.getSSLParameters()");
SSLEngine engine = context.createSSLEngine(); SSLEngine engine = context.createSSLEngine();
engine.setUseClientMode(true); engine.setUseClientMode(true);
parameters = engine.getSSLParameters(); parameters = engine.getSSLParameters();
@ -194,20 +202,20 @@ public class CustomizedServerDefaultProtocols {
ciphers = parameters.getCipherSuites(); ciphers = parameters.getCipherSuites();
failed |= !checkCipherSuites(ciphers); failed |= !checkCipherSuites(ciphers);
System.out.println("\tChecking SSLEngine.getEnabledProtocols()"); System.out.println("\t\tChecking SSLEngine.getEnabledProtocols()");
protocols = engine.getEnabledProtocols(); protocols = engine.getEnabledProtocols();
failed |= !checkProtocols(protocols, cv.clientEnabledProtocols); failed |= !checkProtocols(protocols, cv.clientEnabledProtocols);
System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()"); System.out.println("\t\tChecking SSLEngine.getEnabledCipherSuites()");
ciphers = engine.getEnabledCipherSuites(); ciphers = engine.getEnabledCipherSuites();
failed |= !checkCipherSuites(ciphers); failed |= !checkCipherSuites(ciphers);
System.out.println("\tChecking SSLEngine.getSupportedProtocols()"); System.out.println("\t\tChecking SSLEngine.getSupportedProtocols()");
protocols = engine.getSupportedProtocols(); protocols = engine.getSupportedProtocols();
failed |= !checkProtocols(protocols, supportedProtocols); failed |= !checkProtocols(protocols, supportedProtocols);
System.out.println( System.out.println(
"\tChecking SSLEngine.getSupportedCipherSuites()"); "\t\tChecking SSLEngine.getSupportedCipherSuites()");
ciphers = engine.getSupportedCipherSuites(); ciphers = engine.getSupportedCipherSuites();
failed |= !checkCipherSuites(ciphers); failed |= !checkCipherSuites(ciphers);
@ -217,7 +225,7 @@ public class CustomizedServerDefaultProtocols {
// Check SSLParameters of SSLSocket // Check SSLParameters of SSLSocket
System.out.println(); System.out.println();
System.out.println("\tChecking SSLSocket of this SSLContext"); System.out.println("\tChecking SSLSocket of this SSLContext");
System.out.println("\tChecking SSLSocket.getSSLParameters()"); System.out.println("\t\tChecking SSLSocket.getSSLParameters()");
SocketFactory fac = context.getSocketFactory(); SocketFactory fac = context.getSocketFactory();
SSLSocket socket = (SSLSocket) fac.createSocket(); SSLSocket socket = (SSLSocket) fac.createSocket();
parameters = socket.getSSLParameters(); parameters = socket.getSSLParameters();
@ -228,20 +236,20 @@ public class CustomizedServerDefaultProtocols {
ciphers = parameters.getCipherSuites(); ciphers = parameters.getCipherSuites();
failed |= !checkCipherSuites(ciphers); failed |= !checkCipherSuites(ciphers);
System.out.println("\tChecking SSLSocket.getEnabledProtocols()"); System.out.println("\t\tChecking SSLSocket.getEnabledProtocols()");
protocols = socket.getEnabledProtocols(); protocols = socket.getEnabledProtocols();
failed |= !checkProtocols(protocols, cv.clientEnabledProtocols); failed |= !checkProtocols(protocols, cv.clientEnabledProtocols);
System.out.println("\tChecking SSLSocket.getEnabledCipherSuites()"); System.out.println("\t\tChecking SSLSocket.getEnabledCipherSuites()");
ciphers = socket.getEnabledCipherSuites(); ciphers = socket.getEnabledCipherSuites();
failed |= !checkCipherSuites(ciphers); failed |= !checkCipherSuites(ciphers);
System.out.println("\tChecking SSLSocket.getSupportedProtocols()"); System.out.println("\t\tChecking SSLSocket.getSupportedProtocols()");
protocols = socket.getSupportedProtocols(); protocols = socket.getSupportedProtocols();
failed |= !checkProtocols(protocols, supportedProtocols); failed |= !checkProtocols(protocols, supportedProtocols);
System.out.println( System.out.println(
"\tChecking SSLSocket.getSupportedCipherSuites()"); "\t\tChecking SSLSocket.getSupportedCipherSuites()");
ciphers = socket.getSupportedCipherSuites(); ciphers = socket.getSupportedCipherSuites();
failed |= !checkCipherSuites(ciphers); failed |= !checkCipherSuites(ciphers);
@ -251,7 +259,7 @@ public class CustomizedServerDefaultProtocols {
// Check SSLParameters of SSLServerSocket // Check SSLParameters of SSLServerSocket
System.out.println(); System.out.println();
System.out.println("\tChecking SSLServerSocket of this SSLContext"); System.out.println("\tChecking SSLServerSocket of this SSLContext");
System.out.println("\tChecking SSLServerSocket.getSSLParameters()"); System.out.println("\t\tChecking SSLServerSocket.getSSLParameters()");
SSLServerSocketFactory sf = context.getServerSocketFactory(); SSLServerSocketFactory sf = context.getServerSocketFactory();
SSLServerSocket ssocket = (SSLServerSocket) sf.createServerSocket(); SSLServerSocket ssocket = (SSLServerSocket) sf.createServerSocket();
parameters = ssocket.getSSLParameters(); parameters = ssocket.getSSLParameters();
@ -262,27 +270,25 @@ public class CustomizedServerDefaultProtocols {
ciphers = parameters.getCipherSuites(); ciphers = parameters.getCipherSuites();
failed |= !checkCipherSuites(ciphers); failed |= !checkCipherSuites(ciphers);
System.out.println("\tChecking SSLEngine.getEnabledProtocols()"); System.out.println("\t\tChecking SSLEngine.getEnabledProtocols()");
protocols = ssocket.getEnabledProtocols(); protocols = ssocket.getEnabledProtocols();
failed |= !checkProtocols(protocols, cv.serverEnabledProtocols); failed |= !checkProtocols(protocols, cv.serverEnabledProtocols);
System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()"); System.out.println("\t\tChecking SSLEngine.getEnabledCipherSuites()");
ciphers = ssocket.getEnabledCipherSuites(); ciphers = ssocket.getEnabledCipherSuites();
failed |= !checkCipherSuites(ciphers); failed |= !checkCipherSuites(ciphers);
System.out.println("\tChecking SSLEngine.getSupportedProtocols()"); System.out.println("\t\tChecking SSLEngine.getSupportedProtocols()");
protocols = ssocket.getSupportedProtocols(); protocols = ssocket.getSupportedProtocols();
failed |= !checkProtocols(protocols, supportedProtocols); failed |= !checkProtocols(protocols, supportedProtocols);
System.out.println( System.out.println(
"\tChecking SSLEngine.getSupportedCipherSuites()"); "\t\tChecking SSLEngine.getSupportedCipherSuites()");
ciphers = ssocket.getSupportedCipherSuites(); ciphers = ssocket.getSupportedCipherSuites();
failed |= !checkCipherSuites(ciphers); failed |= !checkCipherSuites(ciphers);
if (failed) { if (failed) {
throw new Exception("Run into problems, see log for more details"); throw new Exception("Run into problems, see log for more details");
} else {
System.out.println("\t... Success");
} }
} }
} }

72
test/jdk/sun/security/ssl/SSLContextImpl/DefaultEnabledProtocols.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2013, 2018, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2013, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -49,26 +49,28 @@ import javax.net.ssl.TrustManager;
public class DefaultEnabledProtocols { public class DefaultEnabledProtocols {
enum ContextVersion { enum ContextVersion {
TLS_CV_01("SSL", TLS_CV_01("SSL",
new String[] {"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}), new String[] {"TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}),
TLS_CV_02("TLS", TLS_CV_02("TLS",
new String[] {"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}), new String[] {"TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}),
TLS_CV_03("SSLv3", TLS_CV_03("SSLv3",
new String[] {"SSLv3", "TLSv1"}), new String[] {"TLSv1"}),
TLS_CV_04("TLSv1", TLS_CV_04("TLSv1",
new String[] {"SSLv3", "TLSv1"}), new String[] {"TLSv1"}),
TLS_CV_05("TLSv1.1", TLS_CV_05("TLSv1.1",
new String[] {"SSLv3", "TLSv1", "TLSv1.1"}), new String[] {"TLSv1", "TLSv1.1"}),
TLS_CV_06("TLSv1.2", TLS_CV_06("TLSv1.2",
new String[] {"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2"}), new String[] {"TLSv1", "TLSv1.1", "TLSv1.2"}),
TLS_CV_07("TLSv1.3", TLS_CV_07("TLSv1.3",
new String[] {"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}), new String[] {"TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}),
TLS_CV_08("Default", TLS_CV_08("Default",
new String[] {"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}); new String[] {"TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"});
final String contextVersion; final String contextVersion;
final String[] enabledProtocols; final String[] enabledProtocols;
final static String[] supportedProtocols = new String[] { final static String[] supportedProtocols = new String[] {
"SSLv2Hello", "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}; "SSLv2Hello", "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"};
final static String[] serverDefaultProtocols = new String[] {
"TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"};
ContextVersion(String contextVersion, String[] enabledProtocols) { ContextVersion(String contextVersion, String[] enabledProtocols) {
this.contextVersion = contextVersion; this.contextVersion = contextVersion;
@ -79,16 +81,17 @@ public class DefaultEnabledProtocols {
private static boolean checkProtocols(String[] target, String[] expected) { private static boolean checkProtocols(String[] target, String[] expected) {
boolean success = true; boolean success = true;
if (target.length == 0) { if (target.length == 0) {
System.out.println("\tError: No protocols"); System.out.println("\t\t\t*** Error: No protocols");
success = false; success = false;
} }
if (!protocolEquals(target, expected)) { if (!protocolEquals(target, expected)) {
System.out.println("\tError: Expected to get protocols " + System.out.println("\t\t\t*** Error: Expected to get protocols " +
Arrays.toString(expected)); Arrays.toString(expected));
success = false; success = false;
} }
System.out.println("\t Protocols found " + Arrays.toString(target)); System.out.println("\t\t\t Protocols found " + Arrays.toString(target));
System.out.println("\t\t\t--> Protocol check passed!!");
return success; return success;
} }
@ -107,13 +110,14 @@ public class DefaultEnabledProtocols {
} }
} }
System.out.println("\t\t\t--> Cipher check passed!!");
return true; return true;
} }
private static boolean checkCipherSuites(String[] target) { private static boolean checkCipherSuites(String[] target) {
boolean success = true; boolean success = true;
if (target.length == 0) { if (target.length == 0) {
System.out.println("\tError: No cipher suites"); System.out.println("\t\t\t*** Error: No cipher suites");
success = false; success = false;
} }
@ -127,7 +131,8 @@ public class DefaultEnabledProtocols {
boolean failed = false; boolean failed = false;
for (ContextVersion cv : ContextVersion.values()) { for (ContextVersion cv : ContextVersion.values()) {
System.out.println("Checking SSLContext of " + cv.contextVersion); System.out.println("\n\nChecking SSLContext of " + cv.contextVersion);
System.out.println("============================");
SSLContext context = SSLContext.getInstance(cv.contextVersion); SSLContext context = SSLContext.getInstance(cv.contextVersion);
// Default SSLContext is initialized automatically. // Default SSLContext is initialized automatically.
@ -141,6 +146,7 @@ public class DefaultEnabledProtocols {
// //
// Check default SSLParameters of SSLContext // Check default SSLParameters of SSLContext
System.out.println("\tChecking default SSLParameters"); System.out.println("\tChecking default SSLParameters");
System.out.println("\t\tChecking SSLContext.getDefaultSSLParameters().getProtocols");
SSLParameters parameters = context.getDefaultSSLParameters(); SSLParameters parameters = context.getDefaultSSLParameters();
String[] protocols = parameters.getProtocols(); String[] protocols = parameters.getProtocols();
@ -150,7 +156,7 @@ public class DefaultEnabledProtocols {
failed |= !checkCipherSuites(ciphers); failed |= !checkCipherSuites(ciphers);
// Check supported SSLParameters of SSLContext // Check supported SSLParameters of SSLContext
System.out.println("\tChecking supported SSLParameters"); System.out.println("\t\tChecking SSLContext.getSupportedSSLParameters().getProtocols()");
parameters = context.getSupportedSSLParameters(); parameters = context.getSupportedSSLParameters();
protocols = parameters.getProtocols(); protocols = parameters.getProtocols();
@ -165,7 +171,7 @@ public class DefaultEnabledProtocols {
// Check SSLParameters of SSLEngine // Check SSLParameters of SSLEngine
System.out.println(); System.out.println();
System.out.println("\tChecking SSLEngine of this SSLContext"); System.out.println("\tChecking SSLEngine of this SSLContext");
System.out.println("\tChecking SSLEngine.getSSLParameters()"); System.out.println("\t\tChecking SSLEngine.getSSLParameters()");
SSLEngine engine = context.createSSLEngine(); SSLEngine engine = context.createSSLEngine();
engine.setUseClientMode(true); engine.setUseClientMode(true);
parameters = engine.getSSLParameters(); parameters = engine.getSSLParameters();
@ -176,20 +182,20 @@ public class DefaultEnabledProtocols {
ciphers = parameters.getCipherSuites(); ciphers = parameters.getCipherSuites();
failed |= !checkCipherSuites(ciphers); failed |= !checkCipherSuites(ciphers);
System.out.println("\tChecking SSLEngine.getEnabledProtocols()"); System.out.println("\t\tChecking SSLEngine.getEnabledProtocols()");
protocols = engine.getEnabledProtocols(); protocols = engine.getEnabledProtocols();
failed |= !checkProtocols(protocols, cv.enabledProtocols); failed |= !checkProtocols(protocols, cv.enabledProtocols);
System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()"); System.out.println("\t\tChecking SSLEngine.getEnabledCipherSuites()");
ciphers = engine.getEnabledCipherSuites(); ciphers = engine.getEnabledCipherSuites();
failed |= !checkCipherSuites(ciphers); failed |= !checkCipherSuites(ciphers);
System.out.println("\tChecking SSLEngine.getSupportedProtocols()"); System.out.println("\t\tChecking SSLEngine.getSupportedProtocols()");
protocols = engine.getSupportedProtocols(); protocols = engine.getSupportedProtocols();
failed |= !checkProtocols(protocols, cv.supportedProtocols); failed |= !checkProtocols(protocols, cv.supportedProtocols);
System.out.println( System.out.println(
"\tChecking SSLEngine.getSupportedCipherSuites()"); "\t\tChecking SSLEngine.getSupportedCipherSuites()");
ciphers = engine.getSupportedCipherSuites(); ciphers = engine.getSupportedCipherSuites();
failed |= !checkCipherSuites(ciphers); failed |= !checkCipherSuites(ciphers);
@ -199,7 +205,7 @@ public class DefaultEnabledProtocols {
// Check SSLParameters of SSLSocket // Check SSLParameters of SSLSocket
System.out.println(); System.out.println();
System.out.println("\tChecking SSLSocket of this SSLContext"); System.out.println("\tChecking SSLSocket of this SSLContext");
System.out.println("\tChecking SSLSocket.getSSLParameters()"); System.out.println("\t\tChecking SSLSocket.getSSLParameters()");
SocketFactory fac = context.getSocketFactory(); SocketFactory fac = context.getSocketFactory();
SSLSocket socket = (SSLSocket)fac.createSocket(); SSLSocket socket = (SSLSocket)fac.createSocket();
parameters = socket.getSSLParameters(); parameters = socket.getSSLParameters();
@ -210,20 +216,20 @@ public class DefaultEnabledProtocols {
ciphers = parameters.getCipherSuites(); ciphers = parameters.getCipherSuites();
failed |= !checkCipherSuites(ciphers); failed |= !checkCipherSuites(ciphers);
System.out.println("\tChecking SSLEngine.getEnabledProtocols()"); System.out.println("\t\tChecking SSLEngine.getEnabledProtocols()");
protocols = socket.getEnabledProtocols(); protocols = socket.getEnabledProtocols();
failed |= !checkProtocols(protocols, cv.enabledProtocols); failed |= !checkProtocols(protocols, cv.enabledProtocols);
System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()"); System.out.println("\t\tChecking SSLEngine.getEnabledCipherSuites()");
ciphers = socket.getEnabledCipherSuites(); ciphers = socket.getEnabledCipherSuites();
failed |= !checkCipherSuites(ciphers); failed |= !checkCipherSuites(ciphers);
System.out.println("\tChecking SSLEngine.getSupportedProtocols()"); System.out.println("\t\tChecking SSLEngine.getSupportedProtocols()");
protocols = socket.getSupportedProtocols(); protocols = socket.getSupportedProtocols();
failed |= !checkProtocols(protocols, cv.supportedProtocols); failed |= !checkProtocols(protocols, cv.supportedProtocols);
System.out.println( System.out.println(
"\tChecking SSLEngine.getSupportedCipherSuites()"); "\t\tChecking SSLEngine.getSupportedCipherSuites()");
ciphers = socket.getSupportedCipherSuites(); ciphers = socket.getSupportedCipherSuites();
failed |= !checkCipherSuites(ciphers); failed |= !checkCipherSuites(ciphers);
@ -233,39 +239,37 @@ public class DefaultEnabledProtocols {
// Check SSLParameters of SSLServerSocket // Check SSLParameters of SSLServerSocket
System.out.println(); System.out.println();
System.out.println("\tChecking SSLServerSocket of this SSLContext"); System.out.println("\tChecking SSLServerSocket of this SSLContext");
System.out.println("\tChecking SSLServerSocket.getSSLParameters()"); System.out.println("\t\tChecking SSLServerSocket.getSSLParameters()");
SSLServerSocketFactory sf = context.getServerSocketFactory(); SSLServerSocketFactory sf = context.getServerSocketFactory();
SSLServerSocket ssocket = (SSLServerSocket)sf.createServerSocket(); SSLServerSocket ssocket = (SSLServerSocket)sf.createServerSocket();
parameters = ssocket.getSSLParameters(); parameters = ssocket.getSSLParameters();
protocols = parameters.getProtocols(); protocols = parameters.getProtocols();
failed |= !checkProtocols(protocols, cv.supportedProtocols); failed |= !checkProtocols(protocols, cv.serverDefaultProtocols);
ciphers = parameters.getCipherSuites(); ciphers = parameters.getCipherSuites();
failed |= !checkCipherSuites(ciphers); failed |= !checkCipherSuites(ciphers);
System.out.println("\tChecking SSLEngine.getEnabledProtocols()"); System.out.println("\t\tChecking SSLEngine.getEnabledProtocols()");
protocols = ssocket.getEnabledProtocols(); protocols = ssocket.getEnabledProtocols();
failed |= !checkProtocols(protocols, cv.supportedProtocols); failed |= !checkProtocols(protocols, cv.serverDefaultProtocols);
System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()"); System.out.println("\t\tChecking SSLEngine.getEnabledCipherSuites()");
ciphers = ssocket.getEnabledCipherSuites(); ciphers = ssocket.getEnabledCipherSuites();
failed |= !checkCipherSuites(ciphers); failed |= !checkCipherSuites(ciphers);
System.out.println("\tChecking SSLEngine.getSupportedProtocols()"); System.out.println("\t\tChecking SSLEngine.getSupportedProtocols()");
protocols = ssocket.getSupportedProtocols(); protocols = ssocket.getSupportedProtocols();
failed |= !checkProtocols(protocols, cv.supportedProtocols); failed |= !checkProtocols(protocols, cv.supportedProtocols);
System.out.println( System.out.println(
"\tChecking SSLEngine.getSupportedCipherSuites()"); "\t\tChecking SSLEngine.getSupportedCipherSuites()");
ciphers = ssocket.getSupportedCipherSuites(); ciphers = ssocket.getSupportedCipherSuites();
failed |= !checkCipherSuites(ciphers); failed |= !checkCipherSuites(ciphers);
} }
if (failed) { if (failed) {
throw new Exception("Run into problems, see log for more details"); throw new Exception("Run into problems, see log for more details");
} else {
System.out.println("\t... Success");
} }
} }
} }

70
test/jdk/sun/security/ssl/SSLContextImpl/NoOldVersionContext.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2013, 2018, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2013, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -26,7 +26,7 @@
/* /*
* @test * @test
* @bug 7093640 * @bug 7093640 8190492
* @summary Enable TLS 1.1 and TLS 1.2 by default in client side of SunJSSE * @summary Enable TLS 1.1 and TLS 1.2 by default in client side of SunJSSE
* @run main/othervm -Djdk.tls.client.protocols="TLSv1,TLSv1.1,TLSv1.2" * @run main/othervm -Djdk.tls.client.protocols="TLSv1,TLSv1.1,TLSv1.2"
* NoOldVersionContext * NoOldVersionContext
@ -54,15 +54,15 @@ public class NoOldVersionContext {
TLS_CV_02("TLS", TLS_CV_02("TLS",
new String[] {"TLSv1", "TLSv1.1", "TLSv1.2"}), new String[] {"TLSv1", "TLSv1.1", "TLSv1.2"}),
TLS_CV_03("SSLv3", TLS_CV_03("SSLv3",
new String[] {"SSLv3", "TLSv1"}), new String[] {"TLSv1"}),
TLS_CV_04("TLSv1", TLS_CV_04("TLSv1",
new String[] {"SSLv3", "TLSv1"}), new String[] {"TLSv1"}),
TLS_CV_05("TLSv1.1", TLS_CV_05("TLSv1.1",
new String[] {"SSLv3", "TLSv1", "TLSv1.1"}), new String[] {"TLSv1", "TLSv1.1"}),
TLS_CV_06("TLSv1.2", TLS_CV_06("TLSv1.2",
new String[] {"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2"}), new String[] {"TLSv1", "TLSv1.1", "TLSv1.2"}),
TLS_CV_07("TLSv1.3", TLS_CV_07("TLSv1.3",
new String[] {"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}), new String[] {"TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}),
TLS_CV_08("Default", TLS_CV_08("Default",
new String[] {"TLSv1", "TLSv1.1", "TLSv1.2"}); new String[] {"TLSv1", "TLSv1.1", "TLSv1.2"});
@ -70,6 +70,8 @@ public class NoOldVersionContext {
final String[] enabledProtocols; final String[] enabledProtocols;
final static String[] supportedProtocols = new String[] { final static String[] supportedProtocols = new String[] {
"SSLv2Hello", "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}; "SSLv2Hello", "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"};
final static String[] serverDefaultProtocols = new String[] {
"TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"};
ContextVersion(String contextVersion, String[] enabledProtocols) { ContextVersion(String contextVersion, String[] enabledProtocols) {
this.contextVersion = contextVersion; this.contextVersion = contextVersion;
@ -80,14 +82,14 @@ public class NoOldVersionContext {
private static boolean checkProtocols(String[] target, String[] expected) { private static boolean checkProtocols(String[] target, String[] expected) {
boolean success = true; boolean success = true;
if (target.length == 0) { if (target.length == 0) {
System.out.println("\tError: No protocols"); System.out.println("\t\t\t*** Error: No protocols");
success = false; success = false;
} }
if (!protocolEquals(target, expected)) { if (!protocolEquals(target, expected)) {
System.out.println("\tError: Expected to get protocols " + System.out.println("\t\t\t*** Error: Expected to get protocols " +
Arrays.toString(expected)); Arrays.toString(expected));
System.out.println("\tError: The actual protocols " + System.out.println("\t\t\t*** Error: The actual protocols " +
Arrays.toString(target)); Arrays.toString(target));
success = false; success = false;
} }
@ -109,16 +111,18 @@ public class NoOldVersionContext {
} }
} }
System.out.println("\t\t\t--> Protocol check passed!!");
return true; return true;
} }
private static boolean checkCipherSuites(String[] target) { private static boolean checkCipherSuites(String[] target) {
boolean success = true; boolean success = true;
if (target.length == 0) { if (target.length == 0) {
System.out.println("\tError: No cipher suites"); System.out.println("\t\t\t*** Error: No cipher suites");
success = false; success = false;
} }
System.out.println("\t\t\t--> Cipher check passed!!");
return success; return success;
} }
@ -129,7 +133,8 @@ public class NoOldVersionContext {
boolean failed = false; boolean failed = false;
for (ContextVersion cv : ContextVersion.values()) { for (ContextVersion cv : ContextVersion.values()) {
System.out.println("Checking SSLContext of " + cv.contextVersion); System.out.println("\n\nChecking SSLContext of " + cv.contextVersion);
System.out.println("============================");
SSLContext context = SSLContext.getInstance(cv.contextVersion); SSLContext context = SSLContext.getInstance(cv.contextVersion);
// Default SSLContext is initialized automatically. // Default SSLContext is initialized automatically.
@ -143,6 +148,7 @@ public class NoOldVersionContext {
// //
// Check default SSLParameters of SSLContext // Check default SSLParameters of SSLContext
System.out.println("\tChecking default SSLParameters"); System.out.println("\tChecking default SSLParameters");
System.out.println("\t\tChecking SSLContext.getDefaultSSLParameters().getProtocols");
SSLParameters parameters = context.getDefaultSSLParameters(); SSLParameters parameters = context.getDefaultSSLParameters();
String[] protocols = parameters.getProtocols(); String[] protocols = parameters.getProtocols();
@ -152,7 +158,7 @@ public class NoOldVersionContext {
failed |= !checkCipherSuites(ciphers); failed |= !checkCipherSuites(ciphers);
// Check supported SSLParameters of SSLContext // Check supported SSLParameters of SSLContext
System.out.println("\tChecking supported SSLParameters"); System.out.println("\t\tChecking SSLContext.getSupportedSSLParameters().getProtocols()");
parameters = context.getSupportedSSLParameters(); parameters = context.getSupportedSSLParameters();
protocols = parameters.getProtocols(); protocols = parameters.getProtocols();
@ -166,8 +172,8 @@ public class NoOldVersionContext {
// //
// Check SSLParameters of SSLEngine // Check SSLParameters of SSLEngine
System.out.println(); System.out.println();
System.out.println("\tChecking SSLEngine of this SSLContext"); System.out.println("\tChecking SSLEngine of this SSLContext - client mode");
System.out.println("\tChecking SSLEngine.getSSLParameters()"); System.out.println("\t\tChecking SSLEngine.getSSLParameters()");
SSLEngine engine = context.createSSLEngine(); SSLEngine engine = context.createSSLEngine();
engine.setUseClientMode(true); engine.setUseClientMode(true);
parameters = engine.getSSLParameters(); parameters = engine.getSSLParameters();
@ -178,20 +184,20 @@ public class NoOldVersionContext {
ciphers = parameters.getCipherSuites(); ciphers = parameters.getCipherSuites();
failed |= !checkCipherSuites(ciphers); failed |= !checkCipherSuites(ciphers);
System.out.println("\tChecking SSLEngine.getEnabledProtocols()"); System.out.println("\t\tChecking SSLEngine.getEnabledProtocols()");
protocols = engine.getEnabledProtocols(); protocols = engine.getEnabledProtocols();
failed |= !checkProtocols(protocols, cv.enabledProtocols); failed |= !checkProtocols(protocols, cv.enabledProtocols);
System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()"); System.out.println("\t\tChecking SSLEngine.getEnabledCipherSuites()");
ciphers = engine.getEnabledCipherSuites(); ciphers = engine.getEnabledCipherSuites();
failed |= !checkCipherSuites(ciphers); failed |= !checkCipherSuites(ciphers);
System.out.println("\tChecking SSLEngine.getSupportedProtocols()"); System.out.println("\t\tChecking SSLEngine.getSupportedProtocols()");
protocols = engine.getSupportedProtocols(); protocols = engine.getSupportedProtocols();
failed |= !checkProtocols(protocols, cv.supportedProtocols); failed |= !checkProtocols(protocols, cv.supportedProtocols);
System.out.println( System.out.println(
"\tChecking SSLEngine.getSupportedCipherSuites()"); "\t\tChecking SSLEngine.getSupportedCipherSuites()");
ciphers = engine.getSupportedCipherSuites(); ciphers = engine.getSupportedCipherSuites();
failed |= !checkCipherSuites(ciphers); failed |= !checkCipherSuites(ciphers);
@ -201,7 +207,7 @@ public class NoOldVersionContext {
// Check SSLParameters of SSLSocket // Check SSLParameters of SSLSocket
System.out.println(); System.out.println();
System.out.println("\tChecking SSLSocket of this SSLContext"); System.out.println("\tChecking SSLSocket of this SSLContext");
System.out.println("\tChecking SSLSocket.getSSLParameters()"); System.out.println("\t\tChecking SSLSocket.getSSLParameters()");
SocketFactory fac = context.getSocketFactory(); SocketFactory fac = context.getSocketFactory();
SSLSocket socket = (SSLSocket)fac.createSocket(); SSLSocket socket = (SSLSocket)fac.createSocket();
parameters = socket.getSSLParameters(); parameters = socket.getSSLParameters();
@ -212,20 +218,20 @@ public class NoOldVersionContext {
ciphers = parameters.getCipherSuites(); ciphers = parameters.getCipherSuites();
failed |= !checkCipherSuites(ciphers); failed |= !checkCipherSuites(ciphers);
System.out.println("\tChecking SSLEngine.getEnabledProtocols()"); System.out.println("\t\tChecking SSLEngine.getEnabledProtocols()");
protocols = socket.getEnabledProtocols(); protocols = socket.getEnabledProtocols();
failed |= !checkProtocols(protocols, cv.enabledProtocols); failed |= !checkProtocols(protocols, cv.enabledProtocols);
System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()"); System.out.println("\t\tChecking SSLEngine.getEnabledCipherSuites()");
ciphers = socket.getEnabledCipherSuites(); ciphers = socket.getEnabledCipherSuites();
failed |= !checkCipherSuites(ciphers); failed |= !checkCipherSuites(ciphers);
System.out.println("\tChecking SSLEngine.getSupportedProtocols()"); System.out.println("\t\tChecking SSLEngine.getSupportedProtocols()");
protocols = socket.getSupportedProtocols(); protocols = socket.getSupportedProtocols();
failed |= !checkProtocols(protocols, cv.supportedProtocols); failed |= !checkProtocols(protocols, cv.supportedProtocols);
System.out.println( System.out.println(
"\tChecking SSLEngine.getSupportedCipherSuites()"); "\t\tChecking SSLEngine.getSupportedCipherSuites()");
ciphers = socket.getSupportedCipherSuites(); ciphers = socket.getSupportedCipherSuites();
failed |= !checkCipherSuites(ciphers); failed |= !checkCipherSuites(ciphers);
@ -235,39 +241,37 @@ public class NoOldVersionContext {
// Check SSLParameters of SSLServerSocket // Check SSLParameters of SSLServerSocket
System.out.println(); System.out.println();
System.out.println("\tChecking SSLServerSocket of this SSLContext"); System.out.println("\tChecking SSLServerSocket of this SSLContext");
System.out.println("\tChecking SSLServerSocket.getSSLParameters()"); System.out.println("\t\tChecking SSLServerSocket.getSSLParameters()");
SSLServerSocketFactory sf = context.getServerSocketFactory(); SSLServerSocketFactory sf = context.getServerSocketFactory();
SSLServerSocket ssocket = (SSLServerSocket)sf.createServerSocket(); SSLServerSocket ssocket = (SSLServerSocket)sf.createServerSocket();
parameters = ssocket.getSSLParameters(); parameters = ssocket.getSSLParameters();
protocols = parameters.getProtocols(); protocols = parameters.getProtocols();
failed |= !checkProtocols(protocols, cv.supportedProtocols); failed |= !checkProtocols(protocols, cv.serverDefaultProtocols);
ciphers = parameters.getCipherSuites(); ciphers = parameters.getCipherSuites();
failed |= !checkCipherSuites(ciphers); failed |= !checkCipherSuites(ciphers);
System.out.println("\tChecking SSLEngine.getEnabledProtocols()"); System.out.println("\t\tChecking SSLEngine.getEnabledProtocols()");
protocols = ssocket.getEnabledProtocols(); protocols = ssocket.getEnabledProtocols();
failed |= !checkProtocols(protocols, cv.supportedProtocols); failed |= !checkProtocols(protocols, cv.serverDefaultProtocols);
System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()"); System.out.println("\t\tChecking SSLEngine.getEnabledCipherSuites()");
ciphers = ssocket.getEnabledCipherSuites(); ciphers = ssocket.getEnabledCipherSuites();
failed |= !checkCipherSuites(ciphers); failed |= !checkCipherSuites(ciphers);
System.out.println("\tChecking SSLEngine.getSupportedProtocols()"); System.out.println("\t\tChecking SSLEngine.getSupportedProtocols()");
protocols = ssocket.getSupportedProtocols(); protocols = ssocket.getSupportedProtocols();
failed |= !checkProtocols(protocols, cv.supportedProtocols); failed |= !checkProtocols(protocols, cv.supportedProtocols);
System.out.println( System.out.println(
"\tChecking SSLEngine.getSupportedCipherSuites()"); "\t\tChecking SSLEngine.getSupportedCipherSuites()");
ciphers = ssocket.getSupportedCipherSuites(); ciphers = ssocket.getSupportedCipherSuites();
failed |= !checkCipherSuites(ciphers); failed |= !checkCipherSuites(ciphers);
} }
if (failed) { if (failed) {
throw new Exception("Run into problems, see log for more details"); throw new Exception("Run into problems, see log for more details");
} else {
System.out.println("\t... Success");
} }
} }
} }

10
test/jdk/sun/security/ssl/SSLSocketImpl/InvalidateServerSessionRenegotiate.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2001, 2011, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2001, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -28,7 +28,7 @@
/* /*
* @test * @test
* @bug 4403428 * @bug 4403428 8190492
* @summary Invalidating JSSE session on server causes SSLProtocolException * @summary Invalidating JSSE session on server causes SSLProtocolException
* @run main/othervm InvalidateServerSessionRenegotiate SSLv3 * @run main/othervm InvalidateServerSessionRenegotiate SSLv3
* @run main/othervm InvalidateServerSessionRenegotiate TLSv1 * @run main/othervm InvalidateServerSessionRenegotiate TLSv1
@ -120,6 +120,12 @@ public class InvalidateServerSessionRenegotiate implements
SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept(); SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept();
sslSocket.addHandshakeCompletedListener(this); sslSocket.addHandshakeCompletedListener(this);
// Enable all supported protocols on server side to test SSLv3
if ("SSLv3".equals(tlsProtocol)) {
sslSocket.setEnabledProtocols(sslSocket.getSupportedProtocols());
}
InputStream sslIS = sslSocket.getInputStream(); InputStream sslIS = sslSocket.getInputStream();
OutputStream sslOS = sslSocket.getOutputStream(); OutputStream sslOS = sslSocket.getOutputStream();

10
test/jdk/sun/security/ssl/SSLSocketImpl/NoImpactServerRenego.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2013, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -26,7 +26,7 @@
/* /*
* @test * @test
* @bug 7188658 * @bug 7188658 8190492
* @summary Add possibility to disable client initiated renegotiation * @summary Add possibility to disable client initiated renegotiation
* @run main/othervm -Djdk.tls.rejectClientInitiatedRenegotiation=true * @run main/othervm -Djdk.tls.rejectClientInitiatedRenegotiation=true
* NoImpactServerRenego SSLv3 * NoImpactServerRenego SSLv3
@ -121,6 +121,12 @@ public class NoImpactServerRenego implements
SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept(); SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept();
sslSocket.addHandshakeCompletedListener(this); sslSocket.addHandshakeCompletedListener(this);
// Enable all supported protocols on server side to test SSLv3
if ("SSLv3".equals(tlsProtocol)) {
sslSocket.setEnabledProtocols(sslSocket.getSupportedProtocols());
}
InputStream sslIS = sslSocket.getInputStream(); InputStream sslIS = sslSocket.getInputStream();
OutputStream sslOS = sslSocket.getOutputStream(); OutputStream sslOS = sslSocket.getOutputStream();