From 6e132741b6a1480dea4b9cfd4e8bbe1d6f0351c9 Mon Sep 17 00:00:00 2001 From: Xue-Lei Andrew Fan Date: Tue, 13 Sep 2016 00:20:17 +0000 Subject: [PATCH] 8165071: Expand TLS support Reviewed-by: jnimeh, ahgross, asmotrak --- jdk/src/java.base/share/conf/security/java.security | 9 +++++---- .../net/ssl/SSLParameters/UseCipherSuitesOrder.java | 4 ++-- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/jdk/src/java.base/share/conf/security/java.security b/jdk/src/java.base/share/conf/security/java.security index fe45e0ba06c..974dc0a839f 100644 --- a/jdk/src/java.base/share/conf/security/java.security +++ b/jdk/src/java.base/share/conf/security/java.security @@ -720,7 +720,7 @@ jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \ # Note: The algorithm restrictions do not apply to trust anchors or # self-signed certificates. # -# Note: This property is currently used by Oracle's JSSE implementation. +# Note: This property is currently used by the JDK Reference implementation. # It is not guaranteed to be examined and used by other implementations. # # Example: @@ -740,7 +740,7 @@ jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024, \ # During SSL/TLS security parameters negotiation, legacy algorithms will # not be negotiated unless there are no other candidates. # -# The syntax of the disabled algorithm string is described as this Java +# The syntax of the legacy algorithms string is described as this Java # BNF-style: # LegacyAlgorithms: # " LegacyAlgorithm { , LegacyAlgorithm } " @@ -776,7 +776,7 @@ jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024, \ # javax.net.ssl.SSLParameters.setAlgorithmConstraints()), # then the algorithm is completely disabled and will not be negotiated. # -# Note: This property is currently used by Oracle's JSSE implementation. +# Note: This property is currently used by the JDK Reference implementation. # It is not guaranteed to be examined and used by other implementations. # There is no guarantee the property will continue to exist or be of the # same syntax in future releases. @@ -789,7 +789,8 @@ jdk.tls.legacyAlgorithms= \ DHE_DSS_EXPORT, DHE_RSA_EXPORT, DH_anon_EXPORT, DH_DSS_EXPORT, \ DH_RSA_EXPORT, RSA_EXPORT, \ DH_anon, ECDH_anon, \ - RC4_128, RC4_40, DES_CBC, DES40_CBC + RC4_128, RC4_40, DES_CBC, DES40_CBC, \ + 3DES_EDE_CBC # The pre-defined default finite field Diffie-Hellman ephemeral (DHE) # parameters for Transport Layer Security (SSL/TLS/DTLS) processing. diff --git a/jdk/test/javax/net/ssl/SSLParameters/UseCipherSuitesOrder.java b/jdk/test/javax/net/ssl/SSLParameters/UseCipherSuitesOrder.java index 87712ae0ce8..58e387bcdad 100644 --- a/jdk/test/javax/net/ssl/SSLParameters/UseCipherSuitesOrder.java +++ b/jdk/test/javax/net/ssl/SSLParameters/UseCipherSuitesOrder.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2015, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -31,7 +31,7 @@ * @bug 7188657 * @summary There should be a way to reorder the JSSE ciphers * @run main/othervm UseCipherSuitesOrder - * TLS_RSA_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA + * TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA */ import java.io.*;