/* * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License version 2 only, as * published by the Free Software Foundation. * * This code is distributed in the hope that it will be useful, but WITHOUT * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * version 2 for more details (a copy is included in the LICENSE file that * accompanied this code). * * You should have received a copy of the GNU General Public License version * 2 along with this work; if not, write to the Free Software Foundation, * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. * * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA * or visit www.oracle.com if you need additional information or have any * questions. */ // SunJSSE does not support dynamic system properties, no way to re-use // system properties in samevm/agentvm mode. /* * @test * @bug 8168261 * @summary Use server cipher suites preference by default * @run main/othervm DefaultCipherSuitePreference */ import javax.net.SocketFactory; import javax.net.ssl.KeyManager; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLParameters; import javax.net.ssl.SSLServerSocket; import javax.net.ssl.SSLServerSocketFactory; import javax.net.ssl.SSLSocket; import javax.net.ssl.TrustManager; public class DefaultCipherSuitePreference { private static final String[] contextAlgorithms = { "Default", "SSL", "TLS", "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3" }; public static void main(String[] args) throws Exception { for (String algorithm : contextAlgorithms) { System.out.println("Checking SSLContext of " + algorithm); SSLContext sslContext = SSLContext.getInstance(algorithm); // Default SSLContext is initialized automatically. if (!algorithm.equals("Default")) { // Use default TK, KM and random. sslContext.init((KeyManager[])null, (TrustManager[])null, null); } // // Check SSLContext // // Check default SSLParameters of SSLContext checkDefaultCipherSuitePreference( sslContext.getDefaultSSLParameters(), "SSLContext.getDefaultSSLParameters()"); // Check supported SSLParameters of SSLContext checkDefaultCipherSuitePreference( sslContext.getSupportedSSLParameters(), "SSLContext.getSupportedSSLParameters()"); // // Check SSLEngine // // Check SSLParameters of SSLEngine SSLEngine engine = sslContext.createSSLEngine(); engine.setUseClientMode(true); checkDefaultCipherSuitePreference( engine.getSSLParameters(), "client mode SSLEngine.getSSLParameters()"); engine.setUseClientMode(false); checkDefaultCipherSuitePreference( engine.getSSLParameters(), "server mode SSLEngine.getSSLParameters()"); // // Check SSLSocket // // Check SSLParameters of SSLSocket SocketFactory fac = sslContext.getSocketFactory(); SSLSocket socket = (SSLSocket)fac.createSocket(); checkDefaultCipherSuitePreference( socket.getSSLParameters(), "SSLSocket.getSSLParameters()"); // // Check SSLServerSocket // // Check SSLParameters of SSLServerSocket SSLServerSocketFactory sf = sslContext.getServerSocketFactory(); SSLServerSocket ssocket = (SSLServerSocket)sf.createServerSocket(); checkDefaultCipherSuitePreference( ssocket.getSSLParameters(), "SSLServerSocket.getSSLParameters()"); } } private static void checkDefaultCipherSuitePreference( SSLParameters parameters, String context) throws Exception { if (!parameters.getUseCipherSuitesOrder()) { throw new Exception( "The local cipher suite preference is not honored " + "in the connection populated SSLParameters object (" + context + ")"); } } }