jdk-24/test/jdk/sun/security/ssl/SSLContextImpl/SSLContextDefault.java
Sean Mullan 3a4b90f086 8202343: Disable TLS 1.0 and 1.1
Reviewed-by: xuelei, dfuchs, coffeys
2020-11-19 14:15:57 +00:00

141 lines
5.4 KiB
Java

/*
* Copyright (c) 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
//
// SunJSSE does not support dynamic system properties, no way to re-use
// system properties in samevm/agentvm mode.
//
/*
* @test
* @bug 8202343
* @summary Check that SSLv3, TLSv1 and TLSv1.1 are disabled by default
* @run main/othervm SSLContextDefault
*/
import java.util.List;
import javax.net.ssl.*;
public class SSLContextDefault {
private final static String[] protocols = {
"", "SSL", "TLS", "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"
};
private final static List<String> disabledProtocols = List.<String>of(
"SSLv3", "TLSv1", "TLSv1.1"
);
public static void main(String[] args) throws Exception {
for (String protocol : protocols) {
System.out.println("//");
System.out.println("// " + "Testing for SSLContext of " +
(protocol.isEmpty() ? "<default>" : protocol));
System.out.println("//");
checkForProtocols(protocol);
System.out.println();
}
}
public static void checkForProtocols(String protocol) throws Exception {
SSLContext context;
if (protocol.isEmpty()) {
context = SSLContext.getDefault();
} else {
context = SSLContext.getInstance(protocol);
context.init(null, null, null);
}
// check for the presence of supported protocols of SSLContext
SSLParameters parameters = context.getSupportedSSLParameters();
checkProtocols(parameters.getProtocols(),
"Supported protocols in SSLContext", false);
// check for the presence of default protocols of SSLContext
parameters = context.getDefaultSSLParameters();
checkProtocols(parameters.getProtocols(),
"Enabled protocols in SSLContext", true);
// check for the presence of supported protocols of SSLEngine
SSLEngine engine = context.createSSLEngine();
checkProtocols(engine.getSupportedProtocols(),
"Supported protocols in SSLEngine", false);
// Check for the presence of default protocols of SSLEngine
checkProtocols(engine.getEnabledProtocols(),
"Enabled protocols in SSLEngine", true);
SSLSocketFactory factory = context.getSocketFactory();
try (SSLSocket socket = (SSLSocket)factory.createSocket()) {
// check for the presence of supported protocols of SSLSocket
checkProtocols(socket.getSupportedProtocols(),
"Supported cipher suites in SSLSocket", false);
// Check for the presence of default protocols of SSLSocket
checkProtocols(socket.getEnabledProtocols(),
"Enabled protocols in SSLSocket", true);
}
SSLServerSocketFactory serverFactory = context.getServerSocketFactory();
try (SSLServerSocket serverSocket =
(SSLServerSocket)serverFactory.createServerSocket()) {
// check for the presence of supported protocols of SSLServerSocket
checkProtocols(serverSocket.getSupportedProtocols(),
"Supported cipher suites in SSLServerSocket", false);
// Check for the presence of default protocols of SSLServerSocket
checkProtocols(serverSocket.getEnabledProtocols(),
"Enabled protocols in SSLServerSocket", true);
}
}
private static void checkProtocols(String[] protocols,
String title, boolean disabled) throws Exception {
showProtocols(protocols, title);
if (disabled) {
for (String protocol : protocols ) {
if (disabledProtocols.contains(protocol)) {
throw new Exception(protocol +
" should not be enabled by default");
}
}
} else {
for (String disabledProtocol : disabledProtocols) {
if (!List.of(protocols).contains(disabledProtocol)) {
throw new Exception(disabledProtocol +
" should be supported by default");
}
}
}
}
private static void showProtocols(String[] protocols, String title) {
System.out.println(title + "[" + protocols.length + "]:");
for (String protocol : protocols) {
System.out.println(" " + protocol);
}
}
}