Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
openanolis
dragonwell8_jdk
提交
0d6d2bb1
D
dragonwell8_jdk
项目概览
openanolis
/
dragonwell8_jdk
通知
4
Star
2
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
D
dragonwell8_jdk
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
0d6d2bb1
编写于
10月 24, 2014
作者:
X
xuelei
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
8061210: Issues in TLS
Reviewed-by: jnimeh, mullan, wetmore, ahgross, asmotrak
上级
64b69ec2
变更
20
显示空白变更内容
内联
并排
Showing
20 changed file
with
272 addition
and
91 deletion
+272
-91
src/share/classes/sun/security/ssl/Handshaker.java
src/share/classes/sun/security/ssl/Handshaker.java
+13
-1
src/share/classes/sun/security/ssl/ProtocolVersion.java
src/share/classes/sun/security/ssl/ProtocolVersion.java
+26
-0
src/share/classes/sun/security/ssl/SSLAlgorithmConstraints.java
...are/classes/sun/security/ssl/SSLAlgorithmConstraints.java
+8
-0
src/share/classes/sun/security/ssl/SSLContextImpl.java
src/share/classes/sun/security/ssl/SSLContextImpl.java
+129
-72
src/share/lib/security/java.security-aix
src/share/lib/security/java.security-aix
+8
-3
src/share/lib/security/java.security-linux
src/share/lib/security/java.security-linux
+8
-3
src/share/lib/security/java.security-macosx
src/share/lib/security/java.security-macosx
+8
-3
src/share/lib/security/java.security-solaris
src/share/lib/security/java.security-solaris
+8
-3
src/share/lib/security/java.security-windows
src/share/lib/security/java.security-windows
+8
-3
test/sun/security/ec/TestEC.java
test/sun/security/ec/TestEC.java
+4
-0
test/sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java
test/sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java
+4
-0
test/sun/security/ssl/com/sun/net/ssl/internal/ssl/ProtocolVersion/HttpsProtocols.java
.../net/ssl/internal/ssl/ProtocolVersion/HttpsProtocols.java
+5
-0
test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/CustomizedDefaultProtocols.java
...ternal/ssl/SSLContextImpl/CustomizedDefaultProtocols.java
+5
-0
test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/DefaultEnabledProtocols.java
.../internal/ssl/SSLContextImpl/DefaultEnabledProtocols.java
+5
-0
test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/NoOldVersionContext.java
.../ssl/internal/ssl/SSLContextImpl/NoOldVersionContext.java
+5
-0
test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLEngineImpl/DelegatedTaskWrongException.java
...ternal/ssl/SSLEngineImpl/DelegatedTaskWrongException.java
+3
-0
test/sun/security/ssl/javax/net/ssl/NewAPIs/testEnabledProtocols.java
...urity/ssl/javax/net/ssl/NewAPIs/testEnabledProtocols.java
+9
-3
test/sun/security/ssl/javax/net/ssl/ServerName/SSLEngineExplorer.java
...urity/ssl/javax/net/ssl/ServerName/SSLEngineExplorer.java
+5
-0
test/sun/security/ssl/javax/net/ssl/ServerName/SSLSocketExplorer.java
...urity/ssl/javax/net/ssl/ServerName/SSLSocketExplorer.java
+5
-0
test/sun/security/ssl/sanity/interop/ClientJSSEServerJSSE.java
...sun/security/ssl/sanity/interop/ClientJSSEServerJSSE.java
+6
-0
未找到文件。
src/share/classes/sun/security/ssl/Handshaker.java
浏览文件 @
0d6d2bb1
...
...
@@ -500,7 +500,9 @@ abstract class Handshaker {
if
(
activeProtocols
.
collection
().
isEmpty
()
||
activeProtocols
.
max
.
v
==
ProtocolVersion
.
NONE
.
v
)
{
throw
new
SSLHandshakeException
(
"No appropriate protocol"
);
throw
new
SSLHandshakeException
(
"No appropriate protocol (protocol is disabled or "
+
"cipher suites are inappropriate)"
);
}
if
(
activeCipherSuites
==
null
)
{
...
...
@@ -678,6 +680,16 @@ abstract class Handshaker {
if
(
activeProtocols
==
null
)
{
ArrayList
<
ProtocolVersion
>
protocols
=
new
ArrayList
<>(
4
);
for
(
ProtocolVersion
protocol
:
enabledProtocols
.
collection
())
{
if
(!
algorithmConstraints
.
permits
(
EnumSet
.
of
(
CryptoPrimitive
.
KEY_AGREEMENT
),
protocol
.
name
,
null
))
{
if
(
debug
!=
null
&&
Debug
.
isOn
(
"verbose"
))
{
System
.
out
.
println
(
"Ignoring disabled protocol: "
+
protocol
);
}
continue
;
}
boolean
found
=
false
;
for
(
CipherSuite
suite
:
enabledCipherSuites
.
collection
())
{
if
(
suite
.
isAvailable
()
&&
suite
.
obsoleted
>
protocol
.
v
&&
...
...
src/share/classes/sun/security/ssl/ProtocolVersion.java
浏览文件 @
0d6d2bb1
...
...
@@ -25,6 +25,9 @@
package
sun.security.ssl
;
import
java.util.*
;
import
java.security.CryptoPrimitive
;
/**
* Type safe enum for an SSL/TLS protocol version. Instances are obtained
* using the static factory methods or by referencing the static members
...
...
@@ -86,6 +89,11 @@ public final class ProtocolVersion implements Comparable<ProtocolVersion> {
// Default version for hello messages (SSLv2Hello)
final
static
ProtocolVersion
DEFAULT_HELLO
=
FIPS
?
TLS10
:
SSL30
;
// Available protocols
//
// Including all supported protocols except the disabled ones.
final
static
Set
<
ProtocolVersion
>
availableProtocols
;
// version in 16 bit MSB format as it appears in records and
// messages, i.e. 0x0301 for TLS 1.0
public
final
int
v
;
...
...
@@ -96,6 +104,24 @@ public final class ProtocolVersion implements Comparable<ProtocolVersion> {
// name used in JSSE (e.g. TLSv1 for TLS 1.0)
final
String
name
;
// Initialize the available protocols.
static
{
Set
<
ProtocolVersion
>
protocols
=
new
HashSet
<>(
5
);
ProtocolVersion
[]
pvs
=
new
ProtocolVersion
[]
{
SSL20Hello
,
SSL30
,
TLS10
,
TLS11
,
TLS12
};
for
(
ProtocolVersion
p
:
pvs
)
{
if
(
SSLAlgorithmConstraints
.
DEFAULT_SSL_ONLY
.
permits
(
EnumSet
.
of
(
CryptoPrimitive
.
KEY_AGREEMENT
),
p
.
name
,
null
))
{
protocols
.
add
(
p
);
}
}
availableProtocols
=
Collections
.<
ProtocolVersion
>
unmodifiableSet
(
protocols
);
}
// private
private
ProtocolVersion
(
int
v
,
String
name
)
{
this
.
v
=
v
;
...
...
src/share/classes/sun/security/ssl/SSLAlgorithmConstraints.java
浏览文件 @
0d6d2bb1
...
...
@@ -55,6 +55,14 @@ final class SSLAlgorithmConstraints implements AlgorithmConstraints {
private
boolean
enabledX509DisabledAlgConstraints
=
true
;
// the default algorithm constraints
final
static
AlgorithmConstraints
DEFAULT
=
new
SSLAlgorithmConstraints
(
null
);
// the default SSL only algorithm constraints
final
static
AlgorithmConstraints
DEFAULT_SSL_ONLY
=
new
SSLAlgorithmConstraints
((
SSLSocket
)
null
,
false
);
SSLAlgorithmConstraints
(
AlgorithmConstraints
algorithmConstraints
)
{
userAlgConstraints
=
algorithmConstraints
;
}
...
...
src/share/classes/sun/security/ssl/SSLContextImpl.java
浏览文件 @
0d6d2bb1
...
...
@@ -52,10 +52,6 @@ public abstract class SSLContextImpl extends SSLContextSpi {
private
X509TrustManager
trustManager
;
private
SecureRandom
secureRandom
;
// The default algrithm constraints
private
AlgorithmConstraints
defaultAlgorithmConstraints
=
new
SSLAlgorithmConstraints
(
null
);
// supported and default protocols
private
ProtocolList
defaultServerProtocolList
;
private
ProtocolList
defaultClientProtocolList
;
...
...
@@ -350,7 +346,7 @@ public abstract class SSLContextImpl extends SSLContextSpi {
if
(
suite
.
isAvailable
()
&&
suite
.
obsoleted
>
protocols
.
min
.
v
&&
suite
.
supported
<=
protocols
.
max
.
v
)
{
if
(
defaultAlgorithmConstraints
.
permits
(
if
(
SSLAlgorithmConstraints
.
DEFAULT
.
permits
(
EnumSet
.
of
(
CryptoPrimitive
.
KEY_AGREEMENT
),
suite
.
name
,
null
))
{
suites
.
add
(
suite
);
...
...
@@ -431,11 +427,16 @@ public abstract class SSLContextImpl extends SSLContextSpi {
*/
private
abstract
static
class
AbstractSSLContext
extends
SSLContextImpl
{
// parameters
private
final
static
SSLParameters
defaultServerSSLParams
;
private
final
static
SSLParameters
supportedSSLParams
;
private
static
final
SSLParameters
defaultServerSSLParams
;
private
static
final
SSLParameters
supportedSSLParams
;
static
{
// supported SSL parameters
supportedSSLParams
=
new
SSLParameters
();
// candidates for available protocols
ProtocolVersion
[]
candidates
;
if
(
SunJSSE
.
isFIPS
())
{
supportedSSLParams
.
setProtocols
(
new
String
[]
{
ProtocolVersion
.
TLS10
.
name
,
...
...
@@ -443,7 +444,11 @@ public abstract class SSLContextImpl extends SSLContextSpi {
ProtocolVersion
.
TLS12
.
name
});
defaultServerSSLParams
=
supportedSSLParams
;
candidates
=
new
ProtocolVersion
[]
{
ProtocolVersion
.
TLS10
,
ProtocolVersion
.
TLS11
,
ProtocolVersion
.
TLS12
};
}
else
{
supportedSSLParams
.
setProtocols
(
new
String
[]
{
ProtocolVersion
.
SSL20Hello
.
name
,
...
...
@@ -453,8 +458,18 @@ public abstract class SSLContextImpl extends SSLContextSpi {
ProtocolVersion
.
TLS12
.
name
});
defaultServerSSLParams
=
supportedSSLParams
;
candidates
=
new
ProtocolVersion
[]
{
ProtocolVersion
.
SSL20Hello
,
ProtocolVersion
.
SSL30
,
ProtocolVersion
.
TLS10
,
ProtocolVersion
.
TLS11
,
ProtocolVersion
.
TLS12
};
}
defaultServerSSLParams
=
new
SSLParameters
();
defaultServerSSLParams
.
setProtocols
(
getAvailableProtocols
(
candidates
).
toArray
(
new
String
[
0
]));
}
@Override
...
...
@@ -466,6 +481,22 @@ public abstract class SSLContextImpl extends SSLContextSpi {
SSLParameters
getSupportedSSLParams
()
{
return
supportedSSLParams
;
}
static
List
<
String
>
getAvailableProtocols
(
ProtocolVersion
[]
protocolCandidates
)
{
List
<
String
>
availableProtocols
=
Collections
.<
String
>
emptyList
();
if
(
protocolCandidates
!=
null
&&
protocolCandidates
.
length
!=
0
)
{
availableProtocols
=
new
ArrayList
<>(
protocolCandidates
.
length
);
for
(
ProtocolVersion
p
:
protocolCandidates
)
{
if
(
ProtocolVersion
.
availableProtocols
.
contains
(
p
))
{
availableProtocols
.
add
(
p
.
name
);
}
}
}
return
availableProtocols
;
}
}
/*
...
...
@@ -474,21 +505,25 @@ public abstract class SSLContextImpl extends SSLContextSpi {
* @see SSLContext
*/
public
static
final
class
TLS10Context
extends
AbstractSSLContext
{
private
final
static
SSLParameters
defaultClientSSLParams
;
private
static
final
SSLParameters
defaultClientSSLParams
;
static
{
defaultClientSSLParams
=
new
SSLParameters
();
// candidates for available protocols
ProtocolVersion
[]
candidates
;
if
(
SunJSSE
.
isFIPS
())
{
defaultClientSSLParams
.
setProtocols
(
new
String
[]
{
ProtocolVersion
.
TLS10
.
name
});
candidates
=
new
ProtocolVersion
[]
{
ProtocolVersion
.
TLS10
};
}
else
{
defaultClientSSLParams
.
setProtocols
(
new
String
[]
{
ProtocolVersion
.
SSL30
.
name
,
ProtocolVersion
.
TLS10
.
name
}
)
;
candidates
=
new
ProtocolVersion
[]
{
ProtocolVersion
.
SSL30
,
ProtocolVersion
.
TLS10
};
}
defaultClientSSLParams
=
new
SSLParameters
();
defaultClientSSLParams
.
setProtocols
(
getAvailableProtocols
(
candidates
).
toArray
(
new
String
[
0
]));
}
@Override
...
...
@@ -503,23 +538,27 @@ public abstract class SSLContextImpl extends SSLContextSpi {
* @see SSLContext
*/
public
static
final
class
TLS11Context
extends
AbstractSSLContext
{
private
final
static
SSLParameters
defaultClientSSLParams
;
private
static
final
SSLParameters
defaultClientSSLParams
;
static
{
defaultClientSSLParams
=
new
SSLParameters
();
// candidates for available protocols
ProtocolVersion
[]
candidates
;
if
(
SunJSSE
.
isFIPS
())
{
defaultClientSSLParams
.
setProtocols
(
new
String
[]
{
ProtocolVersion
.
TLS10
.
name
,
ProtocolVersion
.
TLS11
.
name
});
candidates
=
new
ProtocolVersion
[]
{
ProtocolVersion
.
TLS10
,
ProtocolVersion
.
TLS11
};
}
else
{
defaultClientSSLParams
.
setProtocols
(
new
String
[]
{
ProtocolVersion
.
SSL30
.
name
,
ProtocolVersion
.
TLS10
.
name
,
ProtocolVersion
.
TLS11
.
name
}
)
;
candidates
=
new
ProtocolVersion
[]
{
ProtocolVersion
.
SSL30
,
ProtocolVersion
.
TLS10
,
ProtocolVersion
.
TLS11
};
}
defaultClientSSLParams
=
new
SSLParameters
();
defaultClientSSLParams
.
setProtocols
(
getAvailableProtocols
(
candidates
).
toArray
(
new
String
[
0
]));
}
@Override
...
...
@@ -534,25 +573,29 @@ public abstract class SSLContextImpl extends SSLContextSpi {
* @see SSLContext
*/
public
static
final
class
TLS12Context
extends
AbstractSSLContext
{
private
final
static
SSLParameters
defaultClientSSLParams
;
private
static
final
SSLParameters
defaultClientSSLParams
;
static
{
defaultClientSSLParams
=
new
SSLParameters
();
// candidates for available protocols
ProtocolVersion
[]
candidates
;
if
(
SunJSSE
.
isFIPS
())
{
defaultClientSSLParams
.
setProtocols
(
new
String
[]
{
ProtocolVersion
.
TLS10
.
name
,
ProtocolVersion
.
TLS11
.
name
,
ProtocolVersion
.
TLS12
.
name
});
candidates
=
new
ProtocolVersion
[]
{
ProtocolVersion
.
TLS10
,
ProtocolVersion
.
TLS11
,
ProtocolVersion
.
TLS12
};
}
else
{
defaultClientSSLParams
.
setProtocols
(
new
String
[]
{
ProtocolVersion
.
SSL30
.
name
,
ProtocolVersion
.
TLS10
.
name
,
ProtocolVersion
.
TLS11
.
name
,
ProtocolVersion
.
TLS12
.
name
}
)
;
candidates
=
new
ProtocolVersion
[]
{
ProtocolVersion
.
SSL30
,
ProtocolVersion
.
TLS10
,
ProtocolVersion
.
TLS11
,
ProtocolVersion
.
TLS12
};
}
defaultClientSSLParams
=
new
SSLParameters
();
defaultClientSSLParams
.
setProtocols
(
getAvailableProtocols
(
candidates
).
toArray
(
new
String
[
0
]));
}
@Override
...
...
@@ -567,8 +610,8 @@ public abstract class SSLContextImpl extends SSLContextSpi {
* @see SSLContext
*/
private
static
class
CustomizedSSLContext
extends
AbstractSSLContext
{
private
final
static
String
PROPERTY_NAME
=
"jdk.tls.client.protocols"
;
private
final
static
SSLParameters
defaultClientSSLParams
;
private
static
final
String
PROPERTY_NAME
=
"jdk.tls.client.protocols"
;
private
static
final
SSLParameters
defaultClientSSLParams
;
private
static
IllegalArgumentException
reservedException
=
null
;
// Don't want a java.lang.LinkageError for illegal system property.
...
...
@@ -578,60 +621,74 @@ public abstract class SSLContextImpl extends SSLContextSpi {
// the provider service. Instead, let's handle the initialization
// exception in constructor.
static
{
// candidates for available protocols
ProtocolVersion
[]
candidates
;
String
property
=
AccessController
.
doPrivileged
(
new
GetPropertyAction
(
PROPERTY_NAME
));
defaultClientSSLParams
=
new
SSLParameters
();
if
(
property
==
null
||
property
.
length
()
==
0
)
{
// the default enabled client TLS protocols
if
(
SunJSSE
.
isFIPS
())
{
defaultClientSSLParams
.
setProtocols
(
new
String
[]
{
ProtocolVersion
.
TLS10
.
name
,
ProtocolVersion
.
TLS11
.
name
,
ProtocolVersion
.
TLS12
.
name
});
candidates
=
new
ProtocolVersion
[]
{
ProtocolVersion
.
TLS10
,
ProtocolVersion
.
TLS11
,
ProtocolVersion
.
TLS12
};
}
else
{
defaultClientSSLParams
.
setProtocols
(
new
String
[]
{
ProtocolVersion
.
SSL30
.
name
,
ProtocolVersion
.
TLS10
.
name
,
ProtocolVersion
.
TLS11
.
name
,
ProtocolVersion
.
TLS12
.
name
}
)
;
candidates
=
new
ProtocolVersion
[]
{
ProtocolVersion
.
SSL30
,
ProtocolVersion
.
TLS10
,
ProtocolVersion
.
TLS11
,
ProtocolVersion
.
TLS12
};
}
}
else
{
// remove double quote marks from beginning/end of the property
if
(
property
.
charAt
(
0
)
==
'"'
&&
if
(
property
.
length
()
>
1
&&
property
.
charAt
(
0
)
==
'"'
&&
property
.
charAt
(
property
.
length
()
-
1
)
==
'"'
)
{
property
=
property
.
substring
(
1
,
property
.
length
()
-
1
);
}
String
[]
protocols
=
property
.
split
(
","
);
String
[]
protocols
=
null
;
if
(
property
!=
null
&&
property
.
length
()
!=
0
)
{
protocols
=
property
.
split
(
","
);
}
else
{
reservedException
=
new
IllegalArgumentException
(
"No protocol specified in "
+
PROPERTY_NAME
+
" system property"
);
protocols
=
new
String
[
0
];
}
candidates
=
new
ProtocolVersion
[
protocols
.
length
];
for
(
int
i
=
0
;
i
<
protocols
.
length
;
i
++)
{
protocols
[
i
]
=
protocols
[
i
].
trim
();
// Is it a supported protocol name?
try
{
ProtocolVersion
.
valueOf
(
protocols
[
i
]);
candidates
[
i
]
=
ProtocolVersion
.
valueOf
(
protocols
[
i
]);
}
catch
(
IllegalArgumentException
iae
)
{
reservedException
=
new
IllegalArgumentException
(
PROPERTY_NAME
+
": "
+
protocols
[
i
]
+
" is not a standard SSL protocol name"
,
iae
);
" is not a standard SSL/TLS protocol name"
,
iae
);
break
;
}
}
if
((
reservedException
==
null
)
&&
SunJSSE
.
isFIPS
())
{
for
(
String
protocol
:
protocol
s
)
{
if
(
ProtocolVersion
.
SSL20Hello
.
name
.
equals
(
protocol
)
||
ProtocolVersion
.
SSL30
.
name
.
equals
(
protocol
)
)
{
for
(
ProtocolVersion
protocolVersion
:
candidate
s
)
{
if
(
ProtocolVersion
.
SSL20Hello
.
v
==
protocolVersion
.
v
||
ProtocolVersion
.
SSL30
.
v
==
protocolVersion
.
v
)
{
reservedException
=
new
IllegalArgumentException
(
PROPERTY_NAME
+
": "
+
protocol
+
PROPERTY_NAME
+
": "
+
protocol
Version
+
" is not FIPS compliant"
);
}
}
}
}
defaultClientSSLParams
=
new
SSLParameters
();
if
(
reservedException
==
null
)
{
defaultClientSSLParams
.
setProtocols
(
protocols
);
}
defaultClientSSLParams
.
setProtocols
(
getAvailableProtocols
(
candidates
).
toArray
(
new
String
[
0
]));
}
}
...
...
src/share/lib/security/java.security-aix
浏览文件 @
0d6d2bb1
...
...
@@ -479,8 +479,12 @@ jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024
#
# In some environments, certain algorithms or key lengths may be undesirable
# when using SSL/TLS. This section describes the mechanism for disabling
# algorithms during SSL/TLS security parameters negotiation, including cipher
# suites selection, peer authentication and key exchange mechanisms.
# algorithms during SSL/TLS security parameters negotiation, including
# protocol version negotiation, cipher suites selection, peer authentication
# and key exchange mechanisms.
#
# Disabled algorithms will not be negotiated for SSL/TLS connections, even
# if they are enabled explicitly in an application.
#
# For PKI-based peer authentication and key exchange mechanisms, this list
# of disabled algorithms will also be checked during certification path
...
...
@@ -495,4 +499,5 @@ jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024
# It is not guaranteed to be examined and used by other implementations.
#
# Example:
# jdk.tls.disabledAlgorithms=MD5, SHA1, DSA, RSA keySize < 2048
# jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
jdk.tls.disabledAlgorithms=SSLv3
src/share/lib/security/java.security-linux
浏览文件 @
0d6d2bb1
...
...
@@ -479,8 +479,12 @@ jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024
#
# In some environments, certain algorithms or key lengths may be undesirable
# when using SSL/TLS. This section describes the mechanism for disabling
# algorithms during SSL/TLS security parameters negotiation, including cipher
# suites selection, peer authentication and key exchange mechanisms.
# algorithms during SSL/TLS security parameters negotiation, including
# protocol version negotiation, cipher suites selection, peer authentication
# and key exchange mechanisms.
#
# Disabled algorithms will not be negotiated for SSL/TLS connections, even
# if they are enabled explicitly in an application.
#
# For PKI-based peer authentication and key exchange mechanisms, this list
# of disabled algorithms will also be checked during certification path
...
...
@@ -495,4 +499,5 @@ jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024
# It is not guaranteed to be examined and used by other implementations.
#
# Example:
# jdk.tls.disabledAlgorithms=MD5, SHA1, DSA, RSA keySize < 2048
# jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
jdk.tls.disabledAlgorithms=SSLv3
src/share/lib/security/java.security-macosx
浏览文件 @
0d6d2bb1
...
...
@@ -482,8 +482,12 @@ jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024
#
# In some environments, certain algorithms or key lengths may be undesirable
# when using SSL/TLS. This section describes the mechanism for disabling
# algorithms during SSL/TLS security parameters negotiation, including cipher
# suites selection, peer authentication and key exchange mechanisms.
# algorithms during SSL/TLS security parameters negotiation, including
# protocol version negotiation, cipher suites selection, peer authentication
# and key exchange mechanisms.
#
# Disabled algorithms will not be negotiated for SSL/TLS connections, even
# if they are enabled explicitly in an application.
#
# For PKI-based peer authentication and key exchange mechanisms, this list
# of disabled algorithms will also be checked during certification path
...
...
@@ -498,4 +502,5 @@ jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024
# It is not guaranteed to be examined and used by other implementations.
#
# Example:
# jdk.tls.disabledAlgorithms=MD5, SHA1, DSA, RSA keySize < 2048
# jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
jdk.tls.disabledAlgorithms=SSLv3
src/share/lib/security/java.security-solaris
浏览文件 @
0d6d2bb1
...
...
@@ -481,8 +481,12 @@ jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024
#
# In some environments, certain algorithms or key lengths may be undesirable
# when using SSL/TLS. This section describes the mechanism for disabling
# algorithms during SSL/TLS security parameters negotiation, including cipher
# suites selection, peer authentication and key exchange mechanisms.
# algorithms during SSL/TLS security parameters negotiation, including
# protocol version negotiation, cipher suites selection, peer authentication
# and key exchange mechanisms.
#
# Disabled algorithms will not be negotiated for SSL/TLS connections, even
# if they are enabled explicitly in an application.
#
# For PKI-based peer authentication and key exchange mechanisms, this list
# of disabled algorithms will also be checked during certification path
...
...
@@ -497,4 +501,5 @@ jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024
# It is not guaranteed to be examined and used by other implementations.
#
# Example:
# jdk.tls.disabledAlgorithms=MD5, SHA1, DSA, RSA keySize < 2048
# jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
jdk.tls.disabledAlgorithms=SSLv3
src/share/lib/security/java.security-windows
浏览文件 @
0d6d2bb1
...
...
@@ -482,8 +482,12 @@ jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024
#
# In some environments, certain algorithms or key lengths may be undesirable
# when using SSL/TLS. This section describes the mechanism for disabling
# algorithms during SSL/TLS security parameters negotiation, including cipher
# suites selection, peer authentication and key exchange mechanisms.
# algorithms during SSL/TLS security parameters negotiation, including
# protocol version negotiation, cipher suites selection, peer authentication
# and key exchange mechanisms.
#
# Disabled algorithms will not be negotiated for SSL/TLS connections, even
# if they are enabled explicitly in an application.
#
# For PKI-based peer authentication and key exchange mechanisms, this list
# of disabled algorithms will also be checked during certification path
...
...
@@ -498,4 +502,5 @@ jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024
# It is not guaranteed to be examined and used by other implementations.
#
# Example:
# jdk.tls.disabledAlgorithms=MD5, SHA1, DSA, RSA keySize < 2048
# jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
jdk.tls.disabledAlgorithms=SSLv3
test/sun/security/ec/TestEC.java
浏览文件 @
0d6d2bb1
...
...
@@ -68,6 +68,10 @@ public class TestEC {
}
public
static
void
main0
(
String
[]
args
)
throws
Exception
{
// reset the security property to make sure that the algorithms
// and keys used in this test are not disabled.
Security
.
setProperty
(
"jdk.tls.disabledAlgorithms"
,
""
);
Provider
p
=
Security
.
getProvider
(
"SunEC"
);
if
(
p
==
null
)
{
...
...
test/sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java
浏览文件 @
0d6d2bb1
...
...
@@ -43,6 +43,10 @@ public class ClientJSSEServerJSSE extends PKCS11Test {
private
static
String
[]
cmdArgs
;
public
static
void
main
(
String
[]
args
)
throws
Exception
{
// reset the security property to make sure that the algorithms
// and keys used in this test are not disabled.
Security
.
setProperty
(
"jdk.tls.disabledAlgorithms"
,
""
);
cmdArgs
=
args
;
main
(
new
ClientJSSEServerJSSE
());
}
...
...
test/sun/security/ssl/com/sun/net/ssl/internal/ssl/ProtocolVersion/HttpsProtocols.java
浏览文件 @
0d6d2bb1
...
...
@@ -32,6 +32,7 @@
import
java.io.*
;
import
java.net.*
;
import
javax.net.ssl.*
;
import
java.security.Security
;
public
class
HttpsProtocols
implements
HostnameVerifier
{
...
...
@@ -177,6 +178,10 @@ public class HttpsProtocols implements HostnameVerifier {
volatile
Exception
clientException
=
null
;
public
static
void
main
(
String
[]
args
)
throws
Exception
{
// reset the security property to make sure that the algorithms
// and keys used in this test are not disabled.
Security
.
setProperty
(
"jdk.tls.disabledAlgorithms"
,
""
);
String
keyFilename
=
System
.
getProperty
(
"test.src"
,
"./"
)
+
"/"
+
pathToStores
+
"/"
+
keyStoreFile
;
...
...
test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/CustomizedDefaultProtocols.java
浏览文件 @
0d6d2bb1
...
...
@@ -35,6 +35,7 @@
import
javax.net.*
;
import
javax.net.ssl.*
;
import
java.util.Arrays
;
import
java.security.Security
;
public
class
CustomizedDefaultProtocols
{
static
enum
ContextVersion
{
...
...
@@ -93,6 +94,10 @@ public class CustomizedDefaultProtocols {
}
public
static
void
main
(
String
[]
args
)
throws
Exception
{
// reset the security property to make sure that the algorithms
// and keys used in this test are not disabled.
Security
.
setProperty
(
"jdk.tls.disabledAlgorithms"
,
""
);
boolean
failed
=
false
;
for
(
ContextVersion
cv
:
ContextVersion
.
values
())
{
System
.
out
.
println
(
"Checking SSLContext of "
+
cv
.
contextVersion
);
...
...
test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/DefaultEnabledProtocols.java
浏览文件 @
0d6d2bb1
...
...
@@ -34,6 +34,7 @@
import
javax.net.*
;
import
javax.net.ssl.*
;
import
java.util.Arrays
;
import
java.security.Security
;
public
class
DefaultEnabledProtocols
{
static
enum
ContextVersion
{
...
...
@@ -92,6 +93,10 @@ public class DefaultEnabledProtocols {
}
public
static
void
main
(
String
[]
args
)
throws
Exception
{
// reset the security property to make sure that the algorithms
// and keys used in this test are not disabled.
Security
.
setProperty
(
"jdk.tls.disabledAlgorithms"
,
""
);
boolean
failed
=
false
;
for
(
ContextVersion
cv
:
ContextVersion
.
values
())
{
System
.
out
.
println
(
"Checking SSLContext of "
+
cv
.
contextVersion
);
...
...
test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/NoOldVersionContext.java
浏览文件 @
0d6d2bb1
...
...
@@ -35,6 +35,7 @@
import
javax.net.*
;
import
javax.net.ssl.*
;
import
java.util.Arrays
;
import
java.security.Security
;
public
class
NoOldVersionContext
{
static
enum
ContextVersion
{
...
...
@@ -93,6 +94,10 @@ public class NoOldVersionContext {
}
public
static
void
main
(
String
[]
args
)
throws
Exception
{
// reset the security property to make sure that the algorithms
// and keys used in this test are not disabled.
Security
.
setProperty
(
"jdk.tls.disabledAlgorithms"
,
""
);
boolean
failed
=
false
;
for
(
ContextVersion
cv
:
ContextVersion
.
values
())
{
System
.
out
.
println
(
"Checking SSLContext of "
+
cv
.
contextVersion
);
...
...
test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLEngineImpl/DelegatedTaskWrongException.java
浏览文件 @
0d6d2bb1
...
...
@@ -115,6 +115,9 @@ public class DelegatedTaskWrongException {
}
public
static
void
main
(
String
args
[])
throws
Exception
{
// reset the security property to make sure that the algorithms
// and keys used in this test are not disabled.
Security
.
setProperty
(
"jdk.tls.disabledAlgorithms"
,
""
);
DelegatedTaskWrongException
test
;
...
...
test/sun/security/ssl/javax/net/ssl/NewAPIs/testEnabledProtocols.java
浏览文件 @
0d6d2bb1
...
...
@@ -21,6 +21,11 @@
* questions.
*/
//
// SunJSSE does not support dynamic system properties, no way to re-use
// system properties in samevm/agentvm mode.
//
/*
* @test
* @bug 4416068 4478803 4479736
...
...
@@ -31,9 +36,6 @@
* 4701722 protocol mismatch exceptions should be consistent between
* SSLv3 and TLSv1
* @run main/othervm testEnabledProtocols
*
* SunJSSE does not support dynamic system properties, no way to re-use
* system properties in samevm/agentvm mode.
* @author Ram Marti
*/
...
...
@@ -120,6 +122,10 @@ public class testEnabledProtocols {
volatile
Exception
clientException
=
null
;
public
static
void
main
(
String
[]
args
)
throws
Exception
{
// reset the security property to make sure that the algorithms
// and keys used in this test are not disabled.
Security
.
setProperty
(
"jdk.tls.disabledAlgorithms"
,
""
);
String
keyFilename
=
System
.
getProperty
(
"test.src"
,
"./"
)
+
"/"
+
pathToStores
+
"/"
+
keyStoreFile
;
...
...
test/sun/security/ssl/javax/net/ssl/ServerName/SSLEngineExplorer.java
浏览文件 @
0d6d2bb1
...
...
@@ -44,6 +44,7 @@ import java.nio.*;
import
java.net.*
;
import
java.util.*
;
import
java.nio.channels.*
;
import
java.security.Security
;
public
class
SSLEngineExplorer
extends
SSLEngineService
{
...
...
@@ -231,6 +232,10 @@ public class SSLEngineExplorer extends SSLEngineService {
volatile
int
serverPort
=
0
;
public
static
void
main
(
String
args
[])
throws
Exception
{
// reset the security property to make sure that the algorithms
// and keys used in this test are not disabled.
Security
.
setProperty
(
"jdk.tls.disabledAlgorithms"
,
""
);
if
(
debug
)
System
.
setProperty
(
"javax.net.debug"
,
"all"
);
...
...
test/sun/security/ssl/javax/net/ssl/ServerName/SSLSocketExplorer.java
浏览文件 @
0d6d2bb1
...
...
@@ -45,6 +45,7 @@ import java.nio.channels.*;
import
java.util.*
;
import
java.net.*
;
import
javax.net.ssl.*
;
import
java.security.Security
;
public
class
SSLSocketExplorer
{
...
...
@@ -224,6 +225,10 @@ public class SSLSocketExplorer {
volatile
Exception
clientException
=
null
;
public
static
void
main
(
String
[]
args
)
throws
Exception
{
// reset the security property to make sure that the algorithms
// and keys used in this test are not disabled.
Security
.
setProperty
(
"jdk.tls.disabledAlgorithms"
,
""
);
String
keyFilename
=
System
.
getProperty
(
"test.src"
,
"."
)
+
"/"
+
pathToStores
+
"/"
+
keyStoreFile
;
...
...
test/sun/security/ssl/sanity/interop/ClientJSSEServerJSSE.java
浏览文件 @
0d6d2bb1
...
...
@@ -29,9 +29,15 @@
* @run main/othervm/timeout=300 ClientJSSEServerJSSE
*/
import
java.security.Security
;
public
class
ClientJSSEServerJSSE
{
public
static
void
main
(
String
[]
args
)
throws
Exception
{
// reset the security property to make sure that the algorithms
// and keys used in this test are not disabled.
Security
.
setProperty
(
"jdk.tls.disabledAlgorithms"
,
""
);
CipherTest
.
main
(
new
JSSEFactory
(),
args
);
}
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录