8175075: Add 3DES to the default disabled algorithm security property

Reviewed-by: xuelei, mullan, rhalade

8175075: Add 3DES to the default disabled algorithm security property
Reviewed-by: xuelei, mullan, rhalade
323d4cc0 · igerasim · fee20f1a · 323d4cc0 · 323d4cc0 · 323d4cc0
7 changed file
--- a/src/share/lib/security/java.security-aix
+++ b/src/share/lib/security/java.security-aix
@@ -620,7 +620,7 @@ jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, DSA keySize < 1024
 # Example:
 #   jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
 jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024, \
-    EC keySize < 224, DES40_CBC, RC4_40
+    EC keySize < 224, DES40_CBC, RC4_40, 3DES_EDE_CBC
 # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS)
 # processing in JSSE implementation.

--- a/src/share/lib/security/java.security-linux
+++ b/src/share/lib/security/java.security-linux
@@ -620,7 +620,7 @@ jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, DSA keySize < 1024
 # Example:
 #   jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
 jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024, \
-    EC keySize < 224, DES40_CBC, RC4_40
+    EC keySize < 224, DES40_CBC, RC4_40, 3DES_EDE_CBC
 # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS)
 # processing in JSSE implementation.

--- a/src/share/lib/security/java.security-macosx
+++ b/src/share/lib/security/java.security-macosx
@@ -623,7 +623,7 @@ jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, DSA keySize < 1024
 # Example:
 #   jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
 jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024, \
-    EC keySize < 224, DES40_CBC, RC4_40
+    EC keySize < 224, DES40_CBC, RC4_40, 3DES_EDE_CBC
 # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS)
 # processing in JSSE implementation.

--- a/src/share/lib/security/java.security-solaris
+++ b/src/share/lib/security/java.security-solaris
@@ -622,7 +622,7 @@ jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, DSA keySize < 1024
 # Example:
 #   jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
 jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024, \
-    EC keySize < 224, DES40_CBC, RC4_40
+    EC keySize < 224, DES40_CBC, RC4_40, 3DES_EDE_CBC
 # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS)
 # processing in JSSE implementation.

--- a/src/share/lib/security/java.security-windows
+++ b/src/share/lib/security/java.security-windows
@@ -623,7 +623,7 @@ jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, DSA keySize < 1024
 # Example:
 #   jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
 jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024, \
-    EC keySize < 224, DES40_CBC, RC4_40
+    EC keySize < 224, DES40_CBC, RC4_40, 3DES_EDE_CBC
 # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS)
 # processing in JSSE implementation.

--- a/test/sun/security/ssl/sun/net/www/protocol/https/NewImpl/ComHostnameVerifier.java
+++ b/test/sun/security/ssl/sun/net/www/protocol/https/NewImpl/ComHostnameVerifier.java
 /*
- * Copyright (c) 2001, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2018, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@@ -21,21 +21,20 @@
 * questions.
 */
+// SunJSSE does not support dynamic system properties, no way to re-use
+// system properties in samevm/agentvm mode.
 /*
 * @test
- * @bug 4474255
+ * @bug 4474255 4484246
- * @test 1.1 01/06/27
- * @bug 4484246
 * @summary When an application enables anonymous SSL cipher suite,
 *        Hostname verification is not required
 * @run main/othervm ComHostnameVerifier
- *
- *     SunJSSE does not support dynamic system properties, no way to re-use
- *     system properties in samevm/agentvm mode.
 */
 import java.io.*;
 import java.net.*;
+import java.security.Security;
 import javax.net.ssl.*;
 import javax.security.cert.*;
 import com.sun.net.ssl.HostnameVerifier;
@@ -249,6 +248,8 @@ public class ComHostnameVerifier {
    volatile Exception clientException = null;
    public static void main(String[] args) throws Exception {
+        // re-enable 3DES
+        Security.setProperty("jdk.tls.disabledAlgorithms", "");
        if (debug)
            System.setProperty("javax.net.debug", "all");

--- a/test/sun/security/ssl/sun/net/www/protocol/https/NewImpl/JavaxHostnameVerifier.java
+++ b/test/sun/security/ssl/sun/net/www/protocol/https/NewImpl/JavaxHostnameVerifier.java
 /*
- * Copyright (c) 2001, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2018, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@@ -21,21 +21,20 @@
 * questions.
 */
+// SunJSSE does not support dynamic system properties, no way to re-use
+// system properties in samevm/agentvm mode.
 /*
 * @test
- * @bug 4474255
+ * @bug 4474255 4484246
- * @test 1.1 01/06/27
- * @bug 4484246
 * @summary When an application enables anonymous SSL cipher suite,
 *        Hostname verification is not required
 * @run main/othervm JavaxHostnameVerifier
- *
- *     SunJSSE does not support dynamic system properties, no way to re-use
- *     system properties in samevm/agentvm mode.
 */
 import java.io.*;
 import java.net.*;
+import java.security.Security;
 import java.security.cert.*;
 import javax.net.ssl.*;
@@ -244,6 +243,8 @@ public class JavaxHostnameVerifier {
    volatile Exception clientException = null;
    public static void main(String[] args) throws Exception {
+        // re-enable 3DES
+        Security.setProperty("jdk.tls.disabledAlgorithms", "");
        if (debug)
            System.setProperty("javax.net.debug", "all");