diff --git a/src/share/classes/sun/security/ssl/ClientHandshaker.java b/src/share/classes/sun/security/ssl/ClientHandshaker.java index 90691f7e5c3c291fbbb6b68cf82ee76ffb6dbfa2..b16ff815705256a072a1b75ba8fcaf9c3bcf0108 100644 --- a/src/share/classes/sun/security/ssl/ClientHandshaker.java +++ b/src/share/classes/sun/security/ssl/ClientHandshaker.java @@ -269,7 +269,7 @@ final class ClientHandshaker extends Handshaker { input, serverKey, clnt_random.random_bytes, svr_random.random_bytes, messageLen, - localSupportedSignAlgs, protocolVersion)); + getLocalSupportedSignAlgs(), protocolVersion)); } catch (GeneralSecurityException e) { throwSSLException("Server key", e); } @@ -281,7 +281,7 @@ final class ClientHandshaker extends Handshaker { this.serverKeyExchange(new ECDH_ServerKeyExchange (input, serverKey, clnt_random.random_bytes, svr_random.random_bytes, - localSupportedSignAlgs, protocolVersion)); + getLocalSupportedSignAlgs(), protocolVersion)); } catch (GeneralSecurityException e) { throwSSLException("Server key", e); } @@ -331,7 +331,7 @@ final class ClientHandshaker extends Handshaker { Collection supportedPeerSignAlgs = SignatureAndHashAlgorithm.getSupportedAlgorithms( - peerSignAlgs); + algorithmConstraints, peerSignAlgs); if (supportedPeerSignAlgs.isEmpty()) { throw new SSLHandshakeException( "No supported signature and hash algorithm in common"); @@ -1094,8 +1094,8 @@ final class ClientHandshaker extends Handshaker { if (protocolVersion.v >= ProtocolVersion.TLS12.v) { preferableSignatureAlgorithm = SignatureAndHashAlgorithm.getPreferableAlgorithm( - peerSupportedSignAlgs, signingKey.getAlgorithm(), - signingKey); + getPeerSupportedSignAlgs(), + signingKey.getAlgorithm(), signingKey); if (preferableSignatureAlgorithm == null) { throw new SSLHandshakeException( diff --git a/src/share/classes/sun/security/ssl/HandshakeMessage.java b/src/share/classes/sun/security/ssl/HandshakeMessage.java index 59b4b90ba3645fb4c378979f86002af7234fc114..e921ea061a4aaf26a0652a5ba4156bbfe4713411 100644 --- a/src/share/classes/sun/security/ssl/HandshakeMessage.java +++ b/src/share/classes/sun/security/ssl/HandshakeMessage.java @@ -1557,7 +1557,7 @@ static final class CertificateVerify extends HandshakeMessage { // the signature bytes private byte[] signature; - // protocol version being established using this ServerKeyExchange message + // protocol version being established using this CertificateVerify message ProtocolVersion protocolVersion; // the preferable signature algorithm used by this CertificateVerify message @@ -1610,7 +1610,7 @@ static final class CertificateVerify extends HandshakeMessage { preferableSignatureAlgorithm)) { throw new SSLHandshakeException( "Unsupported SignatureAndHashAlgorithm in " + - "ServerKeyExchange message"); + "CertificateVerify message"); } } diff --git a/src/share/classes/sun/security/ssl/Handshaker.java b/src/share/classes/sun/security/ssl/Handshaker.java index c820855fb4f2c6daf7766ac042a8cfe6d8868f69..7280d0dc28cf9e0ab48a363e70701ff61246eee8 100644 --- a/src/share/classes/sun/security/ssl/Handshaker.java +++ b/src/share/classes/sun/security/ssl/Handshaker.java @@ -89,7 +89,7 @@ abstract class Handshaker { AlgorithmConstraints algorithmConstraints = null; // Local supported signature and algorithms - Collection localSupportedSignAlgs; + private Collection localSupportedSignAlgs; // Peer supported signature and algorithms Collection peerSupportedSignAlgs; diff --git a/src/share/classes/sun/security/ssl/ServerHandshaker.java b/src/share/classes/sun/security/ssl/ServerHandshaker.java index 4e7ed402bae806cab5b76538f9e2ed4ee671fa6f..5066474238d68c263b7c8077d57fe5dc9b939c60 100644 --- a/src/share/classes/sun/security/ssl/ServerHandshaker.java +++ b/src/share/classes/sun/security/ssl/ServerHandshaker.java @@ -291,7 +291,7 @@ final class ServerHandshaker extends Handshaker { case HandshakeMessage.ht_certificate_verify: this.clientCertificateVerify(new CertificateVerify(input, - localSupportedSignAlgs, protocolVersion)); + getLocalSupportedSignAlgs(), protocolVersion)); break; case HandshakeMessage.ht_finished: @@ -700,11 +700,10 @@ final class ServerHandshaker extends Handshaker { Collection supportedPeerSignAlgs = SignatureAndHashAlgorithm.getSupportedAlgorithms( - peerSignAlgs); + algorithmConstraints, peerSignAlgs); if (supportedPeerSignAlgs.isEmpty()) { throw new SSLHandshakeException( - "No supported signature and hash algorithm " + - "in common"); + "No signature and hash algorithm in common"); } setPeerSupportedSignAlgs(supportedPeerSignAlgs); @@ -1134,6 +1133,13 @@ final class ServerHandshaker extends Handshaker { supportedSignAlgs = new ArrayList(1); supportedSignAlgs.add(algorithm); + + supportedSignAlgs = + SignatureAndHashAlgorithm.getSupportedAlgorithms( + algorithmConstraints, supportedSignAlgs); + + // May be no default activated signature algorithm, but + // let the following process make the final decision. } // Sets the peer supported signature algorithm to use in KM @@ -1178,6 +1184,11 @@ final class ServerHandshaker extends Handshaker { SignatureAndHashAlgorithm.getPreferableAlgorithm( supportedSignAlgs, "RSA", privateKey); if (preferableSignatureAlgorithm == null) { + if ((debug != null) && Debug.isOn("handshake")) { + System.out.println( + "No signature and hash algorithm for cipher " + + suite); + } return false; } } @@ -1196,6 +1207,11 @@ final class ServerHandshaker extends Handshaker { SignatureAndHashAlgorithm.getPreferableAlgorithm( supportedSignAlgs, "RSA", privateKey); if (preferableSignatureAlgorithm == null) { + if ((debug != null) && Debug.isOn("handshake")) { + System.out.println( + "No signature and hash algorithm for cipher " + + suite); + } return false; } } @@ -1211,6 +1227,11 @@ final class ServerHandshaker extends Handshaker { SignatureAndHashAlgorithm.getPreferableAlgorithm( supportedSignAlgs, "DSA"); if (preferableSignatureAlgorithm == null) { + if ((debug != null) && Debug.isOn("handshake")) { + System.out.println( + "No signature and hash algorithm for cipher " + + suite); + } return false; } } @@ -1229,6 +1250,11 @@ final class ServerHandshaker extends Handshaker { SignatureAndHashAlgorithm.getPreferableAlgorithm( supportedSignAlgs, "ECDSA"); if (preferableSignatureAlgorithm == null) { + if ((debug != null) && Debug.isOn("handshake")) { + System.out.println( + "No signature and hash algorithm for cipher " + + suite); + } return false; } } @@ -1274,7 +1300,8 @@ final class ServerHandshaker extends Handshaker { break; default: // internal error, unknown key exchange - throw new RuntimeException("Unrecognized cipherSuite: " + suite); + throw new RuntimeException( + "Unrecognized cipherSuite: " + suite); } setCipherSuite(suite); diff --git a/src/share/classes/sun/security/ssl/SignatureAndHashAlgorithm.java b/src/share/classes/sun/security/ssl/SignatureAndHashAlgorithm.java index 9640ffb85894f603a866f2414fa939f8a2c995d0..e64b905a24233f6ff6b562f4fa43d19fff0f2c97 100644 --- a/src/share/classes/sun/security/ssl/SignatureAndHashAlgorithm.java +++ b/src/share/classes/sun/security/ssl/SignatureAndHashAlgorithm.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2010, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -167,10 +167,13 @@ final class SignatureAndHashAlgorithm { // Get supported algorithm collection from an untrusted collection static Collection getSupportedAlgorithms( + AlgorithmConstraints constraints, Collection algorithms ) { Collection supported = new ArrayList<>(); for (SignatureAndHashAlgorithm sigAlg : algorithms) { - if (sigAlg.priority <= SUPPORTED_ALG_PRIORITY_MAX_NUM) { + if (sigAlg.priority <= SUPPORTED_ALG_PRIORITY_MAX_NUM && + constraints.permits(SIGNATURE_PRIMITIVE_SET, + sigAlg.algorithm, null)) { supported.add(sigAlg); } } @@ -234,30 +237,42 @@ final class SignatureAndHashAlgorithm { } static SignatureAndHashAlgorithm getPreferableAlgorithm( - Collection algorithms, - String expected, PrivateKey signingKey) { + Collection algorithms, + String expected, PrivateKey signingKey) { - if (expected == null && !algorithms.isEmpty()) { - for (SignatureAndHashAlgorithm sigAlg : algorithms) { - if (sigAlg.priority <= SUPPORTED_ALG_PRIORITY_MAX_NUM) { - return sigAlg; + int maxDigestLength = getMaxDigestLength(signingKey); + for (SignatureAndHashAlgorithm algorithm : algorithms) { + int signValue = algorithm.id & 0xFF; + if ((expected == null) || + (expected.equalsIgnoreCase("rsa") && + signValue == SignatureAlgorithm.RSA.value) || + (expected.equalsIgnoreCase("dsa") && + signValue == SignatureAlgorithm.DSA.value) || + (expected.equalsIgnoreCase("ecdsa") && + signValue == SignatureAlgorithm.ECDSA.value) || + (expected.equalsIgnoreCase("ec") && + signValue == SignatureAlgorithm.ECDSA.value)) { + + if (algorithm.priority <= SUPPORTED_ALG_PRIORITY_MAX_NUM && + algorithm.hash.length <= maxDigestLength) { + + return algorithm; } } - - return null; // no supported algorithm } - if (expected == null ) { - return null; // no expected algorithm, no supported algorithm - } + return null; + } - /* - * Need to check RSA key length to match the length of hash value - */ + /* + * Need to check key length to match the length of hash value + */ + private static int getMaxDigestLength(PrivateKey signingKey) { int maxDigestLength = Integer.MAX_VALUE; + + // only need to check RSA algorithm at present. if (signingKey != null && - "rsa".equalsIgnoreCase(signingKey.getAlgorithm()) && - expected.equalsIgnoreCase("rsa")) { + "rsa".equalsIgnoreCase(signingKey.getAlgorithm())) { /* * RSA keys of 512 bits have been shown to be practically * breakable, it does not make much sense to use the strong @@ -285,25 +300,7 @@ final class SignatureAndHashAlgorithm { // preferable hash algorithm. } - for (SignatureAndHashAlgorithm algorithm : algorithms) { - int signValue = algorithm.id & 0xFF; - if (expected.equalsIgnoreCase("rsa") && - signValue == SignatureAlgorithm.RSA.value) { - if (algorithm.hash.length <= maxDigestLength) { - return algorithm; - } - } else if ( - (expected.equalsIgnoreCase("dsa") && - signValue == SignatureAlgorithm.DSA.value) || - (expected.equalsIgnoreCase("ecdsa") && - signValue == SignatureAlgorithm.ECDSA.value) || - (expected.equalsIgnoreCase("ec") && - signValue == SignatureAlgorithm.ECDSA.value)) { - return algorithm; - } - } - - return null; + return maxDigestLength; } static enum HashAlgorithm { diff --git a/src/share/lib/security/java.security-aix b/src/share/lib/security/java.security-aix index 71574b93127edc4bd194ffd6a03c97699a732932..6d3f56deeccad521713da4f3e1b0640dbdaae92e 100644 --- a/src/share/lib/security/java.security-aix +++ b/src/share/lib/security/java.security-aix @@ -509,7 +509,7 @@ jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024 # # Example: # jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048 -jdk.tls.disabledAlgorithms=SSLv3, RC4, DH keySize < 768 +jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 768 # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS) # processing in JSSE implementation. diff --git a/src/share/lib/security/java.security-linux b/src/share/lib/security/java.security-linux index 71574b93127edc4bd194ffd6a03c97699a732932..6d3f56deeccad521713da4f3e1b0640dbdaae92e 100644 --- a/src/share/lib/security/java.security-linux +++ b/src/share/lib/security/java.security-linux @@ -509,7 +509,7 @@ jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024 # # Example: # jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048 -jdk.tls.disabledAlgorithms=SSLv3, RC4, DH keySize < 768 +jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 768 # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS) # processing in JSSE implementation. diff --git a/src/share/lib/security/java.security-macosx b/src/share/lib/security/java.security-macosx index 83849177762e214aa8428d9831ca1c87d4b8f5e1..51ff498cf7b242c2f854d9d4e77ab12be657e0d5 100644 --- a/src/share/lib/security/java.security-macosx +++ b/src/share/lib/security/java.security-macosx @@ -512,7 +512,7 @@ jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024 # # Example: # jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048 -jdk.tls.disabledAlgorithms=SSLv3, RC4, DH keySize < 768 +jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 768 # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS) # processing in JSSE implementation. diff --git a/src/share/lib/security/java.security-solaris b/src/share/lib/security/java.security-solaris index bf9b6ca831b5977b0b0560e747645d9178fef8a1..0a8e6c3178e207efb09aedc553cd5762a40d598b 100644 --- a/src/share/lib/security/java.security-solaris +++ b/src/share/lib/security/java.security-solaris @@ -511,7 +511,7 @@ jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024 # # Example: # jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048 -jdk.tls.disabledAlgorithms=SSLv3, RC4, DH keySize < 768 +jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 768 # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS) # processing in JSSE implementation. diff --git a/src/share/lib/security/java.security-windows b/src/share/lib/security/java.security-windows index a14472c069b10c0c1216686320c5d077ec7745e2..79de502bc6c23632df6650cd102045b897e76d9f 100644 --- a/src/share/lib/security/java.security-windows +++ b/src/share/lib/security/java.security-windows @@ -512,7 +512,7 @@ jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024 # # Example: # jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048 -jdk.tls.disabledAlgorithms=SSLv3, RC4, DH keySize < 768 +jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 768 # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS) # processing in JSSE implementation. diff --git a/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/MD2InTrustAnchor.java b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/MD2InTrustAnchor.java index 9b695a2fc7b69e18447814e3d25df8e31434771c..9d8ee1d5287b28c87852fabaacfb69898d5dabce 100644 --- a/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/MD2InTrustAnchor.java +++ b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/MD2InTrustAnchor.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2011, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2011, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -287,8 +287,10 @@ public class MD2InTrustAnchor { public static void main(String[] args) throws Exception { // MD5 is used in this test case, don't disable MD5 algorithm. - Security.setProperty( - "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); + Security.setProperty("jdk.certpath.disabledAlgorithms", + "MD2, RSA keySize < 1024"); + Security.setProperty("jdk.tls.disabledAlgorithms", + "SSLv3, RC4, DH keySize < 768"); if (debug) System.setProperty("javax.net.debug", "all"); diff --git a/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/TrustTrustedCert.java b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/TrustTrustedCert.java index 01fc5dc5d86aa217b1ba53584c272edd7d536196..b812ba5f60ed6952a404e8b8b838f9db6b16ba48 100644 --- a/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/TrustTrustedCert.java +++ b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/TrustTrustedCert.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2011, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2011, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -339,8 +339,10 @@ public class TrustTrustedCert { public static void main(String[] args) throws Exception { // MD5 is used in this test case, don't disable MD5 algorithm. - Security.setProperty( - "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); + Security.setProperty("jdk.certpath.disabledAlgorithms", + "MD2, RSA keySize < 1024"); + Security.setProperty("jdk.tls.disabledAlgorithms", + "SSLv3, RC4, DH keySize < 768"); if (debug) System.setProperty("javax.net.debug", "all"); diff --git a/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509KeyManager/PreferredKey.java b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509KeyManager/PreferredKey.java index 47e1e775856be4c76c045a63da07f1612a21e859..c79ca5e5129309adda1bf7b9afebc65c36ff6a6d 100644 --- a/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509KeyManager/PreferredKey.java +++ b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509KeyManager/PreferredKey.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -57,8 +57,10 @@ public class PreferredKey { public static void main(String[] args) throws Exception { // MD5 is used in this test case, don't disable MD5 algorithm. - Security.setProperty( - "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); + Security.setProperty("jdk.certpath.disabledAlgorithms", + "MD2, RSA keySize < 1024"); + Security.setProperty("jdk.tls.disabledAlgorithms", + "SSLv3, RC4, DH keySize < 768"); KeyStore ks; KeyManagerFactory kmf; diff --git a/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/BasicConstraints.java b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/BasicConstraints.java index 4f64cd1b7580396435532463987930d8564ec66c..69d3384bafa985529812d69613f29eaa2107c924 100644 --- a/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/BasicConstraints.java +++ b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/BasicConstraints.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2012, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -458,8 +458,10 @@ public class BasicConstraints { public static void main(String args[]) throws Exception { // MD5 is used in this test case, don't disable MD5 algorithm. - Security.setProperty( - "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); + Security.setProperty("jdk.certpath.disabledAlgorithms", + "MD2, RSA keySize < 1024"); + Security.setProperty("jdk.tls.disabledAlgorithms", + "SSLv3, RC4, DH keySize < 768"); if (debug) System.setProperty("javax.net.debug", "all"); diff --git a/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/PKIXExtendedTM.java b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/PKIXExtendedTM.java index 3b2587f6913b0080c7d688f6cda8feb0cbe443f7..8a5db1064e07d696fb45240a769eb3eef1e944c5 100644 --- a/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/PKIXExtendedTM.java +++ b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/PKIXExtendedTM.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2010, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -794,8 +794,10 @@ public class PKIXExtendedTM { public static void main(String args[]) throws Exception { // MD5 is used in this test case, don't disable MD5 algorithm. - Security.setProperty( - "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); + Security.setProperty("jdk.certpath.disabledAlgorithms", + "MD2, RSA keySize < 1024"); + Security.setProperty("jdk.tls.disabledAlgorithms", + "SSLv3, RC4, DH keySize < 768"); if (debug) System.setProperty("javax.net.debug", "all"); diff --git a/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/SelfIssuedCert.java b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/SelfIssuedCert.java index a17541212b69f3dba67ab6e0fa586172b7625374..deaf18fb872a73803434af416542d00d72134bac 100644 --- a/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/SelfIssuedCert.java +++ b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/SelfIssuedCert.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2009, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -306,8 +306,10 @@ public class SelfIssuedCert { public static void main(String args[]) throws Exception { // MD5 is used in this test case, don't disable MD5 algorithm. - Security.setProperty( - "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); + Security.setProperty("jdk.certpath.disabledAlgorithms", + "MD2, RSA keySize < 1024"); + Security.setProperty("jdk.tls.disabledAlgorithms", + "SSLv3, RC4, DH keySize < 768"); if (debug) System.setProperty("javax.net.debug", "all"); diff --git a/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/SunX509ExtendedTM.java b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/SunX509ExtendedTM.java index 54b2de892197fc5f7481b63fa0fd193dad51c030..ec893f90703cc7957691019e0ae1df017ac219fb 100644 --- a/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/SunX509ExtendedTM.java +++ b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/SunX509ExtendedTM.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2010, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -796,8 +796,10 @@ public class SunX509ExtendedTM { public static void main(String args[]) throws Exception { // MD5 is used in this test case, don't disable MD5 algorithm. - Security.setProperty( - "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); + Security.setProperty("jdk.certpath.disabledAlgorithms", + "MD2, RSA keySize < 1024"); + Security.setProperty("jdk.tls.disabledAlgorithms", + "SSLv3, RC4, DH keySize < 768"); if (debug) System.setProperty("javax.net.debug", "all"); diff --git a/test/sun/security/ssl/com/sun/net/ssl/internal/www/protocol/https/HttpsURLConnection/CriticalSubjectAltName.java b/test/sun/security/ssl/com/sun/net/ssl/internal/www/protocol/https/HttpsURLConnection/CriticalSubjectAltName.java index f9abcd670b29e5f044355acc07c18943acb3b853..d4eca8b57764676bce8e90bcaacb89ffc800ad7f 100644 --- a/test/sun/security/ssl/com/sun/net/ssl/internal/www/protocol/https/HttpsURLConnection/CriticalSubjectAltName.java +++ b/test/sun/security/ssl/com/sun/net/ssl/internal/www/protocol/https/HttpsURLConnection/CriticalSubjectAltName.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2001, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2001, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -159,8 +159,10 @@ public class CriticalSubjectAltName implements HostnameVerifier { public static void main(String[] args) throws Exception { // MD5 is used in this test case, don't disable MD5 algorithm. - Security.setProperty( - "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); + Security.setProperty("jdk.certpath.disabledAlgorithms", + "MD2, RSA keySize < 1024"); + Security.setProperty("jdk.tls.disabledAlgorithms", + "SSLv3, RC4, DH keySize < 768"); String keyFilename = System.getProperty("test.src", "./") + "/" + pathToStores + diff --git a/test/sun/security/ssl/javax/net/ssl/ServerName/SSLSocketSNISensitive.java b/test/sun/security/ssl/javax/net/ssl/ServerName/SSLSocketSNISensitive.java index ac4f8a11ab1b952ec01aa0f466ecad7411497d7e..031da1fdda94666ff420c363a22aaef6a0d35fa7 100644 --- a/test/sun/security/ssl/javax/net/ssl/ServerName/SSLSocketSNISensitive.java +++ b/test/sun/security/ssl/javax/net/ssl/ServerName/SSLSocketSNISensitive.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2012, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -433,8 +433,10 @@ public class SSLSocketSNISensitive { public static void main(String[] args) throws Exception { // MD5 is used in this test case, don't disable MD5 algorithm. - Security.setProperty( - "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); + Security.setProperty("jdk.certpath.disabledAlgorithms", + "MD2, RSA keySize < 1024"); + Security.setProperty("jdk.tls.disabledAlgorithms", + "SSLv3, RC4, DH keySize < 768"); if (debug) System.setProperty("javax.net.debug", "all"); diff --git a/test/sun/security/ssl/javax/net/ssl/TLSv11/EmptyCertificateAuthorities.java b/test/sun/security/ssl/javax/net/ssl/TLSv11/EmptyCertificateAuthorities.java index 3b11d2a59a7f4b76906cd7024c892c605f315317..0e6845e33fbc7873baf3909598ea64d4b68cc3bd 100644 --- a/test/sun/security/ssl/javax/net/ssl/TLSv11/EmptyCertificateAuthorities.java +++ b/test/sun/security/ssl/javax/net/ssl/TLSv11/EmptyCertificateAuthorities.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2010, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -230,8 +230,10 @@ public class EmptyCertificateAuthorities { public static void main(String[] args) throws Exception { // MD5 is used in this test case, don't disable MD5 algorithm. - Security.setProperty( - "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); + Security.setProperty("jdk.certpath.disabledAlgorithms", + "MD2, RSA keySize < 1024"); + Security.setProperty("jdk.tls.disabledAlgorithms", + "SSLv3, RC4, DH keySize < 768"); String keyFilename = System.getProperty("test.src", ".") + "/" + pathToStores + diff --git a/test/sun/security/ssl/javax/net/ssl/TLSv12/ShortRSAKey512.java b/test/sun/security/ssl/javax/net/ssl/TLSv12/ShortRSAKey512.java index c3bf12260ec3f5ce093149a3d81b7a379f993134..0c26c5f0ff04cf1be82531707d19cb1bfa211199 100644 --- a/test/sun/security/ssl/javax/net/ssl/TLSv12/ShortRSAKey512.java +++ b/test/sun/security/ssl/javax/net/ssl/TLSv12/ShortRSAKey512.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2012, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -282,6 +282,8 @@ public class ShortRSAKey512 { // reset the security property to make sure that the algorithms // and keys used in this test are not disabled. Security.setProperty("jdk.certpath.disabledAlgorithms", "MD2"); + Security.setProperty("jdk.tls.disabledAlgorithms", + "SSLv3, RC4, DH keySize < 768"); if (debug) System.setProperty("javax.net.debug", "all"); diff --git a/test/sun/security/ssl/javax/net/ssl/TLSv12/ShortRSAKeyGCM.java b/test/sun/security/ssl/javax/net/ssl/TLSv12/ShortRSAKeyGCM.java index 2d2b94b6504bdccaa6483a6541719de51cb5bebd..2b0ba5938d1fbc75a4ac0d47b4d4d29e8906c4c5 100644 --- a/test/sun/security/ssl/javax/net/ssl/TLSv12/ShortRSAKeyGCM.java +++ b/test/sun/security/ssl/javax/net/ssl/TLSv12/ShortRSAKeyGCM.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2012, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -304,6 +304,8 @@ public class ShortRSAKeyGCM { // reset the security property to make sure that the algorithms // and keys used in this test are not disabled. Security.setProperty("jdk.certpath.disabledAlgorithms", "MD2"); + Security.setProperty("jdk.tls.disabledAlgorithms", + "SSLv3, RC4, DH keySize < 768"); if (debug) { System.setProperty("javax.net.debug", "all"); diff --git a/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/DNSIdentities.java b/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/DNSIdentities.java index b5295f31cf59c1009c2d11b818a2619cf36c5ff4..0a77b81dd4a04d423c6796ca24457f464ce6e735 100644 --- a/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/DNSIdentities.java +++ b/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/DNSIdentities.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2010, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -747,8 +747,10 @@ public class DNSIdentities { public static void main(String args[]) throws Exception { // MD5 is used in this test case, don't disable MD5 algorithm. - Security.setProperty( - "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); + Security.setProperty("jdk.certpath.disabledAlgorithms", + "MD2, RSA keySize < 1024"); + Security.setProperty("jdk.tls.disabledAlgorithms", + "SSLv3, RC4, DH keySize < 768"); if (debug) System.setProperty("javax.net.debug", "all"); diff --git a/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/IPAddressIPIdentities.java b/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/IPAddressIPIdentities.java index bbf6892c43b6e33c26a6357a0c65de7e3284eab2..8170266a76569faaf3d7b89c76e670e1d1304edf 100644 --- a/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/IPAddressIPIdentities.java +++ b/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/IPAddressIPIdentities.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2010, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -748,8 +748,10 @@ public class IPAddressIPIdentities { public static void main(String args[]) throws Exception { // MD5 is used in this test case, don't disable MD5 algorithm. - Security.setProperty( - "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); + Security.setProperty("jdk.certpath.disabledAlgorithms", + "MD2, RSA keySize < 1024"); + Security.setProperty("jdk.tls.disabledAlgorithms", + "SSLv3, RC4, DH keySize < 768"); if (debug) System.setProperty("javax.net.debug", "all"); diff --git a/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/IPIdentities.java b/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/IPIdentities.java index c0d897b5faca2913887636289eed5c58ea521136..bd4d064052c15b871035bfe32e564efb41f2bccb 100644 --- a/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/IPIdentities.java +++ b/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/IPIdentities.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2010, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -747,8 +747,10 @@ public class IPIdentities { public static void main(String args[]) throws Exception { // MD5 is used in this test case, don't disable MD5 algorithm. - Security.setProperty( - "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); + Security.setProperty("jdk.certpath.disabledAlgorithms", + "MD2, RSA keySize < 1024"); + Security.setProperty("jdk.tls.disabledAlgorithms", + "SSLv3, RC4, DH keySize < 768"); if (debug) System.setProperty("javax.net.debug", "all"); diff --git a/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/Identities.java b/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/Identities.java index 55dfb1c04dcca30d208e1006410232bf437fa080..b30c3374feaac782caa7bbf3c681d856dd27113b 100644 --- a/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/Identities.java +++ b/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/Identities.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2010, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -747,8 +747,10 @@ public class Identities { public static void main(String args[]) throws Exception { // MD5 is used in this test case, don't disable MD5 algorithm. - Security.setProperty( - "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); + Security.setProperty("jdk.certpath.disabledAlgorithms", + "MD2, RSA keySize < 1024"); + Security.setProperty("jdk.tls.disabledAlgorithms", + "SSLv3, RC4, DH keySize < 768"); if (debug) System.setProperty("javax.net.debug", "all");