Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
openanolis
dragonwell8_jdk
提交
a5efe2da
D
dragonwell8_jdk
项目概览
openanolis
/
dragonwell8_jdk
通知
3
Star
2
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
D
dragonwell8_jdk
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
a5efe2da
编写于
8月 28, 2018
作者:
P
pkoppula
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
8208350: Disable all DES cipher suites
Reviewed-by: mullan, jnimeh, coffeys
上级
e074c24c
变更
10
隐藏空白更改
内联
并排
Showing
10 changed file
with
367 addition
and
13 deletion
+367
-13
src/share/lib/security/java.security-aix
src/share/lib/security/java.security-aix
+2
-2
src/share/lib/security/java.security-linux
src/share/lib/security/java.security-linux
+2
-2
src/share/lib/security/java.security-macosx
src/share/lib/security/java.security-macosx
+2
-2
src/share/lib/security/java.security-solaris
src/share/lib/security/java.security-solaris
+2
-2
src/share/lib/security/java.security-windows
src/share/lib/security/java.security-windows
+2
-2
test/sun/security/krb5/auto/UnboundSSL.java
test/sun/security/krb5/auto/UnboundSSL.java
+3
-1
test/sun/security/krb5/auto/UnboundSSLMultipleKeys.java
test/sun/security/krb5/auto/UnboundSSLMultipleKeys.java
+3
-1
test/sun/security/krb5/auto/UnboundSSLPrincipalProperty.java
test/sun/security/krb5/auto/UnboundSSLPrincipalProperty.java
+3
-1
test/sun/security/krb5/auto/unbound.ssl.policy
test/sun/security/krb5/auto/unbound.ssl.policy
+2
-0
test/sun/security/ssl/CipherSuite/NoDesRC4CiphSuite.java
test/sun/security/ssl/CipherSuite/NoDesRC4CiphSuite.java
+346
-0
未找到文件。
src/share/lib/security/java.security-aix
浏览文件 @
a5efe2da
...
...
@@ -619,8 +619,8 @@ jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, DSA keySize < 1024
#
# Example:
# jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024, \
EC keySize < 224,
DES40_CBC, RC4_40,
3DES_EDE_CBC
jdk.tls.disabledAlgorithms=SSLv3, RC4,
DES,
MD5withRSA, DH keySize < 1024, \
EC keySize < 224, 3DES_EDE_CBC
# Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS)
# processing in JSSE implementation.
...
...
src/share/lib/security/java.security-linux
浏览文件 @
a5efe2da
...
...
@@ -619,8 +619,8 @@ jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, DSA keySize < 1024
#
# Example:
# jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024, \
EC keySize < 224,
DES40_CBC, RC4_40,
3DES_EDE_CBC
jdk.tls.disabledAlgorithms=SSLv3, RC4,
DES,
MD5withRSA, DH keySize < 1024, \
EC keySize < 224, 3DES_EDE_CBC
# Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS)
# processing in JSSE implementation.
...
...
src/share/lib/security/java.security-macosx
浏览文件 @
a5efe2da
...
...
@@ -622,8 +622,8 @@ jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, DSA keySize < 1024
#
# Example:
# jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024, \
EC keySize < 224,
DES40_CBC, RC4_40,
3DES_EDE_CBC
jdk.tls.disabledAlgorithms=SSLv3, RC4,
DES,
MD5withRSA, DH keySize < 1024, \
EC keySize < 224, 3DES_EDE_CBC
# Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS)
# processing in JSSE implementation.
...
...
src/share/lib/security/java.security-solaris
浏览文件 @
a5efe2da
...
...
@@ -621,8 +621,8 @@ jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, DSA keySize < 1024
#
# Example:
# jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024, \
EC keySize < 224,
DES40_CBC, RC4_40,
3DES_EDE_CBC
jdk.tls.disabledAlgorithms=SSLv3, RC4,
DES,
MD5withRSA, DH keySize < 1024, \
EC keySize < 224, 3DES_EDE_CBC
# Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS)
# processing in JSSE implementation.
...
...
src/share/lib/security/java.security-windows
浏览文件 @
a5efe2da
...
...
@@ -622,8 +622,8 @@ jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, DSA keySize < 1024
#
# Example:
# jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024, \
EC keySize < 224,
DES40_CBC, RC4_40,
3DES_EDE_CBC
jdk.tls.disabledAlgorithms=SSLv3, RC4,
DES,
MD5withRSA, DH keySize < 1024, \
EC keySize < 224, 3DES_EDE_CBC
# Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS)
# processing in JSSE implementation.
...
...
test/sun/security/krb5/auto/UnboundSSL.java
浏览文件 @
a5efe2da
...
...
@@ -26,12 +26,13 @@ import java.security.NoSuchAlgorithmException;
import
java.security.PrivilegedActionException
;
import
java.util.HashMap
;
import
java.util.Map
;
import
java.security.Security
;
import
javax.security.auth.login.LoginException
;
/*
* @test
* @bug 8025123
* @bug 8025123
8208350
* @summary Checks if an unbound server can handle connections
* only for allowed service principals
* @run main/othervm/java.security.policy=unbound.ssl.policy -Dsun.net.spi.nameservice.provider.1=ns,mock UnboundSSL
...
...
@@ -44,6 +45,7 @@ public class UnboundSSL {
public
static
void
main
(
String
[]
args
)
throws
IOException
,
NoSuchAlgorithmException
,
LoginException
,
PrivilegedActionException
,
InterruptedException
{
Security
.
setProperty
(
"jdk.tls.disabledAlgorithms"
,
""
);
UnboundSSL
test
=
new
UnboundSSL
();
test
.
start
(
args
[
0
],
args
[
1
]);
}
...
...
test/sun/security/krb5/auto/UnboundSSLMultipleKeys.java
浏览文件 @
a5efe2da
...
...
@@ -26,12 +26,13 @@ import java.security.NoSuchAlgorithmException;
import
java.security.PrivilegedActionException
;
import
java.util.HashMap
;
import
java.util.Map
;
import
java.security.Security
;
import
javax.security.auth.login.LoginException
;
/*
* @test
* @bug 8025123
* @bug 8025123
8208350
* @summary Checks if an unbound server pick up a correct key from keytab
* @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock UnboundSSLMultipleKeys
* unbound.ssl.jaas.conf server_star
...
...
@@ -43,6 +44,7 @@ public class UnboundSSLMultipleKeys {
public
static
void
main
(
String
[]
args
)
throws
IOException
,
NoSuchAlgorithmException
,
LoginException
,
PrivilegedActionException
,
InterruptedException
{
Security
.
setProperty
(
"jdk.tls.disabledAlgorithms"
,
""
);
UnboundSSLMultipleKeys
test
=
new
UnboundSSLMultipleKeys
();
test
.
start
(
args
[
0
],
args
[
1
]);
}
...
...
test/sun/security/krb5/auto/UnboundSSLPrincipalProperty.java
浏览文件 @
a5efe2da
...
...
@@ -27,10 +27,11 @@ import java.security.PrivilegedActionException;
import
java.util.HashMap
;
import
java.util.Map
;
import
javax.security.auth.login.LoginException
;
import
java.security.Security
;
/*
* @test
* @bug 8025123
* @bug 8025123
8208350
* @summary Checks if an unbound server uses a service principal
* from sun.security.krb5.principal system property if specified
* @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock UnboundSSLPrincipalProperty
...
...
@@ -43,6 +44,7 @@ public class UnboundSSLPrincipalProperty {
public
static
void
main
(
String
[]
args
)
throws
IOException
,
NoSuchAlgorithmException
,
LoginException
,
PrivilegedActionException
,
InterruptedException
{
Security
.
setProperty
(
"jdk.tls.disabledAlgorithms"
,
""
);
UnboundSSLPrincipalProperty
test
=
new
UnboundSSLPrincipalProperty
();
test
.
start
(
args
[
0
],
args
[
1
]);
}
...
...
test/sun/security/krb5/auto/unbound.ssl.policy
浏览文件 @
a5efe2da
...
...
@@ -26,4 +26,6 @@ grant {
// permission to use SunJCE provider
permission java.security.SecurityPermission "putProviderProperty.SunJCE";
// permission to reset the tls disabledalgos
permission "java.security.SecurityPermission" "setProperty.jdk.tls.disabledAlgorithms";
};
test/sun/security/ssl/CipherSuite/NoDesRC4CiphSuite.java
0 → 100644
浏览文件 @
a5efe2da
/*
* Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* @test
* @bug 8208350
* @summary Disable all DES cipher suites
* @run main/othervm NoDesRC4CiphSuite
*/
/*
* SunJSSE does not support dynamic system properties, no way to re-use
* system properties in samevm/agentvm mode.
*/
import
java.security.Security
;
import
javax.net.ssl.*
;
import
javax.net.ssl.SSLEngineResult.HandshakeStatus
;
import
java.io.IOException
;
import
java.nio.ByteBuffer
;
import
java.security.GeneralSecurityException
;
import
java.util.List
;
import
java.util.ArrayList
;
import
java.util.Arrays
;
public
class
NoDesRC4CiphSuite
{
private
static
final
boolean
DEBUG
=
false
;
private
static
final
byte
RECTYPE_HS
=
0x16
;
private
static
final
byte
HSMSG_CLIHELLO
=
0x01
;
// These are some groups of Cipher Suites by names and IDs
private
static
final
List
<
Integer
>
DES_CS_LIST
=
Arrays
.
asList
(
0x0009
,
0x0015
,
0x0012
,
0x001A
,
0x0008
,
0x0014
,
0x0011
,
0x0019
);
private
static
final
String
[]
DES_CS_LIST_NAMES
=
new
String
[]
{
"SSL_RSA_WITH_DES_CBC_SHA"
,
"SSL_DHE_RSA_WITH_DES_CBC_SHA"
,
"SSL_DHE_DSS_WITH_DES_CBC_SHA"
,
"SSL_DH_anon_WITH_DES_CBC_SHA"
,
"SSL_RSA_EXPORT_WITH_DES40_CBC_SHA"
,
"SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA"
,
"SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA"
,
"SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA"
};
private
static
final
List
<
Integer
>
RC4_CS_LIST
=
Arrays
.
asList
(
0xC007
,
0xC011
,
0x0005
,
0xC002
,
0xC00C
,
0x0004
,
0xC016
,
0x0018
,
0x0003
,
0x0017
);
private
static
final
String
[]
RC4_CS_LIST_NAMES
=
new
String
[]
{
"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"
,
"TLS_ECDHE_RSA_WITH_RC4_128_SHA"
,
"SSL_RSA_WITH_RC4_128_SHA"
,
"TLS_ECDH_ECDSA_WITH_RC4_128_SHA"
,
"TLS_ECDH_RSA_WITH_RC4_128_SHA"
,
"SSL_RSA_WITH_RC4_128_MD5"
,
"TLS_ECDH_anon_WITH_RC4_128_SHA"
,
"SSL_DH_anon_WITH_RC4_128_MD5"
,
"SSL_RSA_EXPORT_WITH_RC4_40_MD5"
,
"SSL_DH_anon_EXPORT_WITH_RC4_40_MD5"
};
private
static
final
ByteBuffer
CLIOUTBUF
=
ByteBuffer
.
wrap
(
"Client Side"
.
getBytes
());
public
static
void
main
(
String
[]
args
)
throws
Exception
{
boolean
allGood
=
true
;
String
disAlg
=
Security
.
getProperty
(
"jdk.tls.disabledAlgorithms"
);
System
.
err
.
println
(
"Disabled Algs: "
+
disAlg
);
// Disabled DES tests
allGood
&=
testDefaultCase
(
DES_CS_LIST
);
allGood
&=
testEngAddDisabled
(
DES_CS_LIST_NAMES
,
DES_CS_LIST
);
allGood
&=
testEngOnlyDisabled
(
DES_CS_LIST_NAMES
);
// Disabled RC4 tests
allGood
&=
testDefaultCase
(
RC4_CS_LIST
);
allGood
&=
testEngAddDisabled
(
RC4_CS_LIST_NAMES
,
RC4_CS_LIST
);
allGood
&=
testEngOnlyDisabled
(
RC4_CS_LIST_NAMES
);
if
(
allGood
)
{
System
.
err
.
println
(
"All tests passed"
);
}
else
{
throw
new
RuntimeException
(
"One or more tests failed"
);
}
}
/**
* Create an engine with the default set of cipher suites enabled and make
* sure none of the disabled suites are present in the client hello.
*
* @param disabledSuiteIds the {@code List} of disabled cipher suite IDs
* to be checked for.
*
* @return true if the test passed (No disabled suites), false otherwise
*/
private
static
boolean
testDefaultCase
(
List
<
Integer
>
disabledSuiteIds
)
throws
Exception
{
System
.
err
.
println
(
"\nTest: Default SSLEngine suite set"
);
SSLEngine
ssle
=
makeEngine
();
if
(
DEBUG
)
{
listCiphers
(
"Suite set upon creation"
,
ssle
);
}
SSLEngineResult
clientResult
;
ByteBuffer
cTOs
=
makeClientBuf
(
ssle
);
clientResult
=
ssle
.
wrap
(
CLIOUTBUF
,
cTOs
);
if
(
DEBUG
)
{
dumpResult
(
"ClientHello: "
,
clientResult
);
}
cTOs
.
flip
();
boolean
foundSuite
=
areSuitesPresentCH
(
cTOs
,
disabledSuiteIds
);
if
(
foundSuite
)
{
System
.
err
.
println
(
"FAIL: Found disabled suites!"
);
return
false
;
}
else
{
System
.
err
.
println
(
"PASS: No disabled suites found."
);
return
true
;
}
}
/**
* Create an engine and set only disabled cipher suites.
* The engine should not create the client hello message since the only
* available suites to assert in the client hello are disabled ones.
*
* @param disabledSuiteNames an array of cipher suite names that
* should be disabled cipher suites.
*
* @return true if the engine throws SSLHandshakeException during client
* hello creation, false otherwise.
*/
private
static
boolean
testEngOnlyDisabled
(
String
[]
disabledSuiteNames
)
throws
Exception
{
System
.
err
.
println
(
"\nTest: SSLEngine configured with only disabled suites"
);
try
{
SSLEngine
ssle
=
makeEngine
();
ssle
.
setEnabledCipherSuites
(
disabledSuiteNames
);
if
(
DEBUG
)
{
listCiphers
(
"Suite set upon creation"
,
ssle
);
}
SSLEngineResult
clientResult
;
ByteBuffer
cTOs
=
makeClientBuf
(
ssle
);
clientResult
=
ssle
.
wrap
(
CLIOUTBUF
,
cTOs
);
if
(
DEBUG
)
{
dumpResult
(
"ClientHello: "
,
clientResult
);
}
cTOs
.
flip
();
}
catch
(
SSLHandshakeException
shse
)
{
System
.
err
.
println
(
"PASS: Caught expected exception: "
+
shse
);
return
true
;
}
System
.
err
.
println
(
"FAIL: Expected SSLHandshakeException not thrown"
);
return
false
;
}
/**
* Create an engine and add some disabled suites to the default
* set of cipher suites. Make sure none of the disabled suites show up
* in the client hello even though they were explicitly added.
*
* @param disabledSuiteNames an array of cipher suite names that
* should be disabled cipher suites.
* @param disabledIds the {@code List} of disabled cipher suite IDs
* to be checked for.
*
* @return true if the test passed (No disabled suites), false otherwise
*/
private
static
boolean
testEngAddDisabled
(
String
[]
disabledNames
,
List
<
Integer
>
disabledIds
)
throws
Exception
{
System
.
err
.
println
(
"\nTest: SSLEngine with disabled suites added"
);
SSLEngine
ssle
=
makeEngine
();
// Add disabled suites to the existing engine's set of enabled suites
String
[]
initialSuites
=
ssle
.
getEnabledCipherSuites
();
String
[]
plusDisSuites
=
Arrays
.
copyOf
(
initialSuites
,
initialSuites
.
length
+
disabledNames
.
length
);
System
.
arraycopy
(
disabledNames
,
0
,
plusDisSuites
,
initialSuites
.
length
,
disabledNames
.
length
);
ssle
.
setEnabledCipherSuites
(
plusDisSuites
);
if
(
DEBUG
)
{
listCiphers
(
"Suite set upon creation"
,
ssle
);
}
SSLEngineResult
clientResult
;
ByteBuffer
cTOs
=
makeClientBuf
(
ssle
);
clientResult
=
ssle
.
wrap
(
CLIOUTBUF
,
cTOs
);
if
(
DEBUG
)
{
dumpResult
(
"ClientHello: "
,
clientResult
);
}
cTOs
.
flip
();
boolean
foundDisabled
=
areSuitesPresentCH
(
cTOs
,
disabledIds
);
if
(
foundDisabled
)
{
System
.
err
.
println
(
"FAIL: Found disabled suites!"
);
return
false
;
}
else
{
System
.
err
.
println
(
"PASS: No disabled suites found."
);
return
true
;
}
}
private
static
SSLEngine
makeEngine
()
throws
GeneralSecurityException
{
SSLContext
ctx
=
SSLContext
.
getInstance
(
"TLSv1.2"
);
ctx
.
init
(
null
,
null
,
null
);
return
ctx
.
createSSLEngine
();
}
private
static
ByteBuffer
makeClientBuf
(
SSLEngine
ssle
)
{
ssle
.
setUseClientMode
(
true
);
ssle
.
setNeedClientAuth
(
false
);
SSLSession
sess
=
ssle
.
getSession
();
ByteBuffer
cTOs
=
ByteBuffer
.
allocateDirect
(
sess
.
getPacketBufferSize
());
return
cTOs
;
}
private
static
void
listCiphers
(
String
prefix
,
SSLEngine
ssle
)
{
System
.
err
.
println
(
prefix
+
"\n---------------"
);
String
[]
suites
=
ssle
.
getEnabledCipherSuites
();
for
(
String
suite
:
suites
)
{
System
.
err
.
println
(
suite
);
}
System
.
err
.
println
(
"---------------"
);
}
/**
* Walk a TLS 1.2 or earlier ClientHello looking for any of the suites
* in the suiteIdList.
*
* @param clientHello a ByteBuffer containing the ClientHello message as
* a complete TLS record. The position of the buffer should be
* at the first byte of the TLS record header.
* @param suiteIdList a List of integer values corresponding to
* TLS cipher suite identifiers.
*
* @return true if at least one of the suites in {@code suiteIdList}
* is found in the ClientHello's cipher suite list
*
* @throws IOException if the data in the {@code clientHello}
* buffer is not a TLS handshake message or is not a client hello.
*/
private
static
boolean
areSuitesPresentCH
(
ByteBuffer
clientHello
,
List
<
Integer
>
suiteIdList
)
throws
IOException
{
byte
val
;
// Process the TLS Record
val
=
clientHello
.
get
();
if
(
val
!=
RECTYPE_HS
)
{
throw
new
IOException
(
"Not a handshake record, type = "
+
val
);
}
// Just skip over the version and length
clientHello
.
position
(
clientHello
.
position
()
+
4
);
// Check the handshake message type
val
=
clientHello
.
get
();
if
(
val
!=
HSMSG_CLIHELLO
)
{
throw
new
IOException
(
"Not a ClientHello handshake message, type = "
+
val
);
}
// Skip over the length
clientHello
.
position
(
clientHello
.
position
()
+
3
);
// Skip over the protocol version (2) and random (32);
clientHello
.
position
(
clientHello
.
position
()
+
34
);
// Skip past the session ID (variable length <= 32)
int
len
=
Byte
.
toUnsignedInt
(
clientHello
.
get
());
if
(
len
>
32
)
{
throw
new
IOException
(
"Session ID is too large, len = "
+
len
);
}
clientHello
.
position
(
clientHello
.
position
()
+
len
);
// Finally, we are at the cipher suites. Walk the list and place them
// into a List.
int
csLen
=
Short
.
toUnsignedInt
(
clientHello
.
getShort
());
if
(
csLen
%
2
!=
0
)
{
throw
new
IOException
(
"CipherSuite length is invalid, len = "
+
csLen
);
}
int
csCount
=
csLen
/
2
;
List
<
Integer
>
csSuiteList
=
new
ArrayList
<>(
csCount
);
log
(
"Found following suite IDs in hello:"
);
for
(
int
i
=
0
;
i
<
csCount
;
i
++)
{
int
curSuite
=
Short
.
toUnsignedInt
(
clientHello
.
getShort
());
log
(
String
.
format
(
"Suite ID: 0x%04x"
,
curSuite
));
csSuiteList
.
add
(
curSuite
);
}
// Now check to see if any of the suites passed in match what is in
// the suite list.
boolean
foundMatch
=
false
;
for
(
Integer
cs
:
suiteIdList
)
{
if
(
csSuiteList
.
contains
(
cs
))
{
System
.
err
.
format
(
"Found match for suite ID 0x%04x\n"
,
cs
);
foundMatch
=
true
;
break
;
}
}
// We don't care about the rest of the ClientHello message.
// Rewind and return whether we found a match or not.
clientHello
.
rewind
();
return
foundMatch
;
}
private
static
void
dumpResult
(
String
str
,
SSLEngineResult
result
)
{
System
.
err
.
println
(
"The format of the SSLEngineResult is: \n"
+
"\t\"getStatus() / getHandshakeStatus()\" +\n"
+
"\t\"bytesConsumed() / bytesProduced()\"\n"
);
HandshakeStatus
hsStatus
=
result
.
getHandshakeStatus
();
System
.
err
.
println
(
str
+
result
.
getStatus
()
+
"/"
+
hsStatus
+
", "
+
result
.
bytesConsumed
()
+
"/"
+
result
.
bytesProduced
()
+
" bytes"
);
if
(
hsStatus
==
HandshakeStatus
.
FINISHED
)
{
System
.
err
.
println
(
"\t...ready for application data"
);
}
}
private
static
void
log
(
String
str
)
{
if
(
DEBUG
)
{
System
.
err
.
println
(
str
);
}
}
}
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录