Skip to content

D
dragonwell8_jdk

openanolis / dragonwell8_jdk

通知 4
Star 2
Fork 0
D
dragonwell8_jdk
提交 bc5b401e 编写于 作者: A asmotrak
浏览文件
操作

8043202: Prohibit RC4 cipher suites 

Reviewed-by: xuelei
上级 7f73a709
隐藏空白更改
内联 并排
Showing with 36 addition and 27 deletion
src/share/classes/sun/security/ssl/CipherSuite.java
浏览文件 @ bc5b401e
/*
* Copyright (c) 2002, 2014, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2002, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -968,7 +968,7 @@ final class CipherSuite implements Comparable<CipherSuite> {
* 1. Prefer Suite B compliant cipher suites, see RFC6460 (To be
* changed later, see below).
* 2. Prefer the stronger bulk cipher, in the order of AES_256(GCM),
* AES_128(GCM), AES_256, AES_128, 3DES-EDE, RC-4.
* AES_128(GCM), AES_256, AES_128, 3DES-EDE.
* 3. Prefer the stronger MAC algorithm, in the order of SHA384,
* SHA256, SHA, MD5.
* 4. Prefer the better performance of key exchange and digital
......@@ -1115,20 +1115,6 @@ final class CipherSuite implements Comparable<CipherSuite> {
add("SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA",
0x0013, --p, K_DHE_DSS, B_3DES, N);
// RC-4
add("TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
0xC007, --p, K_ECDHE_ECDSA, B_RC4_128, N);
add("TLS_ECDHE_RSA_WITH_RC4_128_SHA",
0xC011, --p, K_ECDHE_RSA, B_RC4_128, N);
add("SSL_RSA_WITH_RC4_128_SHA",
0x0005, --p, K_RSA, B_RC4_128, N);
add("TLS_ECDH_ECDSA_WITH_RC4_128_SHA",
0xC002, --p, K_ECDH_ECDSA, B_RC4_128, N);
add("TLS_ECDH_RSA_WITH_RC4_128_SHA",
0xC00C, --p, K_ECDH_RSA, B_RC4_128, N);
add("SSL_RSA_WITH_RC4_128_MD5",
0x0004, --p, K_RSA, B_RC4_128, N);
// Renegotiation protection request Signalling Cipher Suite Value (SCSV)
add("TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
0x00ff, --p, K_SCSV, B_NULL, T);
......@@ -1178,6 +1164,20 @@ final class CipherSuite implements Comparable<CipherSuite> {
add("SSL_DH_anon_WITH_3DES_EDE_CBC_SHA",
0x001b, --p, K_DH_ANON, B_3DES, N);
// RC-4
add("TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
0xC007, --p, K_ECDHE_ECDSA, B_RC4_128, N);
add("TLS_ECDHE_RSA_WITH_RC4_128_SHA",
0xC011, --p, K_ECDHE_RSA, B_RC4_128, N);
add("SSL_RSA_WITH_RC4_128_SHA",
0x0005, --p, K_RSA, B_RC4_128, N);
add("TLS_ECDH_ECDSA_WITH_RC4_128_SHA",
0xC002, --p, K_ECDH_ECDSA, B_RC4_128, N);
add("TLS_ECDH_RSA_WITH_RC4_128_SHA",
0xC00C, --p, K_ECDH_RSA, B_RC4_128, N);
add("SSL_RSA_WITH_RC4_128_MD5",
0x0004, --p, K_RSA, B_RC4_128, N);
add("TLS_ECDH_anon_WITH_RC4_128_SHA",
0xC016, --p, K_ECDH_ANON, B_RC4_128, N);
add("SSL_DH_anon_WITH_RC4_128_MD5",
......
test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/ConnectionTest.java
浏览文件 @ bc5b401e
/*
* Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -79,6 +79,9 @@ public class ConnectionTest {
ssle1.setEnabledCipherSuites(new String [] {
"SSL_RSA_WITH_RC4_128_MD5"});
ssle2.setEnabledCipherSuites(new String [] {
"SSL_RSA_WITH_RC4_128_MD5"});
createBuffers();
}
......
test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/LargeBufs.java
浏览文件 @ bc5b401e
/*
* Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2004, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -92,6 +92,7 @@ public class LargeBufs {
createSSLEngines();
System.out.println("Using " + cipher);
ssle1.setEnabledCipherSuites(new String [] { cipher });
ssle2.setEnabledCipherSuites(new String [] { cipher });
createBuffers();
......
test/sun/security/ssl/javax/net/ssl/TLSv11/GenericStreamCipher.java
浏览文件 @ bc5b401e
/*
* Copyright (c) 2010, 2011, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2010, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -93,6 +93,10 @@ public class GenericStreamCipher {
SSLServerSocket sslServerSocket =
(SSLServerSocket) sslssf.createServerSocket(serverPort);
// enable a stream cipher
sslServerSocket.setEnabledCipherSuites(
new String[] {"SSL_RSA_WITH_RC4_128_MD5"});
serverPort = sslServerSocket.getLocalPort();
/*
......
test/sun/security/ssl/sanity/ciphersuites/CipherSuitesInOrder.java
浏览文件 @ bc5b401e
/*
* Copyright (c) 2012, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2012, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -93,13 +93,6 @@ public class CipherSuitesInOrder {
"SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
"SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA",
"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
"TLS_ECDHE_RSA_WITH_RC4_128_SHA",
"SSL_RSA_WITH_RC4_128_SHA",
"TLS_ECDH_ECDSA_WITH_RC4_128_SHA",
"TLS_ECDH_RSA_WITH_RC4_128_SHA",
"SSL_RSA_WITH_RC4_128_MD5",
"TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
"TLS_DH_anon_WITH_AES_256_GCM_SHA384",
......@@ -113,8 +106,16 @@ public class CipherSuitesInOrder {
"TLS_DH_anon_WITH_AES_128_CBC_SHA",
"TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA",
"SSL_DH_anon_WITH_3DES_EDE_CBC_SHA",
"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
"TLS_ECDHE_RSA_WITH_RC4_128_SHA",
"SSL_RSA_WITH_RC4_128_SHA",
"TLS_ECDH_ECDSA_WITH_RC4_128_SHA",
"TLS_ECDH_RSA_WITH_RC4_128_SHA",
"SSL_RSA_WITH_RC4_128_MD5",
"TLS_ECDH_anon_WITH_RC4_128_SHA",
"SSL_DH_anon_WITH_RC4_128_MD5",
"SSL_RSA_WITH_DES_CBC_SHA",
"SSL_DHE_RSA_WITH_DES_CBC_SHA",
"SSL_DHE_DSS_WITH_DES_CBC_SHA",
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册