6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled

Summary: Reorg the SSLContext implementation Reviewed-by: weijun

6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled
Summary: Reorg the SSLContext implementation Reviewed-by: weijun
e6afd818 · xuelei · 64a1001d · e6afd818 · 64a1001d · e6afd818
12 changed file
--- a/src/share/classes/sun/security/ssl/CipherSuiteList.java
+++ b/src/share/classes/sun/security/ssl/CipherSuiteList.java
 /*
- * Copyright (c) 2002, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2011, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@@ -40,10 +40,6 @@ import javax.net.ssl.SSLException;
 */
 final class CipherSuiteList {
-    // lists of supported and default enabled ciphersuites
-    // created on demand
-    private static CipherSuiteList supportedSuites, defaultSuites;
    private final Collection<CipherSuite> cipherSuites;
    private String[] suiteNames;
@@ -206,57 +202,8 @@ final class CipherSuiteList {
     */
    static synchronized void clearAvailableCache() {
        if (CipherSuite.DYNAMIC_AVAILABILITY) {
-            supportedSuites = null;
-            defaultSuites = null;
            CipherSuite.BulkCipher.clearAvailableCache();
            JsseJce.clearEcAvailable();
        }
    }
-    /**
-     * Return the list of all available CipherSuites with a priority of
-     * minPriority or above.
-     * Should be called with the Class lock held.
-     */
-    private static CipherSuiteList buildAvailableCache(int minPriority) {
-        // SortedSet automatically arranges ciphersuites in default
-        // preference order
-        Set<CipherSuite> cipherSuites = new TreeSet<>();
-        Collection<CipherSuite> allowedCipherSuites =
-                                    CipherSuite.allowedCipherSuites();
-        for (CipherSuite c : allowedCipherSuites) {
-            if ((c.allowed == false) || (c.priority < minPriority)) {
-                continue;
-            }
-            if (c.isAvailable()) {
-                cipherSuites.add(c);
-            }
-        }
-        return new CipherSuiteList(cipherSuites);
-    }
-    /**
-     * Return supported CipherSuites in preference order.
-     */
-    static synchronized CipherSuiteList getSupported() {
-        if (supportedSuites == null) {
-            supportedSuites =
-                buildAvailableCache(CipherSuite.SUPPORTED_SUITES_PRIORITY);
-        }
-        return supportedSuites;
-    }
-    /**
-     * Return default enabled CipherSuites in preference order.
-     */
-    static synchronized CipherSuiteList getDefault() {
-        if (defaultSuites == null) {
-            defaultSuites =
-                buildAvailableCache(CipherSuite.DEFAULT_SUITES_PRIORITY);
-        }
-        return defaultSuites;
-    }
 }
--- a/src/share/classes/sun/security/ssl/DefaultSSLContextImpl.java
+++ b/src/share/classes/sun/security/ssl/DefaultSSLContextImpl.java
-/*
- * Copyright (c) 2005, 2007, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.  Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-package sun.security.ssl;
-import java.io.*;
-import java.util.*;
-import java.security.*;
-import javax.net.ssl.*;
-/**
- * "Default" SSLContext as returned by SSLContext.getDefault(). It comes
- * initialized with default KeyManagers and TrustManagers created using
- * various system properties.
- *
- * @since   1.6
- */
-public final class DefaultSSLContextImpl extends SSLContextImpl {
-    private static final String NONE = "NONE";
-    private static final String P11KEYSTORE = "PKCS11";
-    private static final Debug debug = Debug.getInstance("ssl");
-    private static volatile SSLContextImpl defaultImpl;
-    private static TrustManager[] defaultTrustManagers;
-    private static KeyManager[] defaultKeyManagers;
-    public DefaultSSLContextImpl() throws Exception {
-        super(defaultImpl);
-        try {
-            super.engineInit(getDefaultKeyManager(), getDefaultTrustManager(), null);
-        } catch (Exception e) {
-            if (debug != null && Debug.isOn("defaultctx")) {
-                System.out.println("default context init failed: " + e);
-            }
-            throw e;
-        }
-        if (defaultImpl == null) {
-            defaultImpl = this;
-        }
-    }
-    protected void engineInit(KeyManager[] km, TrustManager[] tm,
-            SecureRandom sr) throws KeyManagementException {
-        throw new KeyManagementException
-            ("Default SSLContext is initialized automatically");
-    }
-    static synchronized SSLContextImpl getDefaultImpl() throws Exception {
-        if (defaultImpl == null) {
-            new DefaultSSLContextImpl();
-        }
-        return defaultImpl;
-    }
-    private static synchronized TrustManager[] getDefaultTrustManager() throws Exception {
-        if (defaultTrustManagers != null) {
-            return defaultTrustManagers;
-        }
-        KeyStore ks = TrustManagerFactoryImpl.getCacertsKeyStore("defaultctx");
-        TrustManagerFactory tmf = TrustManagerFactory.getInstance(
-            TrustManagerFactory.getDefaultAlgorithm());
-        tmf.init(ks);
-        defaultTrustManagers = tmf.getTrustManagers();
-        return defaultTrustManagers;
-    }
-    private static synchronized KeyManager[] getDefaultKeyManager() throws Exception {
-        if (defaultKeyManagers != null) {
-            return defaultKeyManagers;
-        }
-        final Map<String,String> props = new HashMap<>();
-        AccessController.doPrivileged(
-                    new PrivilegedExceptionAction<Object>() {
-            public Object run() throws Exception {
-                props.put("keyStore",  System.getProperty(
-                            "javax.net.ssl.keyStore", ""));
-                props.put("keyStoreType", System.getProperty(
-                            "javax.net.ssl.keyStoreType",
-                            KeyStore.getDefaultType()));
-                props.put("keyStoreProvider", System.getProperty(
-                            "javax.net.ssl.keyStoreProvider", ""));
-                props.put("keyStorePasswd", System.getProperty(
-                            "javax.net.ssl.keyStorePassword", ""));
-                return null;
-            }
-        });
-        final String defaultKeyStore = props.get("keyStore");
-        String defaultKeyStoreType = props.get("keyStoreType");
-        String defaultKeyStoreProvider = props.get("keyStoreProvider");
-        if (debug != null && Debug.isOn("defaultctx")) {
-            System.out.println("keyStore is : " + defaultKeyStore);
-            System.out.println("keyStore type is : " +
-                                    defaultKeyStoreType);
-            System.out.println("keyStore provider is : " +
-                                    defaultKeyStoreProvider);
-        }
-        if (P11KEYSTORE.equals(defaultKeyStoreType) &&
-                !NONE.equals(defaultKeyStore)) {
-            throw new IllegalArgumentException("if keyStoreType is "
-                + P11KEYSTORE + ", then keyStore must be " + NONE);
-        }
-        FileInputStream fs = null;
-        if (defaultKeyStore.length() != 0 && !NONE.equals(defaultKeyStore)) {
-            fs = AccessController.doPrivileged(
-                    new PrivilegedExceptionAction<FileInputStream>() {
-                public FileInputStream run() throws Exception {
-                    return new FileInputStream(defaultKeyStore);
-                }
-            });
-        }
-        String defaultKeyStorePassword = props.get("keyStorePasswd");
-        char[] passwd = null;
-        if (defaultKeyStorePassword.length() != 0) {
-            passwd = defaultKeyStorePassword.toCharArray();
-        }
-        /**
-         * Try to initialize key store.
-         */
-        KeyStore ks = null;
-        if ((defaultKeyStoreType.length()) != 0) {
-            if (debug != null && Debug.isOn("defaultctx")) {
-                System.out.println("init keystore");
-            }
-            if (defaultKeyStoreProvider.length() == 0) {
-                ks = KeyStore.getInstance(defaultKeyStoreType);
-            } else {
-                ks = KeyStore.getInstance(defaultKeyStoreType,
-                                    defaultKeyStoreProvider);
-            }
-            // if defaultKeyStore is NONE, fs will be null
-            ks.load(fs, passwd);
-        }
-        if (fs != null) {
-            fs.close();
-            fs = null;
-        }
-        /*
-         * Try to initialize key manager.
-         */
-        if (debug != null && Debug.isOn("defaultctx")) {
-            System.out.println("init keymanager of type " +
-                KeyManagerFactory.getDefaultAlgorithm());
-        }
-        KeyManagerFactory kmf = KeyManagerFactory.getInstance(
-            KeyManagerFactory.getDefaultAlgorithm());
-        if (P11KEYSTORE.equals(defaultKeyStoreType)) {
-            kmf.init(ks, null); // do not pass key passwd if using token
-        } else {
-            kmf.init(ks, passwd);
-        }
-        defaultKeyManagers = kmf.getKeyManagers();
-        return defaultKeyManagers;
-    }
-}
--- a/src/share/classes/sun/security/ssl/JsseJce.java
+++ b/src/share/classes/sun/security/ssl/JsseJce.java
 /*
- * Copyright (c) 2001, 2009, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2011, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@@ -247,9 +247,9 @@ final class JsseJce {
                // the SunJSSE implementation does the actual crypto using
                // a NONEwithRSA signature obtained from the cryptoProvider.
                if (cryptoProvider.getService("Signature", algorithm) == null) {
-                    // Calling Signature.getInstance() and catching the exception
+                    // Calling Signature.getInstance() and catching the
-                    // would be cleaner, but exceptions are a little expensive.
+                    // exception would be cleaner, but exceptions are a little
-                    // So we check directly via getService().
+                    // expensive. So we check directly via getService().
                    try {
                        return Signature.getInstance(algorithm, "SunJSSE");
                    } catch (NoSuchProviderException e) {

--- a/src/share/classes/sun/security/ssl/ProtocolList.java
+++ b/src/share/classes/sun/security/ssl/ProtocolList.java
 /*
- * Copyright (c) 2002, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2011, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@@ -37,10 +37,6 @@ import java.util.*;
 */
 final class ProtocolList {
-    private static final ProtocolList SUPPORTED;
-    private static final ProtocolList CLIENT_DEFAULT;
-    private static final ProtocolList SERVER_DEFAULT;
    // the sorted protocol version list
    private final ArrayList<ProtocolVersion> protocols;
@@ -154,66 +150,4 @@ final class ProtocolList {
    public String toString() {
        return protocols.toString();
    }
-    /**
-     * Return the list of default enabled protocols.
-     */
-    static ProtocolList getDefault(boolean isServer) {
-        return isServer ? SERVER_DEFAULT : CLIENT_DEFAULT;
-    }
-    /**
-     * Return whether a protocol list is the original default enabled
-     * protocols.  See: SSLSocket/SSLEngine.setEnabledProtocols()
-     */
-    static boolean isDefaultProtocolList(ProtocolList protocols) {
-        return protocols == CLIENT_DEFAULT || protocols == SERVER_DEFAULT;
-    }
-    /**
-     * Return the list of supported protocols.
-     */
-    static ProtocolList getSupported() {
-        return SUPPORTED;
-    }
-    static {
-        if (SunJSSE.isFIPS()) {
-            SUPPORTED = new ProtocolList(new String[] {
-                ProtocolVersion.TLS10.name,
-                ProtocolVersion.TLS11.name,
-                ProtocolVersion.TLS12.name
-            });
-            SERVER_DEFAULT = SUPPORTED;
-            CLIENT_DEFAULT = new ProtocolList(new String[] {
-                ProtocolVersion.TLS10.name
-            });
-        } else {
-            SUPPORTED = new ProtocolList(new String[] {
-                ProtocolVersion.SSL20Hello.name,
-                ProtocolVersion.SSL30.name,
-                ProtocolVersion.TLS10.name,
-                ProtocolVersion.TLS11.name,
-                ProtocolVersion.TLS12.name
-            });
-            SERVER_DEFAULT = SUPPORTED;
-            /*
-             * RFC 5246 says that sending SSLv2 backward-compatible
-             * hello SHOULD NOT be done any longer.
-             *
-             * We are not enabling TLS 1.1/1.2 by default yet on clients
-             * out of concern for interop with existing
-             * SSLv3/TLS1.0-only servers.  When these versions of TLS
-             * gain more traction, we'll enable them.
-             */
-            CLIENT_DEFAULT = new ProtocolList(new String[] {
-                ProtocolVersion.SSL30.name,
-                ProtocolVersion.TLS10.name
-            });
-        }
-    }
 }
--- a/src/share/classes/sun/security/ssl/SSLContextImpl.java
+++ b/src/share/classes/sun/security/ssl/SSLContextImpl.java
--- a/src/share/classes/sun/security/ssl/SSLEngineImpl.java
+++ b/src/share/classes/sun/security/ssl/SSLEngineImpl.java
 /*
- * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@@ -374,8 +374,10 @@ final public class SSLEngineImpl extends SSLEngine {
        clientVerifyData = new byte[0];
        serverVerifyData = new byte[0];
-        enabledCipherSuites = CipherSuiteList.getDefault();
+        enabledCipherSuites =
-        enabledProtocols = ProtocolList.getDefault(roleIsServer);
+                sslContext.getDefaultCipherSuiteList(roleIsServer);
+        enabledProtocols =
+                sslContext.getDefaultProtocolList(roleIsServer);
        wrapLock = new Object();
        unwrapLock = new Object();
@@ -1883,8 +1885,8 @@ final public class SSLEngineImpl extends SSLEngine {
             * change them to the corresponding default ones.
             */
            if (roleIsServer != (!flag) &&
-                    ProtocolList.isDefaultProtocolList(enabledProtocols)) {
+                    sslContext.isDefaultProtocolList(enabledProtocols)) {
-                enabledProtocols = ProtocolList.getDefault(!flag);
+                enabledProtocols = sslContext.getDefaultProtocolList(!flag);
            }
            roleIsServer = !flag;
@@ -1907,8 +1909,8 @@ final public class SSLEngineImpl extends SSLEngine {
                 * change them to the corresponding default ones.
                 */
                if (roleIsServer != (!flag) &&
-                        ProtocolList.isDefaultProtocolList(enabledProtocols)) {
+                        sslContext.isDefaultProtocolList(enabledProtocols)) {
-                    enabledProtocols = ProtocolList.getDefault(!flag);
+                    enabledProtocols = sslContext.getDefaultProtocolList(!flag);
                }
                roleIsServer = !flag;
@@ -1951,8 +1953,7 @@ final public class SSLEngineImpl extends SSLEngine {
     * @return an array of cipher suite names
     */
    public String[] getSupportedCipherSuites() {
-        CipherSuiteList.clearAvailableCache();
+        return sslContext.getSuportedCipherSuiteList().toStringArray();
-        return CipherSuiteList.getSupported().toStringArray();
    }
    /**
@@ -1992,7 +1993,7 @@ final public class SSLEngineImpl extends SSLEngine {
     * @return an array of protocol names.
     */
    public String[] getSupportedProtocols() {
-        return ProtocolList.getSupported().toStringArray();
+        return sslContext.getSuportedProtocolList().toStringArray();
    }
    /**

--- a/src/share/classes/sun/security/ssl/SSLServerSocketFactoryImpl.java
+++ b/src/share/classes/sun/security/ssl/SSLServerSocketFactoryImpl.java
 /*
- * Copyright (c) 1997, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@@ -49,7 +49,7 @@ public class SSLServerSocketFactoryImpl extends SSLServerSocketFactory
     * java.security file is set.
     */
    public SSLServerSocketFactoryImpl() throws Exception {
-        this.context = DefaultSSLContextImpl.getDefaultImpl();
+        this.context = SSLContextImpl.DefaultSSLContext.getDefaultImpl();
    }
    /**
@@ -99,8 +99,7 @@ public class SSLServerSocketFactoryImpl extends SSLServerSocketFactory
     * is encrypted to provide confidentiality.
     */
    public String[] getDefaultCipherSuites() {
-        CipherSuiteList.clearAvailableCache();
+        return context.getDefaultCipherSuiteList(true).toStringArray();
-        return CipherSuiteList.getDefault().toStringArray();
    }
    /**
@@ -114,8 +113,7 @@ public class SSLServerSocketFactoryImpl extends SSLServerSocketFactory
     * @return an array of cipher suite names
     */
    public String[] getSupportedCipherSuites() {
-        CipherSuiteList.clearAvailableCache();
+        return context.getSuportedCipherSuiteList().toStringArray();
-        return CipherSuiteList.getSupported().toStringArray();
    }
 }
--- a/src/share/classes/sun/security/ssl/SSLServerSocketImpl.java
+++ b/src/share/classes/sun/security/ssl/SSLServerSocketImpl.java
 /*
- * Copyright (c) 1996, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@@ -153,8 +153,8 @@ class SSLServerSocketImpl extends SSLServerSocket
            throw new SSLException("No Authentication context given");
        }
        sslContext = context;
-        enabledCipherSuites = CipherSuiteList.getDefault();
+        enabledCipherSuites = sslContext.getDefaultCipherSuiteList(true);
-        enabledProtocols = ProtocolList.getDefault(true);
+        enabledProtocols = sslContext.getDefaultProtocolList(true);
    }
    /**
@@ -168,8 +168,7 @@ class SSLServerSocketImpl extends SSLServerSocket
     * @return an array of cipher suite names
     */
    public String[] getSupportedCipherSuites() {
-        CipherSuiteList.clearAvailableCache();
+        return sslContext.getSuportedCipherSuiteList().toStringArray();
-        return CipherSuiteList.getSupported().toStringArray();
    }
    /**
@@ -194,7 +193,7 @@ class SSLServerSocketImpl extends SSLServerSocket
    }
    public String[] getSupportedProtocols() {
-        return ProtocolList.getSupported().toStringArray();
+        return sslContext.getSuportedProtocolList().toStringArray();
    }
    /**
@@ -253,8 +252,8 @@ class SSLServerSocketImpl extends SSLServerSocket
         * change them to the corresponding default ones.
         */
        if (useServerMode != (!flag) &&
-                ProtocolList.isDefaultProtocolList(enabledProtocols)) {
+                sslContext.isDefaultProtocolList(enabledProtocols)) {
-            enabledProtocols = ProtocolList.getDefault(!flag);
+            enabledProtocols = sslContext.getDefaultProtocolList(!flag);
        }
        useServerMode = !flag;

--- a/src/share/classes/sun/security/ssl/SSLSocketFactoryImpl.java
+++ b/src/share/classes/sun/security/ssl/SSLSocketFactoryImpl.java
 /*
- * Copyright (c) 1997, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@@ -42,20 +42,18 @@ import javax.net.ssl.SSLSocket;
 *
 * @author David Brownell
 */
-final
+final public class SSLSocketFactoryImpl extends SSLSocketFactory {
-public class SSLSocketFactoryImpl extends SSLSocketFactory
-{
    private static SSLContextImpl defaultContext;
    private SSLContextImpl context;
    /**
     * Constructor used to instantiate the default factory. This method is
     * only called if the old "ssl.SocketFactory.provider" property in the
     * java.security file is set.
     */
    public SSLSocketFactoryImpl() throws Exception {
-        this.context = DefaultSSLContextImpl.getDefaultImpl();
+        this.context = SSLContextImpl.DefaultSSLContext.getDefaultImpl();
    }
    /**
@@ -167,11 +165,9 @@ public class SSLSocketFactoryImpl extends SSLSocketFactory
     * is encrypted to provide confidentiality.
     */
    public String[] getDefaultCipherSuites() {
-        CipherSuiteList.clearAvailableCache();
+        return context.getDefaultCipherSuiteList(false).toStringArray();
-        return CipherSuiteList.getDefault().toStringArray();
    }
    /**
     * Returns the names of the cipher suites which could be enabled for use
     * on an SSL connection.  Normally, only a subset of these will actually
@@ -181,7 +177,6 @@ public class SSLSocketFactoryImpl extends SSLSocketFactory
     * certain kinds of certificates to use certain cipher suites.
     */
    public String[] getSupportedCipherSuites() {
-        CipherSuiteList.clearAvailableCache();
+        return context.getSuportedCipherSuiteList().toStringArray();
-        return CipherSuiteList.getSupported().toStringArray();
    }
 }
--- a/src/share/classes/sun/security/ssl/SSLSocketImpl.java
+++ b/src/share/classes/sun/security/ssl/SSLSocketImpl.java
 /*
- * Copyright (c) 1996, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@@ -562,8 +562,11 @@ final public class SSLSocketImpl extends BaseSSLSocketImpl {
        clientVerifyData = new byte[0];
        serverVerifyData = new byte[0];
-        enabledCipherSuites = CipherSuiteList.getDefault();
+        enabledCipherSuites =
-        enabledProtocols = ProtocolList.getDefault(roleIsServer);
+                sslContext.getDefaultCipherSuiteList(roleIsServer);
+        enabledProtocols =
+                sslContext.getDefaultProtocolList(roleIsServer);
        inrec = null;
        // save the acc
@@ -2170,8 +2173,8 @@ final public class SSLSocketImpl extends BaseSSLSocketImpl {
             * change them to the corresponding default ones.
             */
            if (roleIsServer != (!flag) &&
-                    ProtocolList.isDefaultProtocolList(enabledProtocols)) {
+                    sslContext.isDefaultProtocolList(enabledProtocols)) {
-                enabledProtocols = ProtocolList.getDefault(!flag);
+                enabledProtocols = sslContext.getDefaultProtocolList(!flag);
            }
            roleIsServer = !flag;
            break;
@@ -2192,8 +2195,8 @@ final public class SSLSocketImpl extends BaseSSLSocketImpl {
                 * change them to the corresponding default ones.
                 */
                if (roleIsServer != (!flag) &&
-                        ProtocolList.isDefaultProtocolList(enabledProtocols)) {
+                        sslContext.isDefaultProtocolList(enabledProtocols)) {
-                    enabledProtocols = ProtocolList.getDefault(!flag);
+                    enabledProtocols = sslContext.getDefaultProtocolList(!flag);
                }
                roleIsServer = !flag;
                connectionState = cs_START;
@@ -2230,8 +2233,7 @@ final public class SSLSocketImpl extends BaseSSLSocketImpl {
     * @return an array of cipher suite names
     */
    public String[] getSupportedCipherSuites() {
-        CipherSuiteList.clearAvailableCache();
+        return sslContext.getSuportedCipherSuiteList().toStringArray();
-        return CipherSuiteList.getSupported().toStringArray();
    }
    /**
@@ -2271,7 +2273,7 @@ final public class SSLSocketImpl extends BaseSSLSocketImpl {
     * @return an array of protocol names.
     */
    public String[] getSupportedProtocols() {
-        return ProtocolList.getSupported().toStringArray();
+        return sslContext.getSuportedProtocolList().toStringArray();
    }
    /**

--- a/src/share/classes/sun/security/ssl/SunJSSE.java
+++ b/src/share/classes/sun/security/ssl/SunJSSE.java
@@ -204,22 +204,21 @@ public abstract class SunJSSE extends java.security.Provider {
        put("Alg.Alias.TrustManagerFactory.SunPKIX", "PKIX");
        put("Alg.Alias.TrustManagerFactory.X509", "PKIX");
        put("Alg.Alias.TrustManagerFactory.X.509", "PKIX");
+        put("SSLContext.TLSv1",
+            "sun.security.ssl.SSLContextImpl$TLS10Context");
+        put("Alg.Alias.SSLContext.TLS", "TLSv1");
        if (isfips == false) {
-            put("SSLContext.SSL",
+            put("Alg.Alias.SSLContext.SSL", "TLSv1");
-                "sun.security.ssl.SSLContextImpl");
+            put("Alg.Alias.SSLContext.SSLv3", "TLSv1");
-            put("SSLContext.SSLv3",
-                "sun.security.ssl.SSLContextImpl");
        }
-        put("SSLContext.TLS",
-            "sun.security.ssl.SSLContextImpl");
-        put("SSLContext.TLSv1",
-            "sun.security.ssl.SSLContextImpl");
        put("SSLContext.TLSv1.1",
-            "sun.security.ssl.SSLContextImpl");
+            "sun.security.ssl.SSLContextImpl$TLS11Context");
        put("SSLContext.TLSv1.2",
-            "sun.security.ssl.SSLContextImpl");
+            "sun.security.ssl.SSLContextImpl$TLS12Context");
        put("SSLContext.Default",
-            "sun.security.ssl.DefaultSSLContextImpl");
+            "sun.security.ssl.SSLContextImpl$DefaultSSLContext");
        /*
         * KeyStore

--- a/test/sun/security/ssl/javax/net/ssl/SSLContextVersion.java
+++ b/test/sun/security/ssl/javax/net/ssl/SSLContextVersion.java
+/*
+ * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+/*
+ * @test
+ * @bug 6976117
+ * @summary SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets
+ *          without TLSv1.1 enabled
+ */
+import javax.net.ssl.*;
+public class SSLContextVersion {
+    static enum ContextVersion {
+        TLS_CV_01("SSL", "TLSv1", "TLSv1.2"),
+        TLS_CV_02("TLS", "TLSv1", "TLSv1.2"),
+        TLS_CV_03("SSLv3", "TLSv1", "TLSv1.2"),
+        TLS_CV_04("TLSv1", "TLSv1", "TLSv1.2"),
+        TLS_CV_05("TLSv1.1", "TLSv1.1", "TLSv1.2"),
+        TLS_CV_06("TLSv1.2", "TLSv1.2", "TLSv1.2"),
+        TLS_CV_07("Default", "TLSv1", "TLSv1.2");
+        final String contextVersion;
+        final String defaultProtocolVersion;
+        final String supportedProtocolVersion;
+        ContextVersion(String contextVersion, String defaultProtocolVersion,
+                String supportedProtocolVersion) {
+            this.contextVersion = contextVersion;
+            this.defaultProtocolVersion = defaultProtocolVersion;
+            this.supportedProtocolVersion = supportedProtocolVersion;
+        }
+    }
+    public static void main(String[] args) throws Exception {
+        for (ContextVersion cv : ContextVersion.values()) {
+            System.out.println("Checking SSLContext of " + cv.contextVersion);
+            SSLContext context = SSLContext.getInstance(cv.contextVersion);
+            // Default SSLContext is initialized automatically.
+            if (!cv.contextVersion.equals("Default")) {
+                // Use default TK, KM and random.
+                context.init((KeyManager[])null, (TrustManager[])null, null);
+            }
+            SSLParameters parameters = context.getDefaultSSLParameters();
+            String[] protocols = parameters.getProtocols();
+            String[] ciphers = parameters.getCipherSuites();
+            if (protocols.length == 0 || ciphers.length == 0) {
+                throw new Exception("No default protocols or cipher suites");
+            }
+            boolean isMatch = false;
+            for (String protocol : protocols) {
+                System.out.println("\tdefault protocol version " + protocol);
+                if (protocol.equals(cv.defaultProtocolVersion)) {
+                    isMatch = true;
+                    break;
+                }
+            }
+            if (!isMatch) {
+                throw new Exception("No matched default protocol");
+            }
+            parameters = context.getSupportedSSLParameters();
+            protocols = parameters.getProtocols();
+            ciphers = parameters.getCipherSuites();
+            if (protocols.length == 0 || ciphers.length == 0) {
+                throw new Exception("No default protocols or cipher suites");
+            }
+            isMatch = false;
+            for (String protocol : protocols) {
+                System.out.println("\tsupported protocol version " + protocol);
+                if (protocol.equals(cv.supportedProtocolVersion)) {
+                    isMatch = true;
+                    break;
+                }
+            }
+            if (!isMatch) {
+                throw new Exception("No matched default protocol");
+            }
+            System.out.println("\t... Success");
+        }
+    }
+}