8072515: Test Task: Develop new tests for JEP 219: Datagram Transport Layer Security (DTLS)

Reviewed-by: xuelei, asmotrak, rhalade

jdk/test/javax/net/ssl/DTLS/DTLSBufferOverflowUnderflowTest.java

@@ -0,0 +1,45 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8043758
+ * @summary Testing DTLS buffer overflow and underflow status when dealing with
+ *          application data.
+ * @library /sun/security/krb5/auto /javax/net/ssl/TLSCommon
+ * @run main/othervm -Dtest.security.protocol=DTLS
+ *      -Dtest.mode=norm DTLSBufferOverflowUnderflowTest
+ * @run main/othervm -Dtest.security.protocol=DTLS
+ *      -Dtest.mode=norm_sni DTLSBufferOverflowUnderflowTest
+ * @run main/othervm -Dtest.security.protocol=DTLS
+ *      -Dtest.mode=krb DTLSBufferOverflowUnderflowTest
+ */
+
+/**
+ * Testing DTLS incorrect app data packages unwrapping.
+ */
+public class DTLSBufferOverflowUnderflowTest {
+    public static void main(String[] args) {
+        BufferOverflowUnderflowTest.main(args);
+    }
+}

jdk/test/javax/net/ssl/DTLS/DTLSDataExchangeTest.java

@@ -0,0 +1,46 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8043758
+ * @summary Testing DTLS application data exchange using each of the supported
+ *          cipher suites.
+ * @library /sun/security/krb5/auto /javax/net/ssl/TLSCommon
+ * @run main/othervm -Dtest.security.protocol=DTLS
+ *      -Dtest.mode=norm DTLSDataExchangeTest
+ * @run main/othervm -Dtest.security.protocol=DTLS
+ *      -Dtest.mode=norm_sni DTLSDataExchangeTest
+ * @run main/othervm -Dtest.security.protocol=DTLS
+ *      -Dtest.mode=krb DTLSDataExchangeTest
+ */
+
+/**
+ * Testing DTLS application data exchange using each of the supported cipher
+ * suites.
+ */
+public class DTLSDataExchangeTest {
+    public static void main(String[] args) {
+        DataExchangeTest.main(args);
+    }
+}

jdk/test/javax/net/ssl/DTLS/DTLSEnginesClosureTest.java

@@ -0,0 +1,45 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8043758
+ * @summary Testing DTLS engines closing using each of the supported
+ *          cipher suites.
+ * @library /sun/security/krb5/auto /javax/net/ssl/TLSCommon
+ * @run main/othervm -Dtest.security.protocol=DTLS
+ *      -Dtest.mode=norm DTLSEnginesClosureTest
+ * @run main/othervm -Dtest.security.protocol=DTLS
+ *      -Dtest.mode=norm_sni DTLSEnginesClosureTest
+ * @run main/othervm -Dtest.security.protocol=DTLS
+ *      -Dtest.mode=krb DTLSEnginesClosureTest
+ */
+
+/**
+ * Testing DTLS engines closing using each of the supported cipher suites.
+ */
+public class DTLSEnginesClosureTest {
+    public static void main(String[] args) {
+        EnginesClosureTest.main(args);
+    }
+}

jdk/test/javax/net/ssl/DTLS/DTLSHandshakeTest.java

@@ -0,0 +1,45 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8043758
+ * @summary Testing DTLS engines handshake using each of the supported
+ *          cipher suites.
+ * @library /sun/security/krb5/auto /javax/net/ssl/TLSCommon
+ * @run main/othervm -Dtest.security.protocol=DTLS
+ *      -Dtest.mode=norm DTLSHandshakeTest
+ * @run main/othervm -Dtest.security.protocol=DTLS
+ *      -Dtest.mode=norm_sni DTLSHandshakeTest
+ * @run main/othervm -Dtest.security.protocol=DTLS
+ *      -Dtest.mode=krb DTLSHandshakeTest
+ */
+
+/**
+ * Testing DTLS engines handshake using each of the supported cipher suites.
+ */
+public class DTLSHandshakeTest {
+    public static void main(String[] args) {
+        HandshakeTest.main(args);
+    }
+}

jdk/test/javax/net/ssl/DTLS/DTLSHandshakeWithReplicatedPacketsTest.java

@@ -0,0 +1,70 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8043758
+ * @summary Testing DTLS engines handshake using each of the supported
+ *          cipher suites with replicated packets check.
+ * @library /sun/security/krb5/auto /javax/net/ssl/TLSCommon
+ * @run main/othervm -Dtest.security.protocol=DTLS
+ *      -Dtest.mode=norm DTLSHandshakeWithReplicatedPacketsTest
+ * @run main/othervm -Dtest.security.protocol=DTLS
+ *      -Dtest.mode=norm_sni DTLSHandshakeWithReplicatedPacketsTest
+ * @run main/othervm -Dtest.security.protocol=DTLS
+ *      -Dtest.mode=krb DTLSHandshakeWithReplicatedPacketsTest
+ */
+
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLEngine;
+import javax.net.ssl.SSLException;
+
+/**
+ * Testing DTLS engines handshake using each of the supported cipher suites with
+ * replicated packets check.
+ */
+public class DTLSHandshakeWithReplicatedPacketsTest extends SSLEngineTestCase {
+
+    private static String testMode;
+
+    public static void main(String[] args) {
+        DTLSHandshakeWithReplicatedPacketsTest test
+                = new DTLSHandshakeWithReplicatedPacketsTest();
+        setUpAndStartKDCIfNeeded();
+        test.runTests();
+    }
+
+    @Override
+    protected void testOneCipher(String cipher) throws SSLException {
+        SSLContext context = getContext();
+        int maxPacketSize = getMaxPacketSize();
+        boolean useSNI = !TEST_MODE.equals("norm");
+        SSLEngine clientEngine = getClientSSLEngine(context, useSNI);
+        SSLEngine serverEngine = getServerSSLEngine(context, useSNI);
+        clientEngine.setEnabledCipherSuites(new String[]{cipher});
+        serverEngine.setEnabledCipherSuites(new String[]{cipher});
+        serverEngine.setNeedClientAuth(!cipher.contains("anon"));
+        doHandshake(clientEngine, serverEngine, maxPacketSize,
+                HandshakeMode.INITIAL_HANDSHAKE, true);
+    }
+}

jdk/test/javax/net/ssl/DTLS/DTLSIncorrectAppDataTest.java

@@ -0,0 +1,101 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8043758
+ * @summary Testing DTLS incorrect app data packages unwrapping.
+ * @key randomness
+ * @library /sun/security/krb5/auto /lib/testlibrary /javax/net/ssl/TLSCommon
+ * @run main/othervm -Dtest.security.protocol=DTLS
+ *      -Dtest.mode=norm DTLSIncorrectAppDataTest
+ * @run main/othervm -Dtest.security.protocol=DTLS
+ *      -Dtest.mode=norm_sni DTLSIncorrectAppDataTest
+ * @run main/othervm -Dtest.security.protocol=DTLS
+ *      -Dtest.mode=krb DTLSIncorrectAppDataTest
+ */
+
+import java.nio.ByteBuffer;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLEngine;
+import javax.net.ssl.SSLEngineResult;
+import javax.net.ssl.SSLException;
+import java.util.Random;
+import jdk.testlibrary.RandomFactory;
+
+/**
+ * Testing DTLS incorrect app data packages unwrapping. Incorrect application
+ * data packages should be ignored by DTLS SSLEngine.
+ */
+public class DTLSIncorrectAppDataTest extends SSLEngineTestCase {
+
+    private final String MESSAGE = "Hello peer!";
+
+    public static void main(String[] s) {
+        DTLSIncorrectAppDataTest test = new DTLSIncorrectAppDataTest();
+        setUpAndStartKDCIfNeeded();
+        test.runTests();
+    }
+
+    @Override
+    protected void testOneCipher(String cipher) {
+        SSLContext context = getContext();
+        int maxPacketSize = getMaxPacketSize();
+        boolean useSNI = !TEST_MODE.equals("norm");
+        SSLEngine clientEngine = getClientSSLEngine(context, useSNI);
+        SSLEngine serverEngine = getServerSSLEngine(context, useSNI);
+        clientEngine.setEnabledCipherSuites(new String[]{cipher});
+        serverEngine.setEnabledCipherSuites(new String[]{cipher});
+        serverEngine.setNeedClientAuth(!cipher.contains("anon"));
+        try {
+            doHandshake(clientEngine, serverEngine, maxPacketSize,
+                    HandshakeMode.INITIAL_HANDSHAKE);
+            checkIncorrectAppDataUnwrap(clientEngine, serverEngine);
+            checkIncorrectAppDataUnwrap(serverEngine, clientEngine);
+        } catch (SSLException ssle) {
+            throw new AssertionError("Error during handshake or sending app data",
+                    ssle);
+        }
+    }
+
+    private void checkIncorrectAppDataUnwrap(SSLEngine sendEngine,
+            SSLEngine recvEngine) throws SSLException {
+        String direction = sendEngine.getUseClientMode() ? "client"
+                : "server";
+        System.out.println("================================================="
+                + "===========");
+        System.out.println("Testing DTLS incorrect app data packages unwrapping"
+                + " by sending data from " + direction);
+        ByteBuffer app = ByteBuffer.wrap(MESSAGE.getBytes());
+        ByteBuffer net = doWrap(sendEngine, direction, 0, app);
+        final Random RNG = RandomFactory.getRandom();
+        int randomPlace = RNG.nextInt(net.remaining());
+        net.array()[randomPlace] += 1;
+        app = ByteBuffer.allocate(recvEngine.getSession()
+                .getApplicationBufferSize());
+        recvEngine.unwrap(net, app);
+        app.flip();
+        int length = app.remaining();
+        System.out.println("Unwrapped " + length + " bytes.");
+    }
+}

jdk/test/javax/net/ssl/DTLS/DTLSMFLNTest.java

@@ -0,0 +1,47 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8043758
+ * @summary Testing DTLS engines handshake using each of the supported
+ *          cipher suites with different maximum fragment length. Testing of
+ *          MFLN extension.
+ * @library /sun/security/krb5/auto /javax/net/ssl/TLSCommon
+ * @run main/othervm -Dtest.security.protocol=DTLS
+ *      -Dtest.mode=norm DTLSMFLNTest
+ * @run main/othervm -Dtest.security.protocol=DTLS
+ *      -Dtest.mode=norm_sni DTLSMFLNTest
+ * @run main/othervm -Dtest.security.protocol=DTLS
+ *      -Dtest.mode=krb DTLSMFLNTest
+ */
+
+/**
+ * Testing DTLS engines handshake using each of the supported cipher suites with
+ * different maximum fragment length. Testing of MFLN extension.
+ */
+public class DTLSMFLNTest {
+    public static void main(String[] args) {
+        MFLNTest.main(args);
+    }
+}

jdk/test/javax/net/ssl/DTLS/DTLSNotEnabledRC4Test.java

@@ -0,0 +1,39 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8043758
+ * @summary Testing DTLS engines do not enable RC4 ciphers by default.
+ * @library /sun/security/krb5/auto /javax/net/ssl/TLSCommon
+ * @run main/othervm -Dtest.security.protocol=DTLS DTLSNotEnabledRC4Test
+ */
+
+/**
+ * Testing DTLS engines do not enable RC4 ciphers by default.
+ */
+public class DTLSNotEnabledRC4Test {
+    public static void main(String[] args) throws Exception {
+        NotEnabledRC4Test.main(args);
+    }
+}

jdk/test/javax/net/ssl/DTLS/DTLSRehandshakeTest.java

@@ -0,0 +1,46 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8043758
+ * @summary Testing DTLS engines re-handshaking using each of the supported
+ *          cipher suites.
+ * @library /sun/security/krb5/auto /javax/net/ssl/TLSCommon
+ * @run main/othervm -Dtest.security.protocol=DTLS
+ *      -Dtest.mode=norm DTLSRehandshakeTest
+ * @run main/othervm -Dtest.security.protocol=DTLS
+ *      -Dtest.mode=norm_sni DTLSRehandshakeTest
+ * @run main/othervm -Dtest.security.protocol=DTLS
+ *      -Dtest.mode=krb DTLSRehandshakeTest
+ */
+
+/**
+ * Testing DTLS engines re-handshaking using each of the supported cipher
+ * suites.
+ */
+public class DTLSRehandshakeTest {
+    public static void main(String[] args) {
+        RehandshakeTest.main(args);
+    }
+}

jdk/test/javax/net/ssl/DTLS/DTLSRehandshakeWithCipherChangeTest.java

@@ -0,0 +1,43 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8043758
+ * @summary Testing DTLS engines re-handshaking with cipher change. New cipher
+ *          is taken randomly from the supporetd ciphers list.
+ * @key randomness
+ * @library /sun/security/krb5/auto /lib/testlibrary /javax/net/ssl/TLSCommon
+ * @run main/othervm -Dtest.security.protocol=DTLS
+ *      DTLSRehandshakeWithCipherChangeTest
+ */
+
+/**
+ * Testing DTLS engines re-handshaking with cipher change. New cipher is taken
+ * randomly from the supported ciphers list.
+ */
+public class DTLSRehandshakeWithCipherChangeTest {
+    public static void main(String[] args) {
+        RehandshakeWithCipherChangeTest.main(args);
+    }
+}

jdk/test/javax/net/ssl/DTLS/DTLSRehandshakeWithDataExTest.java

@@ -0,0 +1,48 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8043758
+ * @summary Testing DTLS engines re-handshaking using each of the supported
+ *          cipher suites with application data exchange before and after
+ *          re-handshake and closing of the engines.
+ * @library /sun/security/krb5/auto /javax/net/ssl/TLSCommon
+ * @run main/othervm -Dtest.security.protocol=DTLS
+ *      -Dtest.mode=norm DTLSRehandshakeWithDataExTest
+ * @run main/othervm -Dtest.security.protocol=DTLS
+ *      -Dtest.mode=norm_sni DTLSRehandshakeWithDataExTest
+ * @run main/othervm -Dtest.security.protocol=DTLS
+ *      -Dtest.mode=krb DTLSRehandshakeWithDataExTest
+ */
+
+/**
+ * Testing DTLS engines re-handshaking using each of the supported cipher suites
+ * with application data exchange before and after re-handshake and closing of
+ * the engines.
+ */
+public class DTLSRehandshakeWithDataExTest {
+    public static void main(String[] args) {
+        RehandshakeWithDataExTest.main(args);
+    }
+}

jdk/test/javax/net/ssl/DTLS/DTLSSequenceNumberTest.java

@@ -0,0 +1,176 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8043758
+ * @summary Testing DTLS records sequence number property support in application
+ *          data exchange.
+ * @key randomness
+ * @library /sun/security/krb5/auto /lib/testlibrary /javax/net/ssl/TLSCommon
+ * @run main/othervm -Dtest.security.protocol=DTLS
+ *      -Dtest.mode=norm DTLSSequenceNumberTest
+ * @run main/othervm -Dtest.security.protocol=DTLS
+ *      -Dtest.mode=norm_sni DTLSSequenceNumberTest
+ * @run main/othervm -Dtest.security.protocol=DTLS
+ *      -Dtest.mode=krb DTLSSequenceNumberTest
+ */
+
+import java.nio.ByteBuffer;
+import java.util.TreeMap;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLEngine;
+import javax.net.ssl.SSLEngineResult;
+import javax.net.ssl.SSLException;
+import java.util.Random;
+import jdk.testlibrary.RandomFactory;
+
+/**
+ * Testing DTLS records sequence number property support in application data
+ * exchange.
+ */
+public class DTLSSequenceNumberTest extends SSLEngineTestCase {
+
+    private final String BIG_MESSAGE = "Very very big message. One two three"
+            + " four five six seven eight nine ten eleven twelve thirteen"
+            + " fourteen fifteen sixteen seventeen eighteen nineteen twenty.";
+    private final byte[] BIG_MESSAGE_BYTES = BIG_MESSAGE.getBytes();
+    private final int PIECES_NUMBER = 15;
+
+    public static void main(String[] args) {
+        DTLSSequenceNumberTest test = new DTLSSequenceNumberTest();
+        setUpAndStartKDCIfNeeded();
+        test.runTests();
+    }
+
+    @Override
+    protected void testOneCipher(String cipher) throws SSLException {
+        SSLContext context = getContext();
+        int maxPacketSize = getMaxPacketSize();
+        boolean useSNI = !TEST_MODE.equals("norm");
+        SSLEngine clientEngine = getClientSSLEngine(context, useSNI);
+        SSLEngine serverEngine = getServerSSLEngine(context, useSNI);
+        clientEngine.setEnabledCipherSuites(new String[]{cipher});
+        serverEngine.setEnabledCipherSuites(new String[]{cipher});
+        serverEngine.setNeedClientAuth(!cipher.contains("anon"));
+        doHandshake(clientEngine, serverEngine, maxPacketSize,
+                HandshakeMode.INITIAL_HANDSHAKE);
+        checkSeqNumPropertyWithAppDataSend(clientEngine, serverEngine);
+        checkSeqNumPropertyWithAppDataSend(serverEngine, clientEngine);
+    }
+
+    private void checkSeqNumPropertyWithAppDataSend(SSLEngine sendEngine,
+            SSLEngine recvEngine) throws SSLException {
+        String sender, reciever;
+        if (sendEngine.getUseClientMode() && !recvEngine.getUseClientMode()) {
+            sender = "Client";
+            reciever = "Server";
+        } else if (recvEngine.getUseClientMode() && !sendEngine.getUseClientMode()) {
+            sender = "Server";
+            reciever = "Client";
+        } else {
+            throw new Error("Both engines are in the same mode");
+        }
+        System.out.println("================================================="
+                + "===========");
+        System.out.println("Checking DTLS sequence number support"
+                + " by sending data from " + sender + " to " + reciever);
+        ByteBuffer[] sentMessages = new ByteBuffer[PIECES_NUMBER];
+        ByteBuffer[] netBuffers = new ByteBuffer[PIECES_NUMBER];
+        TreeMap<Long, ByteBuffer> recvMap = new TreeMap<>(Long::compareUnsigned);
+        int symbolsInAMessage;
+        int symbolsInTheLastMessage;
+        int[] recievingSequence = new int[PIECES_NUMBER];
+        for (int i = 0; i < PIECES_NUMBER; i++) {
+            recievingSequence[i] = i;
+        }
+        shuffleArray(recievingSequence);
+        if (BIG_MESSAGE.length() % PIECES_NUMBER == 0) {
+            symbolsInAMessage = BIG_MESSAGE.length() / PIECES_NUMBER;
+            symbolsInTheLastMessage = symbolsInAMessage;
+        } else {
+            symbolsInAMessage = BIG_MESSAGE.length() / (PIECES_NUMBER - 1);
+            symbolsInTheLastMessage = BIG_MESSAGE.length() % (PIECES_NUMBER - 1);
+        }
+        for (int i = 0; i < PIECES_NUMBER - 1; i++) {
+            sentMessages[i] = ByteBuffer.wrap(BIG_MESSAGE_BYTES,
+                    i * symbolsInAMessage, symbolsInAMessage);
+        }
+        sentMessages[PIECES_NUMBER - 1] = ByteBuffer.wrap(BIG_MESSAGE_BYTES,
+                (PIECES_NUMBER - 1) * symbolsInAMessage, symbolsInTheLastMessage);
+        long prevSeqNum = 0L;
+        //Wrapping massages in direct order
+        for (int i = 0; i < PIECES_NUMBER; i++) {
+            netBuffers[i] = ByteBuffer.allocate(sendEngine.getSession()
+                    .getPacketBufferSize());
+            SSLEngineResult[] r = new SSLEngineResult[1];
+            netBuffers[i] = doWrap(sendEngine, sender, 0, sentMessages[i], r);
+            long seqNum = r[0].sequenceNumber();
+            if (Long.compareUnsigned(seqNum, prevSeqNum) <= 0) {
+                throw new AssertionError("Sequence number of the wrapped "
+                        + "message is less or equal than that of the"
+                        + " previous one! "
+                        + "Was " + prevSeqNum + ", now " + seqNum + ".");
+            }
+            prevSeqNum = seqNum;
+        }
+        //Unwrapping messages in random order and trying to reconstruct order
+        //from sequence number.
+        for (int i = 0; i < PIECES_NUMBER; i++) {
+            int recvNow = recievingSequence[i];
+            SSLEngineResult[] r = new SSLEngineResult[1];
+            ByteBuffer recvMassage = doUnWrap(recvEngine, reciever,
+                    netBuffers[recvNow], r);
+            long seqNum = r[0].sequenceNumber();
+            recvMap.put(seqNum, recvMassage);
+        }
+        int mapSize = recvMap.size();
+        if (mapSize != PIECES_NUMBER) {
+            throw new AssertionError("The number of received massages "
+                    + mapSize + " is not equal to the number of sent messages "
+                    + PIECES_NUMBER + "!");
+        }
+        byte[] recvBigMsgBytes = new byte[BIG_MESSAGE_BYTES.length];
+        int counter = 0;
+        for (ByteBuffer msg : recvMap.values()) {
+            System.arraycopy(msg.array(), 0, recvBigMsgBytes,
+                    counter * symbolsInAMessage, msg.remaining());
+            counter++;
+        }
+        String recvBigMsg = new String(recvBigMsgBytes);
+        if (!recvBigMsg.equals(BIG_MESSAGE)) {
+            throw new AssertionError("Received big message is not equal to"
+                    + " one that was sent! Received message is: " + recvBigMsg);
+        }
+    }
+
+    private static void shuffleArray(int[] ar) {
+        final Random RNG = RandomFactory.getRandom();
+        for (int i = ar.length - 1; i > 0; i--) {
+            int index = RNG.nextInt(i + 1);
+            int a = ar[index];
+            ar[index] = ar[i];
+            ar[i] = a;
+        }
+    }
+}

jdk/test/javax/net/ssl/DTLS/DTLSUnSupportedCiphersTest.java

@@ -0,0 +1,40 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8043758
+ * @summary Testing that try to enable unsupported ciphers
+ *          causes IllegalArgumentException.
+ * @library /sun/security/krb5/auto /javax/net/ssl/TLSCommon
+ * @run main/othervm -Dtest.security.protocol=DTLS DTLSUnSupportedCiphersTest
+ */
+
+/**
+ * Testing that a try to enable unsupported ciphers causes IllegalArgumentException.
+ */
+public class DTLSUnSupportedCiphersTest {
+    public static void main(String[] args) {
+        UnSupportedCiphersTest.main(args);
+    }
+}

jdk/test/javax/net/ssl/DTLS/TEST.properties

@@ -0,0 +1 @@
+modules=java.base java.security.jgss

jdk/test/javax/net/ssl/DTLSv10/DTLSv10BufferOverflowUnderflowTest.java

@@ -0,0 +1,45 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8043758
+ * @summary Testing DTLS buffer overflow and underflow status when dealing with
+ *          application data.
+ * @library /sun/security/krb5/auto /javax/net/ssl/TLSCommon
+ * @run main/othervm -Dtest.security.protocol=DTLSv1.0
+ *      -Dtest.mode=norm DTLSv10BufferOverflowUnderflowTest
+ * @run main/othervm -Dtest.security.protocol=DTLSv1.0
+ *      -Dtest.mode=norm_sni DTLSv10BufferOverflowUnderflowTest
+ * @run main/othervm -Dtest.security.protocol=DTLSv1.0
+ *      -Dtest.mode=krb DTLSv10BufferOverflowUnderflowTest
+ */
+
+/**
+ * Testing DTLS incorrect app data packages unwrapping.
+ */
+public class DTLSv10BufferOverflowUnderflowTest {
+    public static void main(String[] args) {
+        BufferOverflowUnderflowTest.main(args);
+    }
+}

jdk/test/javax/net/ssl/DTLSv10/DTLSv10DataExchangeTest.java

@@ -0,0 +1,46 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8043758
+ * @summary Testing DTLS application data exchange using each of the supported
+ *          cipher suites.
+ * @library /sun/security/krb5/auto /javax/net/ssl/TLSCommon
+ * @run main/othervm -Dtest.security.protocol=DTLSv1.0
+ *      -Dtest.mode=norm DTLSv10DataExchangeTest
+ * @run main/othervm -Dtest.security.protocol=DTLSv1.0
+ *      -Dtest.mode=norm_sni DTLSv10DataExchangeTest
+ * @run main/othervm -Dtest.security.protocol=DTLSv1.0
+ *      -Dtest.mode=krb DTLSv10DataExchangeTest
+ */
+
+/**
+ * Testing DTLS application data exchange using each of the supported cipher
+ * suites.
+ */
+public class DTLSv10DataExchangeTest {
+    public static void main(String[] args) {
+        DataExchangeTest.main(args);
+    }
+}

jdk/test/javax/net/ssl/DTLSv10/DTLSv10EnginesClosureTest.java

@@ -0,0 +1,45 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8043758
+ * @summary Testing DTLS engines closing using each of the supported
+ *          cipher suites.
+ * @library /sun/security/krb5/auto /javax/net/ssl/TLSCommon
+ * @run main/othervm -Dtest.security.protocol=DTLSv1.0
+ *      -Dtest.mode=norm DTLSv10EnginesClosureTest
+ * @run main/othervm -Dtest.security.protocol=DTLSv1.0
+ *      -Dtest.mode=norm_sni DTLSv10EnginesClosureTest
+ * @run main/othervm -Dtest.security.protocol=DTLSv1.0
+ *      -Dtest.mode=krb DTLSv10EnginesClosureTest
+ */
+
+/**
+ * Testing DTLS engines closing using each of the supported cipher suites.
+ */
+public class DTLSv10EnginesClosureTest {
+    public static void main(String[] args) {
+        EnginesClosureTest.main(args);
+    }
+}

jdk/test/javax/net/ssl/DTLSv10/DTLSv10HandshakeTest.java

@@ -0,0 +1,45 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8043758
+ * @summary Testing DTLS engines handshake using each of the supported
+ *          cipher suites.
+ * @library /sun/security/krb5/auto /javax/net/ssl/TLSCommon
+ * @run main/othervm -Dtest.security.protocol=DTLSv1.0
+ *      -Dtest.mode=norm DTLSv10HandshakeTest
+ * @run main/othervm -Dtest.security.protocol=DTLSv1.0
+ *      -Dtest.mode=norm_sni DTLSv10HandshakeTest
+ * @run main/othervm -Dtest.security.protocol=DTLSv1.0
+ *      -Dtest.mode=krb DTLSv10HandshakeTest
+ */
+
+/**
+ * Testing DTLS engines handshake using each of the supported cipher suites.
+ */
+public class DTLSv10HandshakeTest {
+    public static void main(String[] args) {
+        HandshakeTest.main(args);
+    }
+}

jdk/test/javax/net/ssl/DTLSv10/DTLSv10HandshakeWithReplicatedPacketsTest.java

@@ -0,0 +1,46 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8043758
+ * @summary Testing DTLS engines handshake using each of the supported
+ *          cipher suites with replicated packets check.
+ * @library /sun/security/krb5/auto /javax/net/ssl/TLSCommon /javax/net/ssl/DTLS
+ * @run main/othervm -Dtest.security.protocol=DTLSv1.0
+ *      -Dtest.mode=norm DTLSv10HandshakeWithReplicatedPacketsTest
+ * @run main/othervm -Dtest.security.protocol=DTLSv1.0
+ *      -Dtest.mode=norm_sni DTLSv10HandshakeWithReplicatedPacketsTest
+ * @run main/othervm -Dtest.security.protocol=DTLSv1.0
+ *      -Dtest.mode=krb DTLSv10HandshakeWithReplicatedPacketsTest
+ */
+
+/**
+ * Testing DTLS engines handshake using each of the supported cipher suites with
+ * replicated packets check.
+ */
+public class DTLSv10HandshakeWithReplicatedPacketsTest {
+    public static void main(String[] args) {
+        DTLSHandshakeWithReplicatedPacketsTest.main(args);
+    }
+}

jdk/test/javax/net/ssl/DTLSv10/DTLSv10IncorrectAppDataTest.java

@@ -0,0 +1,46 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8043758
+ * @summary Testing DTLS incorrect app data packages unwrapping.
+ * @key randomness
+ * @library /sun/security/krb5/auto /lib/testlibrary /javax/net/ssl/TLSCommon /javax/net/ssl/DTLS
+ * @run main/othervm -Dtest.security.protocol=DTLSv1.0
+ *      -Dtest.mode=norm DTLSIncorrectAppDataTest
+ * @run main/othervm -Dtest.security.protocol=DTLSv1.0
+ *      -Dtest.mode=norm_sni DTLSIncorrectAppDataTest
+ * @run main/othervm -Dtest.security.protocol=DTLSv1.0
+ *      -Dtest.mode=krb DTLSIncorrectAppDataTest
+ */
+
+/**
+ * Testing DTLS incorrect app data packages unwrapping. Incorrect application
+ * data packages should be ignored by DTLS SSLEngine.
+ */
+public class DTLSv10IncorrectAppDataTest {
+    public static void main(String[] args) {
+        DTLSIncorrectAppDataTest.main(args);
+    }
+}

jdk/test/javax/net/ssl/DTLSv10/DTLSv10MFLNTest.java

@@ -0,0 +1,47 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8043758
+ * @summary Testing DTLS engines handshake using each of the supported
+ *          cipher suites with different maximum fragment length. Testing of
+ *          MFLN extension.
+ * @library /sun/security/krb5/auto /javax/net/ssl/TLSCommon
+ * @run main/othervm -Dtest.security.protocol=DTLSv1.0
+ *      -Dtest.mode=norm DTLSv10MFLNTest
+ * @run main/othervm -Dtest.security.protocol=DTLSv1.0
+ *      -Dtest.mode=norm_sni DTLSv10MFLNTest
+ * @run main/othervm -Dtest.security.protocol=DTLSv1.0
+ *      -Dtest.mode=krb DTLSv10MFLNTest
+ */
+
+/**
+ * Testing DTLS engines handshake using each of the supported cipher suites with
+ * different maximum fragment length. Testing of MFLN extension.
+ */
+public class DTLSv10MFLNTest {
+    public static void main(String[] args) {
+        MFLNTest.main(args);
+    }
+}

jdk/test/javax/net/ssl/DTLSv10/DTLSv10NotEnabledRC4Test.java

@@ -0,0 +1,39 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8043758
+ * @summary Testing DTLS engines do not enable RC4 ciphers by default.
+ * @library /sun/security/krb5/auto /javax/net/ssl/TLSCommon
+ * @run main/othervm -Dtest.security.protocol=DTLSv1.0 DTLSv10NotEnabledRC4Test
+ */
+
+/**
+ * Testing DTLS engines do not enable RC4 ciphers by default.
+ */
+public class DTLSv10NotEnabledRC4Test {
+    public static void main(String[] args) throws Exception {
+        NotEnabledRC4Test.main(args);
+    }
+}

jdk/test/javax/net/ssl/DTLSv10/DTLSv10RehandshakeTest.java

@@ -0,0 +1,46 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8043758
+ * @summary Testing DTLS engines re-handshaking using each of the supported
+ *          cipher suites.
+ * @library /sun/security/krb5/auto /javax/net/ssl/TLSCommon
+ * @run main/othervm -Dtest.security.protocol=DTLSv1.0
+ *      -Dtest.mode=norm DTLSv10RehandshakeTest
+ * @run main/othervm -Dtest.security.protocol=DTLSv1.0
+ *      -Dtest.mode=norm_sni DTLSv10RehandshakeTest
+ * @run main/othervm -Dtest.security.protocol=DTLSv1.0
+ *      -Dtest.mode=krb DTLSv10RehandshakeTest
+ */
+
+/**
+ * Testing DTLS engines re-handshaking using each of the supported cipher
+ * suites.
+ */
+public class DTLSv10RehandshakeTest {
+    public static void main(String[] args) {
+        RehandshakeTest.main(args);
+    }
+}

jdk/test/javax/net/ssl/DTLSv10/DTLSv10RehandshakeWithCipherChangeTest.java

@@ -0,0 +1,43 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8043758
+ * @summary Testing DTLS engines re-handshaking with cipher change. New cipher
+ *          is taken randomly from the supporetd ciphers list.
+ * @key randomness
+ * @library /sun/security/krb5/auto /lib/testlibrary /javax/net/ssl/TLSCommon
+ * @run main/othervm -Dtest.security.protocol=DTLSv1.0
+ *      DTLSv10RehandshakeWithCipherChangeTest
+ */
+
+/**
+ * Testing DTLS engines re-handshaking with cipher change. New cipher is taken
+ * randomly from the supported ciphers list.
+ */
+public class DTLSv10RehandshakeWithCipherChangeTest {
+    public static void main(String[] args) {
+        RehandshakeWithCipherChangeTest.main(args);
+    }
+}

jdk/test/javax/net/ssl/DTLSv10/DTLSv10RehandshakeWithDataExTest.java

@@ -0,0 +1,48 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8043758
+ * @summary Testing DTLS engines re-handshaking using each of the supported
+ *          cipher suites with application data exchange before and after
+ *          re-handshake and closing of the engines.
+ * @library /sun/security/krb5/auto /javax/net/ssl/TLSCommon
+ * @run main/othervm -Dtest.security.protocol=DTLSv1.0
+ *      -Dtest.mode=norm DTLSv10RehandshakeWithDataExTest
+ * @run main/othervm -Dtest.security.protocol=DTLSv1.0
+ *      -Dtest.mode=norm_sni DTLSv10RehandshakeWithDataExTest
+ * @run main/othervm -Dtest.security.protocol=DTLSv1.0
+ *      -Dtest.mode=krb DTLSv10RehandshakeWithDataExTest
+ */
+
+/**
+ * Testing DTLS engines re-handshaking using each of the supported cipher suites
+ * with application data exchange before and after re-handshake and closing of
+ * the engines.
+ */
+public class DTLSv10RehandshakeWithDataExTest {
+    public static void main(String[] args) {
+        RehandshakeWithDataExTest.main(args);
+    }
+}

jdk/test/javax/net/ssl/DTLSv10/DTLSv10SequenceNumberTest.java

@@ -0,0 +1,47 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8043758
+ * @summary Testing DTLS records sequence number property support in application
+ *          data exchange.
+ * @key randomness
+ * @library /sun/security/krb5/auto /lib/testlibrary /javax/net/ssl/TLSCommon /javax/net/ssl/DTLS
+ * @run main/othervm -Dtest.security.protocol=DTLSv1.0
+ *      -Dtest.mode=norm DTLSv10SequenceNumberTest
+ * @run main/othervm -Dtest.security.protocol=DTLSv1.0
+ *      -Dtest.mode=norm_sni DTLSv10SequenceNumberTest
+ * @run main/othervm -Dtest.security.protocol=DTLSv1.0
+ *      -Dtest.mode=krb DTLSv10SequenceNumberTest
+ */
+
+/**
+ * Testing DTLS records sequence number property support in application data
+ * exchange.
+ */
+public class DTLSv10SequenceNumberTest {
+    public static void main(String[] args) {
+        DTLSHandshakeWithReplicatedPacketsTest.main(args);
+    }
+}

jdk/test/javax/net/ssl/DTLSv10/DTLSv10UnSupportedCiphersTest.java

@@ -0,0 +1,41 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8043758
+ * @summary Testing that try to enable unsupported ciphers
+ *          causes IllegalArgumentException.
+ * @library /sun/security/krb5/auto /javax/net/ssl/TLSCommon
+ * @run main/othervm -Dtest.security.protocol=DTLSv1.0
+ *      DTLSv10UnSupportedCiphersTest
+ */
+
+/**
+ * Testing that a try to enable unsupported ciphers causes IllegalArgumentException.
+ */
+public class DTLSv10UnSupportedCiphersTest {
+    public static void main(String[] args) {
+        UnSupportedCiphersTest.main(args);
+    }
+}

jdk/test/javax/net/ssl/DTLSv10/TEST.properties

@@ -0,0 +1 @@
+modules=java.base java.security.jgss

jdk/test/javax/net/ssl/TLSCommon/BufferOverflowUnderflowTest.java

@@ -0,0 +1,135 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import java.nio.ByteBuffer;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLEngine;
+import javax.net.ssl.SSLEngineResult;
+import javax.net.ssl.SSLException;
+
+/**
+ * Testing SSLEngine incorrect app data packages unwrapping.
+ */
+public class BufferOverflowUnderflowTest extends SSLEngineTestCase {
+
+    private final String MESSAGE = "Hello peer!";
+
+    public static void main(String[] args) {
+        BufferOverflowUnderflowTest test = new BufferOverflowUnderflowTest();
+        setUpAndStartKDCIfNeeded();
+        test.runTests();
+    }
+
+    @Override
+    protected void testOneCipher(String cipher) throws SSLException {
+        SSLContext context = getContext();
+        int maxPacketSize = getMaxPacketSize();
+        boolean useSNI = !TEST_MODE.equals("norm");
+        SSLEngine clientEngine = getClientSSLEngine(context, useSNI);
+        SSLEngine serverEngine = getServerSSLEngine(context, useSNI);
+        clientEngine.setEnabledCipherSuites(new String[]{cipher});
+        serverEngine.setEnabledCipherSuites(new String[]{cipher});
+        serverEngine.setNeedClientAuth(!cipher.contains("anon"));
+        doHandshake(clientEngine, serverEngine, maxPacketSize,
+                HandshakeMode.INITIAL_HANDSHAKE);
+        checkBufferOverflowOnWrap(clientEngine);
+        checkBufferOverflowOnWrap(serverEngine);
+        checkBufferOverflowOnUnWrap(clientEngine, serverEngine);
+        checkBufferOverflowOnUnWrap(serverEngine, clientEngine);
+        checkBufferUnderflowOnUnWrap(serverEngine, clientEngine);
+        checkBufferUnderflowOnUnWrap(clientEngine, serverEngine);
+    }
+
+    private void checkBufferOverflowOnWrap(SSLEngine engine)
+            throws SSLException {
+        String mode = engine.getUseClientMode() ? "client"
+                : "server";
+        System.out.println("================================================="
+                + "===========");
+        System.out.println("Testing SSLEngine buffer overflow"
+                + " on wrap by " + mode);
+        ByteBuffer app = ByteBuffer.wrap(MESSAGE.getBytes());
+        //Making net buffer size less than required by 1 byte.
+        ByteBuffer net = ByteBuffer
+                .allocate(engine.getSession().getPacketBufferSize() - 1);
+        SSLEngineResult r = engine.wrap(app, net);
+        checkResult(r, SSLEngineResult.Status.BUFFER_OVERFLOW);
+        System.out.println("Passed");
+    }
+
+    private void checkBufferOverflowOnUnWrap(SSLEngine wrappingEngine,
+            SSLEngine unwrappingEngine)
+            throws SSLException {
+        String wrapperMode = wrappingEngine.getUseClientMode() ? "client"
+                : "server";
+        String unwrapperMode = unwrappingEngine.getUseClientMode() ? "client"
+                : "server";
+        if (wrapperMode.equals(unwrapperMode)) {
+            throw new Error("Test error: both engines are in the same mode!");
+        }
+        System.out.println("================================================="
+                + "===========");
+        System.out.println("Testing SSLEngine buffer overflow"
+                + " on unwrap by " + unwrapperMode);
+        ByteBuffer app = ByteBuffer.wrap(MESSAGE.getBytes());
+        ByteBuffer net = ByteBuffer
+                .allocate(wrappingEngine.getSession().getPacketBufferSize());
+        SSLEngineResult r = wrappingEngine.wrap(app, net);
+        checkResult(r, SSLEngineResult.Status.OK);
+        //Making app buffer size less than required by 1 byte.
+        app = ByteBuffer.allocate(MESSAGE.length() - 1);
+        net.flip();
+        r = unwrappingEngine.unwrap(net, app);
+        checkResult(r, SSLEngineResult.Status.BUFFER_OVERFLOW);
+        System.out.println("Passed");
+    }
+
+    private void checkBufferUnderflowOnUnWrap(SSLEngine wrappingEngine,
+            SSLEngine unwrappingEngine)
+            throws SSLException {
+        String wrapperMode = wrappingEngine.getUseClientMode() ? "client"
+                : "server";
+        String unwrapperMode = unwrappingEngine.getUseClientMode() ? "client"
+                : "server";
+        if (wrapperMode.equals(unwrapperMode)) {
+            throw new Error("Test error: both engines are in the same mode!");
+        }
+        System.out.println("================================================="
+                + "===========");
+        System.out.println("Testing SSLEngine buffer underflow"
+                + " on unwrap by " + unwrapperMode);
+        ByteBuffer app = ByteBuffer.wrap(MESSAGE.getBytes());
+        ByteBuffer net = ByteBuffer
+                .allocate(wrappingEngine.getSession().getPacketBufferSize());
+        SSLEngineResult r = wrappingEngine.wrap(app, net);
+        checkResult(r, SSLEngineResult.Status.OK);
+        app = ByteBuffer.allocate(unwrappingEngine.getSession()
+                .getApplicationBufferSize());
+        net.flip();
+        //Making net buffer size less than size of dtls message.
+        net.limit(net.limit() - 1);
+        r = unwrappingEngine.unwrap(net, app);
+        checkResult(r, SSLEngineResult.Status.BUFFER_UNDERFLOW);
+        System.out.println("Passed");
+    }
+}

jdk/test/javax/net/ssl/TLSCommon/DataExchangeTest.java

@@ -0,0 +1,55 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLEngine;
+import javax.net.ssl.SSLException;
+
+/**
+ * Testing SSLEngine application data exchange using each of the supported cipher
+ * suites.
+ */
+public class DataExchangeTest extends SSLEngineTestCase {
+
+    public static void main(String[] args) {
+        DataExchangeTest test = new DataExchangeTest();
+        setUpAndStartKDCIfNeeded();
+        test.runTests();
+    }
+
+    @Override
+    protected void testOneCipher(String cipher) throws SSLException {
+        SSLContext context = getContext();
+        int maxPacketSize = getMaxPacketSize();
+        boolean useSNI = !TEST_MODE.equals("norm");
+        SSLEngine clientEngine = getClientSSLEngine(context, useSNI);
+        SSLEngine serverEngine = getServerSSLEngine(context, useSNI);
+        clientEngine.setEnabledCipherSuites(new String[]{cipher});
+        serverEngine.setEnabledCipherSuites(new String[]{cipher});
+        serverEngine.setNeedClientAuth(!cipher.contains("anon"));
+        doHandshake(clientEngine, serverEngine, maxPacketSize,
+                HandshakeMode.INITIAL_HANDSHAKE);
+        sendApplicationData(clientEngine, serverEngine);
+        sendApplicationData(serverEngine, clientEngine);
+    }
+}

jdk/test/javax/net/ssl/TLSCommon/EnginesClosureTest.java

@@ -0,0 +1,63 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLEngine;
+import javax.net.ssl.SSLException;
+
+/**
+ * Testing SSLEngines closing using each of the supported cipher suites.
+ */
+public class EnginesClosureTest extends SSLEngineTestCase {
+
+    public static void main(String[] args) {
+        EnginesClosureTest test = new EnginesClosureTest();
+        setUpAndStartKDCIfNeeded();
+        test.runTests();
+    }
+
+    @Override
+    protected void testOneCipher(String cipher) throws SSLException {
+        closingTest(cipher, true);
+        closingTest(cipher, false);
+    }
+
+    private void closingTest(String cipher, boolean clientCloses)
+            throws SSLException {
+        SSLContext context = getContext();
+        int maxPacketSize = getMaxPacketSize();
+        boolean useSNI = !TEST_MODE.equals("norm");
+        SSLEngine clientEngine = getClientSSLEngine(context, useSNI);
+        SSLEngine serverEngine = getServerSSLEngine(context, useSNI);
+        clientEngine.setEnabledCipherSuites(new String[]{cipher});
+        serverEngine.setEnabledCipherSuites(new String[]{cipher});
+        serverEngine.setNeedClientAuth(!cipher.contains("anon"));
+        doHandshake(clientEngine, serverEngine, maxPacketSize,
+                HandshakeMode.INITIAL_HANDSHAKE);
+        if (clientCloses) {
+            closeEngines(clientEngine, serverEngine);
+        } else {
+            closeEngines(serverEngine, clientEngine);
+        }
+    }
+}

jdk/test/javax/net/ssl/TLSCommon/HandshakeTest.java

@@ -0,0 +1,52 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLEngine;
+import javax.net.ssl.SSLException;
+
+/**
+ * Testing SSLEngines handshake using each of the supported cipher suites.
+ */
+public class HandshakeTest extends SSLEngineTestCase {
+
+    public static void main(String[] args) {
+        HandshakeTest test = new HandshakeTest();
+        setUpAndStartKDCIfNeeded();
+        test.runTests();
+    }
+
+    @Override
+    protected void testOneCipher(String cipher) throws SSLException {
+        SSLContext context = getContext();
+        int maxPacketSize = getMaxPacketSize();
+        boolean useSNI = !TEST_MODE.equals("norm");
+        SSLEngine clientEngine = getClientSSLEngine(context, useSNI);
+        SSLEngine serverEngine = getServerSSLEngine(context, useSNI);
+        clientEngine.setEnabledCipherSuites(new String[]{cipher});
+        serverEngine.setEnabledCipherSuites(new String[]{cipher});
+        serverEngine.setNeedClientAuth(!cipher.contains("anon"));
+        doHandshake(clientEngine, serverEngine, maxPacketSize,
+                HandshakeMode.INITIAL_HANDSHAKE);
+    }
+}

jdk/test/javax/net/ssl/TLSCommon/MFLNTest.java

@@ -0,0 +1,63 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLEngine;
+import javax.net.ssl.SSLException;
+
+/**
+ * Testing SSLEngines handshake using each of the supported cipher suites with
+ * different maximum fragment length. Testing of MFLN extension.
+ */
+public class MFLNTest extends SSLEngineTestCase {
+
+    public static void main(String[] args) {
+        setUpAndStartKDCIfNeeded();
+        System.setProperty("jsse.enableMFLNExtension", "true");
+        for (int mfl = 4096; mfl >= 256; mfl /= 2) {
+            System.out.println("=============================================="
+                    + "==============");
+            System.out.printf("Testsing DTLS handshake with MFL = %d%n", mfl);
+            MFLNTest test = new MFLNTest(mfl);
+            test.runTests();
+        }
+    }
+
+    protected MFLNTest(int maxPacketSize) {
+        super(maxPacketSize);
+    }
+
+    @Override
+    protected void testOneCipher(String cipher) throws SSLException {
+        SSLContext context = getContext();
+        int maxPacketSize = getMaxPacketSize();
+        boolean useSNI = !TEST_MODE.equals("norm");
+        SSLEngine clientEngine = getClientSSLEngine(context, useSNI);
+        SSLEngine serverEngine = getServerSSLEngine(context, useSNI);
+        clientEngine.setEnabledCipherSuites(new String[]{cipher});
+        serverEngine.setEnabledCipherSuites(new String[]{cipher});
+        serverEngine.setNeedClientAuth(!cipher.contains("anon"));
+        doHandshake(clientEngine, serverEngine, maxPacketSize,
+                HandshakeMode.INITIAL_HANDSHAKE);
+    }
+}

jdk/test/javax/net/ssl/TLSCommon/NotEnabledRC4Test.java

@@ -0,0 +1,54 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLEngine;
+
+/**
+ * Testing SSLEngines do not enable RC4 ciphers by default.
+ */
+public class NotEnabledRC4Test {
+
+    public static void main(String[] s) throws Exception {
+        SSLContext context = SSLEngineTestCase.getContext();
+        SSLEngine clientEngine = context.createSSLEngine();
+        clientEngine.setUseClientMode(true);
+        SSLEngine serverEngine = context.createSSLEngine();
+        serverEngine.setUseClientMode(false);
+        String[] cliEnabledCiphers = clientEngine.getEnabledCipherSuites();
+        rc4Test(cliEnabledCiphers, true);
+        String[] srvEnabledCiphers = serverEngine.getEnabledCipherSuites();
+        rc4Test(srvEnabledCiphers, false);
+    }
+
+    private static void rc4Test(String[] ciphers, boolean isClient) {
+        String mode = isClient ? "client" : "server";
+        for (String cipher : ciphers) {
+            if (cipher.contains("RC4")) {
+                throw new AssertionError("RC4 cipher " + cipher + " is enabled"
+                        + " by default on " + mode + " SSLEngine,"
+                        + " but it should not!");
+            }
+        }
+    }
+}

jdk/test/javax/net/ssl/TLSCommon/RehandshakeTest.java

@@ -0,0 +1,58 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLEngine;
+import javax.net.ssl.SSLException;
+
+/**
+ * Testing SSLEngines re-handshaking using each of the supported cipher
+ * suites.
+ */
+public class RehandshakeTest extends SSLEngineTestCase {
+
+    public static void main(String[] args) {
+        RehandshakeTest test = new RehandshakeTest();
+        setUpAndStartKDCIfNeeded();
+        test.runTests();
+    }
+
+    @Override
+    protected void testOneCipher(String cipher) throws SSLException {
+        SSLContext context = getContext();
+        int maxPacketSize = getMaxPacketSize();
+        boolean useSNI = !TEST_MODE.equals("norm");
+        SSLEngine clientEngine = getClientSSLEngine(context, useSNI);
+        SSLEngine serverEngine = getServerSSLEngine(context, useSNI);
+        clientEngine.setEnabledCipherSuites(new String[]{cipher});
+        serverEngine.setEnabledCipherSuites(new String[]{cipher});
+        serverEngine.setNeedClientAuth(!cipher.contains("anon"));
+        doHandshake(clientEngine, serverEngine, maxPacketSize,
+                HandshakeMode.INITIAL_HANDSHAKE);
+        doHandshake(clientEngine, serverEngine, maxPacketSize,
+                HandshakeMode.REHANDSHAKE_BEGIN_CLIENT);
+        doHandshake(clientEngine, serverEngine, maxPacketSize,
+                HandshakeMode.REHANDSHAKE_BEGIN_SERVER);
+    }
+
+}

jdk/test/javax/net/ssl/TLSCommon/RehandshakeWithCipherChangeTest.java

@@ -0,0 +1,85 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLEngine;
+import javax.net.ssl.SSLEngineResult;
+import javax.net.ssl.SSLException;
+import java.util.Random;
+import jdk.testlibrary.RandomFactory;
+
+/**
+ * Testing SSLEngines re-handshaking with cipher change. New cipher is taken
+ * randomly from the supported ciphers list.
+ */
+public class RehandshakeWithCipherChangeTest extends SSLEngineTestCase {
+
+    public static void main(String[] s) {
+        RehandshakeWithCipherChangeTest test
+                = new RehandshakeWithCipherChangeTest();
+        test.runTests(Ciphers.ENABLED_NON_KRB_NOT_ANON_CIPHERS);
+    }
+
+    @Override
+    protected void testOneCipher(String cipher) throws SSLException {
+        SSLContext context = getContext();
+        int maxPacketSize = getMaxPacketSize();
+        SSLEngine clientEngine = context.createSSLEngine();
+        clientEngine.setUseClientMode(true);
+        SSLEngine serverEngine = context.createSSLEngine();
+        serverEngine.setUseClientMode(false);
+        clientEngine.setEnabledCipherSuites(new String[]{cipher});
+        serverEngine.setEnabledCipherSuites(
+                Ciphers.ENABLED_NON_KRB_NOT_ANON_CIPHERS.ciphers);
+        String randomCipher;
+        serverEngine.setNeedClientAuth(true);
+        long initialEpoch = 0;
+        long secondEpoch = 0;
+        SSLEngineResult r;
+        doHandshake(clientEngine, serverEngine, maxPacketSize,
+                HandshakeMode.INITIAL_HANDSHAKE);
+        sendApplicationData(clientEngine, serverEngine);
+        r = sendApplicationData(serverEngine, clientEngine);
+        if (TESTED_SECURITY_PROTOCOL.contains("DTLS")) {
+            initialEpoch = r.sequenceNumber() >> 48;
+        }
+        final Random RNG = RandomFactory.getRandom();
+        randomCipher = Ciphers.ENABLED_NON_KRB_NOT_ANON_CIPHERS.ciphers[RNG
+                .nextInt(Ciphers.ENABLED_NON_KRB_NOT_ANON_CIPHERS.ciphers.length)];
+        clientEngine.setEnabledCipherSuites(new String[]{randomCipher});
+        doHandshake(clientEngine, serverEngine, maxPacketSize,
+                HandshakeMode.REHANDSHAKE_BEGIN_CLIENT);
+        sendApplicationData(clientEngine, serverEngine);
+        r = sendApplicationData(serverEngine, clientEngine);
+        if (TESTED_SECURITY_PROTOCOL.contains("DTLS")) {
+            secondEpoch = r.sequenceNumber() >> 48;
+            AssertionError epochError = new AssertionError("Epoch number"
+                    + " did not grow after re-handshake! "
+                    + " Was " + initialEpoch + ", now " + secondEpoch + ".");
+            if (Long.compareUnsigned(secondEpoch, initialEpoch) <= 0) {
+                throw epochError;
+            }
+        }
+        closeEngines(clientEngine, serverEngine);
+    }
+}

jdk/test/javax/net/ssl/TLSCommon/RehandshakeWithDataExTest.java

@@ -0,0 +1,89 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLEngine;
+import javax.net.ssl.SSLEngineResult;
+import javax.net.ssl.SSLException;
+
+/**
+ * Testing SSLEngines re-handshaking using each of the supported cipher suites
+ * with application data exchange before and after re-handshake and closing of
+ * the engines.
+ */
+public class RehandshakeWithDataExTest extends SSLEngineTestCase {
+
+    public static void main(String[] args) {
+        RehandshakeWithDataExTest test = new RehandshakeWithDataExTest();
+        setUpAndStartKDCIfNeeded();
+        test.runTests();
+    }
+
+    @Override
+    protected void testOneCipher(String cipher) throws SSLException {
+        SSLContext context = getContext();
+        int maxPacketSize = getMaxPacketSize();
+        boolean useSNI = !TEST_MODE.equals("norm");
+        SSLEngine clientEngine = getClientSSLEngine(context, useSNI);
+        SSLEngine serverEngine = getServerSSLEngine(context, useSNI);
+        clientEngine.setEnabledCipherSuites(new String[]{cipher});
+        serverEngine.setEnabledCipherSuites(new String[]{cipher});
+        serverEngine.setNeedClientAuth(!cipher.contains("anon"));
+        long initialEpoch = 0;
+        long secondEpoch = 0;
+        long thirdEpoch = 0;
+        SSLEngineResult r;
+        doHandshake(clientEngine, serverEngine, maxPacketSize,
+                HandshakeMode.INITIAL_HANDSHAKE);
+        sendApplicationData(clientEngine, serverEngine);
+        r = sendApplicationData(serverEngine, clientEngine);
+        if (TESTED_SECURITY_PROTOCOL.contains("DTLS")) {
+            initialEpoch = r.sequenceNumber() >> 48;
+        }
+        doHandshake(clientEngine, serverEngine, maxPacketSize,
+                HandshakeMode.REHANDSHAKE_BEGIN_CLIENT);
+        sendApplicationData(clientEngine, serverEngine);
+        r = sendApplicationData(serverEngine, clientEngine);
+        AssertionError epochError = new AssertionError("Epoch number"
+                + " did not grow after re-handshake! "
+                + " Was " + initialEpoch + ", now " + secondEpoch + ".");
+        if (TESTED_SECURITY_PROTOCOL.contains("DTLS")) {
+            secondEpoch = r.sequenceNumber() >> 48;
+            if (Long.compareUnsigned(secondEpoch, initialEpoch) <= 0) {
+                throw epochError;
+            }
+        }
+        doHandshake(clientEngine, serverEngine, maxPacketSize,
+                HandshakeMode.REHANDSHAKE_BEGIN_SERVER);
+        sendApplicationData(clientEngine, serverEngine);
+        r = sendApplicationData(serverEngine, clientEngine);
+        if (TESTED_SECURITY_PROTOCOL.contains("DTLS")) {
+        thirdEpoch = r.sequenceNumber() >> 48;
+            if (Long.compareUnsigned(thirdEpoch, secondEpoch) <= 0) {
+                throw epochError;
+            }
+        }
+        closeEngines(clientEngine, serverEngine);
+    }
+
+}

jdk/test/javax/net/ssl/TLSCommon/UnSupportedCiphersTest.java

@@ -0,0 +1,55 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLEngine;
+
+/**
+ * Testing that try to enable unsupported ciphers causes IllegalArgumentException.
+ */
+public class UnSupportedCiphersTest extends SSLEngineTestCase {
+
+    public static void main(String[] s) {
+        UnSupportedCiphersTest test = new UnSupportedCiphersTest();
+        test.runTests(Ciphers.UNSUPPORTED_CIPHERS);
+    }
+
+    @Override
+    protected void testOneCipher(String cipher) {
+        unsupTest(cipher, true);
+        unsupTest(cipher, false);
+    }
+
+    private void unsupTest(String cipher, boolean clientTest) {
+        SSLContext context = getContext();
+        SSLEngine clientEngine = context.createSSLEngine();
+        clientEngine.setUseClientMode(true);
+        SSLEngine serverEngine = context.createSSLEngine();
+        serverEngine.setUseClientMode(false);
+        if (clientTest) {
+            clientEngine.setEnabledCipherSuites(new String[]{cipher});
+        } else {
+            serverEngine.setEnabledCipherSuites(new String[]{cipher});
+        }
+    }
+}

jdk/test/javax/net/ssl/TLSCommon/jaas.conf

@@ -0,0 +1,17 @@
+com.sun.net.ssl.client {
+    com.sun.security.auth.module.Krb5LoginModule required
+    principal="USER@TEST.REALM"
+    doNotPrompt=true
+    useKeyTab=true
+    keyTab="krb5.keytab.data";
+};
+
+com.sun.net.ssl.server {
+    com.sun.security.auth.module.Krb5LoginModule required
+    principal="host/service.localhost@TEST.REALM"
+    isInitiator=false
+    useKeyTab=true
+    keyTab="krb5.keytab.data"
+    storeKey=true;
+};
+