infernap12/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2026-05-16 00:19:27 +00:00
Code Issues Packages Projects Releases Wiki Activity

8061210: Issues in TLS

Browse Source 
Reviewed-by: jnimeh, mullan, wetmore, ahgross, asmotrak
This commit is contained in:
Xue-Lei Andrew Fan 2014-11-03 08:30:18 +00:00
parent 2d97b4eecf
commit 83143ef7f8
17 changed files with 249 additions and 86 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
jdk/src/java.base/share/classes/sun/security/ssl/Handshaker.java
View File

@ -500,7 +500,9 @@ abstract class Handshaker {
if (activeProtocols.collection().isEmpty() ||
activeProtocols.max.v == ProtocolVersion.NONE.v) {
throw new SSLHandshakeException("No appropriate protocol");
throw new SSLHandshakeException(
"No appropriate protocol (protocol is disabled or " +
"cipher suites are inappropriate)");
}
if (activeCipherSuites == null) {
@ -685,6 +687,17 @@ abstract class Handshaker {
continue;
}
if (!algorithmConstraints.permits(
EnumSet.of(CryptoPrimitive.KEY_AGREEMENT),
protocol.name, null)) {
if (debug != null && Debug.isOn("verbose")) {
System.out.println(
"Ignoring disabled protocol: " + protocol);
}
continue;
}
boolean found = false;
for (CipherSuite suite : enabledCipherSuites.collection()) {
if (suite.isAvailable() && suite.obsoleted > protocol.v &&

27
jdk/src/java.base/share/classes/sun/security/ssl/ProtocolVersion.java
View File

@ -25,6 +25,9 @@
package sun.security.ssl;
import java.util.*;
import java.security.CryptoPrimitive;
/**
* Type safe enum for an SSL/TLS protocol version. Instances are obtained
* using the static factory methods or by referencing the static members
@ -86,6 +89,11 @@ public final class ProtocolVersion implements Comparable<ProtocolVersion> {
// Default version for hello messages (SSLv2Hello)
final static ProtocolVersion DEFAULT_HELLO = FIPS ? TLS10 : SSL30;
// Available protocols
//
// Including all supported protocols except the disabled ones.
final static Set<ProtocolVersion> availableProtocols;
// version in 16 bit MSB format as it appears in records and
// messages, i.e. 0x0301 for TLS 1.0
public final int v;
@ -96,6 +104,25 @@ public final class ProtocolVersion implements Comparable<ProtocolVersion> {
// name used in JSSE (e.g. TLSv1 for TLS 1.0)
final String name;
// Initialize the available protocols.
static {
Set<ProtocolVersion> protocols = new HashSet<>(5);
ProtocolVersion[] pvs = new ProtocolVersion[] {
SSL20Hello, SSL30, TLS10, TLS11, TLS12};
EnumSet<CryptoPrimitive> cryptoPrimitives =
EnumSet.<CryptoPrimitive>of(CryptoPrimitive.KEY_AGREEMENT);
for (ProtocolVersion p : pvs) {
if (SSLAlgorithmConstraints.DEFAULT_SSL_ONLY.permits(
cryptoPrimitives, p.name, null)) {
protocols.add(p);
}
}
availableProtocols =
Collections.<ProtocolVersion>unmodifiableSet(protocols);
}
// private
private ProtocolVersion(int v, String name) {
this.v = v;

10
jdk/src/java.base/share/classes/sun/security/ssl/SSLAlgorithmConstraints.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2010, 2012, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2010, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -55,6 +55,14 @@ final class SSLAlgorithmConstraints implements AlgorithmConstraints {
private boolean enabledX509DisabledAlgConstraints = true;
// the default algorithm constraints
final static AlgorithmConstraints DEFAULT =
new SSLAlgorithmConstraints(null);
// the default SSL only algorithm constraints
final static AlgorithmConstraints DEFAULT_SSL_ONLY =
new SSLAlgorithmConstraints((SSLSocket)null, false);
SSLAlgorithmConstraints(AlgorithmConstraints algorithmConstraints) {
userAlgConstraints = algorithmConstraints;
}

203
jdk/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1999, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -52,10 +52,6 @@ public abstract class SSLContextImpl extends SSLContextSpi {
private X509TrustManager trustManager;
private SecureRandom secureRandom;
// The default algrithm constraints
private AlgorithmConstraints defaultAlgorithmConstraints =
new SSLAlgorithmConstraints(null);
// supported and default protocols
private ProtocolList defaultServerProtocolList;
private ProtocolList defaultClientProtocolList;
@ -350,7 +346,7 @@ public abstract class SSLContextImpl extends SSLContextSpi {
if (suite.isAvailable() &&
suite.obsoleted > protocols.min.v &&
suite.supported <= protocols.max.v) {
if (defaultAlgorithmConstraints.permits(
if (SSLAlgorithmConstraints.DEFAULT.permits(
EnumSet.of(CryptoPrimitive.KEY_AGREEMENT),
suite.name, null)) {
suites.add(suite);
@ -431,11 +427,16 @@ public abstract class SSLContextImpl extends SSLContextSpi {
*/
private abstract static class AbstractSSLContext extends SSLContextImpl {
// parameters
private final static SSLParameters defaultServerSSLParams;
private final static SSLParameters supportedSSLParams;
private static final SSLParameters defaultServerSSLParams;
private static final SSLParameters supportedSSLParams;
static {
// supported SSL parameters
supportedSSLParams = new SSLParameters();
// candidates for available protocols
ProtocolVersion[] candidates;
if (SunJSSE.isFIPS()) {
supportedSSLParams.setProtocols(new String[] {
ProtocolVersion.TLS10.name,
@ -443,7 +444,11 @@ public abstract class SSLContextImpl extends SSLContextSpi {
ProtocolVersion.TLS12.name
});
defaultServerSSLParams = supportedSSLParams;
candidates = new ProtocolVersion[] {
ProtocolVersion.TLS10,
ProtocolVersion.TLS11,
ProtocolVersion.TLS12
};
} else {
supportedSSLParams.setProtocols(new String[] {
ProtocolVersion.SSL20Hello.name,
@ -453,8 +458,18 @@ public abstract class SSLContextImpl extends SSLContextSpi {
ProtocolVersion.TLS12.name
});
defaultServerSSLParams = supportedSSLParams;
candidates = new ProtocolVersion[] {
ProtocolVersion.SSL20Hello,
ProtocolVersion.SSL30,
ProtocolVersion.TLS10,
ProtocolVersion.TLS11,
ProtocolVersion.TLS12
};
}
defaultServerSSLParams = new SSLParameters();
defaultServerSSLParams.setProtocols(
getAvailableProtocols(candidates));
}
@Override
@ -466,6 +481,22 @@ public abstract class SSLContextImpl extends SSLContextSpi {
SSLParameters getSupportedSSLParams() {
return supportedSSLParams;
}
static String[] getAvailableProtocols(
ProtocolVersion[] protocolCandidates) {
List<String> availableProtocols = Collections.<String>emptyList();
if (protocolCandidates != null && protocolCandidates.length != 0) {
availableProtocols = new ArrayList<>(protocolCandidates.length);
for (ProtocolVersion p : protocolCandidates) {
if (ProtocolVersion.availableProtocols.contains(p)) {
availableProtocols.add(p.name);
}
}
}
return availableProtocols.toArray(new String[0]);
}
}
/*
@ -474,21 +505,25 @@ public abstract class SSLContextImpl extends SSLContextSpi {
* @see SSLContext
*/
public static final class TLS10Context extends AbstractSSLContext {
private final static SSLParameters defaultClientSSLParams;
private static final SSLParameters defaultClientSSLParams;
static {
defaultClientSSLParams = new SSLParameters();
// candidates for available protocols
ProtocolVersion[] candidates;
if (SunJSSE.isFIPS()) {
defaultClientSSLParams.setProtocols(new String[] {
ProtocolVersion.TLS10.name
});
candidates = new ProtocolVersion[] {
ProtocolVersion.TLS10
};
} else {
defaultClientSSLParams.setProtocols(new String[] {
ProtocolVersion.SSL30.name,
ProtocolVersion.TLS10.name
});
candidates = new ProtocolVersion[] {
ProtocolVersion.SSL30,
ProtocolVersion.TLS10
};
}
defaultClientSSLParams = new SSLParameters();
defaultClientSSLParams.setProtocols(
getAvailableProtocols(candidates));
}
@Override
@ -503,23 +538,27 @@ public abstract class SSLContextImpl extends SSLContextSpi {
* @see SSLContext
*/
public static final class TLS11Context extends AbstractSSLContext {
private final static SSLParameters defaultClientSSLParams;
private static final SSLParameters defaultClientSSLParams;
static {
defaultClientSSLParams = new SSLParameters();
// candidates for available protocols
ProtocolVersion[] candidates;
if (SunJSSE.isFIPS()) {
defaultClientSSLParams.setProtocols(new String[] {
ProtocolVersion.TLS10.name,
ProtocolVersion.TLS11.name
});
candidates = new ProtocolVersion[] {
ProtocolVersion.TLS10,
ProtocolVersion.TLS11
};
} else {
defaultClientSSLParams.setProtocols(new String[] {
ProtocolVersion.SSL30.name,
ProtocolVersion.TLS10.name,
ProtocolVersion.TLS11.name
});
candidates = new ProtocolVersion[] {
ProtocolVersion.SSL30,
ProtocolVersion.TLS10,
ProtocolVersion.TLS11
};
}
defaultClientSSLParams = new SSLParameters();
defaultClientSSLParams.setProtocols(
getAvailableProtocols(candidates));
}
@Override
@ -534,25 +573,29 @@ public abstract class SSLContextImpl extends SSLContextSpi {
* @see SSLContext
*/
public static final class TLS12Context extends AbstractSSLContext {
private final static SSLParameters defaultClientSSLParams;
private static final SSLParameters defaultClientSSLParams;
static {
defaultClientSSLParams = new SSLParameters();
// candidates for available protocols
ProtocolVersion[] candidates;
if (SunJSSE.isFIPS()) {
defaultClientSSLParams.setProtocols(new String[] {
ProtocolVersion.TLS10.name,
ProtocolVersion.TLS11.name,
ProtocolVersion.TLS12.name
});
candidates = new ProtocolVersion[] {
ProtocolVersion.TLS10,
ProtocolVersion.TLS11,
ProtocolVersion.TLS12
};
} else {
defaultClientSSLParams.setProtocols(new String[] {
ProtocolVersion.SSL30.name,
ProtocolVersion.TLS10.name,
ProtocolVersion.TLS11.name,
ProtocolVersion.TLS12.name
});
candidates = new ProtocolVersion[] {
ProtocolVersion.SSL30,
ProtocolVersion.TLS10,
ProtocolVersion.TLS11,
ProtocolVersion.TLS12
};
}
defaultClientSSLParams = new SSLParameters();
defaultClientSSLParams.setProtocols(
getAvailableProtocols(candidates));
}
@Override
@ -567,8 +610,8 @@ public abstract class SSLContextImpl extends SSLContextSpi {
* @see SSLContext
*/
private static class CustomizedSSLContext extends AbstractSSLContext {
private final static String PROPERTY_NAME = "jdk.tls.client.protocols";
private final static SSLParameters defaultClientSSLParams;
private static final String PROPERTY_NAME = "jdk.tls.client.protocols";
private static final SSLParameters defaultClientSSLParams;
private static IllegalArgumentException reservedException = null;
// Don't want a java.lang.LinkageError for illegal system property.
@ -578,60 +621,74 @@ public abstract class SSLContextImpl extends SSLContextSpi {
// the provider service. Instead, let's handle the initialization
// exception in constructor.
static {
// candidates for available protocols
ProtocolVersion[] candidates;
String property = AccessController.doPrivileged(
new GetPropertyAction(PROPERTY_NAME));
defaultClientSSLParams = new SSLParameters();
if (property == null || property.length() == 0) {
// the default enabled client TLS protocols
if (SunJSSE.isFIPS()) {
defaultClientSSLParams.setProtocols(new String[] {
ProtocolVersion.TLS10.name,
ProtocolVersion.TLS11.name,
ProtocolVersion.TLS12.name
});
candidates = new ProtocolVersion[] {
ProtocolVersion.TLS10,
ProtocolVersion.TLS11,
ProtocolVersion.TLS12
};
} else {
defaultClientSSLParams.setProtocols(new String[] {
ProtocolVersion.SSL30.name,
ProtocolVersion.TLS10.name,
ProtocolVersion.TLS11.name,
ProtocolVersion.TLS12.name
});
candidates = new ProtocolVersion[] {
ProtocolVersion.SSL30,
ProtocolVersion.TLS10,
ProtocolVersion.TLS11,
ProtocolVersion.TLS12
};
}
} else {
// remove double quote marks from beginning/end of the property
if (property.charAt(0) == '"' &&
if (property.length() > 1 && property.charAt(0) == '"' &&
property.charAt(property.length() - 1) == '"') {
property = property.substring(1, property.length() - 1);
}
String[] protocols = property.split(",");
String[] protocols = null;
if (property != null && property.length() != 0) {
protocols = property.split(",");
} else {
reservedException = new IllegalArgumentException(
"No protocol specified in " +
PROPERTY_NAME + " system property");
protocols = new String[0];
}
candidates = new ProtocolVersion[protocols.length];
for (int i = 0; i < protocols.length; i++) {
protocols[i] = protocols[i].trim();
// Is it a supported protocol name?
try {
ProtocolVersion.valueOf(protocols[i]);
candidates[i] = ProtocolVersion.valueOf(protocols[i]);
} catch (IllegalArgumentException iae) {
reservedException = new IllegalArgumentException(
PROPERTY_NAME + ": " + protocols[i] +
" is not a standard SSL protocol name", iae);
PROPERTY_NAME + ": " + protocols[i] +
" is not a standard SSL/TLS protocol name", iae);
break;
}
}
if ((reservedException == null) && SunJSSE.isFIPS()) {
for (String protocol : protocols) {
if (ProtocolVersion.SSL20Hello.name.equals(protocol) ||
ProtocolVersion.SSL30.name.equals(protocol)) {
for (ProtocolVersion protocolVersion : candidates) {
if (ProtocolVersion.SSL20Hello.v == protocolVersion.v ||
ProtocolVersion.SSL30.v == protocolVersion.v) {
reservedException = new IllegalArgumentException(
PROPERTY_NAME + ": " + protocol +
PROPERTY_NAME + ": " + protocolVersion +
" is not FIPS compliant");
}
}
}
}
if (reservedException == null) {
defaultClientSSLParams.setProtocols(protocols);
}
defaultClientSSLParams = new SSLParameters();
if (reservedException == null) {
defaultClientSSLParams.setProtocols(
getAvailableProtocols(candidates));
}
}

11
jdk/src/java.base/share/conf/security/java.security
View File

@ -512,8 +512,12 @@ jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024
#
# In some environments, certain algorithms or key lengths may be undesirable
# when using SSL/TLS. This section describes the mechanism for disabling
# algorithms during SSL/TLS security parameters negotiation, including cipher
# suites selection, peer authentication and key exchange mechanisms.
# algorithms during SSL/TLS security parameters negotiation, including
# protocol version negotiation, cipher suites selection, peer authentication
# and key exchange mechanisms.
#
# Disabled algorithms will not be negotiated for SSL/TLS connections, even
# if they are enabled explicitly in an application.
#
# For PKI-based peer authentication and key exchange mechanisms, this list
# of disabled algorithms will also be checked during certification path
@ -528,4 +532,5 @@ jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024
# It is not guaranteed to be examined and used by other implementations.
#
# Example:
# jdk.tls.disabledAlgorithms=MD5, SHA1, DSA, RSA keySize < 2048
# jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
jdk.tls.disabledAlgorithms=SSLv3

4
jdk/test/javax/net/ssl/SSLSession/TestEnabledProtocols.java
View File

@ -120,6 +120,10 @@ public class TestEnabledProtocols {
volatile Exception clientException = null;
public static void main(String[] args) throws Exception {
// reset the security property to make sure that the algorithms
// and keys used in this test are not disabled.
Security.setProperty("jdk.tls.disabledAlgorithms", "");
String keyFilename =
System.getProperty("test.src", "./") + "/" + pathToStores +
"/" + keyStoreFile;

7
jdk/test/javax/net/ssl/ServerName/SSLEngineExplorer.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -44,6 +44,7 @@ import java.nio.*;
import java.net.*;
import java.util.*;
import java.nio.channels.*;
import java.security.Security;
public class SSLEngineExplorer extends SSLEngineService {
@ -231,6 +232,10 @@ public class SSLEngineExplorer extends SSLEngineService {
volatile int serverPort = 0;
public static void main(String args[]) throws Exception {
// reset the security property to make sure that the algorithms
// and keys used in this test are not disabled.
Security.setProperty("jdk.tls.disabledAlgorithms", "");
if (debug)
System.setProperty("javax.net.debug", "all");

7
jdk/test/javax/net/ssl/ServerName/SSLSocketExplorer.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -45,6 +45,7 @@ import java.nio.channels.*;
import java.util.*;
import java.net.*;
import javax.net.ssl.*;
import java.security.Security;
public class SSLSocketExplorer {
@ -224,6 +225,10 @@ public class SSLSocketExplorer {
volatile Exception clientException = null;
public static void main(String[] args) throws Exception {
// reset the security property to make sure that the algorithms
// and keys used in this test are not disabled.
Security.setProperty("jdk.tls.disabledAlgorithms", "");
String keyFilename =
System.getProperty("test.src", ".") + "/" + pathToStores +
"/" + keyStoreFile;

4
jdk/test/javax/net/ssl/TLS/TestJSSE.java
View File

@ -78,6 +78,10 @@ public class TestJSSE {
private static final String LOCAL_IP = "127.0.0.1";
public static void main(String... args) throws Exception {
// reset the security property to make sure that the algorithms
// and keys used in this test are not disabled.
Security.setProperty("jdk.tls.disabledAlgorithms", "");
String serverProtocol = System.getProperty("SERVER_PROTOCOL");
String clientProtocol = System.getProperty("CLIENT_PROTOCOL");
int port = jdk.testlibrary.Utils.getFreePort();

4
jdk/test/javax/net/ssl/sanity/interop/ClientJSSEServerJSSE.java
View File

@ -33,6 +33,10 @@ import java.security.Security;
public class ClientJSSEServerJSSE {
public static void main(String[] args) throws Exception {
// reset the security property to make sure that the algorithms
// and keys used in this test are not disabled.
Security.setProperty("jdk.tls.disabledAlgorithms", "");
// MD5 is used in this test case, don't disable MD5 algorithm.
Security.setProperty(
"jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024");

4
jdk/test/sun/security/ec/TestEC.java
View File

@ -59,6 +59,10 @@ import java.security.Security;
public class TestEC {
public static void main(String[] args) throws Exception {
// reset the security property to make sure that the algorithms
// and keys used in this test are not disabled.
Security.setProperty("jdk.tls.disabledAlgorithms", "");
// MD5 is used in this test case, don't disable MD5 algorithm.
Security.setProperty(
"jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024");

6
jdk/test/sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2002, 2012, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2002, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -43,6 +43,10 @@ public class ClientJSSEServerJSSE extends PKCS11Test {
private static String[] cmdArgs;
public static void main(String[] args) throws Exception {
// reset the security property to make sure that the algorithms
// and keys used in this test are not disabled.
Security.setProperty("jdk.tls.disabledAlgorithms", "");
cmdArgs = args;
main(new ClientJSSEServerJSSE());
}

7
jdk/test/sun/security/ssl/ProtocolVersion/HttpsProtocols.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2002, 2011, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2002, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -32,6 +32,7 @@
import java.io.*;
import java.net.*;
import javax.net.ssl.*;
import java.security.Security;
public class HttpsProtocols implements HostnameVerifier {
@ -177,6 +178,10 @@ public class HttpsProtocols implements HostnameVerifier {
volatile Exception clientException = null;
public static void main(String[] args) throws Exception {
// reset the security property to make sure that the algorithms
// and keys used in this test are not disabled.
Security.setProperty("jdk.tls.disabledAlgorithms", "");
String keyFilename =
System.getProperty("test.src", "./") + "/" + pathToStores +
"/" + keyStoreFile;

7
jdk/test/sun/security/ssl/SSLContextImpl/CustomizedDefaultProtocols.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2013, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -35,6 +35,7 @@
import javax.net.*;
import javax.net.ssl.*;
import java.util.Arrays;
import java.security.Security;
public class CustomizedDefaultProtocols {
static enum ContextVersion {
@ -93,6 +94,10 @@ public class CustomizedDefaultProtocols {
}
public static void main(String[] args) throws Exception {
// reset the security property to make sure that the algorithms
// and keys used in this test are not disabled.
Security.setProperty("jdk.tls.disabledAlgorithms", "");
boolean failed = false;
for (ContextVersion cv : ContextVersion.values()) {
System.out.println("Checking SSLContext of " + cv.contextVersion);

7
jdk/test/sun/security/ssl/SSLContextImpl/DefaultEnabledProtocols.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2013, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -34,6 +34,7 @@
import javax.net.*;
import javax.net.ssl.*;
import java.util.Arrays;
import java.security.Security;
public class DefaultEnabledProtocols {
static enum ContextVersion {
@ -92,6 +93,10 @@ public class DefaultEnabledProtocols {
}
public static void main(String[] args) throws Exception {
// reset the security property to make sure that the algorithms
// and keys used in this test are not disabled.
Security.setProperty("jdk.tls.disabledAlgorithms", "");
boolean failed = false;
for (ContextVersion cv : ContextVersion.values()) {
System.out.println("Checking SSLContext of " + cv.contextVersion);

7
jdk/test/sun/security/ssl/SSLContextImpl/NoOldVersionContext.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2013, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -35,6 +35,7 @@
import javax.net.*;
import javax.net.ssl.*;
import java.util.Arrays;
import java.security.Security;
public class NoOldVersionContext {
static enum ContextVersion {
@ -93,6 +94,10 @@ public class NoOldVersionContext {
}
public static void main(String[] args) throws Exception {
// reset the security property to make sure that the algorithms
// and keys used in this test are not disabled.
Security.setProperty("jdk.tls.disabledAlgorithms", "");
boolean failed = false;
for (ContextVersion cv : ContextVersion.values()) {
System.out.println("Checking SSLContext of " + cv.contextVersion);

5
jdk/test/sun/security/ssl/SSLEngineImpl/DelegatedTaskWrongException.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -115,6 +115,9 @@ public class DelegatedTaskWrongException {
}
public static void main(String args[]) throws Exception {
// reset the security property to make sure that the algorithms
// and keys used in this test are not disabled.
Security.setProperty("jdk.tls.disabledAlgorithms", "");
DelegatedTaskWrongException test;