author | xuelei |
Mon, 25 Jun 2018 13:41:39 -0700 | |
changeset 50768 | 68fa3d4026ea |
parent 47216 | 71c04702a3d5 |
permissions | -rw-r--r-- |
12874 | 1 |
/* |
31706 | 2 |
* Copyright (c) 2012, 2015, Oracle and/or its affiliates. All rights reserved. |
12874 | 3 |
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 |
* |
|
5 |
* This code is free software; you can redistribute it and/or modify it |
|
6 |
* under the terms of the GNU General Public License version 2 only, as |
|
7 |
* published by the Free Software Foundation. |
|
8 |
* |
|
9 |
* This code is distributed in the hope that it will be useful, but WITHOUT |
|
10 |
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
|
11 |
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
|
12 |
* version 2 for more details (a copy is included in the LICENSE file that |
|
13 |
* accompanied this code). |
|
14 |
* |
|
15 |
* You should have received a copy of the GNU General Public License version |
|
16 |
* 2 along with this work; if not, write to the Free Software Foundation, |
|
17 |
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
|
18 |
* |
|
19 |
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
|
20 |
* or visit www.oracle.com if you need additional information or have any |
|
21 |
* questions. |
|
22 |
*/ |
|
23 |
||
16913 | 24 |
// |
25 |
// SunJSSE does not support dynamic system properties, no way to re-use |
|
26 |
// system properties in samevm/agentvm mode. |
|
27 |
// |
|
28 |
||
12874 | 29 |
/* |
30 |
* @test |
|
31 |
* @bug 7174244 |
|
32 |
* @summary NPE in Krb5ProxyImpl.getServerKeys() |
|
50768 | 33 |
* @ignore the dependent implementation details are changed |
12874 | 34 |
* @run main/othervm CipherSuitesInOrder |
35 |
*/ |
|
36 |
||
37 |
import java.util.*; |
|
38 |
import javax.net.ssl.*; |
|
22267
13f418b13938
8028518: Increase the priorities of GCM cipher suites
xuelei
parents:
16913
diff
changeset
|
39 |
import java.security.Security; |
12874 | 40 |
|
41 |
public class CipherSuitesInOrder { |
|
42 |
||
43 |
// supported ciphersuites |
|
44 |
private final static List<String> supportedCipherSuites = |
|
45 |
Arrays.<String>asList( |
|
22267
13f418b13938
8028518: Increase the priorities of GCM cipher suites
xuelei
parents:
16913
diff
changeset
|
46 |
"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", |
13f418b13938
8028518: Increase the priorities of GCM cipher suites
xuelei
parents:
16913
diff
changeset
|
47 |
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", |
13f418b13938
8028518: Increase the priorities of GCM cipher suites
xuelei
parents:
16913
diff
changeset
|
48 |
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", |
13f418b13938
8028518: Increase the priorities of GCM cipher suites
xuelei
parents:
16913
diff
changeset
|
49 |
"TLS_RSA_WITH_AES_256_GCM_SHA384", |
13f418b13938
8028518: Increase the priorities of GCM cipher suites
xuelei
parents:
16913
diff
changeset
|
50 |
"TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384", |
13f418b13938
8028518: Increase the priorities of GCM cipher suites
xuelei
parents:
16913
diff
changeset
|
51 |
"TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384", |
13f418b13938
8028518: Increase the priorities of GCM cipher suites
xuelei
parents:
16913
diff
changeset
|
52 |
"TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", |
13f418b13938
8028518: Increase the priorities of GCM cipher suites
xuelei
parents:
16913
diff
changeset
|
53 |
"TLS_DHE_DSS_WITH_AES_256_GCM_SHA384", |
13f418b13938
8028518: Increase the priorities of GCM cipher suites
xuelei
parents:
16913
diff
changeset
|
54 |
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", |
13f418b13938
8028518: Increase the priorities of GCM cipher suites
xuelei
parents:
16913
diff
changeset
|
55 |
"TLS_RSA_WITH_AES_128_GCM_SHA256", |
13f418b13938
8028518: Increase the priorities of GCM cipher suites
xuelei
parents:
16913
diff
changeset
|
56 |
"TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256", |
13f418b13938
8028518: Increase the priorities of GCM cipher suites
xuelei
parents:
16913
diff
changeset
|
57 |
"TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256", |
13f418b13938
8028518: Increase the priorities of GCM cipher suites
xuelei
parents:
16913
diff
changeset
|
58 |
"TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", |
13f418b13938
8028518: Increase the priorities of GCM cipher suites
xuelei
parents:
16913
diff
changeset
|
59 |
"TLS_DHE_DSS_WITH_AES_128_GCM_SHA256", |
13f418b13938
8028518: Increase the priorities of GCM cipher suites
xuelei
parents:
16913
diff
changeset
|
60 |
|
12874 | 61 |
"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", |
62 |
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", |
|
63 |
"TLS_RSA_WITH_AES_256_CBC_SHA256", |
|
64 |
"TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384", |
|
65 |
"TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384", |
|
66 |
"TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", |
|
67 |
"TLS_DHE_DSS_WITH_AES_256_CBC_SHA256", |
|
68 |
"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", |
|
69 |
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", |
|
70 |
"TLS_RSA_WITH_AES_256_CBC_SHA", |
|
71 |
"TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", |
|
72 |
"TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", |
|
73 |
"TLS_DHE_RSA_WITH_AES_256_CBC_SHA", |
|
74 |
"TLS_DHE_DSS_WITH_AES_256_CBC_SHA", |
|
75 |
"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", |
|
76 |
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", |
|
77 |
"TLS_RSA_WITH_AES_128_CBC_SHA256", |
|
78 |
"TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256", |
|
79 |
"TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256", |
|
80 |
"TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", |
|
81 |
"TLS_DHE_DSS_WITH_AES_128_CBC_SHA256", |
|
82 |
"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", |
|
83 |
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", |
|
84 |
"TLS_RSA_WITH_AES_128_CBC_SHA", |
|
85 |
"TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", |
|
86 |
"TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", |
|
87 |
"TLS_DHE_RSA_WITH_AES_128_CBC_SHA", |
|
88 |
"TLS_DHE_DSS_WITH_AES_128_CBC_SHA", |
|
16913 | 89 |
|
12874 | 90 |
"TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", |
91 |
"TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", |
|
92 |
"SSL_RSA_WITH_3DES_EDE_CBC_SHA", |
|
93 |
"TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", |
|
94 |
"TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", |
|
95 |
"SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA", |
|
96 |
"SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA", |
|
27722
0fb5bf040fd0
8043200: Decrease the preference mode of RC4 in the enabled cipher suite list
xuelei
parents:
23052
diff
changeset
|
97 |
|
12874 | 98 |
"TLS_EMPTY_RENEGOTIATION_INFO_SCSV", |
99 |
||
16913 | 100 |
"TLS_DH_anon_WITH_AES_256_GCM_SHA384", |
101 |
"TLS_DH_anon_WITH_AES_128_GCM_SHA256", |
|
102 |
||
12874 | 103 |
"TLS_DH_anon_WITH_AES_256_CBC_SHA256", |
104 |
"TLS_ECDH_anon_WITH_AES_256_CBC_SHA", |
|
105 |
"TLS_DH_anon_WITH_AES_256_CBC_SHA", |
|
106 |
"TLS_DH_anon_WITH_AES_128_CBC_SHA256", |
|
107 |
"TLS_ECDH_anon_WITH_AES_128_CBC_SHA", |
|
108 |
"TLS_DH_anon_WITH_AES_128_CBC_SHA", |
|
27722
0fb5bf040fd0
8043200: Decrease the preference mode of RC4 in the enabled cipher suite list
xuelei
parents:
23052
diff
changeset
|
109 |
"TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA", |
0fb5bf040fd0
8043200: Decrease the preference mode of RC4 in the enabled cipher suite list
xuelei
parents:
23052
diff
changeset
|
110 |
"SSL_DH_anon_WITH_3DES_EDE_CBC_SHA", |
31706 | 111 |
|
112 |
"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", |
|
113 |
"TLS_ECDHE_RSA_WITH_RC4_128_SHA", |
|
114 |
"SSL_RSA_WITH_RC4_128_SHA", |
|
115 |
"TLS_ECDH_ECDSA_WITH_RC4_128_SHA", |
|
116 |
"TLS_ECDH_RSA_WITH_RC4_128_SHA", |
|
117 |
"SSL_RSA_WITH_RC4_128_MD5", |
|
12874 | 118 |
"TLS_ECDH_anon_WITH_RC4_128_SHA", |
119 |
"SSL_DH_anon_WITH_RC4_128_MD5", |
|
27722
0fb5bf040fd0
8043200: Decrease the preference mode of RC4 in the enabled cipher suite list
xuelei
parents:
23052
diff
changeset
|
120 |
|
0fb5bf040fd0
8043200: Decrease the preference mode of RC4 in the enabled cipher suite list
xuelei
parents:
23052
diff
changeset
|
121 |
"SSL_RSA_WITH_DES_CBC_SHA", |
0fb5bf040fd0
8043200: Decrease the preference mode of RC4 in the enabled cipher suite list
xuelei
parents:
23052
diff
changeset
|
122 |
"SSL_DHE_RSA_WITH_DES_CBC_SHA", |
0fb5bf040fd0
8043200: Decrease the preference mode of RC4 in the enabled cipher suite list
xuelei
parents:
23052
diff
changeset
|
123 |
"SSL_DHE_DSS_WITH_DES_CBC_SHA", |
0fb5bf040fd0
8043200: Decrease the preference mode of RC4 in the enabled cipher suite list
xuelei
parents:
23052
diff
changeset
|
124 |
"SSL_DH_anon_WITH_DES_CBC_SHA", |
0fb5bf040fd0
8043200: Decrease the preference mode of RC4 in the enabled cipher suite list
xuelei
parents:
23052
diff
changeset
|
125 |
"SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", |
0fb5bf040fd0
8043200: Decrease the preference mode of RC4 in the enabled cipher suite list
xuelei
parents:
23052
diff
changeset
|
126 |
"SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", |
0fb5bf040fd0
8043200: Decrease the preference mode of RC4 in the enabled cipher suite list
xuelei
parents:
23052
diff
changeset
|
127 |
"SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", |
0fb5bf040fd0
8043200: Decrease the preference mode of RC4 in the enabled cipher suite list
xuelei
parents:
23052
diff
changeset
|
128 |
"SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA", |
0fb5bf040fd0
8043200: Decrease the preference mode of RC4 in the enabled cipher suite list
xuelei
parents:
23052
diff
changeset
|
129 |
|
0fb5bf040fd0
8043200: Decrease the preference mode of RC4 in the enabled cipher suite list
xuelei
parents:
23052
diff
changeset
|
130 |
"SSL_RSA_EXPORT_WITH_RC4_40_MD5", |
0fb5bf040fd0
8043200: Decrease the preference mode of RC4 in the enabled cipher suite list
xuelei
parents:
23052
diff
changeset
|
131 |
"SSL_DH_anon_EXPORT_WITH_RC4_40_MD5", |
0fb5bf040fd0
8043200: Decrease the preference mode of RC4 in the enabled cipher suite list
xuelei
parents:
23052
diff
changeset
|
132 |
|
12874 | 133 |
"TLS_RSA_WITH_NULL_SHA256", |
134 |
"TLS_ECDHE_ECDSA_WITH_NULL_SHA", |
|
135 |
"TLS_ECDHE_RSA_WITH_NULL_SHA", |
|
136 |
"SSL_RSA_WITH_NULL_SHA", |
|
137 |
"TLS_ECDH_ECDSA_WITH_NULL_SHA", |
|
138 |
"TLS_ECDH_RSA_WITH_NULL_SHA", |
|
139 |
"TLS_ECDH_anon_WITH_NULL_SHA", |
|
140 |
"SSL_RSA_WITH_NULL_MD5", |
|
27722
0fb5bf040fd0
8043200: Decrease the preference mode of RC4 in the enabled cipher suite list
xuelei
parents:
23052
diff
changeset
|
141 |
|
0fb5bf040fd0
8043200: Decrease the preference mode of RC4 in the enabled cipher suite list
xuelei
parents:
23052
diff
changeset
|
142 |
"TLS_KRB5_WITH_3DES_EDE_CBC_SHA", |
0fb5bf040fd0
8043200: Decrease the preference mode of RC4 in the enabled cipher suite list
xuelei
parents:
23052
diff
changeset
|
143 |
"TLS_KRB5_WITH_3DES_EDE_CBC_MD5", |
12874 | 144 |
"TLS_KRB5_WITH_RC4_128_SHA", |
145 |
"TLS_KRB5_WITH_RC4_128_MD5", |
|
146 |
"TLS_KRB5_WITH_DES_CBC_SHA", |
|
147 |
"TLS_KRB5_WITH_DES_CBC_MD5", |
|
27722
0fb5bf040fd0
8043200: Decrease the preference mode of RC4 in the enabled cipher suite list
xuelei
parents:
23052
diff
changeset
|
148 |
"TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA", |
0fb5bf040fd0
8043200: Decrease the preference mode of RC4 in the enabled cipher suite list
xuelei
parents:
23052
diff
changeset
|
149 |
"TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5", |
12874 | 150 |
"TLS_KRB5_EXPORT_WITH_RC4_40_SHA", |
27722
0fb5bf040fd0
8043200: Decrease the preference mode of RC4 in the enabled cipher suite list
xuelei
parents:
23052
diff
changeset
|
151 |
"TLS_KRB5_EXPORT_WITH_RC4_40_MD5" |
12874 | 152 |
); |
153 |
||
154 |
private final static String[] protocols = { |
|
155 |
"", "SSL", "TLS", "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2" |
|
156 |
}; |
|
157 |
||
158 |
||
159 |
public static void main(String[] args) throws Exception { |
|
160 |
// show all of the supported cipher suites |
|
161 |
showSuites(supportedCipherSuites.toArray(new String[0]), |
|
162 |
"All supported cipher suites"); |
|
163 |
||
164 |
for (String protocol : protocols) { |
|
165 |
System.out.println("//"); |
|
166 |
System.out.println("// " + |
|
167 |
"Testing for SSLContext of " + protocol); |
|
168 |
System.out.println("//"); |
|
169 |
checkForProtocols(protocol); |
|
170 |
} |
|
171 |
} |
|
172 |
||
173 |
public static void checkForProtocols(String protocol) throws Exception { |
|
174 |
SSLContext context; |
|
175 |
if (protocol.isEmpty()) { |
|
176 |
context = SSLContext.getDefault(); |
|
177 |
} else { |
|
178 |
context = SSLContext.getInstance(protocol); |
|
179 |
context.init(null, null, null); |
|
180 |
} |
|
181 |
||
182 |
// check the order of default cipher suites of SSLContext |
|
183 |
SSLParameters parameters = context.getDefaultSSLParameters(); |
|
184 |
checkSuites(parameters.getCipherSuites(), |
|
185 |
"Default cipher suites in SSLContext"); |
|
186 |
||
187 |
// check the order of supported cipher suites of SSLContext |
|
188 |
parameters = context.getSupportedSSLParameters(); |
|
189 |
checkSuites(parameters.getCipherSuites(), |
|
190 |
"Supported cipher suites in SSLContext"); |
|
191 |
||
192 |
||
193 |
// |
|
194 |
// Check the cipher suites order of SSLEngine |
|
195 |
// |
|
196 |
SSLEngine engine = context.createSSLEngine(); |
|
197 |
||
198 |
// check the order of endabled cipher suites |
|
199 |
String[] ciphers = engine.getEnabledCipherSuites(); |
|
200 |
checkSuites(ciphers, |
|
201 |
"Enabled cipher suites in SSLEngine"); |
|
202 |
||
203 |
// check the order of supported cipher suites |
|
204 |
ciphers = engine.getSupportedCipherSuites(); |
|
205 |
checkSuites(ciphers, |
|
206 |
"Supported cipher suites in SSLEngine"); |
|
207 |
||
208 |
// |
|
209 |
// Check the cipher suites order of SSLSocket |
|
210 |
// |
|
211 |
SSLSocketFactory factory = context.getSocketFactory(); |
|
212 |
try (SSLSocket socket = (SSLSocket)factory.createSocket()) { |
|
213 |
||
214 |
// check the order of endabled cipher suites |
|
215 |
ciphers = socket.getEnabledCipherSuites(); |
|
216 |
checkSuites(ciphers, |
|
217 |
"Enabled cipher suites in SSLSocket"); |
|
218 |
||
219 |
// check the order of supported cipher suites |
|
220 |
ciphers = socket.getSupportedCipherSuites(); |
|
221 |
checkSuites(ciphers, |
|
222 |
"Supported cipher suites in SSLSocket"); |
|
223 |
} |
|
224 |
||
225 |
// |
|
226 |
// Check the cipher suites order of SSLServerSocket |
|
227 |
// |
|
228 |
SSLServerSocketFactory serverFactory = context.getServerSocketFactory(); |
|
229 |
try (SSLServerSocket serverSocket = |
|
230 |
(SSLServerSocket)serverFactory.createServerSocket()) { |
|
231 |
// check the order of endabled cipher suites |
|
232 |
ciphers = serverSocket.getEnabledCipherSuites(); |
|
233 |
checkSuites(ciphers, |
|
234 |
"Enabled cipher suites in SSLServerSocket"); |
|
235 |
||
236 |
// check the order of supported cipher suites |
|
237 |
ciphers = serverSocket.getSupportedCipherSuites(); |
|
238 |
checkSuites(ciphers, |
|
239 |
"Supported cipher suites in SSLServerSocket"); |
|
240 |
} |
|
241 |
} |
|
242 |
||
243 |
private static void checkSuites(String[] suites, String title) { |
|
244 |
showSuites(suites, title); |
|
245 |
||
246 |
int loc = -1; |
|
247 |
int index = 0; |
|
248 |
for (String suite : suites) { |
|
249 |
index = supportedCipherSuites.indexOf(suite); |
|
250 |
if (index <= loc) { |
|
251 |
throw new RuntimeException(suite + " is not in order"); |
|
252 |
} |
|
253 |
||
254 |
loc = index; |
|
255 |
} |
|
256 |
} |
|
257 |
||
258 |
private static void showSuites(String[] suites, String title) { |
|
259 |
System.out.println(title + "[" + suites.length + "]:"); |
|
260 |
for (String suite : suites) { |
|
261 |
System.out.println(" " + suite); |
|
262 |
} |
|
263 |
} |
|
264 |
} |