jdk-sandbox: comparison jdk/src/share/classes/sun/security/ssl/CipherSuite.java

equal deleted inserted replaced

-:d70900404b67
+:13f418b13938
 int tls12 = ProtocolVersion.TLS12.v;
 //  ID           Key Exchange   Cipher     A  obs  suprt  PRF
 //  ======       ============   =========  =  ===  =====  ========
+// Suite B compliant cipher suites, see RFC 6460.
-// Placeholder for cipher suites in GCM mode.
 //
-// For better compatibility and interoperability, we decrease the
+// Note that, at present this provider is not Suite B compliant. The
-// priority of cipher suites in GCM mode for a while as GCM
+// preference order of the GCM cipher suites does not follow the spec
-// technologies mature in the industry.  Eventually we'll move
+// of RFC 6460.  In this section, only two cipher suites are listed
-// the GCM suites here.
+// so that applications can make use of Suite-B compliant cipher
+// suite firstly.
+add("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
+0xc02c, --p, K_ECDHE_ECDSA, B_AES_256_GCM, T, max, tls12, P_SHA384);
+add("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
+0xc02b, --p, K_ECDHE_ECDSA, B_AES_128_GCM, T, max, tls12, P_SHA256);
+// AES_256(GCM)
+add("TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
+0xc030, --p, K_ECDHE_RSA,   B_AES_256_GCM, T, max, tls12, P_SHA384);
+add("TLS_RSA_WITH_AES_256_GCM_SHA384",
+0x009d, --p, K_RSA,         B_AES_256_GCM, T, max, tls12, P_SHA384);
+add("TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384",
+0xc02e, --p, K_ECDH_ECDSA,  B_AES_256_GCM, T, max, tls12, P_SHA384);
+add("TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384",
+0xc032, --p, K_ECDH_RSA,    B_AES_256_GCM, T, max, tls12, P_SHA384);
+add("TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",
+0x009f, --p, K_DHE_RSA,     B_AES_256_GCM, T, max, tls12, P_SHA384);
+add("TLS_DHE_DSS_WITH_AES_256_GCM_SHA384",
+0x00a3, --p, K_DHE_DSS,     B_AES_256_GCM, T, max, tls12, P_SHA384);
+// AES_128(GCM)
+add("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
+0xc02f, --p, K_ECDHE_RSA,   B_AES_128_GCM, T, max, tls12, P_SHA256);
+add("TLS_RSA_WITH_AES_128_GCM_SHA256",
+0x009c, --p, K_RSA,         B_AES_128_GCM, T, max, tls12, P_SHA256);
+add("TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256",
+0xc02d, --p, K_ECDH_ECDSA,  B_AES_128_GCM, T, max, tls12, P_SHA256);
+add("TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256",
+0xc031, --p, K_ECDH_RSA,    B_AES_128_GCM, T, max, tls12, P_SHA256);
+add("TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
+0x009e, --p, K_DHE_RSA,     B_AES_128_GCM, T, max, tls12, P_SHA256);
+add("TLS_DHE_DSS_WITH_AES_128_GCM_SHA256",
+0x00a2, --p, K_DHE_DSS,     B_AES_128_GCM, T, max, tls12, P_SHA256);
 // AES_256(CBC)
 add("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
 0xc024, --p, K_ECDHE_ECDSA, B_AES_256, T, max, tls12, P_SHA384);
 add("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
 0x0005, --p, K_RSA,         B_RC4_128, N);
 add("TLS_ECDH_ECDSA_WITH_RC4_128_SHA",
 0xC002, --p, K_ECDH_ECDSA,  B_RC4_128, N);
 add("TLS_ECDH_RSA_WITH_RC4_128_SHA",
 0xC00C, --p, K_ECDH_RSA,    B_RC4_128, N);
-// Cipher suites in GCM mode, see RFC 5288/5289.
-//
-// We may increase the priority of cipher suites in GCM mode when
-// GCM technologies become mature in the industry.
-// Suite B compliant cipher suites, see RFC 6460.
-//
-// Note that, at present this provider is not Suite B compliant. The
-// preference order of the GCM cipher suites does not follow the spec
-// of RFC 6460.
-add("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
-0xc02c, --p, K_ECDHE_ECDSA, B_AES_256_GCM, T, max, tls12, P_SHA384);
-add("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
-0xc02b, --p, K_ECDHE_ECDSA, B_AES_128_GCM, T, max, tls12, P_SHA256);
-// AES_256(GCM)
-add("TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
-0xc030, --p, K_ECDHE_RSA,   B_AES_256_GCM, T, max, tls12, P_SHA384);
-add("TLS_RSA_WITH_AES_256_GCM_SHA384",
-0x009d, --p, K_RSA,         B_AES_256_GCM, T, max, tls12, P_SHA384);
-add("TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384",
-0xc02e, --p, K_ECDH_ECDSA,  B_AES_256_GCM, T, max, tls12, P_SHA384);
-add("TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384",
-0xc032, --p, K_ECDH_RSA,    B_AES_256_GCM, T, max, tls12, P_SHA384);
-add("TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",
-0x009f, --p, K_DHE_RSA,     B_AES_256_GCM, T, max, tls12, P_SHA384);
-add("TLS_DHE_DSS_WITH_AES_256_GCM_SHA384",
-0x00a3, --p, K_DHE_DSS,     B_AES_256_GCM, T, max, tls12, P_SHA384);
-// AES_128(GCM)
-add("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
-0xc02f, --p, K_ECDHE_RSA,   B_AES_128_GCM, T, max, tls12, P_SHA256);
-add("TLS_RSA_WITH_AES_128_GCM_SHA256",
-0x009c, --p, K_RSA,         B_AES_128_GCM, T, max, tls12, P_SHA256);
-add("TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256",
-0xc02d, --p, K_ECDH_ECDSA,  B_AES_128_GCM, T, max, tls12, P_SHA256);
-add("TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256",
-0xc031, --p, K_ECDH_RSA,    B_AES_128_GCM, T, max, tls12, P_SHA256);
-add("TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
-0x009e, --p, K_DHE_RSA,     B_AES_128_GCM, T, max, tls12, P_SHA256);
-add("TLS_DHE_DSS_WITH_AES_128_GCM_SHA256",
-0x00a2, --p, K_DHE_DSS,     B_AES_128_GCM, T, max, tls12, P_SHA256);
-// End of cipher suites in GCM mode.
 // 3DES_EDE
 add("TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA",
 0xC008, --p, K_ECDHE_ECDSA, B_3DES,    T);
 add("TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",

changeset 22267	13f418b13938
parent 16913	a6f4d1626ad9