--- a/src/java.base/share/classes/sun/security/ssl/JsseJce.java Fri May 11 14:55:56 2018 -0700
+++ b/src/java.base/share/classes/sun/security/ssl/JsseJce.java Fri May 11 15:53:12 2018 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2001, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -25,25 +25,16 @@
package sun.security.ssl;
-import java.util.*;
import java.math.BigInteger;
-
import java.security.*;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.*;
-
+import java.util.*;
import javax.crypto.*;
-
-// explicit import to override the Provider class in this package
-import java.security.Provider;
-
-// need internal Sun classes for FIPS tricks
+import sun.security.jca.ProviderList;
import sun.security.jca.Providers;
-import sun.security.jca.ProviderList;
-
+import static sun.security.ssl.SunJSSE.cryptoProvider;
import sun.security.util.ECUtil;
-
-import static sun.security.ssl.SunJSSE.cryptoProvider;
import static sun.security.util.SecurityConstants.PROVIDER_VER;
/**
@@ -53,18 +44,11 @@
* @author Andreas Sterbenz
*/
final class JsseJce {
+ static final boolean ALLOW_ECC =
+ Utilities.getBooleanProperty("com.sun.net.ssl.enableECC", true);
private static final ProviderList fipsProviderList;
- // Flag indicating whether Kerberos crypto is available.
- // If true, then all the Kerberos-based crypto we need is available.
- private static final boolean kerberosAvailable;
- static {
- ClientKeyExchangeService p =
- ClientKeyExchangeService.find("KRB5");
- kerberosAvailable = (p != null);
- }
-
static {
// force FIPS flag initialization
// Because isFIPS() is synchronized and cryptoProvider is not modified
@@ -181,7 +165,7 @@
}
static boolean isKerberosAvailable() {
- return kerberosAvailable;
+ return false;
}
/**
@@ -299,7 +283,8 @@
for (Provider.Service s : cryptoProvider.getServices()) {
if (s.getType().equals("SecureRandom")) {
try {
- return SecureRandom.getInstance(s.getAlgorithm(), cryptoProvider);
+ return SecureRandom.getInstance(
+ s.getAlgorithm(), cryptoProvider);
} catch (NoSuchAlgorithmException ee) {
// ignore
}
@@ -394,7 +379,7 @@
// See Effective Java Second Edition: Item 71.
private static class EcAvailability {
// Is EC crypto available?
- private final static boolean isAvailable;
+ private static final boolean isAvailable;
static {
boolean mediator = true;