--- a/jdk/src/share/classes/sun/security/ssl/SSLServerSocketImpl.java Fri Oct 29 12:35:07 2010 +0200
+++ b/jdk/src/share/classes/sun/security/ssl/SSLServerSocketImpl.java Sat Oct 30 18:39:17 2010 +0800
@@ -145,7 +145,7 @@
}
sslContext = context;
enabledCipherSuites = CipherSuiteList.getDefault();
- enabledProtocols = ProtocolList.getDefault();
+ enabledProtocols = ProtocolList.getDefault(true);
}
/**
@@ -238,6 +238,16 @@
* rejoining the already-negotiated SSL connection.
*/
public void setUseClientMode(boolean flag) {
+ /*
+ * If we need to change the socket mode and the enabled
+ * protocols haven't specifically been set by the user,
+ * change them to the corresponding default ones.
+ */
+ if (useServerMode != (!flag) &&
+ ProtocolList.isDefaultProtocolList(enabledProtocols)) {
+ enabledProtocols = ProtocolList.getDefault(!flag);
+ }
+
useServerMode = !flag;
}
@@ -262,15 +272,12 @@
return enableSessionCreation;
}
-
/**
* Accept a new SSL connection. This server identifies itself with
* information provided in the authentication context which was
* presented during construction.
*/
public Socket accept() throws IOException {
- checkEnabledSuites();
-
SSLSocketImpl s = new SSLSocketImpl(sslContext, useServerMode,
enabledCipherSuites, doClientAuth, enableSessionCreation,
enabledProtocols);
@@ -280,56 +287,6 @@
return s;
}
-
- /*
- * This is a sometimes helpful diagnostic check that is performed
- * once for each ServerSocket to verify that the initial set of
- * enabled suites are capable of supporting a successful handshake.
- */
- private void checkEnabledSuites() throws IOException {
- //
- // We want to report an error if no cipher suites were actually
- // enabled, since this is an error users are known to make. Then
- // they get vastly confused by having clients report an error!
- //
- synchronized (this) {
- if (checkedEnabled) {
- return;
- }
- if (useServerMode == false) {
- return;
- }
-
- SSLSocketImpl tmp = new SSLSocketImpl(sslContext, useServerMode,
- enabledCipherSuites, doClientAuth,
- enableSessionCreation, enabledProtocols);
-
- try {
- ServerHandshaker handshaker = tmp.getServerHandshaker();
-
- for (Iterator<CipherSuite> t = enabledCipherSuites.iterator();
- t.hasNext();) {
- CipherSuite suite = t.next();
- if (handshaker.trySetCipherSuite(suite)) {
- checkedEnabled = true;
- return;
- }
- }
- } finally {
- tmp.closeSocket();
- }
-
- //
- // diagnostic text here is currently appropriate
- // since it's only certificate unavailability that can
- // cause such problems ... but that might change someday.
- //
- throw new SSLException("No available certificate or key corresponds"
- + " to the SSL cipher suites which are enabled.");
- }
- }
-
-
/**
* Provides a brief description of this SSL socket.
*/