# HG changeset patch # User xuelei # Date 1528556892 25200 # Node ID 2d7e08d730b6cf78698f87025a3d60a1c715f7f2 # Parent a02692615745384cd13b2820ab100c620368e41d Code clean up for unsupported DTLS 1.3 diff -r a02692615745 -r 2d7e08d730b6 src/java.base/share/classes/sun/security/ssl/CipherSuite.java --- a/src/java.base/share/classes/sun/security/ssl/CipherSuite.java Fri Jun 08 20:35:40 2018 -0700 +++ b/src/java.base/share/classes/sun/security/ssl/CipherSuite.java Sat Jun 09 08:08:12 2018 -0700 @@ -343,35 +343,35 @@ // RC4 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA( 0xC007, false, "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", "", - ProtocolVersion.PROTOCOLS_TO_T12, + ProtocolVersion.PROTOCOLS_TO_TLS12, K_ECDHE_ECDSA, B_RC4_128, M_SHA, H_SHA256), TLS_ECDHE_RSA_WITH_RC4_128_SHA( 0xC011, false, "TLS_ECDHE_RSA_WITH_RC4_128_SHA", "", - ProtocolVersion.PROTOCOLS_TO_T12, + ProtocolVersion.PROTOCOLS_TO_TLS12, K_ECDHE_RSA, B_RC4_128, M_SHA, H_SHA256), SSL_RSA_WITH_RC4_128_SHA( 0x0005, false, "SSL_RSA_WITH_RC4_128_SHA", "", - ProtocolVersion.PROTOCOLS_TO_T12, + ProtocolVersion.PROTOCOLS_TO_TLS12, K_RSA, B_RC4_128, M_SHA, H_SHA256), TLS_ECDH_ECDSA_WITH_RC4_128_SHA( 0xC002, false, "TLS_ECDH_ECDSA_WITH_RC4_128_SHA", "", - ProtocolVersion.PROTOCOLS_TO_T12, + ProtocolVersion.PROTOCOLS_TO_TLS12, K_ECDH_ECDSA, B_RC4_128, M_SHA, H_SHA256), TLS_ECDH_RSA_WITH_RC4_128_SHA( 0xC00C, false, "TLS_ECDH_RSA_WITH_RC4_128_SHA", "", - ProtocolVersion.PROTOCOLS_TO_T12, + ProtocolVersion.PROTOCOLS_TO_TLS12, K_ECDH_RSA, B_RC4_128, M_SHA, H_SHA256), SSL_RSA_WITH_RC4_128_MD5( 0x0004, false, "SSL_RSA_WITH_RC4_128_MD5", "", - ProtocolVersion.PROTOCOLS_TO_T12, + ProtocolVersion.PROTOCOLS_TO_TLS12, K_RSA, B_RC4_128, M_MD5, H_SHA256), TLS_ECDH_anon_WITH_RC4_128_SHA( 0xC016, false, "TLS_ECDH_anon_WITH_RC4_128_SHA", "", - ProtocolVersion.PROTOCOLS_TO_T12, + ProtocolVersion.PROTOCOLS_TO_TLS12, K_ECDH_ANON, B_RC4_128, M_SHA, H_SHA256), SSL_DH_anon_WITH_RC4_128_MD5( 0x0018, false, "SSL_DH_anon_WITH_RC4_128_MD5", "", - ProtocolVersion.PROTOCOLS_TO_T12, + ProtocolVersion.PROTOCOLS_TO_TLS12, K_DH_ANON, B_RC4_128, M_MD5, H_SHA256), // weak cipher suites obsoleted in TLS 1.2 diff -r a02692615745 -r 2d7e08d730b6 src/java.base/share/classes/sun/security/ssl/Finished.java --- a/src/java.base/share/classes/sun/security/ssl/Finished.java Fri Jun 08 20:35:40 2018 -0700 +++ b/src/java.base/share/classes/sun/security/ssl/Finished.java Sat Jun 09 08:08:12 2018 -0700 @@ -186,7 +186,6 @@ case DTLS12: return VerifyDataScheme.TLS12; case TLS13: - case DTLS13: return VerifyDataScheme.TLS13; default: return null; diff -r a02692615745 -r 2d7e08d730b6 src/java.base/share/classes/sun/security/ssl/ProtocolVersion.java --- a/src/java.base/share/classes/sun/security/ssl/ProtocolVersion.java Fri Jun 08 20:35:40 2018 -0700 +++ b/src/java.base/share/classes/sun/security/ssl/ProtocolVersion.java Sat Jun 09 08:08:12 2018 -0700 @@ -46,7 +46,6 @@ SSL30 (0x0300, "SSLv3", false), SSL20Hello (0x0002, "SSLv2Hello", false), - DTLS13 (0xFEFC, "DTLSv1.3", true), DTLS12 (0xFEFD, "DTLSv1.2", true), DTLS10 (0xFEFF, "DTLSv1.0", true), @@ -84,7 +83,7 @@ // (D)TLS ProtocolVersion array for (D)TLS 1.3 and previous versions. static final ProtocolVersion[] PROTOCOLS_TO_13 = new ProtocolVersion[] { - TLS13, TLS12, TLS11, TLS10, SSL30, DTLS13, DTLS12, DTLS10 + TLS13, TLS12, TLS11, TLS10, SSL30, DTLS12, DTLS10 }; // No protocol version specified. @@ -92,7 +91,7 @@ NONE }; - // (D)TLS ProtocolVersion array for (D)TLS 1.3. + // (D)TLS ProtocolVersion array for SSL 3.0. static final ProtocolVersion[] PROTOCOLS_OF_30 = new ProtocolVersion[] { SSL30 }; @@ -109,7 +108,7 @@ // (D)TLS ProtocolVersion array for (D)TLS 1.3. static final ProtocolVersion[] PROTOCOLS_OF_13 = new ProtocolVersion[] { - TLS13, DTLS13 + TLS13 }; // (D)TLS ProtocolVersion array for TSL 1.0/1.1 and DTLS 1.0. @@ -124,7 +123,7 @@ // (D)TLS ProtocolVersion array for TSL 1.2/1.3 and DTLS 1.2/1.3. static final ProtocolVersion[] PROTOCOLS_12_13 = new ProtocolVersion[] { - TLS13, TLS12, DTLS13, DTLS12 + TLS13, TLS12, DTLS12 }; // (D)TLS ProtocolVersion array for TSL 1.0/1.1/1.2 and DTLS 1.0/1.2. @@ -133,17 +132,17 @@ }; // TLS ProtocolVersion array for TLS 1.2 and previous versions. - static final ProtocolVersion[] PROTOCOLS_TO_T12 = new ProtocolVersion[] { + static final ProtocolVersion[] PROTOCOLS_TO_TLS12 = new ProtocolVersion[] { TLS12, TLS11, TLS10, SSL30 }; // TLS ProtocolVersion array for TLS 1.1 and previous versions. - static final ProtocolVersion[] PROTOCOLS_TO_T11 = new ProtocolVersion[] { + static final ProtocolVersion[] PROTOCOLS_TO_TLS11 = new ProtocolVersion[] { TLS11, TLS10, SSL30 }; // TLS ProtocolVersion array for TLS 1.0 and previous versions. - static final ProtocolVersion[] PROTOCOLS_TO_T10 = new ProtocolVersion[] { + static final ProtocolVersion[] PROTOCOLS_TO_TLS10 = new ProtocolVersion[] { TLS10, SSL30 }; @@ -225,10 +224,12 @@ /** * Return true if the specific (D)TLS protocol is negotiable. + * + * Used to filter out SSLv2Hello and protocol numbers less than the + * minimal supported protocol versions. */ static boolean isNegotiable( byte major, byte minor, boolean isDTLS, boolean allowSSL20Hello) { - int v = ((major & 0xFF) << 8) | (minor & 0xFF); if (isDTLS) { return v <= DTLS10.id; @@ -238,9 +239,8 @@ return false; } } + return true; } - - return true; } /** @@ -283,25 +283,21 @@ */ static List namesOf(String[] protocolNames) { if (protocolNames == null || protocolNames.length == 0) { - return Collections.emptyList(); + return Collections.emptyList(); } - if ((protocolNames != null) && (protocolNames.length != 0)) { - List pvs = new ArrayList<>(protocolNames.length); - for (String pn : protocolNames) { - ProtocolVersion pv = ProtocolVersion.nameOf(pn); - if (pv == null) { - throw new IllegalArgumentException( - "Unsupported protocol" + pn); - } - - pvs.add(pv); + List pvs = new ArrayList<>(protocolNames.length); + for (String pn : protocolNames) { + ProtocolVersion pv = ProtocolVersion.nameOf(pn); + if (pv == null) { + throw new IllegalArgumentException( + "Unsupported protocol" + pn); } - return Collections.unmodifiableList(pvs); + pvs.add(pv); } - return Collections.emptyList(); + return Collections.unmodifiableList(pvs); } /** @@ -345,7 +341,7 @@ * newer version. */ boolean useTLS13PlusSpec() { - return isDTLS ? (this.id <= DTLS13.id) : (this.id >= TLS13.id); + return isDTLS ? (this.id < DTLS12.id) : (this.id >= TLS13.id); } /** @@ -381,11 +377,11 @@ } /** - * Return true if this ProtocolVersion object is of TLS 1.3 or + * Return true if this ProtocolVersion object is of (D)TLS 1.3 or * newer version. */ static boolean useTLS13PlusSpec(int id, boolean isDTLS) { - return isDTLS ? (id <= DTLS13.id) : (id >= TLS13.id); + return isDTLS ? (id < DTLS12.id) : (id >= TLS13.id); } /** diff -r a02692615745 -r 2d7e08d730b6 src/java.base/share/classes/sun/security/ssl/SSLMasterKeyDerivation.java --- a/src/java.base/share/classes/sun/security/ssl/SSLMasterKeyDerivation.java Fri Jun 08 20:35:40 2018 -0700 +++ b/src/java.base/share/classes/sun/security/ssl/SSLMasterKeyDerivation.java Sat Jun 09 08:08:12 2018 -0700 @@ -63,7 +63,6 @@ case DTLS12: return SSLMasterKeyDerivation.TLS12; case TLS13: - case DTLS13: return SSLMasterKeyDerivation.TLS13; default: return null; diff -r a02692615745 -r 2d7e08d730b6 src/java.base/share/classes/sun/security/ssl/SSLServerSocketFactoryImpl.java --- a/src/java.base/share/classes/sun/security/ssl/SSLServerSocketFactoryImpl.java Fri Jun 08 20:35:40 2018 -0700 +++ b/src/java.base/share/classes/sun/security/ssl/SSLServerSocketFactoryImpl.java Sat Jun 09 08:08:12 2018 -0700 @@ -35,10 +35,9 @@ * * @author David Brownell */ -final public - class SSLServerSocketFactoryImpl extends SSLServerSocketFactory { +public final class SSLServerSocketFactoryImpl extends SSLServerSocketFactory { private static final int DEFAULT_BACKLOG = 50; - private SSLContextImpl context; + private final SSLContextImpl context; /** @@ -70,23 +69,22 @@ } @Override - public ServerSocket createServerSocket( - int port) throws IOException { - return new SSLServerSocketImpl (context, port, DEFAULT_BACKLOG); + public ServerSocket createServerSocket(int port) throws IOException { + return new SSLServerSocketImpl(context, port, DEFAULT_BACKLOG); } @Override public ServerSocket createServerSocket ( int port, int backlog) throws IOException { - return new SSLServerSocketImpl (context, port, backlog); + return new SSLServerSocketImpl(context, port, backlog); } @Override public ServerSocket createServerSocket (int port, int backlog, InetAddress ifAddress) throws IOException { - return new SSLServerSocketImpl (context, port, backlog, ifAddress); + return new SSLServerSocketImpl(context, port, backlog, ifAddress); } /** diff -r a02692615745 -r 2d7e08d730b6 src/java.base/share/classes/sun/security/ssl/SSLTrafficKeyDerivation.java --- a/src/java.base/share/classes/sun/security/ssl/SSLTrafficKeyDerivation.java Fri Jun 08 20:35:40 2018 -0700 +++ b/src/java.base/share/classes/sun/security/ssl/SSLTrafficKeyDerivation.java Sat Jun 09 08:08:12 2018 -0700 @@ -67,7 +67,6 @@ case DTLS12: return SSLTrafficKeyDerivation.TLS12; case TLS13: - case DTLS13: return SSLTrafficKeyDerivation.TLS13; }