# HG changeset patch # User ascarpino # Date 1526695669 25200 # Node ID 4a53dd94403e0d8cb702d814e99987fddbfa77be # Parent 9dfdc35eb2706bbb977603b5fd1b3d63f565b176 DTLS fix for proper closing diff -r 9dfdc35eb270 -r 4a53dd94403e src/java.base/share/classes/sun/security/ssl/CipherSuite.java --- a/src/java.base/share/classes/sun/security/ssl/CipherSuite.java Thu May 17 16:18:47 2018 -0700 +++ b/src/java.base/share/classes/sun/security/ssl/CipherSuite.java Fri May 18 19:07:49 2018 -0700 @@ -344,38 +344,38 @@ ProtocolVersion.PROTOCOLS_TO_12, K_DH_ANON, B_3DES, M_SHA, H_SHA256), - // RC-4 + // RC4 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA( 0xC007, false, "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", "", - ProtocolVersion.PROTOCOLS_TO_12, + ProtocolVersion.PROTOCOLS_TO_T12, K_ECDHE_ECDSA, B_RC4_128, M_SHA, H_SHA256), TLS_ECDHE_RSA_WITH_RC4_128_SHA( 0xC011, false, "TLS_ECDHE_RSA_WITH_RC4_128_SHA", "", - ProtocolVersion.PROTOCOLS_TO_12, + ProtocolVersion.PROTOCOLS_TO_T12, K_ECDHE_RSA, B_RC4_128, M_SHA, H_SHA256), SSL_RSA_WITH_RC4_128_SHA( 0x0005, false, "SSL_RSA_WITH_RC4_128_SHA", "", - ProtocolVersion.PROTOCOLS_TO_12, + ProtocolVersion.PROTOCOLS_TO_T12, K_RSA, B_RC4_128, M_SHA, H_SHA256), TLS_ECDH_ECDSA_WITH_RC4_128_SHA( 0xC002, false, "TLS_ECDH_ECDSA_WITH_RC4_128_SHA", "", - ProtocolVersion.PROTOCOLS_TO_12, + ProtocolVersion.PROTOCOLS_TO_T12, K_ECDH_ECDSA, B_RC4_128, M_SHA, H_SHA256), TLS_ECDH_RSA_WITH_RC4_128_SHA( 0xC00C, false, "TLS_ECDH_RSA_WITH_RC4_128_SHA", "", - ProtocolVersion.PROTOCOLS_TO_12, + ProtocolVersion.PROTOCOLS_TO_T12, K_ECDH_RSA, B_RC4_128, M_SHA, H_SHA256), SSL_RSA_WITH_RC4_128_MD5( 0x0004, false, "SSL_RSA_WITH_RC4_128_MD5", "", - ProtocolVersion.PROTOCOLS_TO_12, + ProtocolVersion.PROTOCOLS_TO_T12, K_RSA, B_RC4_128, M_MD5, H_SHA256), TLS_ECDH_anon_WITH_RC4_128_SHA( 0xC016, false, "TLS_ECDH_anon_WITH_RC4_128_SHA", "", - ProtocolVersion.PROTOCOLS_TO_12, + ProtocolVersion.PROTOCOLS_TO_T12, K_ECDH_ANON, B_RC4_128, M_SHA, H_SHA256), SSL_DH_anon_WITH_RC4_128_MD5( 0x0018, false, "SSL_DH_anon_WITH_RC4_128_MD5", "", - ProtocolVersion.PROTOCOLS_TO_12, + ProtocolVersion.PROTOCOLS_TO_T12, K_DH_ANON, B_RC4_128, M_MD5, H_SHA256), // weak cipher suites obsoleted in TLS 1.2 @@ -459,43 +459,43 @@ // supported Kerberos ciphersuites from RFC2712 TLS_KRB5_WITH_3DES_EDE_CBC_SHA( 0x001F, false, "TLS_KRB5_WITH_3DES_EDE_CBC_SHA", "", - ProtocolVersion.PROTOCOLS_TO_12, + ProtocolVersion.PROTOCOLS_TO_T12, K_KRB5, B_3DES, M_SHA, H_SHA256), TLS_KRB5_WITH_3DES_EDE_CBC_MD5( 0x0023, false, "TLS_KRB5_WITH_3DES_EDE_CBC_MD5", "", - ProtocolVersion.PROTOCOLS_TO_12, + ProtocolVersion.PROTOCOLS_TO_T12, K_KRB5, B_3DES, M_MD5, H_SHA256), TLS_KRB5_WITH_RC4_128_SHA( 0x0020, false, "TLS_KRB5_WITH_RC4_128_SHA", "", - ProtocolVersion.PROTOCOLS_TO_12, + ProtocolVersion.PROTOCOLS_TO_T12, K_KRB5, B_RC4_128, M_SHA, H_SHA256), TLS_KRB5_WITH_RC4_128_MD5( 0x0024, false, "TLS_KRB5_WITH_RC4_128_MD5", "", - ProtocolVersion.PROTOCOLS_TO_12, + ProtocolVersion.PROTOCOLS_TO_T12, K_KRB5, B_RC4_128, M_MD5, H_SHA256), TLS_KRB5_WITH_DES_CBC_SHA( 0x001e, false, "TLS_KRB5_WITH_DES_CBC_SHA", "", - ProtocolVersion.PROTOCOLS_TO_11, + ProtocolVersion.PROTOCOLS_TO_T11, K_KRB5, B_DES, M_SHA, H_NONE), TLS_KRB5_WITH_DES_CBC_MD5( 0x0022, false, "TLS_KRB5_WITH_DES_CBC_MD5", "", - ProtocolVersion.PROTOCOLS_TO_11, + ProtocolVersion.PROTOCOLS_TO_T11, K_KRB5, B_DES, M_MD5, H_NONE), TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA( 0x0026, false, "TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA", "", - ProtocolVersion.PROTOCOLS_TO_10, + ProtocolVersion.PROTOCOLS_TO_T10, K_KRB5_EXPORT, B_DES_40, M_SHA, H_NONE), TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5( 0x0029, false, "TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5", "", - ProtocolVersion.PROTOCOLS_TO_10, + ProtocolVersion.PROTOCOLS_TO_T10, K_KRB5_EXPORT, B_DES_40, M_MD5, H_NONE), TLS_KRB5_EXPORT_WITH_RC4_40_SHA( 0x0028, false, "TLS_KRB5_EXPORT_WITH_RC4_40_SHA", "", - ProtocolVersion.PROTOCOLS_TO_10, + ProtocolVersion.PROTOCOLS_TO_T10, K_KRB5_EXPORT, B_RC4_40, M_SHA, H_NONE), TLS_KRB5_EXPORT_WITH_RC4_40_MD5( 0x002B, false, "TLS_KRB5_EXPORT_WITH_RC4_40_MD5", "", - ProtocolVersion.PROTOCOLS_TO_10, + ProtocolVersion.PROTOCOLS_TO_T10, K_KRB5_EXPORT, B_RC4_40, M_MD5, H_NONE), // Other values from the TLS Cipher Suite Registry, as of August 2010. diff -r 9dfdc35eb270 -r 4a53dd94403e src/java.base/share/classes/sun/security/ssl/ProtocolVersion.java --- a/src/java.base/share/classes/sun/security/ssl/ProtocolVersion.java Thu May 17 16:18:47 2018 -0700 +++ b/src/java.base/share/classes/sun/security/ssl/ProtocolVersion.java Fri May 18 19:07:49 2018 -0700 @@ -80,7 +80,7 @@ // (D)TLS ProtocolVersion array for (D)TLS 1.2 and previous versions. static final ProtocolVersion[] PROTOCOLS_TO_12 = new ProtocolVersion[] { TLS12, TLS11, TLS10, SSL30, DTLS12, DTLS10 - }; + }; // (D)TLS ProtocolVersion array for (D)TLS 1.3 and previous versions. static final ProtocolVersion[] PROTOCOLS_TO_13 = new ProtocolVersion[] { @@ -132,6 +132,21 @@ TLS12, TLS11, TLS10, DTLS12, DTLS10 }; + // TLS ProtocolVersion array for TLS 1.2 and previous versions. + static final ProtocolVersion[] PROTOCOLS_TO_T12 = new ProtocolVersion[] { + TLS12, TLS11, TLS10, SSL30 + }; + + // TLS ProtocolVersion array for TLS 1.1 and previous versions. + static final ProtocolVersion[] PROTOCOLS_TO_T11 = new ProtocolVersion[] { + TLS11, TLS10, SSL30 + }; + + // TLS ProtocolVersion array for TLS 1.0 and previous versions. + static final ProtocolVersion[] PROTOCOLS_TO_T10 = new ProtocolVersion[] { + TLS10, SSL30 + }; + // Empty ProtocolVersion array static final ProtocolVersion[] PROTOCOLS_EMPTY = new ProtocolVersion[0]; diff -r 9dfdc35eb270 -r 4a53dd94403e src/java.base/share/classes/sun/security/ssl/TransportContext.java --- a/src/java.base/share/classes/sun/security/ssl/TransportContext.java Thu May 17 16:18:47 2018 -0700 +++ b/src/java.base/share/classes/sun/security/ssl/TransportContext.java Fri May 18 19:07:49 2018 -0700 @@ -449,7 +449,7 @@ } boolean isOutboundDone() { - return outputRecord.isClosed(); + return outputRecord.isClosed() && outputRecord.isEmpty(); } boolean isInboundDone() { @@ -537,14 +537,14 @@ // TLS 1.3 does not define how to initiate and close a TLS connection // gracefully. We will always send a close_notify alert, and close // the underlying transportation layer if needed. - if (!isOutboundDone() && !isOutputCloseNotified) { + if (!isInboundDone() && !isInputCloseNotified) { try { // send a close_notify alert warning(Alert.CLOSE_NOTIFY); } finally { // any data received after a closure alert is ignored. - isOutputCloseNotified = true; - outputRecord.close(); + isInputCloseNotified = true; + inputRecord.close(); } } @@ -558,8 +558,8 @@ try { transport.shutdown(); } finally { - if (!isInboundDone()) { - inputRecord.close(); + if (!isOutboundDone()) { + outputRecord.close(); } } } diff -r 9dfdc35eb270 -r 4a53dd94403e test/jdk/javax/net/ssl/TLSCommon/SSLEngineTestCase.java --- a/test/jdk/javax/net/ssl/TLSCommon/SSLEngineTestCase.java Thu May 17 16:18:47 2018 -0700 +++ b/test/jdk/javax/net/ssl/TLSCommon/SSLEngineTestCase.java Fri May 18 19:07:49 2018 -0700 @@ -416,7 +416,7 @@ int length = net.remaining(); System.out.println(wrapper + " wrapped " + length + " bytes."); System.out.println(wrapper + " handshake status is " - + engine.getHandshakeStatus()); + + engine.getHandshakeStatus() + " Result is " + r.getStatus()); if (maxPacketSize < length && maxPacketSize != 0) { throw new AssertionError("Handshake wrapped net buffer length " + length + " exceeds maximum packet size " @@ -504,7 +504,7 @@ SSLEngineResult r = engine.unwrap(net, app); app.flip(); System.out.println(unwrapper + " handshake status is " - + engine.getHandshakeStatus()); + + engine.getHandshakeStatus() + " Result is " + r.getStatus()); checkResult(r, wantedStatus); if (result != null && result.length > 0) { result[0] = r;