# HG changeset patch # User xuelei # Date 1554162617 25200 # Node ID e057e45b49aff520a145fe159e055a37e9f93e62 # Parent 66185e52b979e5f5932b6bd41cd3d7799d87205c 8168261: Use server cipher suites preference by default Reviewed-by: mullan diff -r 66185e52b979 -r e057e45b49af src/java.base/share/classes/javax/net/ssl/SSLContextSpi.java --- a/src/java.base/share/classes/javax/net/ssl/SSLContextSpi.java Mon Apr 01 15:59:45 2019 -0700 +++ b/src/java.base/share/classes/javax/net/ssl/SSLContextSpi.java Mon Apr 01 16:50:17 2019 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999, 2015, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1999, 2019, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -194,10 +194,9 @@ */ protected SSLParameters engineGetSupportedSSLParameters() { SSLSocket socket = getDefaultSocket(); - SSLParameters params = new SSLParameters(); + SSLParameters params = socket.getSSLParameters(); params.setCipherSuites(socket.getSupportedCipherSuites()); params.setProtocols(socket.getSupportedProtocols()); return params; } - } diff -r 66185e52b979 -r e057e45b49af src/java.base/share/classes/sun/security/ssl/SSLConfiguration.java --- a/src/java.base/share/classes/sun/security/ssl/SSLConfiguration.java Mon Apr 01 15:59:45 2019 -0700 +++ b/src/java.base/share/classes/sun/security/ssl/SSLConfiguration.java Mon Apr 01 16:50:17 2019 -0700 @@ -126,7 +126,7 @@ this.identificationProtocol = null; this.serverNames = Collections.emptyList(); this.sniMatchers = Collections.emptyList(); - this.preferLocalCipherSuites = false; + this.preferLocalCipherSuites = true; this.applicationProtocols = new String[0]; this.enableRetransmissions = sslContext.isDTLS(); diff -r 66185e52b979 -r e057e45b49af test/jdk/sun/security/ssl/SSLContextImpl/DefaultCipherSuitePreference.java --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/jdk/sun/security/ssl/SSLContextImpl/DefaultCipherSuitePreference.java Mon Apr 01 16:50:17 2019 -0700 @@ -0,0 +1,120 @@ +/* + * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +// SunJSSE does not support dynamic system properties, no way to re-use +// system properties in samevm/agentvm mode. + +/* + * @test + * @bug 8168261 + * @summary Use server cipher suites preference by default + * @run main/othervm DefaultCipherSuitePreference + */ + +import javax.net.SocketFactory; +import javax.net.ssl.KeyManager; +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLEngine; +import javax.net.ssl.SSLParameters; +import javax.net.ssl.SSLServerSocket; +import javax.net.ssl.SSLServerSocketFactory; +import javax.net.ssl.SSLSocket; +import javax.net.ssl.TrustManager; + +public class DefaultCipherSuitePreference { + private static final String[] contextAlgorithms = { + "Default", "SSL", "TLS", "SSLv3", "TLSv1", + "TLSv1.1", "TLSv1.2", "TLSv1.3" + }; + + public static void main(String[] args) throws Exception { + for (String algorithm : contextAlgorithms) { + System.out.println("Checking SSLContext of " + algorithm); + SSLContext sslContext = SSLContext.getInstance(algorithm); + + // Default SSLContext is initialized automatically. + if (!algorithm.equals("Default")) { + // Use default TK, KM and random. + sslContext.init((KeyManager[])null, (TrustManager[])null, null); + } + + // + // Check SSLContext + // + // Check default SSLParameters of SSLContext + checkDefaultCipherSuitePreference( + sslContext.getDefaultSSLParameters(), + "SSLContext.getDefaultSSLParameters()"); + + // Check supported SSLParameters of SSLContext + checkDefaultCipherSuitePreference( + sslContext.getSupportedSSLParameters(), + "SSLContext.getSupportedSSLParameters()"); + + // + // Check SSLEngine + // + // Check SSLParameters of SSLEngine + SSLEngine engine = sslContext.createSSLEngine(); + engine.setUseClientMode(true); + checkDefaultCipherSuitePreference( + engine.getSSLParameters(), + "client mode SSLEngine.getSSLParameters()"); + + engine.setUseClientMode(false); + checkDefaultCipherSuitePreference( + engine.getSSLParameters(), + "server mode SSLEngine.getSSLParameters()"); + + // + // Check SSLSocket + // + // Check SSLParameters of SSLSocket + SocketFactory fac = sslContext.getSocketFactory(); + SSLSocket socket = (SSLSocket)fac.createSocket(); + checkDefaultCipherSuitePreference( + socket.getSSLParameters(), + "SSLSocket.getSSLParameters()"); + + // + // Check SSLServerSocket + // + // Check SSLParameters of SSLServerSocket + SSLServerSocketFactory sf = sslContext.getServerSocketFactory(); + SSLServerSocket ssocket = (SSLServerSocket)sf.createServerSocket(); + checkDefaultCipherSuitePreference( + ssocket.getSSLParameters(), + "SSLServerSocket.getSSLParameters()"); + } + } + + private static void checkDefaultCipherSuitePreference( + SSLParameters parameters, String context) throws Exception { + if (!parameters.getUseCipherSuitesOrder()) { + throw new Exception( + "The local cipher suite preference is not honored " + + "in the connection populated SSLParameters object (" + + context + ")"); + } + } +}