--- a/src/java.base/share/classes/sun/security/ssl/CipherSuite.java Fri Jun 08 20:35:40 2018 -0700
+++ b/src/java.base/share/classes/sun/security/ssl/CipherSuite.java Sat Jun 09 08:08:12 2018 -0700
@@ -343,35 +343,35 @@
// RC4
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA(
0xC007, false, "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", "",
- ProtocolVersion.PROTOCOLS_TO_T12,
+ ProtocolVersion.PROTOCOLS_TO_TLS12,
K_ECDHE_ECDSA, B_RC4_128, M_SHA, H_SHA256),
TLS_ECDHE_RSA_WITH_RC4_128_SHA(
0xC011, false, "TLS_ECDHE_RSA_WITH_RC4_128_SHA", "",
- ProtocolVersion.PROTOCOLS_TO_T12,
+ ProtocolVersion.PROTOCOLS_TO_TLS12,
K_ECDHE_RSA, B_RC4_128, M_SHA, H_SHA256),
SSL_RSA_WITH_RC4_128_SHA(
0x0005, false, "SSL_RSA_WITH_RC4_128_SHA", "",
- ProtocolVersion.PROTOCOLS_TO_T12,
+ ProtocolVersion.PROTOCOLS_TO_TLS12,
K_RSA, B_RC4_128, M_SHA, H_SHA256),
TLS_ECDH_ECDSA_WITH_RC4_128_SHA(
0xC002, false, "TLS_ECDH_ECDSA_WITH_RC4_128_SHA", "",
- ProtocolVersion.PROTOCOLS_TO_T12,
+ ProtocolVersion.PROTOCOLS_TO_TLS12,
K_ECDH_ECDSA, B_RC4_128, M_SHA, H_SHA256),
TLS_ECDH_RSA_WITH_RC4_128_SHA(
0xC00C, false, "TLS_ECDH_RSA_WITH_RC4_128_SHA", "",
- ProtocolVersion.PROTOCOLS_TO_T12,
+ ProtocolVersion.PROTOCOLS_TO_TLS12,
K_ECDH_RSA, B_RC4_128, M_SHA, H_SHA256),
SSL_RSA_WITH_RC4_128_MD5(
0x0004, false, "SSL_RSA_WITH_RC4_128_MD5", "",
- ProtocolVersion.PROTOCOLS_TO_T12,
+ ProtocolVersion.PROTOCOLS_TO_TLS12,
K_RSA, B_RC4_128, M_MD5, H_SHA256),
TLS_ECDH_anon_WITH_RC4_128_SHA(
0xC016, false, "TLS_ECDH_anon_WITH_RC4_128_SHA", "",
- ProtocolVersion.PROTOCOLS_TO_T12,
+ ProtocolVersion.PROTOCOLS_TO_TLS12,
K_ECDH_ANON, B_RC4_128, M_SHA, H_SHA256),
SSL_DH_anon_WITH_RC4_128_MD5(
0x0018, false, "SSL_DH_anon_WITH_RC4_128_MD5", "",
- ProtocolVersion.PROTOCOLS_TO_T12,
+ ProtocolVersion.PROTOCOLS_TO_TLS12,
K_DH_ANON, B_RC4_128, M_MD5, H_SHA256),
// weak cipher suites obsoleted in TLS 1.2
--- a/src/java.base/share/classes/sun/security/ssl/Finished.java Fri Jun 08 20:35:40 2018 -0700
+++ b/src/java.base/share/classes/sun/security/ssl/Finished.java Sat Jun 09 08:08:12 2018 -0700
@@ -186,7 +186,6 @@
case DTLS12:
return VerifyDataScheme.TLS12;
case TLS13:
- case DTLS13:
return VerifyDataScheme.TLS13;
default:
return null;
--- a/src/java.base/share/classes/sun/security/ssl/ProtocolVersion.java Fri Jun 08 20:35:40 2018 -0700
+++ b/src/java.base/share/classes/sun/security/ssl/ProtocolVersion.java Sat Jun 09 08:08:12 2018 -0700
@@ -46,7 +46,6 @@
SSL30 (0x0300, "SSLv3", false),
SSL20Hello (0x0002, "SSLv2Hello", false),
- DTLS13 (0xFEFC, "DTLSv1.3", true),
DTLS12 (0xFEFD, "DTLSv1.2", true),
DTLS10 (0xFEFF, "DTLSv1.0", true),
@@ -84,7 +83,7 @@
// (D)TLS ProtocolVersion array for (D)TLS 1.3 and previous versions.
static final ProtocolVersion[] PROTOCOLS_TO_13 = new ProtocolVersion[] {
- TLS13, TLS12, TLS11, TLS10, SSL30, DTLS13, DTLS12, DTLS10
+ TLS13, TLS12, TLS11, TLS10, SSL30, DTLS12, DTLS10
};
// No protocol version specified.
@@ -92,7 +91,7 @@
NONE
};
- // (D)TLS ProtocolVersion array for (D)TLS 1.3.
+ // (D)TLS ProtocolVersion array for SSL 3.0.
static final ProtocolVersion[] PROTOCOLS_OF_30 = new ProtocolVersion[] {
SSL30
};
@@ -109,7 +108,7 @@
// (D)TLS ProtocolVersion array for (D)TLS 1.3.
static final ProtocolVersion[] PROTOCOLS_OF_13 = new ProtocolVersion[] {
- TLS13, DTLS13
+ TLS13
};
// (D)TLS ProtocolVersion array for TSL 1.0/1.1 and DTLS 1.0.
@@ -124,7 +123,7 @@
// (D)TLS ProtocolVersion array for TSL 1.2/1.3 and DTLS 1.2/1.3.
static final ProtocolVersion[] PROTOCOLS_12_13 = new ProtocolVersion[] {
- TLS13, TLS12, DTLS13, DTLS12
+ TLS13, TLS12, DTLS12
};
// (D)TLS ProtocolVersion array for TSL 1.0/1.1/1.2 and DTLS 1.0/1.2.
@@ -133,17 +132,17 @@
};
// TLS ProtocolVersion array for TLS 1.2 and previous versions.
- static final ProtocolVersion[] PROTOCOLS_TO_T12 = new ProtocolVersion[] {
+ static final ProtocolVersion[] PROTOCOLS_TO_TLS12 = new ProtocolVersion[] {
TLS12, TLS11, TLS10, SSL30
};
// TLS ProtocolVersion array for TLS 1.1 and previous versions.
- static final ProtocolVersion[] PROTOCOLS_TO_T11 = new ProtocolVersion[] {
+ static final ProtocolVersion[] PROTOCOLS_TO_TLS11 = new ProtocolVersion[] {
TLS11, TLS10, SSL30
};
// TLS ProtocolVersion array for TLS 1.0 and previous versions.
- static final ProtocolVersion[] PROTOCOLS_TO_T10 = new ProtocolVersion[] {
+ static final ProtocolVersion[] PROTOCOLS_TO_TLS10 = new ProtocolVersion[] {
TLS10, SSL30
};
@@ -225,10 +224,12 @@
/**
* Return true if the specific (D)TLS protocol is negotiable.
+ *
+ * Used to filter out SSLv2Hello and protocol numbers less than the
+ * minimal supported protocol versions.
*/
static boolean isNegotiable(
byte major, byte minor, boolean isDTLS, boolean allowSSL20Hello) {
-
int v = ((major & 0xFF) << 8) | (minor & 0xFF);
if (isDTLS) {
return v <= DTLS10.id;
@@ -238,9 +239,8 @@
return false;
}
}
+ return true;
}
-
- return true;
}
/**
@@ -283,25 +283,21 @@
*/
static List<ProtocolVersion> namesOf(String[] protocolNames) {
if (protocolNames == null || protocolNames.length == 0) {
- return Collections.emptyList();
+ return Collections.<ProtocolVersion>emptyList();
}
- if ((protocolNames != null) && (protocolNames.length != 0)) {
- List<ProtocolVersion> pvs = new ArrayList<>(protocolNames.length);
- for (String pn : protocolNames) {
- ProtocolVersion pv = ProtocolVersion.nameOf(pn);
- if (pv == null) {
- throw new IllegalArgumentException(
- "Unsupported protocol" + pn);
- }
-
- pvs.add(pv);
+ List<ProtocolVersion> pvs = new ArrayList<>(protocolNames.length);
+ for (String pn : protocolNames) {
+ ProtocolVersion pv = ProtocolVersion.nameOf(pn);
+ if (pv == null) {
+ throw new IllegalArgumentException(
+ "Unsupported protocol" + pn);
}
- return Collections.unmodifiableList(pvs);
+ pvs.add(pv);
}
- return Collections.<ProtocolVersion>emptyList();
+ return Collections.unmodifiableList(pvs);
}
/**
@@ -345,7 +341,7 @@
* newer version.
*/
boolean useTLS13PlusSpec() {
- return isDTLS ? (this.id <= DTLS13.id) : (this.id >= TLS13.id);
+ return isDTLS ? (this.id < DTLS12.id) : (this.id >= TLS13.id);
}
/**
@@ -381,11 +377,11 @@
}
/**
- * Return true if this ProtocolVersion object is of TLS 1.3 or
+ * Return true if this ProtocolVersion object is of (D)TLS 1.3 or
* newer version.
*/
static boolean useTLS13PlusSpec(int id, boolean isDTLS) {
- return isDTLS ? (id <= DTLS13.id) : (id >= TLS13.id);
+ return isDTLS ? (id < DTLS12.id) : (id >= TLS13.id);
}
/**
--- a/src/java.base/share/classes/sun/security/ssl/SSLMasterKeyDerivation.java Fri Jun 08 20:35:40 2018 -0700
+++ b/src/java.base/share/classes/sun/security/ssl/SSLMasterKeyDerivation.java Sat Jun 09 08:08:12 2018 -0700
@@ -63,7 +63,6 @@
case DTLS12:
return SSLMasterKeyDerivation.TLS12;
case TLS13:
- case DTLS13:
return SSLMasterKeyDerivation.TLS13;
default:
return null;
--- a/src/java.base/share/classes/sun/security/ssl/SSLServerSocketFactoryImpl.java Fri Jun 08 20:35:40 2018 -0700
+++ b/src/java.base/share/classes/sun/security/ssl/SSLServerSocketFactoryImpl.java Sat Jun 09 08:08:12 2018 -0700
@@ -35,10 +35,9 @@
*
* @author David Brownell
*/
-final public
- class SSLServerSocketFactoryImpl extends SSLServerSocketFactory {
+public final class SSLServerSocketFactoryImpl extends SSLServerSocketFactory {
private static final int DEFAULT_BACKLOG = 50;
- private SSLContextImpl context;
+ private final SSLContextImpl context;
/**
@@ -70,23 +69,22 @@
}
@Override
- public ServerSocket createServerSocket(
- int port) throws IOException {
- return new SSLServerSocketImpl (context, port, DEFAULT_BACKLOG);
+ public ServerSocket createServerSocket(int port) throws IOException {
+ return new SSLServerSocketImpl(context, port, DEFAULT_BACKLOG);
}
@Override
public ServerSocket createServerSocket (
int port, int backlog) throws IOException {
- return new SSLServerSocketImpl (context, port, backlog);
+ return new SSLServerSocketImpl(context, port, backlog);
}
@Override
public ServerSocket
createServerSocket (int port,
int backlog, InetAddress ifAddress) throws IOException {
- return new SSLServerSocketImpl (context, port, backlog, ifAddress);
+ return new SSLServerSocketImpl(context, port, backlog, ifAddress);
}
/**
--- a/src/java.base/share/classes/sun/security/ssl/SSLTrafficKeyDerivation.java Fri Jun 08 20:35:40 2018 -0700
+++ b/src/java.base/share/classes/sun/security/ssl/SSLTrafficKeyDerivation.java Sat Jun 09 08:08:12 2018 -0700
@@ -67,7 +67,6 @@
case DTLS12:
return SSLTrafficKeyDerivation.TLS12;
case TLS13:
- case DTLS13:
return SSLTrafficKeyDerivation.TLS13;
}