8175075: Add 3DES to the default disabled algorithm security property
Reviewed-by: xuelei, mullan, rhalade
--- a/src/java.base/share/conf/security/java.security Thu Jan 18 22:17:11 2018 -0500
+++ b/src/java.base/share/conf/security/java.security Fri Jan 19 11:24:39 2018 -0800
@@ -676,7 +676,7 @@
# Example:
# jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024, \
- EC keySize < 224, DES40_CBC, RC4_40
+ EC keySize < 224, DES40_CBC, RC4_40, 3DES_EDE_CBC
#
# Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS)
--- a/test/jdk/java/net/httpclient/http2/TLSConnection.java Thu Jan 18 22:17:11 2018 -0500
+++ b/test/jdk/java/net/httpclient/http2/TLSConnection.java Fri Jan 19 11:24:39 2018 -0800
@@ -27,6 +27,7 @@
import java.io.OutputStream;
import java.net.URI;
import java.net.URISyntaxException;
+import java.security.Security;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpRequest.BodyPublishers;
@@ -57,6 +58,8 @@
private static final SSLParameters USE_DEFAULT_SSL_PARAMETERS = new SSLParameters();
public static void main(String[] args) throws Exception {
+ // re-enable 3DES
+ Security.setProperty("jdk.tls.disabledAlgorithms", "");
// enable all logging
System.setProperty("jdk.httpclient.HttpClient.log", "all,frames:all");
--- a/test/jdk/javax/net/ssl/DTLS/CipherSuite.java Thu Jan 18 22:17:11 2018 -0500
+++ b/test/jdk/javax/net/ssl/DTLS/CipherSuite.java Fri Jan 19 11:24:39 2018 -0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2015, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -38,7 +38,7 @@
* @run main/othervm CipherSuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
* @run main/othervm CipherSuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
* @run main/othervm CipherSuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA
- * @run main/othervm CipherSuite TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
+ * @run main/othervm CipherSuite TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA re-enable
* @run main/othervm CipherSuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
* @run main/othervm CipherSuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* @run main/othervm CipherSuite TLS_RSA_WITH_AES_128_GCM_SHA256
@@ -49,6 +49,7 @@
*/
import javax.net.ssl.SSLEngine;
+import java.security.Security;
/**
* Test common DTLS cipher suites.
@@ -59,6 +60,10 @@
volatile static String cipherSuite;
public static void main(String[] args) throws Exception {
+ if (args.length > 1 && "re-enable".equals(args[1])) {
+ Security.setProperty("jdk.tls.disabledAlgorithms", "");
+ }
+
cipherSuite = args[0];
CipherSuite testCase = new CipherSuite();
--- a/test/jdk/sun/net/www/protocol/https/NewImpl/ComHostnameVerifier.java Thu Jan 18 22:17:11 2018 -0500
+++ b/test/jdk/sun/net/www/protocol/https/NewImpl/ComHostnameVerifier.java Fri Jan 19 11:24:39 2018 -0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2001, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -21,23 +21,22 @@
* questions.
*/
+// SunJSSE does not support dynamic system properties, no way to re-use
+// system properties in samevm/agentvm mode.
+
/*
* @test
- * @bug 4474255
- * @test 1.1 01/06/27
- * @bug 4484246
+ * @bug 4474255 4484246
* @summary When an application enables anonymous SSL cipher suite,
* Hostname verification is not required
* @modules java.base/com.sun.net.ssl
* java.base/com.sun.net.ssl.internal.www.protocol.https
* @run main/othervm ComHostnameVerifier
- *
- * SunJSSE does not support dynamic system properties, no way to re-use
- * system properties in samevm/agentvm mode.
*/
import java.io.*;
import java.net.*;
+import java.security.Security;
import javax.net.ssl.*;
import javax.security.cert.*;
import com.sun.net.ssl.HostnameVerifier;
@@ -261,6 +260,8 @@
volatile Exception clientException = null;
public static void main(String[] args) throws Exception {
+ // re-enable 3DES
+ Security.setProperty("jdk.tls.disabledAlgorithms", "");
if (debug)
System.setProperty("javax.net.debug", "all");
--- a/test/jdk/sun/net/www/protocol/https/NewImpl/JavaxHostnameVerifier.java Thu Jan 18 22:17:11 2018 -0500
+++ b/test/jdk/sun/net/www/protocol/https/NewImpl/JavaxHostnameVerifier.java Fri Jan 19 11:24:39 2018 -0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2001, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -21,21 +21,20 @@
* questions.
*/
+// SunJSSE does not support dynamic system properties, no way to re-use
+// system properties in samevm/agentvm mode.
+
/*
* @test
- * @bug 4474255
- * @test 1.1 01/06/27
- * @bug 4484246
+ * @bug 4474255 4484246
* @summary When an application enables anonymous SSL cipher suite,
* Hostname verification is not required
* @run main/othervm JavaxHostnameVerifier
- *
- * SunJSSE does not support dynamic system properties, no way to re-use
- * system properties in samevm/agentvm mode.
*/
import java.io.*;
import java.net.*;
+import java.security.Security;
import java.security.cert.*;
import javax.net.ssl.*;
@@ -244,6 +243,8 @@
volatile Exception clientException = null;
public static void main(String[] args) throws Exception {
+ // re-enable 3DES
+ Security.setProperty("jdk.tls.disabledAlgorithms", "");
if (debug)
System.setProperty("javax.net.debug", "all");