--- a/jdk/src/java.base/share/classes/sun/security/ssl/Handshaker.java Thu Oct 23 07:07:16 2014 +0800
+++ b/jdk/src/java.base/share/classes/sun/security/ssl/Handshaker.java Mon Nov 03 08:30:18 2014 +0000
@@ -500,7 +500,9 @@
if (activeProtocols.collection().isEmpty() ||
activeProtocols.max.v == ProtocolVersion.NONE.v) {
- throw new SSLHandshakeException("No appropriate protocol");
+ throw new SSLHandshakeException(
+ "No appropriate protocol (protocol is disabled or " +
+ "cipher suites are inappropriate)");
}
if (activeCipherSuites == null) {
@@ -685,6 +687,17 @@
continue;
}
+ if (!algorithmConstraints.permits(
+ EnumSet.of(CryptoPrimitive.KEY_AGREEMENT),
+ protocol.name, null)) {
+ if (debug != null && Debug.isOn("verbose")) {
+ System.out.println(
+ "Ignoring disabled protocol: " + protocol);
+ }
+
+ continue;
+ }
+
boolean found = false;
for (CipherSuite suite : enabledCipherSuites.collection()) {
if (suite.isAvailable() && suite.obsoleted > protocol.v &&
--- a/jdk/src/java.base/share/classes/sun/security/ssl/ProtocolVersion.java Thu Oct 23 07:07:16 2014 +0800
+++ b/jdk/src/java.base/share/classes/sun/security/ssl/ProtocolVersion.java Mon Nov 03 08:30:18 2014 +0000
@@ -25,6 +25,9 @@
package sun.security.ssl;
+import java.util.*;
+import java.security.CryptoPrimitive;
+
/**
* Type safe enum for an SSL/TLS protocol version. Instances are obtained
* using the static factory methods or by referencing the static members
@@ -86,6 +89,11 @@
// Default version for hello messages (SSLv2Hello)
final static ProtocolVersion DEFAULT_HELLO = FIPS ? TLS10 : SSL30;
+ // Available protocols
+ //
+ // Including all supported protocols except the disabled ones.
+ final static Set<ProtocolVersion> availableProtocols;
+
// version in 16 bit MSB format as it appears in records and
// messages, i.e. 0x0301 for TLS 1.0
public final int v;
@@ -96,6 +104,25 @@
// name used in JSSE (e.g. TLSv1 for TLS 1.0)
final String name;
+ // Initialize the available protocols.
+ static {
+ Set<ProtocolVersion> protocols = new HashSet<>(5);
+
+ ProtocolVersion[] pvs = new ProtocolVersion[] {
+ SSL20Hello, SSL30, TLS10, TLS11, TLS12};
+ EnumSet<CryptoPrimitive> cryptoPrimitives =
+ EnumSet.<CryptoPrimitive>of(CryptoPrimitive.KEY_AGREEMENT);
+ for (ProtocolVersion p : pvs) {
+ if (SSLAlgorithmConstraints.DEFAULT_SSL_ONLY.permits(
+ cryptoPrimitives, p.name, null)) {
+ protocols.add(p);
+ }
+ }
+
+ availableProtocols =
+ Collections.<ProtocolVersion>unmodifiableSet(protocols);
+ }
+
// private
private ProtocolVersion(int v, String name) {
this.v = v;
--- a/jdk/src/java.base/share/classes/sun/security/ssl/SSLAlgorithmConstraints.java Thu Oct 23 07:07:16 2014 +0800
+++ b/jdk/src/java.base/share/classes/sun/security/ssl/SSLAlgorithmConstraints.java Mon Nov 03 08:30:18 2014 +0000
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2010, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2010, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -55,6 +55,14 @@
private boolean enabledX509DisabledAlgConstraints = true;
+ // the default algorithm constraints
+ final static AlgorithmConstraints DEFAULT =
+ new SSLAlgorithmConstraints(null);
+
+ // the default SSL only algorithm constraints
+ final static AlgorithmConstraints DEFAULT_SSL_ONLY =
+ new SSLAlgorithmConstraints((SSLSocket)null, false);
+
SSLAlgorithmConstraints(AlgorithmConstraints algorithmConstraints) {
userAlgConstraints = algorithmConstraints;
}
--- a/jdk/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java Thu Oct 23 07:07:16 2014 +0800
+++ b/jdk/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java Mon Nov 03 08:30:18 2014 +0000
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -52,10 +52,6 @@
private X509TrustManager trustManager;
private SecureRandom secureRandom;
- // The default algrithm constraints
- private AlgorithmConstraints defaultAlgorithmConstraints =
- new SSLAlgorithmConstraints(null);
-
// supported and default protocols
private ProtocolList defaultServerProtocolList;
private ProtocolList defaultClientProtocolList;
@@ -350,7 +346,7 @@
if (suite.isAvailable() &&
suite.obsoleted > protocols.min.v &&
suite.supported <= protocols.max.v) {
- if (defaultAlgorithmConstraints.permits(
+ if (SSLAlgorithmConstraints.DEFAULT.permits(
EnumSet.of(CryptoPrimitive.KEY_AGREEMENT),
suite.name, null)) {
suites.add(suite);
@@ -431,11 +427,16 @@
*/
private abstract static class AbstractSSLContext extends SSLContextImpl {
// parameters
- private final static SSLParameters defaultServerSSLParams;
- private final static SSLParameters supportedSSLParams;
+ private static final SSLParameters defaultServerSSLParams;
+ private static final SSLParameters supportedSSLParams;
static {
+ // supported SSL parameters
supportedSSLParams = new SSLParameters();
+
+ // candidates for available protocols
+ ProtocolVersion[] candidates;
+
if (SunJSSE.isFIPS()) {
supportedSSLParams.setProtocols(new String[] {
ProtocolVersion.TLS10.name,
@@ -443,7 +444,11 @@
ProtocolVersion.TLS12.name
});
- defaultServerSSLParams = supportedSSLParams;
+ candidates = new ProtocolVersion[] {
+ ProtocolVersion.TLS10,
+ ProtocolVersion.TLS11,
+ ProtocolVersion.TLS12
+ };
} else {
supportedSSLParams.setProtocols(new String[] {
ProtocolVersion.SSL20Hello.name,
@@ -453,8 +458,18 @@
ProtocolVersion.TLS12.name
});
- defaultServerSSLParams = supportedSSLParams;
+ candidates = new ProtocolVersion[] {
+ ProtocolVersion.SSL20Hello,
+ ProtocolVersion.SSL30,
+ ProtocolVersion.TLS10,
+ ProtocolVersion.TLS11,
+ ProtocolVersion.TLS12
+ };
}
+
+ defaultServerSSLParams = new SSLParameters();
+ defaultServerSSLParams.setProtocols(
+ getAvailableProtocols(candidates));
}
@Override
@@ -466,6 +481,22 @@
SSLParameters getSupportedSSLParams() {
return supportedSSLParams;
}
+
+ static String[] getAvailableProtocols(
+ ProtocolVersion[] protocolCandidates) {
+
+ List<String> availableProtocols = Collections.<String>emptyList();
+ if (protocolCandidates != null && protocolCandidates.length != 0) {
+ availableProtocols = new ArrayList<>(protocolCandidates.length);
+ for (ProtocolVersion p : protocolCandidates) {
+ if (ProtocolVersion.availableProtocols.contains(p)) {
+ availableProtocols.add(p.name);
+ }
+ }
+ }
+
+ return availableProtocols.toArray(new String[0]);
+ }
}
/*
@@ -474,21 +505,25 @@
* @see SSLContext
*/
public static final class TLS10Context extends AbstractSSLContext {
- private final static SSLParameters defaultClientSSLParams;
+ private static final SSLParameters defaultClientSSLParams;
static {
- defaultClientSSLParams = new SSLParameters();
+ // candidates for available protocols
+ ProtocolVersion[] candidates;
if (SunJSSE.isFIPS()) {
- defaultClientSSLParams.setProtocols(new String[] {
- ProtocolVersion.TLS10.name
- });
+ candidates = new ProtocolVersion[] {
+ ProtocolVersion.TLS10
+ };
+ } else {
+ candidates = new ProtocolVersion[] {
+ ProtocolVersion.SSL30,
+ ProtocolVersion.TLS10
+ };
+ }
- } else {
- defaultClientSSLParams.setProtocols(new String[] {
- ProtocolVersion.SSL30.name,
- ProtocolVersion.TLS10.name
- });
- }
+ defaultClientSSLParams = new SSLParameters();
+ defaultClientSSLParams.setProtocols(
+ getAvailableProtocols(candidates));
}
@Override
@@ -503,23 +538,27 @@
* @see SSLContext
*/
public static final class TLS11Context extends AbstractSSLContext {
- private final static SSLParameters defaultClientSSLParams;
+ private static final SSLParameters defaultClientSSLParams;
static {
- defaultClientSSLParams = new SSLParameters();
+ // candidates for available protocols
+ ProtocolVersion[] candidates;
if (SunJSSE.isFIPS()) {
- defaultClientSSLParams.setProtocols(new String[] {
- ProtocolVersion.TLS10.name,
- ProtocolVersion.TLS11.name
- });
+ candidates = new ProtocolVersion[] {
+ ProtocolVersion.TLS10,
+ ProtocolVersion.TLS11
+ };
+ } else {
+ candidates = new ProtocolVersion[] {
+ ProtocolVersion.SSL30,
+ ProtocolVersion.TLS10,
+ ProtocolVersion.TLS11
+ };
+ }
- } else {
- defaultClientSSLParams.setProtocols(new String[] {
- ProtocolVersion.SSL30.name,
- ProtocolVersion.TLS10.name,
- ProtocolVersion.TLS11.name
- });
- }
+ defaultClientSSLParams = new SSLParameters();
+ defaultClientSSLParams.setProtocols(
+ getAvailableProtocols(candidates));
}
@Override
@@ -534,25 +573,29 @@
* @see SSLContext
*/
public static final class TLS12Context extends AbstractSSLContext {
- private final static SSLParameters defaultClientSSLParams;
+ private static final SSLParameters defaultClientSSLParams;
static {
- defaultClientSSLParams = new SSLParameters();
+ // candidates for available protocols
+ ProtocolVersion[] candidates;
if (SunJSSE.isFIPS()) {
- defaultClientSSLParams.setProtocols(new String[] {
- ProtocolVersion.TLS10.name,
- ProtocolVersion.TLS11.name,
- ProtocolVersion.TLS12.name
- });
+ candidates = new ProtocolVersion[] {
+ ProtocolVersion.TLS10,
+ ProtocolVersion.TLS11,
+ ProtocolVersion.TLS12
+ };
+ } else {
+ candidates = new ProtocolVersion[] {
+ ProtocolVersion.SSL30,
+ ProtocolVersion.TLS10,
+ ProtocolVersion.TLS11,
+ ProtocolVersion.TLS12
+ };
+ }
- } else {
- defaultClientSSLParams.setProtocols(new String[] {
- ProtocolVersion.SSL30.name,
- ProtocolVersion.TLS10.name,
- ProtocolVersion.TLS11.name,
- ProtocolVersion.TLS12.name
- });
- }
+ defaultClientSSLParams = new SSLParameters();
+ defaultClientSSLParams.setProtocols(
+ getAvailableProtocols(candidates));
}
@Override
@@ -567,8 +610,8 @@
* @see SSLContext
*/
private static class CustomizedSSLContext extends AbstractSSLContext {
- private final static String PROPERTY_NAME = "jdk.tls.client.protocols";
- private final static SSLParameters defaultClientSSLParams;
+ private static final String PROPERTY_NAME = "jdk.tls.client.protocols";
+ private static final SSLParameters defaultClientSSLParams;
private static IllegalArgumentException reservedException = null;
// Don't want a java.lang.LinkageError for illegal system property.
@@ -578,60 +621,74 @@
// the provider service. Instead, let's handle the initialization
// exception in constructor.
static {
+ // candidates for available protocols
+ ProtocolVersion[] candidates;
+
String property = AccessController.doPrivileged(
new GetPropertyAction(PROPERTY_NAME));
- defaultClientSSLParams = new SSLParameters();
if (property == null || property.length() == 0) {
// the default enabled client TLS protocols
if (SunJSSE.isFIPS()) {
- defaultClientSSLParams.setProtocols(new String[] {
- ProtocolVersion.TLS10.name,
- ProtocolVersion.TLS11.name,
- ProtocolVersion.TLS12.name
- });
-
+ candidates = new ProtocolVersion[] {
+ ProtocolVersion.TLS10,
+ ProtocolVersion.TLS11,
+ ProtocolVersion.TLS12
+ };
} else {
- defaultClientSSLParams.setProtocols(new String[] {
- ProtocolVersion.SSL30.name,
- ProtocolVersion.TLS10.name,
- ProtocolVersion.TLS11.name,
- ProtocolVersion.TLS12.name
- });
+ candidates = new ProtocolVersion[] {
+ ProtocolVersion.SSL30,
+ ProtocolVersion.TLS10,
+ ProtocolVersion.TLS11,
+ ProtocolVersion.TLS12
+ };
}
} else {
// remove double quote marks from beginning/end of the property
- if (property.charAt(0) == '"' &&
+ if (property.length() > 1 && property.charAt(0) == '"' &&
property.charAt(property.length() - 1) == '"') {
property = property.substring(1, property.length() - 1);
}
- String[] protocols = property.split(",");
+ String[] protocols = null;
+ if (property != null && property.length() != 0) {
+ protocols = property.split(",");
+ } else {
+ reservedException = new IllegalArgumentException(
+ "No protocol specified in " +
+ PROPERTY_NAME + " system property");
+ protocols = new String[0];
+ }
+
+ candidates = new ProtocolVersion[protocols.length];
for (int i = 0; i < protocols.length; i++) {
protocols[i] = protocols[i].trim();
// Is it a supported protocol name?
try {
- ProtocolVersion.valueOf(protocols[i]);
+ candidates[i] = ProtocolVersion.valueOf(protocols[i]);
} catch (IllegalArgumentException iae) {
reservedException = new IllegalArgumentException(
- PROPERTY_NAME + ": " + protocols[i] +
- " is not a standard SSL protocol name", iae);
+ PROPERTY_NAME + ": " + protocols[i] +
+ " is not a standard SSL/TLS protocol name", iae);
+ break;
}
}
if ((reservedException == null) && SunJSSE.isFIPS()) {
- for (String protocol : protocols) {
- if (ProtocolVersion.SSL20Hello.name.equals(protocol) ||
- ProtocolVersion.SSL30.name.equals(protocol)) {
+ for (ProtocolVersion protocolVersion : candidates) {
+ if (ProtocolVersion.SSL20Hello.v == protocolVersion.v ||
+ ProtocolVersion.SSL30.v == protocolVersion.v) {
reservedException = new IllegalArgumentException(
- PROPERTY_NAME + ": " + protocol +
+ PROPERTY_NAME + ": " + protocolVersion +
" is not FIPS compliant");
}
}
}
+ }
- if (reservedException == null) {
- defaultClientSSLParams.setProtocols(protocols);
- }
+ defaultClientSSLParams = new SSLParameters();
+ if (reservedException == null) {
+ defaultClientSSLParams.setProtocols(
+ getAvailableProtocols(candidates));
}
}
--- a/jdk/src/java.base/share/conf/security/java.security Thu Oct 23 07:07:16 2014 +0800
+++ b/jdk/src/java.base/share/conf/security/java.security Mon Nov 03 08:30:18 2014 +0000
@@ -512,8 +512,12 @@
#
# In some environments, certain algorithms or key lengths may be undesirable
# when using SSL/TLS. This section describes the mechanism for disabling
-# algorithms during SSL/TLS security parameters negotiation, including cipher
-# suites selection, peer authentication and key exchange mechanisms.
+# algorithms during SSL/TLS security parameters negotiation, including
+# protocol version negotiation, cipher suites selection, peer authentication
+# and key exchange mechanisms.
+#
+# Disabled algorithms will not be negotiated for SSL/TLS connections, even
+# if they are enabled explicitly in an application.
#
# For PKI-based peer authentication and key exchange mechanisms, this list
# of disabled algorithms will also be checked during certification path
@@ -528,4 +532,5 @@
# It is not guaranteed to be examined and used by other implementations.
#
# Example:
-# jdk.tls.disabledAlgorithms=MD5, SHA1, DSA, RSA keySize < 2048
+# jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
+jdk.tls.disabledAlgorithms=SSLv3
--- a/jdk/test/javax/net/ssl/SSLSession/TestEnabledProtocols.java Thu Oct 23 07:07:16 2014 +0800
+++ b/jdk/test/javax/net/ssl/SSLSession/TestEnabledProtocols.java Mon Nov 03 08:30:18 2014 +0000
@@ -120,6 +120,10 @@
volatile Exception clientException = null;
public static void main(String[] args) throws Exception {
+ // reset the security property to make sure that the algorithms
+ // and keys used in this test are not disabled.
+ Security.setProperty("jdk.tls.disabledAlgorithms", "");
+
String keyFilename =
System.getProperty("test.src", "./") + "/" + pathToStores +
"/" + keyStoreFile;
--- a/jdk/test/javax/net/ssl/ServerName/SSLEngineExplorer.java Thu Oct 23 07:07:16 2014 +0800
+++ b/jdk/test/javax/net/ssl/ServerName/SSLEngineExplorer.java Mon Nov 03 08:30:18 2014 +0000
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -44,6 +44,7 @@
import java.net.*;
import java.util.*;
import java.nio.channels.*;
+import java.security.Security;
public class SSLEngineExplorer extends SSLEngineService {
@@ -231,6 +232,10 @@
volatile int serverPort = 0;
public static void main(String args[]) throws Exception {
+ // reset the security property to make sure that the algorithms
+ // and keys used in this test are not disabled.
+ Security.setProperty("jdk.tls.disabledAlgorithms", "");
+
if (debug)
System.setProperty("javax.net.debug", "all");
--- a/jdk/test/javax/net/ssl/ServerName/SSLSocketExplorer.java Thu Oct 23 07:07:16 2014 +0800
+++ b/jdk/test/javax/net/ssl/ServerName/SSLSocketExplorer.java Mon Nov 03 08:30:18 2014 +0000
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -45,6 +45,7 @@
import java.util.*;
import java.net.*;
import javax.net.ssl.*;
+import java.security.Security;
public class SSLSocketExplorer {
@@ -224,6 +225,10 @@
volatile Exception clientException = null;
public static void main(String[] args) throws Exception {
+ // reset the security property to make sure that the algorithms
+ // and keys used in this test are not disabled.
+ Security.setProperty("jdk.tls.disabledAlgorithms", "");
+
String keyFilename =
System.getProperty("test.src", ".") + "/" + pathToStores +
"/" + keyStoreFile;
--- a/jdk/test/javax/net/ssl/TLS/TestJSSE.java Thu Oct 23 07:07:16 2014 +0800
+++ b/jdk/test/javax/net/ssl/TLS/TestJSSE.java Mon Nov 03 08:30:18 2014 +0000
@@ -78,6 +78,10 @@
private static final String LOCAL_IP = "127.0.0.1";
public static void main(String... args) throws Exception {
+ // reset the security property to make sure that the algorithms
+ // and keys used in this test are not disabled.
+ Security.setProperty("jdk.tls.disabledAlgorithms", "");
+
String serverProtocol = System.getProperty("SERVER_PROTOCOL");
String clientProtocol = System.getProperty("CLIENT_PROTOCOL");
int port = jdk.testlibrary.Utils.getFreePort();
--- a/jdk/test/javax/net/ssl/sanity/interop/ClientJSSEServerJSSE.java Thu Oct 23 07:07:16 2014 +0800
+++ b/jdk/test/javax/net/ssl/sanity/interop/ClientJSSEServerJSSE.java Mon Nov 03 08:30:18 2014 +0000
@@ -33,6 +33,10 @@
public class ClientJSSEServerJSSE {
public static void main(String[] args) throws Exception {
+ // reset the security property to make sure that the algorithms
+ // and keys used in this test are not disabled.
+ Security.setProperty("jdk.tls.disabledAlgorithms", "");
+
// MD5 is used in this test case, don't disable MD5 algorithm.
Security.setProperty(
"jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024");
--- a/jdk/test/sun/security/ec/TestEC.java Thu Oct 23 07:07:16 2014 +0800
+++ b/jdk/test/sun/security/ec/TestEC.java Mon Nov 03 08:30:18 2014 +0000
@@ -59,6 +59,10 @@
public class TestEC {
public static void main(String[] args) throws Exception {
+ // reset the security property to make sure that the algorithms
+ // and keys used in this test are not disabled.
+ Security.setProperty("jdk.tls.disabledAlgorithms", "");
+
// MD5 is used in this test case, don't disable MD5 algorithm.
Security.setProperty(
"jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024");
--- a/jdk/test/sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java Thu Oct 23 07:07:16 2014 +0800
+++ b/jdk/test/sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java Mon Nov 03 08:30:18 2014 +0000
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2002, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -43,6 +43,10 @@
private static String[] cmdArgs;
public static void main(String[] args) throws Exception {
+ // reset the security property to make sure that the algorithms
+ // and keys used in this test are not disabled.
+ Security.setProperty("jdk.tls.disabledAlgorithms", "");
+
cmdArgs = args;
main(new ClientJSSEServerJSSE());
}
--- a/jdk/test/sun/security/ssl/ProtocolVersion/HttpsProtocols.java Thu Oct 23 07:07:16 2014 +0800
+++ b/jdk/test/sun/security/ssl/ProtocolVersion/HttpsProtocols.java Mon Nov 03 08:30:18 2014 +0000
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2002, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -32,6 +32,7 @@
import java.io.*;
import java.net.*;
import javax.net.ssl.*;
+import java.security.Security;
public class HttpsProtocols implements HostnameVerifier {
@@ -177,6 +178,10 @@
volatile Exception clientException = null;
public static void main(String[] args) throws Exception {
+ // reset the security property to make sure that the algorithms
+ // and keys used in this test are not disabled.
+ Security.setProperty("jdk.tls.disabledAlgorithms", "");
+
String keyFilename =
System.getProperty("test.src", "./") + "/" + pathToStores +
"/" + keyStoreFile;
--- a/jdk/test/sun/security/ssl/SSLContextImpl/CustomizedDefaultProtocols.java Thu Oct 23 07:07:16 2014 +0800
+++ b/jdk/test/sun/security/ssl/SSLContextImpl/CustomizedDefaultProtocols.java Mon Nov 03 08:30:18 2014 +0000
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2013, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -35,6 +35,7 @@
import javax.net.*;
import javax.net.ssl.*;
import java.util.Arrays;
+import java.security.Security;
public class CustomizedDefaultProtocols {
static enum ContextVersion {
@@ -93,6 +94,10 @@
}
public static void main(String[] args) throws Exception {
+ // reset the security property to make sure that the algorithms
+ // and keys used in this test are not disabled.
+ Security.setProperty("jdk.tls.disabledAlgorithms", "");
+
boolean failed = false;
for (ContextVersion cv : ContextVersion.values()) {
System.out.println("Checking SSLContext of " + cv.contextVersion);
--- a/jdk/test/sun/security/ssl/SSLContextImpl/DefaultEnabledProtocols.java Thu Oct 23 07:07:16 2014 +0800
+++ b/jdk/test/sun/security/ssl/SSLContextImpl/DefaultEnabledProtocols.java Mon Nov 03 08:30:18 2014 +0000
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2013, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -34,6 +34,7 @@
import javax.net.*;
import javax.net.ssl.*;
import java.util.Arrays;
+import java.security.Security;
public class DefaultEnabledProtocols {
static enum ContextVersion {
@@ -92,6 +93,10 @@
}
public static void main(String[] args) throws Exception {
+ // reset the security property to make sure that the algorithms
+ // and keys used in this test are not disabled.
+ Security.setProperty("jdk.tls.disabledAlgorithms", "");
+
boolean failed = false;
for (ContextVersion cv : ContextVersion.values()) {
System.out.println("Checking SSLContext of " + cv.contextVersion);
--- a/jdk/test/sun/security/ssl/SSLContextImpl/NoOldVersionContext.java Thu Oct 23 07:07:16 2014 +0800
+++ b/jdk/test/sun/security/ssl/SSLContextImpl/NoOldVersionContext.java Mon Nov 03 08:30:18 2014 +0000
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2013, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -35,6 +35,7 @@
import javax.net.*;
import javax.net.ssl.*;
import java.util.Arrays;
+import java.security.Security;
public class NoOldVersionContext {
static enum ContextVersion {
@@ -93,6 +94,10 @@
}
public static void main(String[] args) throws Exception {
+ // reset the security property to make sure that the algorithms
+ // and keys used in this test are not disabled.
+ Security.setProperty("jdk.tls.disabledAlgorithms", "");
+
boolean failed = false;
for (ContextVersion cv : ContextVersion.values()) {
System.out.println("Checking SSLContext of " + cv.contextVersion);
--- a/jdk/test/sun/security/ssl/SSLEngineImpl/DelegatedTaskWrongException.java Thu Oct 23 07:07:16 2014 +0800
+++ b/jdk/test/sun/security/ssl/SSLEngineImpl/DelegatedTaskWrongException.java Mon Nov 03 08:30:18 2014 +0000
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -115,6 +115,9 @@
}
public static void main(String args[]) throws Exception {
+ // reset the security property to make sure that the algorithms
+ // and keys used in this test are not disabled.
+ Security.setProperty("jdk.tls.disabledAlgorithms", "");
DelegatedTaskWrongException test;