# HG changeset patch # User xuelei # Date 1526414497 25200 # Node ID a423173d0578a5e9d6cef8ea524b544a14c1df61 # Parent 4a3deb6759b15d68b104eb8be83727df34cfeaa2 rollbak behavior changes of extended secret extension diff -r 4a3deb6759b1 -r a423173d0578 src/java.base/share/classes/sun/security/ssl/CertificateMessage.java --- a/src/java.base/share/classes/sun/security/ssl/CertificateMessage.java Tue May 15 14:54:04 2018 -0400 +++ b/src/java.base/share/classes/sun/security/ssl/CertificateMessage.java Tue May 15 13:01:37 2018 -0700 @@ -436,7 +436,8 @@ // DO NOT need to check allowUnsafeServerCertChange here. We only // reserve server certificates when allowUnsafeServerCertChange is // flase. - if (chc.reservedServerCerts != null) { + if (chc.reservedServerCerts != null && + !chc.handshakeSession.useExtendedMasterSecret) { // It is not necessary to check the certificate update if // endpoint identification is enabled. String identityAlg = chc.sslConfig.identificationProtocol; diff -r 4a3deb6759b1 -r a423173d0578 src/java.base/share/classes/sun/security/ssl/ExtendedMasterSecretExtension.java --- a/src/java.base/share/classes/sun/security/ssl/ExtendedMasterSecretExtension.java Tue May 15 14:54:04 2018 -0400 +++ b/src/java.base/share/classes/sun/security/ssl/ExtendedMasterSecretExtension.java Tue May 15 13:01:37 2018 -0700 @@ -29,8 +29,6 @@ import java.io.IOException; import java.nio.ByteBuffer; import javax.net.ssl.SSLProtocolException; -import static sun.security.ssl.SSLConfiguration.allowLegacyMasterSecret; -import static sun.security.ssl.SSLConfiguration.allowLegacyResumption; import static sun.security.ssl.SSLExtension.CH_EXTENDED_MASTER_SECRET; import sun.security.ssl.SSLExtension.ExtensionConsumer; import static sun.security.ssl.SSLExtension.SH_EXTENDED_MASTER_SECRET; @@ -116,7 +114,9 @@ ClientHandshakeContext chc = (ClientHandshakeContext)context; // Is it a supported and enabled extension? - if (!chc.sslConfig.isAvailable(CH_EXTENDED_MASTER_SECRET)) { + if (!chc.sslConfig.isAvailable(CH_EXTENDED_MASTER_SECRET) || + !SSLConfiguration.useExtendedMasterSecret || + !chc.conContext.protocolVersion.useTLS10PlusSpec()) { if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) { SSLLogger.fine( "Ignore unavailable extended_master_secret extension"); @@ -157,7 +157,9 @@ ServerHandshakeContext shc = (ServerHandshakeContext)context; // Is it a supported and enabled extension? - if (!shc.sslConfig.isAvailable(CH_EXTENDED_MASTER_SECRET)) { + if (!shc.sslConfig.isAvailable(CH_EXTENDED_MASTER_SECRET) || + !SSLConfiguration.useExtendedMasterSecret || + !shc.negotiatedProtocol.useTLS10PlusSpec()) { if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) { SSLLogger.fine("Ignore unavailable extension: " + CH_EXTENDED_MASTER_SECRET.name); @@ -213,7 +215,8 @@ ServerHandshakeContext shc = (ServerHandshakeContext)context; // Is it a supported and enabled extension? - if (!shc.sslConfig.isAvailable(CH_EXTENDED_MASTER_SECRET)) { + if (!shc.sslConfig.isAvailable(CH_EXTENDED_MASTER_SECRET) || + !SSLConfiguration.useExtendedMasterSecret) { if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) { SSLLogger.fine("Ignore unavailable extension: " + CH_EXTENDED_MASTER_SECRET.name); @@ -221,7 +224,8 @@ return; // ignore the extension } - if (!allowLegacyMasterSecret) { + if (shc.negotiatedProtocol.useTLS10PlusSpec() && + !SSLConfiguration.allowLegacyMasterSecret) { // For full handshake, if the server receives a ClientHello // without the extension, it SHOULD abort the handshake if // it does not wish to interoperate with legacy clients. @@ -245,7 +249,7 @@ // For abbreviated handshake request, if neither the // original session nor the new ClientHello uses the // extension, the server SHOULD abort the handshake. - if (!allowLegacyResumption) { + if (!SSLConfiguration.allowLegacyResumption) { shc.conContext.fatal(Alert.HANDSHAKE_FAILURE, "Missing Extended Master Secret extension " + "on session resumption"); @@ -355,8 +359,8 @@ // The producing happens in client side only. ClientHandshakeContext chc = (ClientHandshakeContext)context; - if (SSLConfiguration.useExtendedMasterSecret - && !SSLConfiguration.allowLegacyMasterSecret) { + if (SSLConfiguration.useExtendedMasterSecret && + !SSLConfiguration.allowLegacyMasterSecret) { // For full handshake, if a client receives a ServerHello // without the extension, it SHOULD abort the handshake if // it does not wish to interoperate with legacy servers. @@ -374,7 +378,8 @@ "Missing Extended Master Secret extension " + "on session resumption"); } else if (SSLConfiguration.useExtendedMasterSecret && - !SSLConfiguration.allowLegacyResumption) { + !SSLConfiguration.allowLegacyResumption && + chc.negotiatedProtocol.useTLS10PlusSpec()) { // Unlikely, abbreviated handshake should be discarded. chc.conContext.fatal(Alert.HANDSHAKE_FAILURE, "Extended Master Secret extension is required"); diff -r 4a3deb6759b1 -r a423173d0578 src/java.base/share/classes/sun/security/ssl/HelloVerifyRequest.java --- a/src/java.base/share/classes/sun/security/ssl/HelloVerifyRequest.java Tue May 15 14:54:04 2018 -0400 +++ b/src/java.base/share/classes/sun/security/ssl/HelloVerifyRequest.java Tue May 15 13:01:37 2018 -0700 @@ -90,7 +90,8 @@ @Override public int messageLength() { - return 2 + cookie.length; // 2: the length of protocol version + return 3 + cookie.length; // 2: the length of protocol version + // +1: the cookie length } @Override diff -r 4a3deb6759b1 -r a423173d0578 src/java.base/share/classes/sun/security/ssl/SSLExtension.java --- a/src/java.base/share/classes/sun/security/ssl/SSLExtension.java Tue May 15 14:54:04 2018 -0400 +++ b/src/java.base/share/classes/sun/security/ssl/SSLExtension.java Tue May 15 13:01:37 2018 -0700 @@ -264,7 +264,7 @@ // extensions defined in RFC 7627 CH_EXTENDED_MASTER_SECRET (0x0017, "extended_master_secret", SSLHandshake.CLIENT_HELLO, - ProtocolVersion.PROTOCOLS_10_12, + ProtocolVersion.PROTOCOLS_TO_12, ExtendedMasterSecretExtension.chNetworkProducer, ExtendedMasterSecretExtension.chOnLoadConcumer, ExtendedMasterSecretExtension.chOnLoadAbsence, @@ -272,7 +272,7 @@ ExtendedMasterSecretExtension.emsStringize), SH_EXTENDED_MASTER_SECRET (0x0017, "extended_master_secret", SSLHandshake.SERVER_HELLO, - ProtocolVersion.PROTOCOLS_10_12, + ProtocolVersion.PROTOCOLS_TO_12, ExtendedMasterSecretExtension.shNetworkProducer, ExtendedMasterSecretExtension.shOnLoadConcumer, ExtendedMasterSecretExtension.shOnLoadAbsence, @@ -628,10 +628,6 @@ // extensions.remove(CH_STATUS_REQUEST_V2); // } - if (!SSLConfiguration.useExtendedMasterSecret) { - extensions.remove(CH_EXTENDED_MASTER_SECRET); - } - defaults = Collections.unmodifiableCollection(extensions); } } @@ -678,13 +674,6 @@ // // extensions.remove(SH_STATUS_REQUEST_V2); // } - -/* - if (!SSLConfiguration.useExtendedMasterSecret) { - extensions.remove(CH_EXTENDED_MASTER_SECRET); - extensions.remove(SH_EXTENDED_MASTER_SECRET); - } -*/ defaults = Collections.unmodifiableCollection(extensions); } } diff -r 4a3deb6759b1 -r a423173d0578 src/java.base/share/classes/sun/security/ssl/SSLSessionImpl.java --- a/src/java.base/share/classes/sun/security/ssl/SSLSessionImpl.java Tue May 15 14:54:04 2018 -0400 +++ b/src/java.base/share/classes/sun/security/ssl/SSLSessionImpl.java Tue May 15 13:01:37 2018 -0700 @@ -187,7 +187,8 @@ * Record a new session, using a given cipher spec, session ID, * and creation time */ - SSLSessionImpl(HandshakeContext hc, CipherSuite cipherSuite, SessionId id, long creationTime) { + SSLSessionImpl(HandshakeContext hc, + CipherSuite cipherSuite, SessionId id, long creationTime) { this.creationTime = creationTime; this.protocolVersion = hc.negotiatedProtocol; this.sessionId = id;