7093640: Enable client-side TLS 1.2 by default
Reviewed-by: weijun, mullan, wetmore
--- a/jdk/src/share/classes/sun/security/ssl/ProtocolVersion.java Wed Dec 18 11:34:34 2013 -0800
+++ b/jdk/src/share/classes/sun/security/ssl/ProtocolVersion.java Thu Dec 19 02:27:25 2013 -0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2002, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -80,8 +80,8 @@
// maximum version we implement (TLS 1.2)
final static ProtocolVersion MAX = TLS12;
- // ProtocolVersion to use by default (TLS 1.0)
- final static ProtocolVersion DEFAULT = TLS10;
+ // ProtocolVersion to use by default (TLS 1.2)
+ final static ProtocolVersion DEFAULT = TLS12;
// Default version for hello messages (SSLv2Hello)
final static ProtocolVersion DEFAULT_HELLO = FIPS ? TLS10 : SSL30;
--- a/jdk/src/share/classes/sun/security/ssl/SSLContextImpl.java Wed Dec 18 11:34:34 2013 -0800
+++ b/jdk/src/share/classes/sun/security/ssl/SSLContextImpl.java Thu Dec 19 02:27:25 2013 -0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1999, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -36,6 +36,7 @@
import javax.net.ssl.*;
import sun.security.provider.certpath.AlgorithmChecker;
+import sun.security.action.GetPropertyAction;
public abstract class SSLContextImpl extends SSLContextSpi {
@@ -421,22 +422,21 @@
*/
/*
- * The conservative SSLContext implementation for TLS, SSL, SSLv3 and
- * TLS10 algorithm.
+ * The base abstract SSLContext implementation.
*
- * This is a super class of DefaultSSLContext and TLS10Context.
+ * This abstract class encapsulates supported and the default server
+ * SSL parameters.
*
* @see SSLContext
*/
- private static class ConservativeSSLContext extends SSLContextImpl {
+ private abstract static class AbstractSSLContext extends SSLContextImpl {
// parameters
- private static SSLParameters defaultServerSSLParams;
- private static SSLParameters defaultClientSSLParams;
- private static SSLParameters supportedSSLParams;
+ private final static SSLParameters defaultServerSSLParams;
+ private final static SSLParameters supportedSSLParams;
static {
+ supportedSSLParams = new SSLParameters();
if (SunJSSE.isFIPS()) {
- supportedSSLParams = new SSLParameters();
supportedSSLParams.setProtocols(new String[] {
ProtocolVersion.TLS10.name,
ProtocolVersion.TLS11.name,
@@ -444,14 +444,7 @@
});
defaultServerSSLParams = supportedSSLParams;
-
- defaultClientSSLParams = new SSLParameters();
- defaultClientSSLParams.setProtocols(new String[] {
- ProtocolVersion.TLS10.name
- });
-
} else {
- supportedSSLParams = new SSLParameters();
supportedSSLParams.setProtocols(new String[] {
ProtocolVersion.SSL20Hello.name,
ProtocolVersion.SSL30.name,
@@ -461,12 +454,6 @@
});
defaultServerSSLParams = supportedSSLParams;
-
- defaultClientSSLParams = new SSLParameters();
- defaultClientSSLParams.setProtocols(new String[] {
- ProtocolVersion.SSL30.name,
- ProtocolVersion.TLS10.name
- });
}
}
@@ -476,22 +463,205 @@
}
@Override
- SSLParameters getDefaultClientSSLParams() {
- return defaultClientSSLParams;
- }
-
- @Override
SSLParameters getSupportedSSLParams() {
return supportedSSLParams;
}
}
/*
- * The SSLContext implementation for default algorithm
+ * The SSLContext implementation for SSLv3 and TLS10 algorithm
+ *
+ * @see SSLContext
+ */
+ public static final class TLS10Context extends AbstractSSLContext {
+ private final static SSLParameters defaultClientSSLParams;
+
+ static {
+ defaultClientSSLParams = new SSLParameters();
+ if (SunJSSE.isFIPS()) {
+ defaultClientSSLParams.setProtocols(new String[] {
+ ProtocolVersion.TLS10.name
+ });
+
+ } else {
+ defaultClientSSLParams.setProtocols(new String[] {
+ ProtocolVersion.SSL30.name,
+ ProtocolVersion.TLS10.name
+ });
+ }
+ }
+
+ @Override
+ SSLParameters getDefaultClientSSLParams() {
+ return defaultClientSSLParams;
+ }
+ }
+
+ /*
+ * The SSLContext implementation for TLS11 algorithm
+ *
+ * @see SSLContext
+ */
+ public static final class TLS11Context extends AbstractSSLContext {
+ private final static SSLParameters defaultClientSSLParams;
+
+ static {
+ defaultClientSSLParams = new SSLParameters();
+ if (SunJSSE.isFIPS()) {
+ defaultClientSSLParams.setProtocols(new String[] {
+ ProtocolVersion.TLS10.name,
+ ProtocolVersion.TLS11.name
+ });
+
+ } else {
+ defaultClientSSLParams.setProtocols(new String[] {
+ ProtocolVersion.SSL30.name,
+ ProtocolVersion.TLS10.name,
+ ProtocolVersion.TLS11.name
+ });
+ }
+ }
+
+ @Override
+ SSLParameters getDefaultClientSSLParams() {
+ return defaultClientSSLParams;
+ }
+ }
+
+ /*
+ * The SSLContext implementation for TLS12 algorithm
+ *
+ * @see SSLContext
+ */
+ public static final class TLS12Context extends AbstractSSLContext {
+ private final static SSLParameters defaultClientSSLParams;
+
+ static {
+ defaultClientSSLParams = new SSLParameters();
+ if (SunJSSE.isFIPS()) {
+ defaultClientSSLParams.setProtocols(new String[] {
+ ProtocolVersion.TLS10.name,
+ ProtocolVersion.TLS11.name,
+ ProtocolVersion.TLS12.name
+ });
+
+ } else {
+ defaultClientSSLParams.setProtocols(new String[] {
+ ProtocolVersion.SSL30.name,
+ ProtocolVersion.TLS10.name,
+ ProtocolVersion.TLS11.name,
+ ProtocolVersion.TLS12.name
+ });
+ }
+ }
+
+ @Override
+ SSLParameters getDefaultClientSSLParams() {
+ return defaultClientSSLParams;
+ }
+ }
+
+ /*
+ * The SSLContext implementation for customized TLS protocols
*
* @see SSLContext
*/
- public static final class DefaultSSLContext extends ConservativeSSLContext {
+ private static class CustomizedSSLContext extends AbstractSSLContext {
+ private final static String PROPERTY_NAME = "jdk.tls.client.protocols";
+ private final static SSLParameters defaultClientSSLParams;
+ private static IllegalArgumentException reservedException = null;
+
+ // Don't want a java.lang.LinkageError for illegal system property.
+ //
+ // Please don't throw exception in this static block. Otherwise,
+ // java.lang.LinkageError may be thrown during the instantiation of
+ // the provider service. Instead, let's handle the initialization
+ // exception in constructor.
+ static {
+ String property = AccessController.doPrivileged(
+ new GetPropertyAction(PROPERTY_NAME));
+ defaultClientSSLParams = new SSLParameters();
+ if (property == null || property.length() == 0) {
+ // the default enabled client TLS protocols
+ if (SunJSSE.isFIPS()) {
+ defaultClientSSLParams.setProtocols(new String[] {
+ ProtocolVersion.TLS10.name,
+ ProtocolVersion.TLS11.name,
+ ProtocolVersion.TLS12.name
+ });
+
+ } else {
+ defaultClientSSLParams.setProtocols(new String[] {
+ ProtocolVersion.SSL30.name,
+ ProtocolVersion.TLS10.name,
+ ProtocolVersion.TLS11.name,
+ ProtocolVersion.TLS12.name
+ });
+ }
+ } else {
+ // remove double quote marks from beginning/end of the property
+ if (property.charAt(0) == '"' &&
+ property.charAt(property.length() - 1) == '"') {
+ property = property.substring(1, property.length() - 1);
+ }
+
+ String[] protocols = property.split(",");
+ for (int i = 0; i < protocols.length; i++) {
+ protocols[i] = protocols[i].trim();
+ // Is it a supported protocol name?
+ try {
+ ProtocolVersion.valueOf(protocols[i]);
+ } catch (IllegalArgumentException iae) {
+ reservedException = new IllegalArgumentException(
+ PROPERTY_NAME + ": " + protocols[i] +
+ " is not a standard SSL protocol name", iae);
+ }
+ }
+
+ if ((reservedException == null) && SunJSSE.isFIPS()) {
+ for (String protocol : protocols) {
+ if (ProtocolVersion.SSL20Hello.name.equals(protocol) ||
+ ProtocolVersion.SSL30.name.equals(protocol)) {
+ reservedException = new IllegalArgumentException(
+ PROPERTY_NAME + ": " + protocol +
+ " is not FIPS compliant");
+ }
+ }
+ }
+
+ if (reservedException == null) {
+ defaultClientSSLParams.setProtocols(protocols);
+ }
+ }
+ }
+
+ protected CustomizedSSLContext() {
+ if (reservedException != null) {
+ throw reservedException;
+ }
+ }
+
+ @Override
+ SSLParameters getDefaultClientSSLParams() {
+ return defaultClientSSLParams;
+ }
+ }
+
+ /*
+ * The SSLContext implementation for default "TLS" algorithm
+ *
+ * @see SSLContext
+ */
+ public static final class TLSContext extends CustomizedSSLContext {
+ // use the default constructor and methods
+ }
+
+ /*
+ * The SSLContext implementation for default "Default" algorithm
+ *
+ * @see SSLContext
+ */
+ public static final class DefaultSSLContext extends CustomizedSSLContext {
private static final String NONE = "NONE";
private static final String P11KEYSTORE = "PKCS11";
@@ -652,147 +822,6 @@
}
}
- /*
- * The SSLContext implementation for TLS, SSL, SSLv3 and TLS10 algorithm
- *
- * @see SSLContext
- */
- public static final class TLS10Context extends ConservativeSSLContext {
- // use the default constructor and methods
- }
-
- /*
- * The SSLContext implementation for TLS11 algorithm
- *
- * @see SSLContext
- */
- public static final class TLS11Context extends SSLContextImpl {
- // parameters
- private static SSLParameters defaultServerSSLParams;
- private static SSLParameters defaultClientSSLParams;
- private static SSLParameters supportedSSLParams;
-
- static {
- if (SunJSSE.isFIPS()) {
- supportedSSLParams = new SSLParameters();
- supportedSSLParams.setProtocols(new String[] {
- ProtocolVersion.TLS10.name,
- ProtocolVersion.TLS11.name,
- ProtocolVersion.TLS12.name
- });
-
- defaultServerSSLParams = supportedSSLParams;
-
- defaultClientSSLParams = new SSLParameters();
- defaultClientSSLParams.setProtocols(new String[] {
- ProtocolVersion.TLS10.name,
- ProtocolVersion.TLS11.name
- });
-
- } else {
- supportedSSLParams = new SSLParameters();
- supportedSSLParams.setProtocols(new String[] {
- ProtocolVersion.SSL20Hello.name,
- ProtocolVersion.SSL30.name,
- ProtocolVersion.TLS10.name,
- ProtocolVersion.TLS11.name,
- ProtocolVersion.TLS12.name
- });
-
- defaultServerSSLParams = supportedSSLParams;
-
- defaultClientSSLParams = new SSLParameters();
- defaultClientSSLParams.setProtocols(new String[] {
- ProtocolVersion.SSL30.name,
- ProtocolVersion.TLS10.name,
- ProtocolVersion.TLS11.name
- });
- }
- }
-
- @Override
- SSLParameters getDefaultServerSSLParams() {
- return defaultServerSSLParams;
- }
-
- @Override
- SSLParameters getDefaultClientSSLParams() {
- return defaultClientSSLParams;
- }
-
- @Override
- SSLParameters getSupportedSSLParams() {
- return supportedSSLParams;
- }
- }
-
- /*
- * The SSLContext implementation for TLS12 algorithm
- *
- * @see SSLContext
- */
- public static final class TLS12Context extends SSLContextImpl {
- // parameters
- private static SSLParameters defaultServerSSLParams;
- private static SSLParameters defaultClientSSLParams;
- private static SSLParameters supportedSSLParams;
-
- static {
- if (SunJSSE.isFIPS()) {
- supportedSSLParams = new SSLParameters();
- supportedSSLParams.setProtocols(new String[] {
- ProtocolVersion.TLS10.name,
- ProtocolVersion.TLS11.name,
- ProtocolVersion.TLS12.name
- });
-
- defaultServerSSLParams = supportedSSLParams;
-
- defaultClientSSLParams = new SSLParameters();
- defaultClientSSLParams.setProtocols(new String[] {
- ProtocolVersion.TLS10.name,
- ProtocolVersion.TLS11.name,
- ProtocolVersion.TLS12.name
- });
-
- } else {
- supportedSSLParams = new SSLParameters();
- supportedSSLParams.setProtocols(new String[] {
- ProtocolVersion.SSL20Hello.name,
- ProtocolVersion.SSL30.name,
- ProtocolVersion.TLS10.name,
- ProtocolVersion.TLS11.name,
- ProtocolVersion.TLS12.name
- });
-
- defaultServerSSLParams = supportedSSLParams;
-
- defaultClientSSLParams = new SSLParameters();
- defaultClientSSLParams.setProtocols(new String[] {
- ProtocolVersion.SSL30.name,
- ProtocolVersion.TLS10.name,
- ProtocolVersion.TLS11.name,
- ProtocolVersion.TLS12.name
- });
- }
- }
-
- @Override
- SSLParameters getDefaultServerSSLParams() {
- return defaultServerSSLParams;
- }
-
- @Override
- SSLParameters getDefaultClientSSLParams() {
- return defaultClientSSLParams;
- }
-
- @Override
- SSLParameters getSupportedSSLParams() {
- return supportedSSLParams;
- }
- }
-
}
--- a/jdk/src/share/classes/sun/security/ssl/SunJSSE.java Wed Dec 18 11:34:34 2013 -0800
+++ b/jdk/src/share/classes/sun/security/ssl/SunJSSE.java Thu Dec 19 02:27:25 2013 -0800
@@ -60,7 +60,8 @@
private static final long serialVersionUID = 3231825739635378733L;
private static String info = "Sun JSSE provider" +
- "(PKCS12, SunX509 key/trust factories, SSLv3, TLSv1)";
+ "(PKCS12, SunX509/PKIX key/trust factories, " +
+ "SSLv3/TLSv1/TLSv1.1/TLSv1.2)";
private static String fipsInfo =
"Sun JSSE provider (FIPS mode, crypto provider ";
@@ -208,16 +209,17 @@
put("SSLContext.TLSv1",
"sun.security.ssl.SSLContextImpl$TLS10Context");
- put("Alg.Alias.SSLContext.TLS", "TLSv1");
- if (isfips == false) {
- put("Alg.Alias.SSLContext.SSL", "TLSv1");
- put("Alg.Alias.SSLContext.SSLv3", "TLSv1");
- }
-
put("SSLContext.TLSv1.1",
"sun.security.ssl.SSLContextImpl$TLS11Context");
put("SSLContext.TLSv1.2",
"sun.security.ssl.SSLContextImpl$TLS12Context");
+ put("SSLContext.TLS",
+ "sun.security.ssl.SSLContextImpl$TLSContext");
+ if (isfips == false) {
+ put("Alg.Alias.SSLContext.SSL", "TLS");
+ put("Alg.Alias.SSLContext.SSLv3", "TLSv1");
+ }
+
put("SSLContext.Default",
"sun.security.ssl.SSLContextImpl$DefaultSSLContext");
--- a/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/DHKeyExchange/DHEKeySizing.java Wed Dec 18 11:34:34 2013 -0800
+++ b/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/DHKeyExchange/DHEKeySizing.java Thu Dec 19 02:27:25 2013 -0800
@@ -443,7 +443,7 @@
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(ts);
- SSLContext sslCtx = SSLContext.getInstance("TLS");
+ SSLContext sslCtx = SSLContext.getInstance("TLSv1");
sslCtx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
return sslCtx;
--- a/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/EngineArgs/DebugReportsOneExtraByte.java Wed Dec 18 11:34:34 2013 -0800
+++ b/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/EngineArgs/DebugReportsOneExtraByte.java Thu Dec 19 02:27:25 2013 -0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -159,7 +159,7 @@
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(ts);
- SSLContext sslCtx = SSLContext.getInstance("TLS");
+ SSLContext sslCtx = SSLContext.getInstance("TLSv1");
sslCtx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/CustomizedDefaultProtocols.java Thu Dec 19 02:27:25 2013 -0800
@@ -0,0 +1,239 @@
+/*
+ * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+// SunJSSE does not support dynamic system properties, no way to re-use
+// system properties in samevm/agentvm mode.
+
+/*
+ * @test
+ * @bug 7093640
+ * @summary Enable TLS 1.1 and TLS 1.2 by default in client side of SunJSSE
+ * @run main/othervm -Djdk.tls.client.protocols="SSLv3,TLSv1,TLSv1.1"
+ * CustomizedDefaultProtocols
+ */
+
+import javax.net.*;
+import javax.net.ssl.*;
+import java.util.Arrays;
+
+public class CustomizedDefaultProtocols {
+ static enum ContextVersion {
+ TLS_CV_01("SSL",
+ new String[] {"SSLv3", "TLSv1", "TLSv1.1"}),
+ TLS_CV_02("TLS",
+ new String[] {"SSLv3", "TLSv1", "TLSv1.1"}),
+ TLS_CV_03("SSLv3",
+ new String[] {"SSLv3", "TLSv1"}),
+ TLS_CV_04("TLSv1",
+ new String[] {"SSLv3", "TLSv1"}),
+ TLS_CV_05("TLSv1.1",
+ new String[] {"SSLv3", "TLSv1", "TLSv1.1"}),
+ TLS_CV_06("TLSv1.2",
+ new String[] {"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2"}),
+ TLS_CV_07("Default",
+ new String[] {"SSLv3", "TLSv1", "TLSv1.1"});
+
+ final String contextVersion;
+ final String[] enabledProtocols;
+ final static String[] supportedProtocols = new String[] {
+ "SSLv2Hello", "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2"};
+
+ ContextVersion(String contextVersion, String[] enabledProtocols) {
+ this.contextVersion = contextVersion;
+ this.enabledProtocols = enabledProtocols;
+ }
+ }
+
+ private static boolean checkProtocols(String[] target, String[] expected) {
+ boolean success = true;
+ if (target.length == 0) {
+ System.out.println("\tError: No protocols");
+ success = false;
+ }
+
+ if (!Arrays.equals(target, expected)) {
+ System.out.println("\tError: Expected to get protocols " +
+ Arrays.toString(expected));
+ System.out.println("\tError: The actual protocols " +
+ Arrays.toString(target));
+ success = false;
+ }
+
+ return success;
+ }
+
+ private static boolean checkCipherSuites(String[] target) {
+ boolean success = true;
+ if (target.length == 0) {
+ System.out.println("\tError: No cipher suites");
+ success = false;
+ }
+
+ return success;
+ }
+
+ public static void main(String[] args) throws Exception {
+ boolean failed = false;
+ for (ContextVersion cv : ContextVersion.values()) {
+ System.out.println("Checking SSLContext of " + cv.contextVersion);
+ SSLContext context = SSLContext.getInstance(cv.contextVersion);
+
+ // Default SSLContext is initialized automatically.
+ if (!cv.contextVersion.equals("Default")) {
+ // Use default TK, KM and random.
+ context.init((KeyManager[])null, (TrustManager[])null, null);
+ }
+
+ //
+ // Check SSLContext
+ //
+ // Check default SSLParameters of SSLContext
+ System.out.println("\tChecking default SSLParameters");
+ SSLParameters parameters = context.getDefaultSSLParameters();
+
+ String[] protocols = parameters.getProtocols();
+ failed |= !checkProtocols(protocols, cv.enabledProtocols);
+
+ String[] ciphers = parameters.getCipherSuites();
+ failed |= !checkCipherSuites(ciphers);
+
+ // Check supported SSLParameters of SSLContext
+ System.out.println("\tChecking supported SSLParameters");
+ parameters = context.getSupportedSSLParameters();
+
+ protocols = parameters.getProtocols();
+ failed |= !checkProtocols(protocols, cv.supportedProtocols);
+
+ ciphers = parameters.getCipherSuites();
+ failed |= !checkCipherSuites(ciphers);
+
+ //
+ // Check SSLEngine
+ //
+ // Check SSLParameters of SSLEngine
+ System.out.println();
+ System.out.println("\tChecking SSLEngine of this SSLContext");
+ System.out.println("\tChecking SSLEngine.getSSLParameters()");
+ SSLEngine engine = context.createSSLEngine();
+ engine.setUseClientMode(true);
+ parameters = engine.getSSLParameters();
+
+ protocols = parameters.getProtocols();
+ failed |= !checkProtocols(protocols, cv.enabledProtocols);
+
+ ciphers = parameters.getCipherSuites();
+ failed |= !checkCipherSuites(ciphers);
+
+ System.out.println("\tChecking SSLEngine.getEnabledProtocols()");
+ protocols = engine.getEnabledProtocols();
+ failed |= !checkProtocols(protocols, cv.enabledProtocols);
+
+ System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()");
+ ciphers = engine.getEnabledCipherSuites();
+ failed |= !checkCipherSuites(ciphers);
+
+ System.out.println("\tChecking SSLEngine.getSupportedProtocols()");
+ protocols = engine.getSupportedProtocols();
+ failed |= !checkProtocols(protocols, cv.supportedProtocols);
+
+ System.out.println(
+ "\tChecking SSLEngine.getSupportedCipherSuites()");
+ ciphers = engine.getSupportedCipherSuites();
+ failed |= !checkCipherSuites(ciphers);
+
+ //
+ // Check SSLSocket
+ //
+ // Check SSLParameters of SSLSocket
+ System.out.println();
+ System.out.println("\tChecking SSLSocket of this SSLContext");
+ System.out.println("\tChecking SSLSocket.getSSLParameters()");
+ SocketFactory fac = context.getSocketFactory();
+ SSLSocket socket = (SSLSocket)fac.createSocket();
+ parameters = socket.getSSLParameters();
+
+ protocols = parameters.getProtocols();
+ failed |= !checkProtocols(protocols, cv.enabledProtocols);
+
+ ciphers = parameters.getCipherSuites();
+ failed |= !checkCipherSuites(ciphers);
+
+ System.out.println("\tChecking SSLEngine.getEnabledProtocols()");
+ protocols = socket.getEnabledProtocols();
+ failed |= !checkProtocols(protocols, cv.enabledProtocols);
+
+ System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()");
+ ciphers = socket.getEnabledCipherSuites();
+ failed |= !checkCipherSuites(ciphers);
+
+ System.out.println("\tChecking SSLEngine.getSupportedProtocols()");
+ protocols = socket.getSupportedProtocols();
+ failed |= !checkProtocols(protocols, cv.supportedProtocols);
+
+ System.out.println(
+ "\tChecking SSLEngine.getSupportedCipherSuites()");
+ ciphers = socket.getSupportedCipherSuites();
+ failed |= !checkCipherSuites(ciphers);
+
+ //
+ // Check SSLServerSocket
+ //
+ // Check SSLParameters of SSLServerSocket
+ System.out.println();
+ System.out.println("\tChecking SSLServerSocket of this SSLContext");
+ System.out.println("\tChecking SSLServerSocket.getSSLParameters()");
+ SSLServerSocketFactory sf = context.getServerSocketFactory();
+ SSLServerSocket ssocket = (SSLServerSocket)sf.createServerSocket();
+ parameters = ssocket.getSSLParameters();
+
+ protocols = parameters.getProtocols();
+ failed |= !checkProtocols(protocols, cv.supportedProtocols);
+
+ ciphers = parameters.getCipherSuites();
+ failed |= !checkCipherSuites(ciphers);
+
+ System.out.println("\tChecking SSLEngine.getEnabledProtocols()");
+ protocols = ssocket.getEnabledProtocols();
+ failed |= !checkProtocols(protocols, cv.supportedProtocols);
+
+ System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()");
+ ciphers = ssocket.getEnabledCipherSuites();
+ failed |= !checkCipherSuites(ciphers);
+
+ System.out.println("\tChecking SSLEngine.getSupportedProtocols()");
+ protocols = ssocket.getSupportedProtocols();
+ failed |= !checkProtocols(protocols, cv.supportedProtocols);
+
+ System.out.println(
+ "\tChecking SSLEngine.getSupportedCipherSuites()");
+ ciphers = ssocket.getSupportedCipherSuites();
+ failed |= !checkCipherSuites(ciphers);
+ }
+
+ if (failed) {
+ throw new Exception("Run into problems, see log for more details");
+ } else {
+ System.out.println("\t... Success");
+ }
+ }
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/DefaultEnabledProtocols.java Thu Dec 19 02:27:25 2013 -0800
@@ -0,0 +1,238 @@
+/*
+ * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+// SunJSSE does not support dynamic system properties, no way to re-use
+// system properties in samevm/agentvm mode.
+
+/*
+ * @test
+ * @bug 7093640
+ * @summary Enable TLS 1.1 and TLS 1.2 by default in client side of SunJSSE
+ * @run main/othervm DefaultEnabledProtocols
+ */
+
+import javax.net.*;
+import javax.net.ssl.*;
+import java.util.Arrays;
+
+public class DefaultEnabledProtocols {
+ static enum ContextVersion {
+ TLS_CV_01("SSL",
+ new String[] {"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2"}),
+ TLS_CV_02("TLS",
+ new String[] {"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2"}),
+ TLS_CV_03("SSLv3",
+ new String[] {"SSLv3", "TLSv1"}),
+ TLS_CV_04("TLSv1",
+ new String[] {"SSLv3", "TLSv1"}),
+ TLS_CV_05("TLSv1.1",
+ new String[] {"SSLv3", "TLSv1", "TLSv1.1"}),
+ TLS_CV_06("TLSv1.2",
+ new String[] {"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2"}),
+ TLS_CV_07("Default",
+ new String[] {"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2"});
+
+ final String contextVersion;
+ final String[] enabledProtocols;
+ final static String[] supportedProtocols = new String[] {
+ "SSLv2Hello", "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2"};
+
+ ContextVersion(String contextVersion, String[] enabledProtocols) {
+ this.contextVersion = contextVersion;
+ this.enabledProtocols = enabledProtocols;
+ }
+ }
+
+ private static boolean checkProtocols(String[] target, String[] expected) {
+ boolean success = true;
+ if (target.length == 0) {
+ System.out.println("\tError: No protocols");
+ success = false;
+ }
+
+ if (!Arrays.equals(target, expected)) {
+ System.out.println("\tError: Expected to get protocols " +
+ Arrays.toString(expected));
+ System.out.println("\tError: The actual protocols " +
+ Arrays.toString(target));
+ success = false;
+ }
+
+ return success;
+ }
+
+ private static boolean checkCipherSuites(String[] target) {
+ boolean success = true;
+ if (target.length == 0) {
+ System.out.println("\tError: No cipher suites");
+ success = false;
+ }
+
+ return success;
+ }
+
+ public static void main(String[] args) throws Exception {
+ boolean failed = false;
+ for (ContextVersion cv : ContextVersion.values()) {
+ System.out.println("Checking SSLContext of " + cv.contextVersion);
+ SSLContext context = SSLContext.getInstance(cv.contextVersion);
+
+ // Default SSLContext is initialized automatically.
+ if (!cv.contextVersion.equals("Default")) {
+ // Use default TK, KM and random.
+ context.init((KeyManager[])null, (TrustManager[])null, null);
+ }
+
+ //
+ // Check SSLContext
+ //
+ // Check default SSLParameters of SSLContext
+ System.out.println("\tChecking default SSLParameters");
+ SSLParameters parameters = context.getDefaultSSLParameters();
+
+ String[] protocols = parameters.getProtocols();
+ failed |= !checkProtocols(protocols, cv.enabledProtocols);
+
+ String[] ciphers = parameters.getCipherSuites();
+ failed |= !checkCipherSuites(ciphers);
+
+ // Check supported SSLParameters of SSLContext
+ System.out.println("\tChecking supported SSLParameters");
+ parameters = context.getSupportedSSLParameters();
+
+ protocols = parameters.getProtocols();
+ failed |= !checkProtocols(protocols, cv.supportedProtocols);
+
+ ciphers = parameters.getCipherSuites();
+ failed |= !checkCipherSuites(ciphers);
+
+ //
+ // Check SSLEngine
+ //
+ // Check SSLParameters of SSLEngine
+ System.out.println();
+ System.out.println("\tChecking SSLEngine of this SSLContext");
+ System.out.println("\tChecking SSLEngine.getSSLParameters()");
+ SSLEngine engine = context.createSSLEngine();
+ engine.setUseClientMode(true);
+ parameters = engine.getSSLParameters();
+
+ protocols = parameters.getProtocols();
+ failed |= !checkProtocols(protocols, cv.enabledProtocols);
+
+ ciphers = parameters.getCipherSuites();
+ failed |= !checkCipherSuites(ciphers);
+
+ System.out.println("\tChecking SSLEngine.getEnabledProtocols()");
+ protocols = engine.getEnabledProtocols();
+ failed |= !checkProtocols(protocols, cv.enabledProtocols);
+
+ System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()");
+ ciphers = engine.getEnabledCipherSuites();
+ failed |= !checkCipherSuites(ciphers);
+
+ System.out.println("\tChecking SSLEngine.getSupportedProtocols()");
+ protocols = engine.getSupportedProtocols();
+ failed |= !checkProtocols(protocols, cv.supportedProtocols);
+
+ System.out.println(
+ "\tChecking SSLEngine.getSupportedCipherSuites()");
+ ciphers = engine.getSupportedCipherSuites();
+ failed |= !checkCipherSuites(ciphers);
+
+ //
+ // Check SSLSocket
+ //
+ // Check SSLParameters of SSLSocket
+ System.out.println();
+ System.out.println("\tChecking SSLSocket of this SSLContext");
+ System.out.println("\tChecking SSLSocket.getSSLParameters()");
+ SocketFactory fac = context.getSocketFactory();
+ SSLSocket socket = (SSLSocket)fac.createSocket();
+ parameters = socket.getSSLParameters();
+
+ protocols = parameters.getProtocols();
+ failed |= !checkProtocols(protocols, cv.enabledProtocols);
+
+ ciphers = parameters.getCipherSuites();
+ failed |= !checkCipherSuites(ciphers);
+
+ System.out.println("\tChecking SSLEngine.getEnabledProtocols()");
+ protocols = socket.getEnabledProtocols();
+ failed |= !checkProtocols(protocols, cv.enabledProtocols);
+
+ System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()");
+ ciphers = socket.getEnabledCipherSuites();
+ failed |= !checkCipherSuites(ciphers);
+
+ System.out.println("\tChecking SSLEngine.getSupportedProtocols()");
+ protocols = socket.getSupportedProtocols();
+ failed |= !checkProtocols(protocols, cv.supportedProtocols);
+
+ System.out.println(
+ "\tChecking SSLEngine.getSupportedCipherSuites()");
+ ciphers = socket.getSupportedCipherSuites();
+ failed |= !checkCipherSuites(ciphers);
+
+ //
+ // Check SSLServerSocket
+ //
+ // Check SSLParameters of SSLServerSocket
+ System.out.println();
+ System.out.println("\tChecking SSLServerSocket of this SSLContext");
+ System.out.println("\tChecking SSLServerSocket.getSSLParameters()");
+ SSLServerSocketFactory sf = context.getServerSocketFactory();
+ SSLServerSocket ssocket = (SSLServerSocket)sf.createServerSocket();
+ parameters = ssocket.getSSLParameters();
+
+ protocols = parameters.getProtocols();
+ failed |= !checkProtocols(protocols, cv.supportedProtocols);
+
+ ciphers = parameters.getCipherSuites();
+ failed |= !checkCipherSuites(ciphers);
+
+ System.out.println("\tChecking SSLEngine.getEnabledProtocols()");
+ protocols = ssocket.getEnabledProtocols();
+ failed |= !checkProtocols(protocols, cv.supportedProtocols);
+
+ System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()");
+ ciphers = ssocket.getEnabledCipherSuites();
+ failed |= !checkCipherSuites(ciphers);
+
+ System.out.println("\tChecking SSLEngine.getSupportedProtocols()");
+ protocols = ssocket.getSupportedProtocols();
+ failed |= !checkProtocols(protocols, cv.supportedProtocols);
+
+ System.out.println(
+ "\tChecking SSLEngine.getSupportedCipherSuites()");
+ ciphers = ssocket.getSupportedCipherSuites();
+ failed |= !checkCipherSuites(ciphers);
+ }
+
+ if (failed) {
+ throw new Exception("Run into problems, see log for more details");
+ } else {
+ System.out.println("\t... Success");
+ }
+ }
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/IllegalProtocolProperty.java Thu Dec 19 02:27:25 2013 -0800
@@ -0,0 +1,138 @@
+/*
+ * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+// SunJSSE does not support dynamic system properties, no way to re-use
+// system properties in samevm/agentvm mode.
+
+/*
+ * @test
+ * @bug 7093640
+ * @summary Enable TLS 1.1 and TLS 1.2 by default in client side of SunJSSE
+ * @run main/othervm -Djdk.tls.client.protocols="XSLv3,TLSv1"
+ * IllegalProtocolProperty
+ */
+
+import javax.net.ssl.*;
+import java.security.NoSuchAlgorithmException;
+
+public class IllegalProtocolProperty {
+ static enum ContextVersion {
+ TLS_CV_01("SSL", "TLSv1", "TLSv1.2", true),
+ TLS_CV_02("TLS", "TLSv1", "TLSv1.2", true),
+ TLS_CV_03("SSLv3", "TLSv1", "TLSv1.2", false),
+ TLS_CV_04("TLSv1", "TLSv1", "TLSv1.2", false),
+ TLS_CV_05("TLSv1.1", "TLSv1.1", "TLSv1.2", false),
+ TLS_CV_06("TLSv1.2", "TLSv1.2", "TLSv1.2", false),
+ TLS_CV_07("Default", "TLSv1", "TLSv1.2", true);
+
+ final String contextVersion;
+ final String defaultProtocolVersion;
+ final String supportedProtocolVersion;
+ final boolean impacted;
+
+ ContextVersion(String contextVersion, String defaultProtocolVersion,
+ String supportedProtocolVersion, boolean impacted) {
+ this.contextVersion = contextVersion;
+ this.defaultProtocolVersion = defaultProtocolVersion;
+ this.supportedProtocolVersion = supportedProtocolVersion;
+ this.impacted = impacted;
+ }
+ }
+
+ public static void main(String[] args) throws Exception {
+ for (ContextVersion cv : ContextVersion.values()) {
+ System.out.println("Checking SSLContext of " + cv.contextVersion);
+
+ SSLContext context;
+ try {
+ context = SSLContext.getInstance(cv.contextVersion);
+ if (cv.impacted) {
+ throw new Exception(
+ "illegal system property jdk.tls.client.protocols: " +
+ System.getProperty("jdk.tls.client.protocols"));
+ }
+ } catch (NoSuchAlgorithmException nsae) {
+ if (cv.impacted) {
+ System.out.println(
+ "\tIgnore: illegal system property " +
+ "jdk.tls.client.protocols=" +
+ System.getProperty("jdk.tls.client.protocols"));
+ continue;
+ } else {
+ throw nsae;
+ }
+ }
+
+ // Default SSLContext is initialized automatically.
+ if (!cv.contextVersion.equals("Default")) {
+ // Use default TK, KM and random.
+ context.init((KeyManager[])null, (TrustManager[])null, null);
+ }
+
+ SSLParameters parameters = context.getDefaultSSLParameters();
+
+ String[] protocols = parameters.getProtocols();
+ String[] ciphers = parameters.getCipherSuites();
+
+ if (protocols.length == 0 || ciphers.length == 0) {
+ throw new Exception("No default protocols or cipher suites");
+ }
+
+ boolean isMatch = false;
+ for (String protocol : protocols) {
+ System.out.println("\tdefault protocol version " + protocol);
+ if (protocol.equals(cv.defaultProtocolVersion)) {
+ isMatch = true;
+ break;
+ }
+ }
+
+ if (!isMatch) {
+ throw new Exception("No matched default protocol");
+ }
+
+ parameters = context.getSupportedSSLParameters();
+
+ protocols = parameters.getProtocols();
+ ciphers = parameters.getCipherSuites();
+
+ if (protocols.length == 0 || ciphers.length == 0) {
+ throw new Exception("No supported protocols or cipher suites");
+ }
+
+ isMatch = false;
+ for (String protocol : protocols) {
+ System.out.println("\tsupported protocol version " + protocol);
+ if (protocol.equals(cv.supportedProtocolVersion)) {
+ isMatch = true;
+ break;
+ }
+ }
+
+ if (!isMatch) {
+ throw new Exception("No matched supported protocol");
+ }
+ System.out.println("\t... Success");
+ }
+ }
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/NoOldVersionContext.java Thu Dec 19 02:27:25 2013 -0800
@@ -0,0 +1,239 @@
+/*
+ * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+// SunJSSE does not support dynamic system properties, no way to re-use
+// system properties in samevm/agentvm mode.
+
+/*
+ * @test
+ * @bug 7093640
+ * @summary Enable TLS 1.1 and TLS 1.2 by default in client side of SunJSSE
+ * @run main/othervm -Djdk.tls.client.protocols="TLSv1,TLSv1.1,TLSv1.2"
+ * NoOldVersionContext
+ */
+
+import javax.net.*;
+import javax.net.ssl.*;
+import java.util.Arrays;
+
+public class NoOldVersionContext {
+ static enum ContextVersion {
+ TLS_CV_01("SSL",
+ new String[] {"TLSv1", "TLSv1.1", "TLSv1.2"}),
+ TLS_CV_02("TLS",
+ new String[] {"TLSv1", "TLSv1.1", "TLSv1.2"}),
+ TLS_CV_03("SSLv3",
+ new String[] {"SSLv3", "TLSv1"}),
+ TLS_CV_04("TLSv1",
+ new String[] {"SSLv3", "TLSv1"}),
+ TLS_CV_05("TLSv1.1",
+ new String[] {"SSLv3", "TLSv1", "TLSv1.1"}),
+ TLS_CV_06("TLSv1.2",
+ new String[] {"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2"}),
+ TLS_CV_07("Default",
+ new String[] {"TLSv1", "TLSv1.1", "TLSv1.2"});
+
+ final String contextVersion;
+ final String[] enabledProtocols;
+ final static String[] supportedProtocols = new String[] {
+ "SSLv2Hello", "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2"};
+
+ ContextVersion(String contextVersion, String[] enabledProtocols) {
+ this.contextVersion = contextVersion;
+ this.enabledProtocols = enabledProtocols;
+ }
+ }
+
+ private static boolean checkProtocols(String[] target, String[] expected) {
+ boolean success = true;
+ if (target.length == 0) {
+ System.out.println("\tError: No protocols");
+ success = false;
+ }
+
+ if (!Arrays.equals(target, expected)) {
+ System.out.println("\tError: Expected to get protocols " +
+ Arrays.toString(expected));
+ System.out.println("\tError: The actual protocols " +
+ Arrays.toString(target));
+ success = false;
+ }
+
+ return success;
+ }
+
+ private static boolean checkCipherSuites(String[] target) {
+ boolean success = true;
+ if (target.length == 0) {
+ System.out.println("\tError: No cipher suites");
+ success = false;
+ }
+
+ return success;
+ }
+
+ public static void main(String[] args) throws Exception {
+ boolean failed = false;
+ for (ContextVersion cv : ContextVersion.values()) {
+ System.out.println("Checking SSLContext of " + cv.contextVersion);
+ SSLContext context = SSLContext.getInstance(cv.contextVersion);
+
+ // Default SSLContext is initialized automatically.
+ if (!cv.contextVersion.equals("Default")) {
+ // Use default TK, KM and random.
+ context.init((KeyManager[])null, (TrustManager[])null, null);
+ }
+
+ //
+ // Check SSLContext
+ //
+ // Check default SSLParameters of SSLContext
+ System.out.println("\tChecking default SSLParameters");
+ SSLParameters parameters = context.getDefaultSSLParameters();
+
+ String[] protocols = parameters.getProtocols();
+ failed |= !checkProtocols(protocols, cv.enabledProtocols);
+
+ String[] ciphers = parameters.getCipherSuites();
+ failed |= !checkCipherSuites(ciphers);
+
+ // Check supported SSLParameters of SSLContext
+ System.out.println("\tChecking supported SSLParameters");
+ parameters = context.getSupportedSSLParameters();
+
+ protocols = parameters.getProtocols();
+ failed |= !checkProtocols(protocols, cv.supportedProtocols);
+
+ ciphers = parameters.getCipherSuites();
+ failed |= !checkCipherSuites(ciphers);
+
+ //
+ // Check SSLEngine
+ //
+ // Check SSLParameters of SSLEngine
+ System.out.println();
+ System.out.println("\tChecking SSLEngine of this SSLContext");
+ System.out.println("\tChecking SSLEngine.getSSLParameters()");
+ SSLEngine engine = context.createSSLEngine();
+ engine.setUseClientMode(true);
+ parameters = engine.getSSLParameters();
+
+ protocols = parameters.getProtocols();
+ failed |= !checkProtocols(protocols, cv.enabledProtocols);
+
+ ciphers = parameters.getCipherSuites();
+ failed |= !checkCipherSuites(ciphers);
+
+ System.out.println("\tChecking SSLEngine.getEnabledProtocols()");
+ protocols = engine.getEnabledProtocols();
+ failed |= !checkProtocols(protocols, cv.enabledProtocols);
+
+ System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()");
+ ciphers = engine.getEnabledCipherSuites();
+ failed |= !checkCipherSuites(ciphers);
+
+ System.out.println("\tChecking SSLEngine.getSupportedProtocols()");
+ protocols = engine.getSupportedProtocols();
+ failed |= !checkProtocols(protocols, cv.supportedProtocols);
+
+ System.out.println(
+ "\tChecking SSLEngine.getSupportedCipherSuites()");
+ ciphers = engine.getSupportedCipherSuites();
+ failed |= !checkCipherSuites(ciphers);
+
+ //
+ // Check SSLSocket
+ //
+ // Check SSLParameters of SSLSocket
+ System.out.println();
+ System.out.println("\tChecking SSLSocket of this SSLContext");
+ System.out.println("\tChecking SSLSocket.getSSLParameters()");
+ SocketFactory fac = context.getSocketFactory();
+ SSLSocket socket = (SSLSocket)fac.createSocket();
+ parameters = socket.getSSLParameters();
+
+ protocols = parameters.getProtocols();
+ failed |= !checkProtocols(protocols, cv.enabledProtocols);
+
+ ciphers = parameters.getCipherSuites();
+ failed |= !checkCipherSuites(ciphers);
+
+ System.out.println("\tChecking SSLEngine.getEnabledProtocols()");
+ protocols = socket.getEnabledProtocols();
+ failed |= !checkProtocols(protocols, cv.enabledProtocols);
+
+ System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()");
+ ciphers = socket.getEnabledCipherSuites();
+ failed |= !checkCipherSuites(ciphers);
+
+ System.out.println("\tChecking SSLEngine.getSupportedProtocols()");
+ protocols = socket.getSupportedProtocols();
+ failed |= !checkProtocols(protocols, cv.supportedProtocols);
+
+ System.out.println(
+ "\tChecking SSLEngine.getSupportedCipherSuites()");
+ ciphers = socket.getSupportedCipherSuites();
+ failed |= !checkCipherSuites(ciphers);
+
+ //
+ // Check SSLServerSocket
+ //
+ // Check SSLParameters of SSLServerSocket
+ System.out.println();
+ System.out.println("\tChecking SSLServerSocket of this SSLContext");
+ System.out.println("\tChecking SSLServerSocket.getSSLParameters()");
+ SSLServerSocketFactory sf = context.getServerSocketFactory();
+ SSLServerSocket ssocket = (SSLServerSocket)sf.createServerSocket();
+ parameters = ssocket.getSSLParameters();
+
+ protocols = parameters.getProtocols();
+ failed |= !checkProtocols(protocols, cv.supportedProtocols);
+
+ ciphers = parameters.getCipherSuites();
+ failed |= !checkCipherSuites(ciphers);
+
+ System.out.println("\tChecking SSLEngine.getEnabledProtocols()");
+ protocols = ssocket.getEnabledProtocols();
+ failed |= !checkProtocols(protocols, cv.supportedProtocols);
+
+ System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()");
+ ciphers = ssocket.getEnabledCipherSuites();
+ failed |= !checkCipherSuites(ciphers);
+
+ System.out.println("\tChecking SSLEngine.getSupportedProtocols()");
+ protocols = ssocket.getSupportedProtocols();
+ failed |= !checkProtocols(protocols, cv.supportedProtocols);
+
+ System.out.println(
+ "\tChecking SSLEngine.getSupportedCipherSuites()");
+ ciphers = ssocket.getSupportedCipherSuites();
+ failed |= !checkCipherSuites(ciphers);
+ }
+
+ if (failed) {
+ throw new Exception("Run into problems, see log for more details");
+ } else {
+ System.out.println("\t... Success");
+ }
+ }
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/SSLContextVersion.java Thu Dec 19 02:27:25 2013 -0800
@@ -0,0 +1,116 @@
+/*
+ * Copyright (c) 2011, 2013, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+// SunJSSE does not support dynamic system properties, no way to re-use
+// system properties in samevm/agentvm mode.
+
+/*
+ * @test
+ * @bug 6976117
+ * @summary SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets
+ * without TLSv1.1 enabled
+ * @run main/othervm SSLContextVersion
+ */
+
+import javax.net.ssl.*;
+
+public class SSLContextVersion {
+ static enum ContextVersion {
+ TLS_CV_01("SSL", "TLSv1.2", "TLSv1.2"),
+ TLS_CV_02("TLS", "TLSv1.2", "TLSv1.2"),
+ TLS_CV_03("SSLv3", "TLSv1", "TLSv1.2"),
+ TLS_CV_04("TLSv1", "TLSv1", "TLSv1.2"),
+ TLS_CV_05("TLSv1.1", "TLSv1.1", "TLSv1.2"),
+ TLS_CV_06("TLSv1.2", "TLSv1.2", "TLSv1.2"),
+ TLS_CV_07("Default", "TLSv1.2", "TLSv1.2");
+
+ final String contextVersion;
+ final String defaultProtocolVersion;
+ final String supportedProtocolVersion;
+
+ ContextVersion(String contextVersion, String defaultProtocolVersion,
+ String supportedProtocolVersion) {
+ this.contextVersion = contextVersion;
+ this.defaultProtocolVersion = defaultProtocolVersion;
+ this.supportedProtocolVersion = supportedProtocolVersion;
+ }
+ }
+
+ public static void main(String[] args) throws Exception {
+ for (ContextVersion cv : ContextVersion.values()) {
+ System.out.println("Checking SSLContext of " + cv.contextVersion);
+ SSLContext context = SSLContext.getInstance(cv.contextVersion);
+
+ // Default SSLContext is initialized automatically.
+ if (!cv.contextVersion.equals("Default")) {
+ // Use default TK, KM and random.
+ context.init((KeyManager[])null, (TrustManager[])null, null);
+ }
+
+ SSLParameters parameters = context.getDefaultSSLParameters();
+
+ String[] protocols = parameters.getProtocols();
+ String[] ciphers = parameters.getCipherSuites();
+
+ if (protocols.length == 0 || ciphers.length == 0) {
+ throw new Exception("No default protocols or cipher suites");
+ }
+
+ boolean isMatch = false;
+ for (String protocol : protocols) {
+ System.out.println("\tdefault protocol version " + protocol);
+ if (protocol.equals(cv.defaultProtocolVersion)) {
+ isMatch = true;
+ break;
+ }
+ }
+
+ if (!isMatch) {
+ throw new Exception("No matched default protocol");
+ }
+
+ parameters = context.getSupportedSSLParameters();
+
+ protocols = parameters.getProtocols();
+ ciphers = parameters.getCipherSuites();
+
+ if (protocols.length == 0 || ciphers.length == 0) {
+ throw new Exception("No supported protocols or cipher suites");
+ }
+
+ isMatch = false;
+ for (String protocol : protocols) {
+ System.out.println("\tsupported protocol version " + protocol);
+ if (protocol.equals(cv.supportedProtocolVersion)) {
+ isMatch = true;
+ break;
+ }
+ }
+
+ if (!isMatch) {
+ throw new Exception("No matched supported protocol");
+ }
+ System.out.println("\t... Success");
+ }
+ }
+}
--- a/jdk/test/sun/security/ssl/javax/net/ssl/SSLContextVersion.java Wed Dec 18 11:34:34 2013 -0800
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,112 +0,0 @@
-/*
- * Copyright (c) 2011, 2012, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-/*
- * @test
- * @bug 6976117
- * @summary SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets
- * without TLSv1.1 enabled
- */
-
-import javax.net.ssl.*;
-
-public class SSLContextVersion {
- static enum ContextVersion {
- TLS_CV_01("SSL", "TLSv1", "TLSv1.2"),
- TLS_CV_02("TLS", "TLSv1", "TLSv1.2"),
- TLS_CV_03("SSLv3", "TLSv1", "TLSv1.2"),
- TLS_CV_04("TLSv1", "TLSv1", "TLSv1.2"),
- TLS_CV_05("TLSv1.1", "TLSv1.1", "TLSv1.2"),
- TLS_CV_06("TLSv1.2", "TLSv1.2", "TLSv1.2"),
- TLS_CV_07("Default", "TLSv1", "TLSv1.2");
-
- final String contextVersion;
- final String defaultProtocolVersion;
- final String supportedProtocolVersion;
-
- ContextVersion(String contextVersion, String defaultProtocolVersion,
- String supportedProtocolVersion) {
- this.contextVersion = contextVersion;
- this.defaultProtocolVersion = defaultProtocolVersion;
- this.supportedProtocolVersion = supportedProtocolVersion;
- }
- }
-
- public static void main(String[] args) throws Exception {
- for (ContextVersion cv : ContextVersion.values()) {
- System.out.println("Checking SSLContext of " + cv.contextVersion);
- SSLContext context = SSLContext.getInstance(cv.contextVersion);
-
- // Default SSLContext is initialized automatically.
- if (!cv.contextVersion.equals("Default")) {
- // Use default TK, KM and random.
- context.init((KeyManager[])null, (TrustManager[])null, null);
- }
-
- SSLParameters parameters = context.getDefaultSSLParameters();
-
- String[] protocols = parameters.getProtocols();
- String[] ciphers = parameters.getCipherSuites();
-
- if (protocols.length == 0 || ciphers.length == 0) {
- throw new Exception("No default protocols or cipher suites");
- }
-
- boolean isMatch = false;
- for (String protocol : protocols) {
- System.out.println("\tdefault protocol version " + protocol);
- if (protocol.equals(cv.defaultProtocolVersion)) {
- isMatch = true;
- break;
- }
- }
-
- if (!isMatch) {
- throw new Exception("No matched default protocol");
- }
-
- parameters = context.getSupportedSSLParameters();
-
- protocols = parameters.getProtocols();
- ciphers = parameters.getCipherSuites();
-
- if (protocols.length == 0 || ciphers.length == 0) {
- throw new Exception("No supported protocols or cipher suites");
- }
-
- isMatch = false;
- for (String protocol : protocols) {
- System.out.println("\tsupported protocol version " + protocol);
- if (protocol.equals(cv.supportedProtocolVersion)) {
- isMatch = true;
- break;
- }
- }
-
- if (!isMatch) {
- throw new Exception("No matched supported protocol");
- }
- System.out.println("\t... Success");
- }
- }
-}