8175075: Add 3DES to the default disabled algorithm security property
authorigerasim
Fri, 19 Jan 2018 11:24:39 -0800
changeset 49787 99b627637911
parent 49786 7444101401b2
child 49788 5375d426822a
8175075: Add 3DES to the default disabled algorithm security property Reviewed-by: xuelei, mullan, rhalade
src/java.base/share/conf/security/java.security
test/jdk/java/net/httpclient/http2/TLSConnection.java
test/jdk/javax/net/ssl/DTLS/CipherSuite.java
test/jdk/sun/net/www/protocol/https/NewImpl/ComHostnameVerifier.java
test/jdk/sun/net/www/protocol/https/NewImpl/JavaxHostnameVerifier.java
--- a/src/java.base/share/conf/security/java.security	Thu Jan 18 22:17:11 2018 -0500
+++ b/src/java.base/share/conf/security/java.security	Fri Jan 19 11:24:39 2018 -0800
@@ -676,7 +676,7 @@
 # Example:
 #   jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
 jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024, \
-    EC keySize < 224, DES40_CBC, RC4_40
+    EC keySize < 224, DES40_CBC, RC4_40, 3DES_EDE_CBC
 
 #
 # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS)
--- a/test/jdk/java/net/httpclient/http2/TLSConnection.java	Thu Jan 18 22:17:11 2018 -0500
+++ b/test/jdk/java/net/httpclient/http2/TLSConnection.java	Fri Jan 19 11:24:39 2018 -0800
@@ -27,6 +27,7 @@
 import java.io.OutputStream;
 import java.net.URI;
 import java.net.URISyntaxException;
+import java.security.Security;
 import java.net.http.HttpClient;
 import java.net.http.HttpRequest;
 import java.net.http.HttpRequest.BodyPublishers;
@@ -57,6 +58,8 @@
     private static final SSLParameters USE_DEFAULT_SSL_PARAMETERS = new SSLParameters();
 
     public static void main(String[] args) throws Exception {
+        // re-enable 3DES
+        Security.setProperty("jdk.tls.disabledAlgorithms", "");
 
         // enable all logging
         System.setProperty("jdk.httpclient.HttpClient.log", "all,frames:all");
--- a/test/jdk/javax/net/ssl/DTLS/CipherSuite.java	Thu Jan 18 22:17:11 2018 -0500
+++ b/test/jdk/javax/net/ssl/DTLS/CipherSuite.java	Fri Jan 19 11:24:39 2018 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2015, 2018, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -38,7 +38,7 @@
  * @run main/othervm CipherSuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
  * @run main/othervm CipherSuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
  * @run main/othervm CipherSuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA
- * @run main/othervm CipherSuite TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
+ * @run main/othervm CipherSuite TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA re-enable
  * @run main/othervm CipherSuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
  * @run main/othervm CipherSuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  * @run main/othervm CipherSuite TLS_RSA_WITH_AES_128_GCM_SHA256
@@ -49,6 +49,7 @@
  */
 
 import javax.net.ssl.SSLEngine;
+import java.security.Security;
 
 /**
  * Test common DTLS cipher suites.
@@ -59,6 +60,10 @@
     volatile static String cipherSuite;
 
     public static void main(String[] args) throws Exception {
+        if (args.length > 1 && "re-enable".equals(args[1])) {
+            Security.setProperty("jdk.tls.disabledAlgorithms", "");
+        }
+
         cipherSuite = args[0];
 
         CipherSuite testCase = new CipherSuite();
--- a/test/jdk/sun/net/www/protocol/https/NewImpl/ComHostnameVerifier.java	Thu Jan 18 22:17:11 2018 -0500
+++ b/test/jdk/sun/net/www/protocol/https/NewImpl/ComHostnameVerifier.java	Fri Jan 19 11:24:39 2018 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2001, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2018, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -21,23 +21,22 @@
  * questions.
  */
 
+// SunJSSE does not support dynamic system properties, no way to re-use
+// system properties in samevm/agentvm mode.
+
 /*
  * @test
- * @bug 4474255
- * @test 1.1 01/06/27
- * @bug 4484246
+ * @bug 4474255 4484246
  * @summary When an application enables anonymous SSL cipher suite,
  *        Hostname verification is not required
  * @modules java.base/com.sun.net.ssl
  *          java.base/com.sun.net.ssl.internal.www.protocol.https
  * @run main/othervm ComHostnameVerifier
- *
- *     SunJSSE does not support dynamic system properties, no way to re-use
- *     system properties in samevm/agentvm mode.
  */
 
 import java.io.*;
 import java.net.*;
+import java.security.Security;
 import javax.net.ssl.*;
 import javax.security.cert.*;
 import com.sun.net.ssl.HostnameVerifier;
@@ -261,6 +260,8 @@
     volatile Exception clientException = null;
 
     public static void main(String[] args) throws Exception {
+        // re-enable 3DES
+        Security.setProperty("jdk.tls.disabledAlgorithms", "");
 
         if (debug)
             System.setProperty("javax.net.debug", "all");
--- a/test/jdk/sun/net/www/protocol/https/NewImpl/JavaxHostnameVerifier.java	Thu Jan 18 22:17:11 2018 -0500
+++ b/test/jdk/sun/net/www/protocol/https/NewImpl/JavaxHostnameVerifier.java	Fri Jan 19 11:24:39 2018 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2001, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2018, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -21,21 +21,20 @@
  * questions.
  */
 
+// SunJSSE does not support dynamic system properties, no way to re-use
+// system properties in samevm/agentvm mode.
+
 /*
  * @test
- * @bug 4474255
- * @test 1.1 01/06/27
- * @bug 4484246
+ * @bug 4474255 4484246
  * @summary When an application enables anonymous SSL cipher suite,
  *        Hostname verification is not required
  * @run main/othervm JavaxHostnameVerifier
- *
- *     SunJSSE does not support dynamic system properties, no way to re-use
- *     system properties in samevm/agentvm mode.
  */
 
 import java.io.*;
 import java.net.*;
+import java.security.Security;
 import java.security.cert.*;
 import javax.net.ssl.*;
 
@@ -244,6 +243,8 @@
     volatile Exception clientException = null;
 
     public static void main(String[] args) throws Exception {
+        // re-enable 3DES
+        Security.setProperty("jdk.tls.disabledAlgorithms", "");
 
         if (debug)
             System.setProperty("javax.net.debug", "all");