--- a/jdk/src/java.base/share/classes/sun/security/ssl/ClientHandshaker.java Thu Dec 10 12:13:12 2015 +0300
+++ b/jdk/src/java.base/share/classes/sun/security/ssl/ClientHandshaker.java Tue Dec 15 12:59:00 2015 +0000
@@ -333,7 +333,7 @@
input, serverKey,
clnt_random.random_bytes, svr_random.random_bytes,
messageLen,
- localSupportedSignAlgs, protocolVersion);
+ getLocalSupportedSignAlgs(), protocolVersion);
handshakeState.update(dhSrvKeyExchange, resumingSession);
this.serverKeyExchange(dhSrvKeyExchange);
} catch (GeneralSecurityException e) {
@@ -348,7 +348,7 @@
new ECDH_ServerKeyExchange
(input, serverKey, clnt_random.random_bytes,
svr_random.random_bytes,
- localSupportedSignAlgs, protocolVersion);
+ getLocalSupportedSignAlgs(), protocolVersion);
handshakeState.update(ecdhSrvKeyExchange, resumingSession);
this.serverKeyExchange(ecdhSrvKeyExchange);
} catch (GeneralSecurityException e) {
@@ -398,7 +398,7 @@
Collection<SignatureAndHashAlgorithm> supportedPeerSignAlgs =
SignatureAndHashAlgorithm.getSupportedAlgorithms(
- peerSignAlgs);
+ algorithmConstraints, peerSignAlgs);
if (supportedPeerSignAlgs.isEmpty()) {
throw new SSLHandshakeException(
"No supported signature and hash algorithm in common");
@@ -1211,8 +1211,8 @@
if (protocolVersion.useTLS12PlusSpec()) {
preferableSignatureAlgorithm =
SignatureAndHashAlgorithm.getPreferableAlgorithm(
- peerSupportedSignAlgs, signingKey.getAlgorithm(),
- signingKey);
+ getPeerSupportedSignAlgs(),
+ signingKey.getAlgorithm(), signingKey);
if (preferableSignatureAlgorithm == null) {
throw new SSLHandshakeException(
--- a/jdk/src/java.base/share/classes/sun/security/ssl/HandshakeMessage.java Thu Dec 10 12:13:12 2015 +0300
+++ b/jdk/src/java.base/share/classes/sun/security/ssl/HandshakeMessage.java Tue Dec 15 12:59:00 2015 +0000
@@ -1943,7 +1943,7 @@
// the signature bytes
private byte[] signature;
- // protocol version being established using this ServerKeyExchange message
+ // protocol version being established using this CertificateVerify message
ProtocolVersion protocolVersion;
// the preferable signature algorithm used by this CertificateVerify message
@@ -1996,7 +1996,7 @@
preferableSignatureAlgorithm)) {
throw new SSLHandshakeException(
"Unsupported SignatureAndHashAlgorithm in " +
- "ServerKeyExchange message");
+ "CertificateVerify message");
}
}
--- a/jdk/src/java.base/share/classes/sun/security/ssl/Handshaker.java Thu Dec 10 12:13:12 2015 +0300
+++ b/jdk/src/java.base/share/classes/sun/security/ssl/Handshaker.java Tue Dec 15 12:59:00 2015 +0000
@@ -90,7 +90,7 @@
AlgorithmConstraints algorithmConstraints = null;
// Local supported signature and algorithms
- Collection<SignatureAndHashAlgorithm> localSupportedSignAlgs;
+ private Collection<SignatureAndHashAlgorithm> localSupportedSignAlgs;
// Peer supported signature and algorithms
Collection<SignatureAndHashAlgorithm> peerSupportedSignAlgs;
--- a/jdk/src/java.base/share/classes/sun/security/ssl/ServerHandshaker.java Thu Dec 10 12:13:12 2015 +0300
+++ b/jdk/src/java.base/share/classes/sun/security/ssl/ServerHandshaker.java Tue Dec 15 12:59:00 2015 +0000
@@ -320,7 +320,7 @@
case HandshakeMessage.ht_certificate_verify:
CertificateVerify cvm =
new CertificateVerify(input,
- localSupportedSignAlgs, protocolVersion);
+ getLocalSupportedSignAlgs(), protocolVersion);
handshakeState.update(cvm, resumingSession);
this.clientCertificateVerify(cvm);
@@ -772,11 +772,10 @@
Collection<SignatureAndHashAlgorithm>
supportedPeerSignAlgs =
SignatureAndHashAlgorithm.getSupportedAlgorithms(
- peerSignAlgs);
+ algorithmConstraints, peerSignAlgs);
if (supportedPeerSignAlgs.isEmpty()) {
throw new SSLHandshakeException(
- "No supported signature and hash algorithm " +
- "in common");
+ "No signature and hash algorithm in common");
}
setPeerSupportedSignAlgs(supportedPeerSignAlgs);
@@ -1351,6 +1350,13 @@
supportedSignAlgs =
new ArrayList<SignatureAndHashAlgorithm>(1);
supportedSignAlgs.add(algorithm);
+
+ supportedSignAlgs =
+ SignatureAndHashAlgorithm.getSupportedAlgorithms(
+ algorithmConstraints, supportedSignAlgs);
+
+ // May be no default activated signature algorithm, but
+ // let the following process make the final decision.
}
// Sets the peer supported signature algorithm to use in KM
@@ -1395,6 +1401,11 @@
SignatureAndHashAlgorithm.getPreferableAlgorithm(
supportedSignAlgs, "RSA", privateKey);
if (preferableSignatureAlgorithm == null) {
+ if ((debug != null) && Debug.isOn("handshake")) {
+ System.out.println(
+ "No signature and hash algorithm for cipher " +
+ suite);
+ }
return false;
}
}
@@ -1413,6 +1424,11 @@
SignatureAndHashAlgorithm.getPreferableAlgorithm(
supportedSignAlgs, "RSA", privateKey);
if (preferableSignatureAlgorithm == null) {
+ if ((debug != null) && Debug.isOn("handshake")) {
+ System.out.println(
+ "No signature and hash algorithm for cipher " +
+ suite);
+ }
return false;
}
}
@@ -1428,6 +1444,11 @@
SignatureAndHashAlgorithm.getPreferableAlgorithm(
supportedSignAlgs, "DSA");
if (preferableSignatureAlgorithm == null) {
+ if ((debug != null) && Debug.isOn("handshake")) {
+ System.out.println(
+ "No signature and hash algorithm for cipher " +
+ suite);
+ }
return false;
}
}
@@ -1446,6 +1467,11 @@
SignatureAndHashAlgorithm.getPreferableAlgorithm(
supportedSignAlgs, "ECDSA");
if (preferableSignatureAlgorithm == null) {
+ if ((debug != null) && Debug.isOn("handshake")) {
+ System.out.println(
+ "No signature and hash algorithm for cipher " +
+ suite);
+ }
return false;
}
}
@@ -1487,7 +1513,8 @@
ClientKeyExchangeService.find(keyExchange.name);
if (p == null) {
// internal error, unknown key exchange
- throw new RuntimeException("Unrecognized cipherSuite: " + suite);
+ throw new RuntimeException(
+ "Unrecognized cipherSuite: " + suite);
}
// need service creds
if (serviceCreds == null) {
--- a/jdk/src/java.base/share/classes/sun/security/ssl/SignatureAndHashAlgorithm.java Thu Dec 10 12:13:12 2015 +0300
+++ b/jdk/src/java.base/share/classes/sun/security/ssl/SignatureAndHashAlgorithm.java Tue Dec 15 12:59:00 2015 +0000
@@ -166,10 +166,13 @@
// Get supported algorithm collection from an untrusted collection
static Collection<SignatureAndHashAlgorithm> getSupportedAlgorithms(
+ AlgorithmConstraints constraints,
Collection<SignatureAndHashAlgorithm> algorithms ) {
Collection<SignatureAndHashAlgorithm> supported = new ArrayList<>();
for (SignatureAndHashAlgorithm sigAlg : algorithms) {
- if (sigAlg.priority <= SUPPORTED_ALG_PRIORITY_MAX_NUM) {
+ if (sigAlg.priority <= SUPPORTED_ALG_PRIORITY_MAX_NUM &&
+ constraints.permits(SIGNATURE_PRIMITIVE_SET,
+ sigAlg.algorithm, null)) {
supported.add(sigAlg);
}
}
@@ -233,30 +236,42 @@
}
static SignatureAndHashAlgorithm getPreferableAlgorithm(
- Collection<SignatureAndHashAlgorithm> algorithms,
- String expected, PrivateKey signingKey) {
+ Collection<SignatureAndHashAlgorithm> algorithms,
+ String expected, PrivateKey signingKey) {
- if (expected == null && !algorithms.isEmpty()) {
- for (SignatureAndHashAlgorithm sigAlg : algorithms) {
- if (sigAlg.priority <= SUPPORTED_ALG_PRIORITY_MAX_NUM) {
- return sigAlg;
+ int maxDigestLength = getMaxDigestLength(signingKey);
+ for (SignatureAndHashAlgorithm algorithm : algorithms) {
+ int signValue = algorithm.id & 0xFF;
+ if ((expected == null) ||
+ (expected.equalsIgnoreCase("rsa") &&
+ signValue == SignatureAlgorithm.RSA.value) ||
+ (expected.equalsIgnoreCase("dsa") &&
+ signValue == SignatureAlgorithm.DSA.value) ||
+ (expected.equalsIgnoreCase("ecdsa") &&
+ signValue == SignatureAlgorithm.ECDSA.value) ||
+ (expected.equalsIgnoreCase("ec") &&
+ signValue == SignatureAlgorithm.ECDSA.value)) {
+
+ if (algorithm.priority <= SUPPORTED_ALG_PRIORITY_MAX_NUM &&
+ algorithm.hash.length <= maxDigestLength) {
+
+ return algorithm;
}
}
-
- return null; // no supported algorithm
- }
-
- if (expected == null ) {
- return null; // no expected algorithm, no supported algorithm
}
- /*
- * Need to check RSA key length to match the length of hash value
- */
+ return null;
+ }
+
+ /*
+ * Need to check key length to match the length of hash value
+ */
+ private static int getMaxDigestLength(PrivateKey signingKey) {
int maxDigestLength = Integer.MAX_VALUE;
+
+ // only need to check RSA algorithm at present.
if (signingKey != null &&
- "rsa".equalsIgnoreCase(signingKey.getAlgorithm()) &&
- expected.equalsIgnoreCase("rsa")) {
+ "rsa".equalsIgnoreCase(signingKey.getAlgorithm())) {
/*
* RSA keys of 512 bits have been shown to be practically
* breakable, it does not make much sense to use the strong
@@ -284,25 +299,7 @@
// preferable hash algorithm.
}
- for (SignatureAndHashAlgorithm algorithm : algorithms) {
- int signValue = algorithm.id & 0xFF;
- if (expected.equalsIgnoreCase("rsa") &&
- signValue == SignatureAlgorithm.RSA.value) {
- if (algorithm.hash.length <= maxDigestLength) {
- return algorithm;
- }
- } else if (
- (expected.equalsIgnoreCase("dsa") &&
- signValue == SignatureAlgorithm.DSA.value) ||
- (expected.equalsIgnoreCase("ecdsa") &&
- signValue == SignatureAlgorithm.ECDSA.value) ||
- (expected.equalsIgnoreCase("ec") &&
- signValue == SignatureAlgorithm.ECDSA.value)) {
- return algorithm;
- }
- }
-
- return null;
+ return maxDigestLength;
}
static enum HashAlgorithm {
--- a/jdk/src/java.base/share/conf/security/java.security Thu Dec 10 12:13:12 2015 +0300
+++ b/jdk/src/java.base/share/conf/security/java.security Tue Dec 15 12:59:00 2015 +0000
@@ -576,7 +576,7 @@
#
# Example:
# jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
-jdk.tls.disabledAlgorithms=SSLv3, RC4, DH keySize < 768
+jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 768
# Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS)
# processing in JSSE implementation.
--- a/jdk/test/javax/net/ssl/HttpsURLConnection/CriticalSubjectAltName.java Thu Dec 10 12:13:12 2015 +0300
+++ b/jdk/test/javax/net/ssl/HttpsURLConnection/CriticalSubjectAltName.java Tue Dec 15 12:59:00 2015 +0000
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2001, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -159,8 +159,10 @@
public static void main(String[] args) throws Exception {
// MD5 is used in this test case, don't disable MD5 algorithm.
- Security.setProperty(
- "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024");
+ Security.setProperty("jdk.certpath.disabledAlgorithms",
+ "MD2, RSA keySize < 1024");
+ Security.setProperty("jdk.tls.disabledAlgorithms",
+ "SSLv3, RC4, DH keySize < 768");
String keyFilename =
System.getProperty("test.src", "./") + "/" + pathToStores +
--- a/jdk/test/javax/net/ssl/ServerName/SSLSocketSNISensitive.java Thu Dec 10 12:13:12 2015 +0300
+++ b/jdk/test/javax/net/ssl/ServerName/SSLSocketSNISensitive.java Tue Dec 15 12:59:00 2015 +0000
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2012, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -433,8 +433,10 @@
public static void main(String[] args) throws Exception {
// MD5 is used in this test case, don't disable MD5 algorithm.
- Security.setProperty(
- "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024");
+ Security.setProperty("jdk.certpath.disabledAlgorithms",
+ "MD2, RSA keySize < 1024");
+ Security.setProperty("jdk.tls.disabledAlgorithms",
+ "SSLv3, RC4, DH keySize < 768");
if (debug)
System.setProperty("javax.net.debug", "all");
--- a/jdk/test/javax/net/ssl/TLSv11/EmptyCertificateAuthorities.java Thu Dec 10 12:13:12 2015 +0300
+++ b/jdk/test/javax/net/ssl/TLSv11/EmptyCertificateAuthorities.java Tue Dec 15 12:59:00 2015 +0000
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2010, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2010, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -230,8 +230,10 @@
public static void main(String[] args) throws Exception {
// MD5 is used in this test case, don't disable MD5 algorithm.
- Security.setProperty(
- "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024");
+ Security.setProperty("jdk.certpath.disabledAlgorithms",
+ "MD2, RSA keySize < 1024");
+ Security.setProperty("jdk.tls.disabledAlgorithms",
+ "SSLv3, RC4, DH keySize < 768");
String keyFilename =
System.getProperty("test.src", ".") + "/" + pathToStores +
--- a/jdk/test/javax/net/ssl/TLSv12/ShortRSAKey512.java Thu Dec 10 12:13:12 2015 +0300
+++ b/jdk/test/javax/net/ssl/TLSv12/ShortRSAKey512.java Tue Dec 15 12:59:00 2015 +0000
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2012, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2012, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -282,6 +282,8 @@
// reset the security property to make sure that the algorithms
// and keys used in this test are not disabled.
Security.setProperty("jdk.certpath.disabledAlgorithms", "MD2");
+ Security.setProperty("jdk.tls.disabledAlgorithms",
+ "SSLv3, RC4, DH keySize < 768");
if (debug)
System.setProperty("javax.net.debug", "all");
--- a/jdk/test/javax/net/ssl/TLSv12/ShortRSAKeyGCM.java Thu Dec 10 12:13:12 2015 +0300
+++ b/jdk/test/javax/net/ssl/TLSv12/ShortRSAKeyGCM.java Tue Dec 15 12:59:00 2015 +0000
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2012, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2012, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -303,6 +303,8 @@
// reset the security property to make sure that the algorithms
// and keys used in this test are not disabled.
Security.setProperty("jdk.certpath.disabledAlgorithms", "MD2");
+ Security.setProperty("jdk.tls.disabledAlgorithms",
+ "SSLv3, RC4, DH keySize < 768");
if (debug) {
System.setProperty("javax.net.debug", "all");
--- a/jdk/test/sun/net/www/protocol/https/HttpsURLConnection/DNSIdentities.java Thu Dec 10 12:13:12 2015 +0300
+++ b/jdk/test/sun/net/www/protocol/https/HttpsURLConnection/DNSIdentities.java Tue Dec 15 12:59:00 2015 +0000
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2010, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2010, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -745,8 +745,10 @@
public static void main(String args[]) throws Exception {
// MD5 is used in this test case, don't disable MD5 algorithm.
- Security.setProperty(
- "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024");
+ Security.setProperty("jdk.certpath.disabledAlgorithms",
+ "MD2, RSA keySize < 1024");
+ Security.setProperty("jdk.tls.disabledAlgorithms",
+ "SSLv3, RC4, DH keySize < 768");
if (debug)
System.setProperty("javax.net.debug", "all");
--- a/jdk/test/sun/net/www/protocol/https/HttpsURLConnection/IPAddressIPIdentities.java Thu Dec 10 12:13:12 2015 +0300
+++ b/jdk/test/sun/net/www/protocol/https/HttpsURLConnection/IPAddressIPIdentities.java Tue Dec 15 12:59:00 2015 +0000
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2010, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2010, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -746,8 +746,10 @@
public static void main(String args[]) throws Exception {
// MD5 is used in this test case, don't disable MD5 algorithm.
- Security.setProperty(
- "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024");
+ Security.setProperty("jdk.certpath.disabledAlgorithms",
+ "MD2, RSA keySize < 1024");
+ Security.setProperty("jdk.tls.disabledAlgorithms",
+ "SSLv3, RC4, DH keySize < 768");
if (debug)
System.setProperty("javax.net.debug", "all");
--- a/jdk/test/sun/net/www/protocol/https/HttpsURLConnection/IPIdentities.java Thu Dec 10 12:13:12 2015 +0300
+++ b/jdk/test/sun/net/www/protocol/https/HttpsURLConnection/IPIdentities.java Tue Dec 15 12:59:00 2015 +0000
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2010, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2010, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -745,8 +745,10 @@
public static void main(String args[]) throws Exception {
// MD5 is used in this test case, don't disable MD5 algorithm.
- Security.setProperty(
- "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024");
+ Security.setProperty("jdk.certpath.disabledAlgorithms",
+ "MD2, RSA keySize < 1024");
+ Security.setProperty("jdk.tls.disabledAlgorithms",
+ "SSLv3, RC4, DH keySize < 768");
if (debug)
System.setProperty("javax.net.debug", "all");
--- a/jdk/test/sun/net/www/protocol/https/HttpsURLConnection/Identities.java Thu Dec 10 12:13:12 2015 +0300
+++ b/jdk/test/sun/net/www/protocol/https/HttpsURLConnection/Identities.java Tue Dec 15 12:59:00 2015 +0000
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2010, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2010, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -745,8 +745,10 @@
public static void main(String args[]) throws Exception {
// MD5 is used in this test case, don't disable MD5 algorithm.
- Security.setProperty(
- "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024");
+ Security.setProperty("jdk.certpath.disabledAlgorithms",
+ "MD2, RSA keySize < 1024");
+ Security.setProperty("jdk.tls.disabledAlgorithms",
+ "SSLv3, RC4, DH keySize < 768");
if (debug)
System.setProperty("javax.net.debug", "all");
--- a/jdk/test/sun/security/ssl/SSLContextImpl/MD2InTrustAnchor.java Thu Dec 10 12:13:12 2015 +0300
+++ b/jdk/test/sun/security/ssl/SSLContextImpl/MD2InTrustAnchor.java Tue Dec 15 12:59:00 2015 +0000
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2011, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2011, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -287,8 +287,10 @@
public static void main(String[] args) throws Exception {
// MD5 is used in this test case, don't disable MD5 algorithm.
- Security.setProperty(
- "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024");
+ Security.setProperty("jdk.certpath.disabledAlgorithms",
+ "MD2, RSA keySize < 1024");
+ Security.setProperty("jdk.tls.disabledAlgorithms",
+ "SSLv3, RC4, DH keySize < 768");
if (debug)
System.setProperty("javax.net.debug", "all");
--- a/jdk/test/sun/security/ssl/SSLContextImpl/TrustTrustedCert.java Thu Dec 10 12:13:12 2015 +0300
+++ b/jdk/test/sun/security/ssl/SSLContextImpl/TrustTrustedCert.java Tue Dec 15 12:59:00 2015 +0000
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2011, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2011, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -339,8 +339,10 @@
public static void main(String[] args) throws Exception {
// MD5 is used in this test case, don't disable MD5 algorithm.
- Security.setProperty(
- "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024");
+ Security.setProperty("jdk.certpath.disabledAlgorithms",
+ "MD2, RSA keySize < 1024");
+ Security.setProperty("jdk.tls.disabledAlgorithms",
+ "SSLv3, RC4, DH keySize < 768");
if (debug)
System.setProperty("javax.net.debug", "all");
--- a/jdk/test/sun/security/ssl/X509KeyManager/PreferredKey.java Thu Dec 10 12:13:12 2015 +0300
+++ b/jdk/test/sun/security/ssl/X509KeyManager/PreferredKey.java Tue Dec 15 12:59:00 2015 +0000
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -57,8 +57,10 @@
public static void main(String[] args) throws Exception {
// MD5 is used in this test case, don't disable MD5 algorithm.
- Security.setProperty(
- "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024");
+ Security.setProperty("jdk.certpath.disabledAlgorithms",
+ "MD2, RSA keySize < 1024");
+ Security.setProperty("jdk.tls.disabledAlgorithms",
+ "SSLv3, RC4, DH keySize < 768");
KeyStore ks;
KeyManagerFactory kmf;
--- a/jdk/test/sun/security/ssl/X509TrustManagerImpl/BasicConstraints.java Thu Dec 10 12:13:12 2015 +0300
+++ b/jdk/test/sun/security/ssl/X509TrustManagerImpl/BasicConstraints.java Tue Dec 15 12:59:00 2015 +0000
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2012, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -458,8 +458,10 @@
public static void main(String args[]) throws Exception {
// MD5 is used in this test case, don't disable MD5 algorithm.
- Security.setProperty(
- "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024");
+ Security.setProperty("jdk.certpath.disabledAlgorithms",
+ "MD2, RSA keySize < 1024");
+ Security.setProperty("jdk.tls.disabledAlgorithms",
+ "SSLv3, RC4, DH keySize < 768");
if (debug)
System.setProperty("javax.net.debug", "all");
--- a/jdk/test/sun/security/ssl/X509TrustManagerImpl/PKIXExtendedTM.java Thu Dec 10 12:13:12 2015 +0300
+++ b/jdk/test/sun/security/ssl/X509TrustManagerImpl/PKIXExtendedTM.java Tue Dec 15 12:59:00 2015 +0000
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2010, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2010, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -794,8 +794,10 @@
public static void main(String args[]) throws Exception {
// MD5 is used in this test case, don't disable MD5 algorithm.
- Security.setProperty(
- "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024");
+ Security.setProperty("jdk.certpath.disabledAlgorithms",
+ "MD2, RSA keySize < 1024");
+ Security.setProperty("jdk.tls.disabledAlgorithms",
+ "SSLv3, RC4, DH keySize < 768");
if (debug)
System.setProperty("javax.net.debug", "all");
--- a/jdk/test/sun/security/ssl/X509TrustManagerImpl/SelfIssuedCert.java Thu Dec 10 12:13:12 2015 +0300
+++ b/jdk/test/sun/security/ssl/X509TrustManagerImpl/SelfIssuedCert.java Tue Dec 15 12:59:00 2015 +0000
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2009, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -306,8 +306,10 @@
public static void main(String args[]) throws Exception {
// MD5 is used in this test case, don't disable MD5 algorithm.
- Security.setProperty(
- "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024");
+ Security.setProperty("jdk.certpath.disabledAlgorithms",
+ "MD2, RSA keySize < 1024");
+ Security.setProperty("jdk.tls.disabledAlgorithms",
+ "SSLv3, RC4, DH keySize < 768");
if (debug)
System.setProperty("javax.net.debug", "all");
--- a/jdk/test/sun/security/ssl/X509TrustManagerImpl/SunX509ExtendedTM.java Thu Dec 10 12:13:12 2015 +0300
+++ b/jdk/test/sun/security/ssl/X509TrustManagerImpl/SunX509ExtendedTM.java Tue Dec 15 12:59:00 2015 +0000
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2010, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2010, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -796,8 +796,10 @@
public static void main(String args[]) throws Exception {
// MD5 is used in this test case, don't disable MD5 algorithm.
- Security.setProperty(
- "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024");
+ Security.setProperty("jdk.certpath.disabledAlgorithms",
+ "MD2, RSA keySize < 1024");
+ Security.setProperty("jdk.tls.disabledAlgorithms",
+ "SSLv3, RC4, DH keySize < 768");
if (debug)
System.setProperty("javax.net.debug", "all");