Mercurial > hg > openjdk > bsd-port > jdk
changeset 7763:0a1fe04693dd jdk7u75-b09
8061210: Issues in TLS
Reviewed-by: xuelei, wetmore, coffeys
line wrap: on
line diff
--- a/src/share/classes/sun/security/ssl/Handshaker.java Sat Aug 23 01:15:40 2014 +0400 +++ b/src/share/classes/sun/security/ssl/Handshaker.java Tue Nov 04 22:22:17 2014 +0300 @@ -467,7 +467,9 @@ if (activeProtocols.collection().isEmpty() || activeProtocols.max.v == ProtocolVersion.NONE.v) { - throw new SSLHandshakeException("No appropriate protocol"); + throw new SSLHandshakeException( + "No appropriate protocol (protocol is disabled or " + + "cipher suites are inappropriate)"); } if (activeCipherSuites == null) { @@ -636,14 +638,24 @@ ProtocolList getActiveProtocols() { if (activeProtocols == null) { ArrayList<ProtocolVersion> protocols = new ArrayList<>(4); + EnumSet<CryptoPrimitive> cryptoPrimitives = + EnumSet.<CryptoPrimitive>of(CryptoPrimitive.KEY_AGREEMENT); for (ProtocolVersion protocol : enabledProtocols.collection()) { + if (!algorithmConstraints.permits( + cryptoPrimitives, protocol.name, null)) { + if (debug != null && Debug.isOn("verbose")) { + System.out.println( + "Ignoring disabled protocol: " + protocol); + } + + continue; + } boolean found = false; for (CipherSuite suite : enabledCipherSuites.collection()) { if (suite.isAvailable() && suite.obsoleted > protocol.v && suite.supported <= protocol.v) { if (algorithmConstraints.permits( - EnumSet.of(CryptoPrimitive.KEY_AGREEMENT), - suite.name, null)) { + cryptoPrimitives, suite.name, null)) { protocols.add(protocol); found = true; break;
--- a/src/share/classes/sun/security/ssl/ProtocolVersion.java Sat Aug 23 01:15:40 2014 +0400 +++ b/src/share/classes/sun/security/ssl/ProtocolVersion.java Tue Nov 04 22:22:17 2014 +0300 @@ -25,6 +25,9 @@ package sun.security.ssl; +import java.util.*; +import java.security.CryptoPrimitive; + /** * Type safe enum for an SSL/TLS protocol version. Instances are obtained * using the static factory methods or by referencing the static members @@ -86,6 +89,11 @@ // Default version for hello messages (SSLv2Hello) final static ProtocolVersion DEFAULT_HELLO = FIPS ? TLS10 : SSL30; + // Available protocols + // + // Including all supported protocols except the disabled ones. + final static Set<ProtocolVersion> availableProtocols; + // version in 16 bit MSB format as it appears in records and // messages, i.e. 0x0301 for TLS 1.0 public final int v; @@ -96,6 +104,25 @@ // name used in JSSE (e.g. TLSv1 for TLS 1.0) final String name; + // Initialize the available protocols. + static { + Set<ProtocolVersion> protocols = new HashSet<>(5); + + ProtocolVersion[] pvs = new ProtocolVersion[] { + SSL20Hello, SSL30, TLS10, TLS11, TLS12}; + EnumSet<CryptoPrimitive> cryptoPrimitives = + EnumSet.<CryptoPrimitive>of(CryptoPrimitive.KEY_AGREEMENT); + for (ProtocolVersion p : pvs) { + if (SSLAlgorithmConstraints.DEFAULT_SSL_ONLY.permits( + cryptoPrimitives, p.name, null)) { + protocols.add(p); + } + } + + availableProtocols = + Collections.<ProtocolVersion>unmodifiableSet(protocols); + } + // private private ProtocolVersion(int v, String name) { this.v = v;
--- a/src/share/classes/sun/security/ssl/SSLAlgorithmConstraints.java Sat Aug 23 01:15:40 2014 +0400 +++ b/src/share/classes/sun/security/ssl/SSLAlgorithmConstraints.java Tue Nov 04 22:22:17 2014 +0300 @@ -55,6 +55,14 @@ private boolean enabledX509DisabledAlgConstraints = true; + // the default algorithm constraints + final static AlgorithmConstraints DEFAULT = + new SSLAlgorithmConstraints(null); + + // the default SSL only algorithm constraints + final static AlgorithmConstraints DEFAULT_SSL_ONLY = + new SSLAlgorithmConstraints((SSLSocket)null, false); + SSLAlgorithmConstraints(AlgorithmConstraints algorithmConstraints) { userAlgConstraints = algorithmConstraints; }
--- a/src/share/classes/sun/security/ssl/SSLContextImpl.java Sat Aug 23 01:15:40 2014 +0400 +++ b/src/share/classes/sun/security/ssl/SSLContextImpl.java Tue Nov 04 22:22:17 2014 +0300 @@ -51,10 +51,6 @@ private X509TrustManager trustManager; private SecureRandom secureRandom; - // The default algrithm constraints - private AlgorithmConstraints defaultAlgorithmConstraints = - new SSLAlgorithmConstraints(null); - // supported and default protocols private ProtocolList defaultServerProtocolList; private ProtocolList defaultClientProtocolList; @@ -342,7 +338,7 @@ if (suite.isAvailable() && suite.obsoleted > protocols.min.v && suite.supported <= protocols.max.v) { - if (defaultAlgorithmConstraints.permits( + if (SSLAlgorithmConstraints.DEFAULT.permits( EnumSet.of(CryptoPrimitive.KEY_AGREEMENT), suite.name, null)) { suites.add(suite); @@ -384,6 +380,22 @@ } } + static String[] getAvailableProtocols( + ProtocolVersion[] protocolCandidates) { + + List<String> availableProtocols = Collections.<String>emptyList(); + if (protocolCandidates != null && protocolCandidates.length != 0) { + availableProtocols = new ArrayList<>(protocolCandidates.length); + for (ProtocolVersion p : protocolCandidates) { + if (ProtocolVersion.availableProtocols.contains(p)) { + availableProtocols.add(p.name); + } + } + } + + return availableProtocols.toArray(new String[0]); + } + /* * The SSLContext implementation for TLS/SSL algorithm * @@ -423,28 +435,35 @@ */ private static class ConservativeSSLContext extends SSLContextImpl { // parameters - private static SSLParameters defaultServerSSLParams; - private static SSLParameters defaultClientSSLParams; - private static SSLParameters supportedSSLParams; + private static final SSLParameters defaultServerSSLParams; + private static final SSLParameters defaultClientSSLParams; + private static final SSLParameters supportedSSLParams; static { + // supported SSL parameters + supportedSSLParams = new SSLParameters(); + + // candidates for available protocols + ProtocolVersion[] serverCandidates; + ProtocolVersion[] clientCandidates; + if (SunJSSE.isFIPS()) { - supportedSSLParams = new SSLParameters(); supportedSSLParams.setProtocols(new String[] { ProtocolVersion.TLS10.name, ProtocolVersion.TLS11.name, ProtocolVersion.TLS12.name }); - defaultServerSSLParams = supportedSSLParams; + serverCandidates = new ProtocolVersion[] { + ProtocolVersion.TLS10, + ProtocolVersion.TLS11, + ProtocolVersion.TLS12 + }; - defaultClientSSLParams = new SSLParameters(); - defaultClientSSLParams.setProtocols(new String[] { - ProtocolVersion.TLS10.name - }); - + clientCandidates = new ProtocolVersion[] { + ProtocolVersion.TLS10 + }; } else { - supportedSSLParams = new SSLParameters(); supportedSSLParams.setProtocols(new String[] { ProtocolVersion.SSL20Hello.name, ProtocolVersion.SSL30.name, @@ -453,14 +472,27 @@ ProtocolVersion.TLS12.name }); - defaultServerSSLParams = supportedSSLParams; + serverCandidates = new ProtocolVersion[] { + ProtocolVersion.SSL20Hello, + ProtocolVersion.SSL30, + ProtocolVersion.TLS10, + ProtocolVersion.TLS11, + ProtocolVersion.TLS12 + }; - defaultClientSSLParams = new SSLParameters(); - defaultClientSSLParams.setProtocols(new String[] { - ProtocolVersion.SSL30.name, - ProtocolVersion.TLS10.name - }); + clientCandidates = new ProtocolVersion[] { + ProtocolVersion.SSL30, + ProtocolVersion.TLS10 + }; } + + defaultClientSSLParams = new SSLParameters(); + defaultClientSSLParams.setProtocols( + getAvailableProtocols(clientCandidates)); + + defaultServerSSLParams = new SSLParameters(); + defaultServerSSLParams.setProtocols( + getAvailableProtocols(serverCandidates)); } SSLParameters getDefaultServerSSLParams() { @@ -651,29 +683,36 @@ */ public static final class TLS11Context extends SSLContextImpl { // parameters - private static SSLParameters defaultServerSSLParams; - private static SSLParameters defaultClientSSLParams; - private static SSLParameters supportedSSLParams; + private static final SSLParameters defaultServerSSLParams; + private static final SSLParameters defaultClientSSLParams; + private static final SSLParameters supportedSSLParams; static { + // supported SSL parameters + supportedSSLParams = new SSLParameters(); + + // candidates for available protocols + ProtocolVersion[] serverCandidates; + ProtocolVersion[] clientCandidates; + if (SunJSSE.isFIPS()) { - supportedSSLParams = new SSLParameters(); supportedSSLParams.setProtocols(new String[] { ProtocolVersion.TLS10.name, ProtocolVersion.TLS11.name, ProtocolVersion.TLS12.name }); - defaultServerSSLParams = supportedSSLParams; + serverCandidates = new ProtocolVersion[] { + ProtocolVersion.TLS10, + ProtocolVersion.TLS11, + ProtocolVersion.TLS12 + }; - defaultClientSSLParams = new SSLParameters(); - defaultClientSSLParams.setProtocols(new String[] { - ProtocolVersion.TLS10.name, - ProtocolVersion.TLS11.name - }); - + clientCandidates = new ProtocolVersion[] { + ProtocolVersion.TLS10, + ProtocolVersion.TLS11 + }; } else { - supportedSSLParams = new SSLParameters(); supportedSSLParams.setProtocols(new String[] { ProtocolVersion.SSL20Hello.name, ProtocolVersion.SSL30.name, @@ -682,15 +721,28 @@ ProtocolVersion.TLS12.name }); - defaultServerSSLParams = supportedSSLParams; + serverCandidates = new ProtocolVersion[] { + ProtocolVersion.SSL20Hello, + ProtocolVersion.SSL30, + ProtocolVersion.TLS10, + ProtocolVersion.TLS11, + ProtocolVersion.TLS12 + }; - defaultClientSSLParams = new SSLParameters(); - defaultClientSSLParams.setProtocols(new String[] { - ProtocolVersion.SSL30.name, - ProtocolVersion.TLS10.name, - ProtocolVersion.TLS11.name - }); + clientCandidates = new ProtocolVersion[] { + ProtocolVersion.SSL30, + ProtocolVersion.TLS10, + ProtocolVersion.TLS11 + }; } + + defaultClientSSLParams = new SSLParameters(); + defaultClientSSLParams.setProtocols( + getAvailableProtocols(clientCandidates)); + + defaultServerSSLParams = new SSLParameters(); + defaultServerSSLParams.setProtocols( + getAvailableProtocols(serverCandidates)); } SSLParameters getDefaultServerSSLParams() { @@ -713,30 +765,37 @@ */ public static final class TLS12Context extends SSLContextImpl { // parameters - private static SSLParameters defaultServerSSLParams; - private static SSLParameters defaultClientSSLParams; - private static SSLParameters supportedSSLParams; + private static final SSLParameters defaultServerSSLParams; + private static final SSLParameters defaultClientSSLParams; + private static final SSLParameters supportedSSLParams; static { + // supported SSL parameters + supportedSSLParams = new SSLParameters(); + + // candidates for available protocols + ProtocolVersion[] serverCandidates; + ProtocolVersion[] clientCandidates; + if (SunJSSE.isFIPS()) { - supportedSSLParams = new SSLParameters(); supportedSSLParams.setProtocols(new String[] { ProtocolVersion.TLS10.name, ProtocolVersion.TLS11.name, ProtocolVersion.TLS12.name }); - defaultServerSSLParams = supportedSSLParams; + serverCandidates = new ProtocolVersion[] { + ProtocolVersion.TLS10, + ProtocolVersion.TLS11, + ProtocolVersion.TLS12 + }; - defaultClientSSLParams = new SSLParameters(); - defaultClientSSLParams.setProtocols(new String[] { - ProtocolVersion.TLS10.name, - ProtocolVersion.TLS11.name, - ProtocolVersion.TLS12.name - }); - + clientCandidates = new ProtocolVersion[] { + ProtocolVersion.TLS10, + ProtocolVersion.TLS11, + ProtocolVersion.TLS12 + }; } else { - supportedSSLParams = new SSLParameters(); supportedSSLParams.setProtocols(new String[] { ProtocolVersion.SSL20Hello.name, ProtocolVersion.SSL30.name, @@ -745,16 +804,29 @@ ProtocolVersion.TLS12.name }); - defaultServerSSLParams = supportedSSLParams; + serverCandidates = new ProtocolVersion[] { + ProtocolVersion.SSL20Hello, + ProtocolVersion.SSL30, + ProtocolVersion.TLS10, + ProtocolVersion.TLS11, + ProtocolVersion.TLS12 + }; - defaultClientSSLParams = new SSLParameters(); - defaultClientSSLParams.setProtocols(new String[] { - ProtocolVersion.SSL30.name, - ProtocolVersion.TLS10.name, - ProtocolVersion.TLS11.name, - ProtocolVersion.TLS12.name - }); + clientCandidates = new ProtocolVersion[] { + ProtocolVersion.SSL30, + ProtocolVersion.TLS10, + ProtocolVersion.TLS11, + ProtocolVersion.TLS12 + }; } + + defaultClientSSLParams = new SSLParameters(); + defaultClientSSLParams.setProtocols( + getAvailableProtocols(clientCandidates)); + + defaultServerSSLParams = new SSLParameters(); + defaultServerSSLParams.setProtocols( + getAvailableProtocols(serverCandidates)); } SSLParameters getDefaultServerSSLParams() {
--- a/src/share/lib/security/java.security-linux Sat Aug 23 01:15:40 2014 +0400 +++ b/src/share/lib/security/java.security-linux Tue Nov 04 22:22:17 2014 +0300 @@ -412,8 +412,12 @@ # # In some environments, certain algorithms or key lengths may be undesirable # when using SSL/TLS. This section describes the mechanism for disabling -# algorithms during SSL/TLS security parameters negotiation, including cipher -# suites selection, peer authentication and key exchange mechanisms. +# algorithms during SSL/TLS security parameters negotiation, including +# protocol version negotiation, cipher suites selection, peer authentication +# and key exchange mechanisms. +# +# Disabled algorithms will not be negotiated for SSL/TLS connections, even +# if they are enabled explicitly in an application. # # For PKI-based peer authentication and key exchange mechanisms, this list # of disabled algorithms will also be checked during certification path @@ -428,4 +432,5 @@ # It is not guaranteed to be examined and used by other implementations. # # Example: -# jdk.tls.disabledAlgorithms=MD5, SHA1, DSA, RSA keySize < 2048 +# jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048 +jdk.tls.disabledAlgorithms=SSLv3
--- a/src/share/lib/security/java.security-macosx Sat Aug 23 01:15:40 2014 +0400 +++ b/src/share/lib/security/java.security-macosx Tue Nov 04 22:22:17 2014 +0300 @@ -417,8 +417,12 @@ # # In some environments, certain algorithms or key lengths may be undesirable # when using SSL/TLS. This section describes the mechanism for disabling -# algorithms during SSL/TLS security parameters negotiation, including cipher -# suites selection, peer authentication and key exchange mechanisms. +# algorithms during SSL/TLS security parameters negotiation, including +# protocol version negotiation, cipher suites selection, peer authentication +# and key exchange mechanisms. +# +# Disabled algorithms will not be negotiated for SSL/TLS connections, even +# if they are enabled explicitly in an application. # # For PKI-based peer authentication and key exchange mechanisms, this list # of disabled algorithms will also be checked during certification path @@ -433,4 +437,5 @@ # It is not guaranteed to be examined and used by other implementations. # # Example: -# jdk.tls.disabledAlgorithms=MD5, SHA1, DSA, RSA keySize < 2048 +# jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048 +jdk.tls.disabledAlgorithms=SSLv3
--- a/src/share/lib/security/java.security-solaris Sat Aug 23 01:15:40 2014 +0400 +++ b/src/share/lib/security/java.security-solaris Tue Nov 04 22:22:17 2014 +0300 @@ -416,8 +416,12 @@ # # In some environments, certain algorithms or key lengths may be undesirable # when using SSL/TLS. This section describes the mechanism for disabling -# algorithms during SSL/TLS security parameters negotiation, including cipher -# suites selection, peer authentication and key exchange mechanisms. +# algorithms during SSL/TLS security parameters negotiation, including +# protocol version negotiation, cipher suites selection, peer authentication +# and key exchange mechanisms. +# +# Disabled algorithms will not be negotiated for SSL/TLS connections, even +# if they are enabled explicitly in an application. # # For PKI-based peer authentication and key exchange mechanisms, this list # of disabled algorithms will also be checked during certification path @@ -432,4 +436,5 @@ # It is not guaranteed to be examined and used by other implementations. # # Example: -# jdk.tls.disabledAlgorithms=MD5, SHA1, DSA, RSA keySize < 2048 +# jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048 +jdk.tls.disabledAlgorithms=SSLv3
--- a/src/share/lib/security/java.security-windows Sat Aug 23 01:15:40 2014 +0400 +++ b/src/share/lib/security/java.security-windows Tue Nov 04 22:22:17 2014 +0300 @@ -417,8 +417,12 @@ # # In some environments, certain algorithms or key lengths may be undesirable # when using SSL/TLS. This section describes the mechanism for disabling -# algorithms during SSL/TLS security parameters negotiation, including cipher -# suites selection, peer authentication and key exchange mechanisms. +# algorithms during SSL/TLS security parameters negotiation, including +# protocol version negotiation, cipher suites selection, peer authentication +# and key exchange mechanisms. +# +# Disabled algorithms will not be negotiated for SSL/TLS connections, even +# if they are enabled explicitly in an application. # # For PKI-based peer authentication and key exchange mechanisms, this list # of disabled algorithms will also be checked during certification path @@ -433,4 +437,5 @@ # It is not guaranteed to be examined and used by other implementations. # # Example: -# jdk.tls.disabledAlgorithms=MD5, SHA1, DSA, RSA keySize < 2048 +# jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048 +jdk.tls.disabledAlgorithms=SSLv3
--- a/test/sun/security/ec/TestEC.java Sat Aug 23 01:15:40 2014 +0400 +++ b/test/sun/security/ec/TestEC.java Tue Nov 04 22:22:17 2014 +0300 @@ -30,7 +30,7 @@ * @library ../pkcs11/sslecc * @library ../../../java/security/testlibrary * @compile -XDignore.symbol.file TestEC.java - * @run main TestEC + * @run main/othervm TestEC */ import java.security.Provider; @@ -53,6 +53,10 @@ public class TestEC { public static void main(String[] args) throws Exception { + // reset the security property to make sure that the algorithms + // and keys used in this test are not disabled. + Security.setProperty("jdk.tls.disabledAlgorithms", ""); + ProvidersSnapshot snapshot = ProvidersSnapshot.create(); try { main0(args);
--- a/test/sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java Sat Aug 23 01:15:40 2014 +0400 +++ b/test/sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java Tue Nov 04 22:22:17 2014 +0300 @@ -28,6 +28,7 @@ * @author Andreas Sterbenz * @library .. * @library ../../../../java/security/testlibrary + * @run main/othervm ClientJSSEServerJSSE */ import java.security.*; @@ -37,6 +38,10 @@ private static String[] cmdArgs; public static void main(String[] args) throws Exception { + // reset the security property to make sure that the algorithms + // and keys used in this test are not disabled. + Security.setProperty("jdk.tls.disabledAlgorithms", ""); + cmdArgs = args; main(new ClientJSSEServerJSSE()); }
--- a/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/ProtocolVersion/HttpsProtocols.java Sat Aug 23 01:15:40 2014 +0400 +++ b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/ProtocolVersion/HttpsProtocols.java Tue Nov 04 22:22:17 2014 +0300 @@ -32,6 +32,7 @@ import java.io.*; import java.net.*; import javax.net.ssl.*; +import java.security.Security; public class HttpsProtocols implements HostnameVerifier { @@ -177,6 +178,10 @@ volatile Exception clientException = null; public static void main(String[] args) throws Exception { + // reset the security property to make sure that the algorithms + // and keys used in this test are not disabled. + Security.setProperty("jdk.tls.disabledAlgorithms", ""); + String keyFilename = System.getProperty("test.src", "./") + "/" + pathToStores + "/" + keyStoreFile;
--- a/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLEngineImpl/DelegatedTaskWrongException.java Sat Aug 23 01:15:40 2014 +0400 +++ b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLEngineImpl/DelegatedTaskWrongException.java Tue Nov 04 22:22:17 2014 +0300 @@ -25,7 +25,7 @@ * @test * @bug 4969459 * @summary Delegated tasks are not reflecting the subclasses of SSLException - * + * @run main/othervm DelegatedTaskWrongException */ import javax.net.ssl.*; @@ -110,6 +110,9 @@ } public static void main(String args[]) throws Exception { + // reset the security property to make sure that the algorithms + // and keys used in this test are not disabled. + Security.setProperty("jdk.tls.disabledAlgorithms", ""); DelegatedTaskWrongException test;
--- a/test/sun/security/ssl/javax/net/ssl/NewAPIs/testEnabledProtocols.java Sat Aug 23 01:15:40 2014 +0400 +++ b/test/sun/security/ssl/javax/net/ssl/NewAPIs/testEnabledProtocols.java Tue Nov 04 22:22:17 2014 +0300 @@ -122,6 +122,10 @@ volatile Exception clientException = null; public static void main(String[] args) throws Exception { + // reset the security property to make sure that the algorithms + // and keys used in this test are not disabled. + Security.setProperty("jdk.tls.disabledAlgorithms", ""); + String keyFilename = System.getProperty("test.src", "./") + "/" + pathToStores + "/" + keyStoreFile;
--- a/test/sun/security/ssl/sanity/interop/CipherTest.java Sat Aug 23 01:15:40 2014 +0400 +++ b/test/sun/security/ssl/sanity/interop/CipherTest.java Tue Nov 04 22:22:17 2014 +0300 @@ -394,6 +394,10 @@ public static void main(PeerFactory peerFactory, String[] args) throws Exception { + // reset the security property to make sure that the algorithms + // and keys used in this test are not disabled. + Security.setProperty("jdk.tls.disabledAlgorithms", ""); + long time = System.currentTimeMillis(); String relPath; if ((args != null) && (args.length > 0) && args[0].equals("sh")) {
--- a/test/sun/security/ssl/sanity/interop/ClientJSSEServerJSSE.java Sat Aug 23 01:15:40 2014 +0400 +++ b/test/sun/security/ssl/sanity/interop/ClientJSSEServerJSSE.java Tue Nov 04 22:22:17 2014 +0300 @@ -29,9 +29,15 @@ * @run main/othervm/timeout=300 ClientJSSEServerJSSE */ +import java.security.Security; + public class ClientJSSEServerJSSE { public static void main(String[] args) throws Exception { + // reset the security property to make sure that the algorithms + // and keys used in this test are not disabled. + Security.setProperty("jdk.tls.disabledAlgorithms", ""); + CipherTest.main(new JSSEFactory(), args); }