# HG changeset patch # User igerasim # Date 1516724245 28800 # Node ID 8a67223ce0ab775f46cff267c56d5faaffabdea9 # Parent 4bf938177d4780a89233ed6223b53fa94d39a9ef 8175075: Add 3DES to the default disabled algorithm security property Reviewed-by: xuelei, mullan, rhalade diff -r 4bf938177d47 -r 8a67223ce0ab src/share/lib/security/java.security-linux --- a/src/share/lib/security/java.security-linux Tue Feb 20 14:00:02 2018 +0000 +++ b/src/share/lib/security/java.security-linux Tue Jan 23 08:17:25 2018 -0800 @@ -546,7 +546,7 @@ # Example: # jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048 jdk.tls.disabledAlgorithms=SSLv3, DH keySize < 1024, \ - EC keySize < 224, DES40_CBC, RC4_40 + EC keySize < 224, DES40_CBC, RC4_40, 3DES_EDE_CBC # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS) # processing in JSSE implementation. diff -r 4bf938177d47 -r 8a67223ce0ab src/share/lib/security/java.security-solaris --- a/src/share/lib/security/java.security-solaris Tue Feb 20 14:00:02 2018 +0000 +++ b/src/share/lib/security/java.security-solaris Tue Jan 23 08:17:25 2018 -0800 @@ -506,7 +506,7 @@ # Example: # jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048 jdk.tls.disabledAlgorithms=SSLv3, DH keySize < 1024, \ - EC keySize < 224, DES40_CBC, RC4_40 + EC keySize < 224, DES40_CBC, RC4_40, 3DES_EDE_CBC # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS) # processing in JSSE implementation. diff -r 4bf938177d47 -r 8a67223ce0ab src/share/lib/security/java.security-windows --- a/src/share/lib/security/java.security-windows Tue Feb 20 14:00:02 2018 +0000 +++ b/src/share/lib/security/java.security-windows Tue Jan 23 08:17:25 2018 -0800 @@ -523,7 +523,7 @@ # Example: # jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048 jdk.tls.disabledAlgorithms=SSLv3, DH keySize < 1024, \ - EC keySize < 224, DES40_CBC, RC4_40 + EC keySize < 224, DES40_CBC, RC4_40, 3DES_EDE_CBC # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS) # processing in JSSE implementation. diff -r 4bf938177d47 -r 8a67223ce0ab test/sun/security/ssl/sun/net/www/protocol/https/NewImpl/ComHostnameVerifier.java --- a/test/sun/security/ssl/sun/net/www/protocol/https/NewImpl/ComHostnameVerifier.java Tue Feb 20 14:00:02 2018 +0000 +++ b/test/sun/security/ssl/sun/net/www/protocol/https/NewImpl/ComHostnameVerifier.java Tue Jan 23 08:17:25 2018 -0800 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2001, 2002, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2001, 2008, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,9 +28,7 @@ /* * @test - * @bug 4474255 - * @test 1.1 01/06/27 - * @bug 4484246 + * 4474255 4484246 * @summary When an application enables anonymous SSL cipher suite, * Hostname verification is not required * @run main/othervm ComHostnameVerifier @@ -38,6 +36,7 @@ import java.io.*; import java.net.*; +import java.security.Security; import javax.net.ssl.*; import javax.security.cert.*; import com.sun.net.ssl.HostnameVerifier; @@ -251,6 +250,8 @@ volatile Exception clientException = null; public static void main(String[] args) throws Exception { + // re-enable 3DES + Security.setProperty("jdk.tls.disabledAlgorithms", ""); if (debug) System.setProperty("javax.net.debug", "all"); diff -r 4bf938177d47 -r 8a67223ce0ab test/sun/security/ssl/sun/net/www/protocol/https/NewImpl/JavaxHostnameVerifier.java --- a/test/sun/security/ssl/sun/net/www/protocol/https/NewImpl/JavaxHostnameVerifier.java Tue Feb 20 14:00:02 2018 +0000 +++ b/test/sun/security/ssl/sun/net/www/protocol/https/NewImpl/JavaxHostnameVerifier.java Tue Jan 23 08:17:25 2018 -0800 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2001, 2002, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2001, 2018, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,9 +28,7 @@ /* * @test - * @bug 4474255 - * @test 1.1 01/06/27 - * @bug 4484246 + * @bug 4474255 4484246 * @summary When an application enables anonymous SSL cipher suite, * Hostname verification is not required * @run main/othervm JavaxHostnameVerifier @@ -38,6 +36,7 @@ import java.io.*; import java.net.*; +import java.security.Security; import java.security.cert.*; import javax.net.ssl.*; @@ -246,6 +245,8 @@ volatile Exception clientException = null; public static void main(String[] args) throws Exception { + // re-enable 3DES + Security.setProperty("jdk.tls.disabledAlgorithms", ""); if (debug) System.setProperty("javax.net.debug", "all");