Mercurial > hg > openjdk > jdk6 > jdk
changeset 1810:8a67223ce0ab
8175075: Add 3DES to the default disabled algorithm security property
Reviewed-by: xuelei, mullan, rhalade
author | igerasim |
---|---|
date | Tue, 23 Jan 2018 08:17:25 -0800 |
parents | 4bf938177d47 |
children | be98e9e557eb |
files | src/share/lib/security/java.security-linux src/share/lib/security/java.security-solaris src/share/lib/security/java.security-windows test/sun/security/ssl/sun/net/www/protocol/https/NewImpl/ComHostnameVerifier.java test/sun/security/ssl/sun/net/www/protocol/https/NewImpl/JavaxHostnameVerifier.java |
diffstat | 5 files changed, 13 insertions(+), 11 deletions(-) [+] |
line wrap: on
line diff
--- a/src/share/lib/security/java.security-linux Tue Feb 20 14:00:02 2018 +0000 +++ b/src/share/lib/security/java.security-linux Tue Jan 23 08:17:25 2018 -0800 @@ -546,7 +546,7 @@ # Example: # jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048 jdk.tls.disabledAlgorithms=SSLv3, DH keySize < 1024, \ - EC keySize < 224, DES40_CBC, RC4_40 + EC keySize < 224, DES40_CBC, RC4_40, 3DES_EDE_CBC # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS) # processing in JSSE implementation.
--- a/src/share/lib/security/java.security-solaris Tue Feb 20 14:00:02 2018 +0000 +++ b/src/share/lib/security/java.security-solaris Tue Jan 23 08:17:25 2018 -0800 @@ -506,7 +506,7 @@ # Example: # jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048 jdk.tls.disabledAlgorithms=SSLv3, DH keySize < 1024, \ - EC keySize < 224, DES40_CBC, RC4_40 + EC keySize < 224, DES40_CBC, RC4_40, 3DES_EDE_CBC # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS) # processing in JSSE implementation.
--- a/src/share/lib/security/java.security-windows Tue Feb 20 14:00:02 2018 +0000 +++ b/src/share/lib/security/java.security-windows Tue Jan 23 08:17:25 2018 -0800 @@ -523,7 +523,7 @@ # Example: # jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048 jdk.tls.disabledAlgorithms=SSLv3, DH keySize < 1024, \ - EC keySize < 224, DES40_CBC, RC4_40 + EC keySize < 224, DES40_CBC, RC4_40, 3DES_EDE_CBC # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS) # processing in JSSE implementation.
--- a/test/sun/security/ssl/sun/net/www/protocol/https/NewImpl/ComHostnameVerifier.java Tue Feb 20 14:00:02 2018 +0000 +++ b/test/sun/security/ssl/sun/net/www/protocol/https/NewImpl/ComHostnameVerifier.java Tue Jan 23 08:17:25 2018 -0800 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2001, 2002, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2001, 2008, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,9 +28,7 @@ /* * @test - * @bug 4474255 - * @test 1.1 01/06/27 - * @bug 4484246 + * 4474255 4484246 * @summary When an application enables anonymous SSL cipher suite, * Hostname verification is not required * @run main/othervm ComHostnameVerifier @@ -38,6 +36,7 @@ import java.io.*; import java.net.*; +import java.security.Security; import javax.net.ssl.*; import javax.security.cert.*; import com.sun.net.ssl.HostnameVerifier; @@ -251,6 +250,8 @@ volatile Exception clientException = null; public static void main(String[] args) throws Exception { + // re-enable 3DES + Security.setProperty("jdk.tls.disabledAlgorithms", ""); if (debug) System.setProperty("javax.net.debug", "all");
--- a/test/sun/security/ssl/sun/net/www/protocol/https/NewImpl/JavaxHostnameVerifier.java Tue Feb 20 14:00:02 2018 +0000 +++ b/test/sun/security/ssl/sun/net/www/protocol/https/NewImpl/JavaxHostnameVerifier.java Tue Jan 23 08:17:25 2018 -0800 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2001, 2002, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2001, 2018, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,9 +28,7 @@ /* * @test - * @bug 4474255 - * @test 1.1 01/06/27 - * @bug 4484246 + * @bug 4474255 4484246 * @summary When an application enables anonymous SSL cipher suite, * Hostname verification is not required * @run main/othervm JavaxHostnameVerifier @@ -38,6 +36,7 @@ import java.io.*; import java.net.*; +import java.security.Security; import java.security.cert.*; import javax.net.ssl.*; @@ -246,6 +245,8 @@ volatile Exception clientException = null; public static void main(String[] args) throws Exception { + // re-enable 3DES + Security.setProperty("jdk.tls.disabledAlgorithms", ""); if (debug) System.setProperty("javax.net.debug", "all");