Mercurial > hg > openjdk > jdk8 > jdk
changeset 8987:8d35f0985dd7
7093640: Enable client-side TLS 1.2 by default
Reviewed-by: weijun, mullan, wetmore
line wrap: on
line diff
--- a/src/share/classes/sun/security/ssl/ProtocolVersion.java Tue Dec 17 23:33:51 2013 -0800 +++ b/src/share/classes/sun/security/ssl/ProtocolVersion.java Wed Dec 18 16:46:15 2013 -0800 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2002, 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2002, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -80,8 +80,8 @@ // maximum version we implement (TLS 1.2) final static ProtocolVersion MAX = TLS12; - // ProtocolVersion to use by default (TLS 1.0) - final static ProtocolVersion DEFAULT = TLS10; + // ProtocolVersion to use by default (TLS 1.2) + final static ProtocolVersion DEFAULT = TLS12; // Default version for hello messages (SSLv2Hello) final static ProtocolVersion DEFAULT_HELLO = FIPS ? TLS10 : SSL30;
--- a/src/share/classes/sun/security/ssl/SSLContextImpl.java Tue Dec 17 23:33:51 2013 -0800 +++ b/src/share/classes/sun/security/ssl/SSLContextImpl.java Wed Dec 18 16:46:15 2013 -0800 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -36,6 +36,7 @@ import javax.net.ssl.*; import sun.security.provider.certpath.AlgorithmChecker; +import sun.security.action.GetPropertyAction; public abstract class SSLContextImpl extends SSLContextSpi { @@ -421,22 +422,21 @@ */ /* - * The conservative SSLContext implementation for TLS, SSL, SSLv3 and - * TLS10 algorithm. + * The base abstract SSLContext implementation. * - * This is a super class of DefaultSSLContext and TLS10Context. + * This abstract class encapsulates supported and the default server + * SSL parameters. * * @see SSLContext */ - private static class ConservativeSSLContext extends SSLContextImpl { + private abstract static class AbstractSSLContext extends SSLContextImpl { // parameters - private static SSLParameters defaultServerSSLParams; - private static SSLParameters defaultClientSSLParams; - private static SSLParameters supportedSSLParams; + private final static SSLParameters defaultServerSSLParams; + private final static SSLParameters supportedSSLParams; static { + supportedSSLParams = new SSLParameters(); if (SunJSSE.isFIPS()) { - supportedSSLParams = new SSLParameters(); supportedSSLParams.setProtocols(new String[] { ProtocolVersion.TLS10.name, ProtocolVersion.TLS11.name, @@ -444,14 +444,7 @@ }); defaultServerSSLParams = supportedSSLParams; - - defaultClientSSLParams = new SSLParameters(); - defaultClientSSLParams.setProtocols(new String[] { - ProtocolVersion.TLS10.name - }); - } else { - supportedSSLParams = new SSLParameters(); supportedSSLParams.setProtocols(new String[] { ProtocolVersion.SSL20Hello.name, ProtocolVersion.SSL30.name, @@ -461,12 +454,6 @@ }); defaultServerSSLParams = supportedSSLParams; - - defaultClientSSLParams = new SSLParameters(); - defaultClientSSLParams.setProtocols(new String[] { - ProtocolVersion.SSL30.name, - ProtocolVersion.TLS10.name - }); } } @@ -476,22 +463,205 @@ } @Override - SSLParameters getDefaultClientSSLParams() { - return defaultClientSSLParams; - } - - @Override SSLParameters getSupportedSSLParams() { return supportedSSLParams; } } /* - * The SSLContext implementation for default algorithm + * The SSLContext implementation for SSLv3 and TLS10 algorithm + * + * @see SSLContext + */ + public static final class TLS10Context extends AbstractSSLContext { + private final static SSLParameters defaultClientSSLParams; + + static { + defaultClientSSLParams = new SSLParameters(); + if (SunJSSE.isFIPS()) { + defaultClientSSLParams.setProtocols(new String[] { + ProtocolVersion.TLS10.name + }); + + } else { + defaultClientSSLParams.setProtocols(new String[] { + ProtocolVersion.SSL30.name, + ProtocolVersion.TLS10.name + }); + } + } + + @Override + SSLParameters getDefaultClientSSLParams() { + return defaultClientSSLParams; + } + } + + /* + * The SSLContext implementation for TLS11 algorithm + * + * @see SSLContext + */ + public static final class TLS11Context extends AbstractSSLContext { + private final static SSLParameters defaultClientSSLParams; + + static { + defaultClientSSLParams = new SSLParameters(); + if (SunJSSE.isFIPS()) { + defaultClientSSLParams.setProtocols(new String[] { + ProtocolVersion.TLS10.name, + ProtocolVersion.TLS11.name + }); + + } else { + defaultClientSSLParams.setProtocols(new String[] { + ProtocolVersion.SSL30.name, + ProtocolVersion.TLS10.name, + ProtocolVersion.TLS11.name + }); + } + } + + @Override + SSLParameters getDefaultClientSSLParams() { + return defaultClientSSLParams; + } + } + + /* + * The SSLContext implementation for TLS12 algorithm + * + * @see SSLContext + */ + public static final class TLS12Context extends AbstractSSLContext { + private final static SSLParameters defaultClientSSLParams; + + static { + defaultClientSSLParams = new SSLParameters(); + if (SunJSSE.isFIPS()) { + defaultClientSSLParams.setProtocols(new String[] { + ProtocolVersion.TLS10.name, + ProtocolVersion.TLS11.name, + ProtocolVersion.TLS12.name + }); + + } else { + defaultClientSSLParams.setProtocols(new String[] { + ProtocolVersion.SSL30.name, + ProtocolVersion.TLS10.name, + ProtocolVersion.TLS11.name, + ProtocolVersion.TLS12.name + }); + } + } + + @Override + SSLParameters getDefaultClientSSLParams() { + return defaultClientSSLParams; + } + } + + /* + * The SSLContext implementation for customized TLS protocols * * @see SSLContext */ - public static final class DefaultSSLContext extends ConservativeSSLContext { + private static class CustomizedSSLContext extends AbstractSSLContext { + private final static String PROPERTY_NAME = "jdk.tls.client.protocols"; + private final static SSLParameters defaultClientSSLParams; + private static IllegalArgumentException reservedException = null; + + // Don't want a java.lang.LinkageError for illegal system property. + // + // Please don't throw exception in this static block. Otherwise, + // java.lang.LinkageError may be thrown during the instantiation of + // the provider service. Instead, let's handle the initialization + // exception in constructor. + static { + String property = AccessController.doPrivileged( + new GetPropertyAction(PROPERTY_NAME)); + defaultClientSSLParams = new SSLParameters(); + if (property == null || property.length() == 0) { + // the default enabled client TLS protocols + if (SunJSSE.isFIPS()) { + defaultClientSSLParams.setProtocols(new String[] { + ProtocolVersion.TLS10.name, + ProtocolVersion.TLS11.name, + ProtocolVersion.TLS12.name + }); + + } else { + defaultClientSSLParams.setProtocols(new String[] { + ProtocolVersion.SSL30.name, + ProtocolVersion.TLS10.name, + ProtocolVersion.TLS11.name, + ProtocolVersion.TLS12.name + }); + } + } else { + // remove double quote marks from beginning/end of the property + if (property.charAt(0) == '"' && + property.charAt(property.length() - 1) == '"') { + property = property.substring(1, property.length() - 1); + } + + String[] protocols = property.split(","); + for (int i = 0; i < protocols.length; i++) { + protocols[i] = protocols[i].trim(); + // Is it a supported protocol name? + try { + ProtocolVersion.valueOf(protocols[i]); + } catch (IllegalArgumentException iae) { + reservedException = new IllegalArgumentException( + PROPERTY_NAME + ": " + protocols[i] + + " is not a standard SSL protocol name", iae); + } + } + + if ((reservedException == null) && SunJSSE.isFIPS()) { + for (String protocol : protocols) { + if (ProtocolVersion.SSL20Hello.name.equals(protocol) || + ProtocolVersion.SSL30.name.equals(protocol)) { + reservedException = new IllegalArgumentException( + PROPERTY_NAME + ": " + protocol + + " is not FIPS compliant"); + } + } + } + + if (reservedException == null) { + defaultClientSSLParams.setProtocols(protocols); + } + } + } + + protected CustomizedSSLContext() { + if (reservedException != null) { + throw reservedException; + } + } + + @Override + SSLParameters getDefaultClientSSLParams() { + return defaultClientSSLParams; + } + } + + /* + * The SSLContext implementation for default "TLS" algorithm + * + * @see SSLContext + */ + public static final class TLSContext extends CustomizedSSLContext { + // use the default constructor and methods + } + + /* + * The SSLContext implementation for default "Default" algorithm + * + * @see SSLContext + */ + public static final class DefaultSSLContext extends CustomizedSSLContext { private static final String NONE = "NONE"; private static final String P11KEYSTORE = "PKCS11"; @@ -652,147 +822,6 @@ } } - /* - * The SSLContext implementation for TLS, SSL, SSLv3 and TLS10 algorithm - * - * @see SSLContext - */ - public static final class TLS10Context extends ConservativeSSLContext { - // use the default constructor and methods - } - - /* - * The SSLContext implementation for TLS11 algorithm - * - * @see SSLContext - */ - public static final class TLS11Context extends SSLContextImpl { - // parameters - private static SSLParameters defaultServerSSLParams; - private static SSLParameters defaultClientSSLParams; - private static SSLParameters supportedSSLParams; - - static { - if (SunJSSE.isFIPS()) { - supportedSSLParams = new SSLParameters(); - supportedSSLParams.setProtocols(new String[] { - ProtocolVersion.TLS10.name, - ProtocolVersion.TLS11.name, - ProtocolVersion.TLS12.name - }); - - defaultServerSSLParams = supportedSSLParams; - - defaultClientSSLParams = new SSLParameters(); - defaultClientSSLParams.setProtocols(new String[] { - ProtocolVersion.TLS10.name, - ProtocolVersion.TLS11.name - }); - - } else { - supportedSSLParams = new SSLParameters(); - supportedSSLParams.setProtocols(new String[] { - ProtocolVersion.SSL20Hello.name, - ProtocolVersion.SSL30.name, - ProtocolVersion.TLS10.name, - ProtocolVersion.TLS11.name, - ProtocolVersion.TLS12.name - }); - - defaultServerSSLParams = supportedSSLParams; - - defaultClientSSLParams = new SSLParameters(); - defaultClientSSLParams.setProtocols(new String[] { - ProtocolVersion.SSL30.name, - ProtocolVersion.TLS10.name, - ProtocolVersion.TLS11.name - }); - } - } - - @Override - SSLParameters getDefaultServerSSLParams() { - return defaultServerSSLParams; - } - - @Override - SSLParameters getDefaultClientSSLParams() { - return defaultClientSSLParams; - } - - @Override - SSLParameters getSupportedSSLParams() { - return supportedSSLParams; - } - } - - /* - * The SSLContext implementation for TLS12 algorithm - * - * @see SSLContext - */ - public static final class TLS12Context extends SSLContextImpl { - // parameters - private static SSLParameters defaultServerSSLParams; - private static SSLParameters defaultClientSSLParams; - private static SSLParameters supportedSSLParams; - - static { - if (SunJSSE.isFIPS()) { - supportedSSLParams = new SSLParameters(); - supportedSSLParams.setProtocols(new String[] { - ProtocolVersion.TLS10.name, - ProtocolVersion.TLS11.name, - ProtocolVersion.TLS12.name - }); - - defaultServerSSLParams = supportedSSLParams; - - defaultClientSSLParams = new SSLParameters(); - defaultClientSSLParams.setProtocols(new String[] { - ProtocolVersion.TLS10.name, - ProtocolVersion.TLS11.name, - ProtocolVersion.TLS12.name - }); - - } else { - supportedSSLParams = new SSLParameters(); - supportedSSLParams.setProtocols(new String[] { - ProtocolVersion.SSL20Hello.name, - ProtocolVersion.SSL30.name, - ProtocolVersion.TLS10.name, - ProtocolVersion.TLS11.name, - ProtocolVersion.TLS12.name - }); - - defaultServerSSLParams = supportedSSLParams; - - defaultClientSSLParams = new SSLParameters(); - defaultClientSSLParams.setProtocols(new String[] { - ProtocolVersion.SSL30.name, - ProtocolVersion.TLS10.name, - ProtocolVersion.TLS11.name, - ProtocolVersion.TLS12.name - }); - } - } - - @Override - SSLParameters getDefaultServerSSLParams() { - return defaultServerSSLParams; - } - - @Override - SSLParameters getDefaultClientSSLParams() { - return defaultClientSSLParams; - } - - @Override - SSLParameters getSupportedSSLParams() { - return supportedSSLParams; - } - } - }
--- a/src/share/classes/sun/security/ssl/SunJSSE.java Tue Dec 17 23:33:51 2013 -0800 +++ b/src/share/classes/sun/security/ssl/SunJSSE.java Wed Dec 18 16:46:15 2013 -0800 @@ -60,7 +60,8 @@ private static final long serialVersionUID = 3231825739635378733L; private static String info = "Sun JSSE provider" + - "(PKCS12, SunX509 key/trust factories, SSLv3, TLSv1)"; + "(PKCS12, SunX509/PKIX key/trust factories, " + + "SSLv3/TLSv1/TLSv1.1/TLSv1.2)"; private static String fipsInfo = "Sun JSSE provider (FIPS mode, crypto provider "; @@ -208,16 +209,17 @@ put("SSLContext.TLSv1", "sun.security.ssl.SSLContextImpl$TLS10Context"); - put("Alg.Alias.SSLContext.TLS", "TLSv1"); - if (isfips == false) { - put("Alg.Alias.SSLContext.SSL", "TLSv1"); - put("Alg.Alias.SSLContext.SSLv3", "TLSv1"); - } - put("SSLContext.TLSv1.1", "sun.security.ssl.SSLContextImpl$TLS11Context"); put("SSLContext.TLSv1.2", "sun.security.ssl.SSLContextImpl$TLS12Context"); + put("SSLContext.TLS", + "sun.security.ssl.SSLContextImpl$TLSContext"); + if (isfips == false) { + put("Alg.Alias.SSLContext.SSL", "TLS"); + put("Alg.Alias.SSLContext.SSLv3", "TLSv1"); + } + put("SSLContext.Default", "sun.security.ssl.SSLContextImpl$DefaultSSLContext");
--- a/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/DHKeyExchange/DHEKeySizing.java Tue Dec 17 23:33:51 2013 -0800 +++ b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/DHKeyExchange/DHEKeySizing.java Wed Dec 18 16:46:15 2013 -0800 @@ -443,7 +443,7 @@ TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509"); tmf.init(ts); - SSLContext sslCtx = SSLContext.getInstance("TLS"); + SSLContext sslCtx = SSLContext.getInstance("TLSv1"); sslCtx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); return sslCtx;
--- a/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/EngineArgs/DebugReportsOneExtraByte.java Tue Dec 17 23:33:51 2013 -0800 +++ b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/EngineArgs/DebugReportsOneExtraByte.java Wed Dec 18 16:46:15 2013 -0800 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -159,7 +159,7 @@ TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509"); tmf.init(ts); - SSLContext sslCtx = SSLContext.getInstance("TLS"); + SSLContext sslCtx = SSLContext.getInstance("TLSv1"); sslCtx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/CustomizedDefaultProtocols.java Wed Dec 18 16:46:15 2013 -0800 @@ -0,0 +1,239 @@ +/* + * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +// SunJSSE does not support dynamic system properties, no way to re-use +// system properties in samevm/agentvm mode. + +/* + * @test + * @bug 7093640 + * @summary Enable TLS 1.1 and TLS 1.2 by default in client side of SunJSSE + * @run main/othervm -Djdk.tls.client.protocols="SSLv3,TLSv1,TLSv1.1" + * CustomizedDefaultProtocols + */ + +import javax.net.*; +import javax.net.ssl.*; +import java.util.Arrays; + +public class CustomizedDefaultProtocols { + static enum ContextVersion { + TLS_CV_01("SSL", + new String[] {"SSLv3", "TLSv1", "TLSv1.1"}), + TLS_CV_02("TLS", + new String[] {"SSLv3", "TLSv1", "TLSv1.1"}), + TLS_CV_03("SSLv3", + new String[] {"SSLv3", "TLSv1"}), + TLS_CV_04("TLSv1", + new String[] {"SSLv3", "TLSv1"}), + TLS_CV_05("TLSv1.1", + new String[] {"SSLv3", "TLSv1", "TLSv1.1"}), + TLS_CV_06("TLSv1.2", + new String[] {"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2"}), + TLS_CV_07("Default", + new String[] {"SSLv3", "TLSv1", "TLSv1.1"}); + + final String contextVersion; + final String[] enabledProtocols; + final static String[] supportedProtocols = new String[] { + "SSLv2Hello", "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2"}; + + ContextVersion(String contextVersion, String[] enabledProtocols) { + this.contextVersion = contextVersion; + this.enabledProtocols = enabledProtocols; + } + } + + private static boolean checkProtocols(String[] target, String[] expected) { + boolean success = true; + if (target.length == 0) { + System.out.println("\tError: No protocols"); + success = false; + } + + if (!Arrays.equals(target, expected)) { + System.out.println("\tError: Expected to get protocols " + + Arrays.toString(expected)); + System.out.println("\tError: The actual protocols " + + Arrays.toString(target)); + success = false; + } + + return success; + } + + private static boolean checkCipherSuites(String[] target) { + boolean success = true; + if (target.length == 0) { + System.out.println("\tError: No cipher suites"); + success = false; + } + + return success; + } + + public static void main(String[] args) throws Exception { + boolean failed = false; + for (ContextVersion cv : ContextVersion.values()) { + System.out.println("Checking SSLContext of " + cv.contextVersion); + SSLContext context = SSLContext.getInstance(cv.contextVersion); + + // Default SSLContext is initialized automatically. + if (!cv.contextVersion.equals("Default")) { + // Use default TK, KM and random. + context.init((KeyManager[])null, (TrustManager[])null, null); + } + + // + // Check SSLContext + // + // Check default SSLParameters of SSLContext + System.out.println("\tChecking default SSLParameters"); + SSLParameters parameters = context.getDefaultSSLParameters(); + + String[] protocols = parameters.getProtocols(); + failed |= !checkProtocols(protocols, cv.enabledProtocols); + + String[] ciphers = parameters.getCipherSuites(); + failed |= !checkCipherSuites(ciphers); + + // Check supported SSLParameters of SSLContext + System.out.println("\tChecking supported SSLParameters"); + parameters = context.getSupportedSSLParameters(); + + protocols = parameters.getProtocols(); + failed |= !checkProtocols(protocols, cv.supportedProtocols); + + ciphers = parameters.getCipherSuites(); + failed |= !checkCipherSuites(ciphers); + + // + // Check SSLEngine + // + // Check SSLParameters of SSLEngine + System.out.println(); + System.out.println("\tChecking SSLEngine of this SSLContext"); + System.out.println("\tChecking SSLEngine.getSSLParameters()"); + SSLEngine engine = context.createSSLEngine(); + engine.setUseClientMode(true); + parameters = engine.getSSLParameters(); + + protocols = parameters.getProtocols(); + failed |= !checkProtocols(protocols, cv.enabledProtocols); + + ciphers = parameters.getCipherSuites(); + failed |= !checkCipherSuites(ciphers); + + System.out.println("\tChecking SSLEngine.getEnabledProtocols()"); + protocols = engine.getEnabledProtocols(); + failed |= !checkProtocols(protocols, cv.enabledProtocols); + + System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()"); + ciphers = engine.getEnabledCipherSuites(); + failed |= !checkCipherSuites(ciphers); + + System.out.println("\tChecking SSLEngine.getSupportedProtocols()"); + protocols = engine.getSupportedProtocols(); + failed |= !checkProtocols(protocols, cv.supportedProtocols); + + System.out.println( + "\tChecking SSLEngine.getSupportedCipherSuites()"); + ciphers = engine.getSupportedCipherSuites(); + failed |= !checkCipherSuites(ciphers); + + // + // Check SSLSocket + // + // Check SSLParameters of SSLSocket + System.out.println(); + System.out.println("\tChecking SSLSocket of this SSLContext"); + System.out.println("\tChecking SSLSocket.getSSLParameters()"); + SocketFactory fac = context.getSocketFactory(); + SSLSocket socket = (SSLSocket)fac.createSocket(); + parameters = socket.getSSLParameters(); + + protocols = parameters.getProtocols(); + failed |= !checkProtocols(protocols, cv.enabledProtocols); + + ciphers = parameters.getCipherSuites(); + failed |= !checkCipherSuites(ciphers); + + System.out.println("\tChecking SSLEngine.getEnabledProtocols()"); + protocols = socket.getEnabledProtocols(); + failed |= !checkProtocols(protocols, cv.enabledProtocols); + + System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()"); + ciphers = socket.getEnabledCipherSuites(); + failed |= !checkCipherSuites(ciphers); + + System.out.println("\tChecking SSLEngine.getSupportedProtocols()"); + protocols = socket.getSupportedProtocols(); + failed |= !checkProtocols(protocols, cv.supportedProtocols); + + System.out.println( + "\tChecking SSLEngine.getSupportedCipherSuites()"); + ciphers = socket.getSupportedCipherSuites(); + failed |= !checkCipherSuites(ciphers); + + // + // Check SSLServerSocket + // + // Check SSLParameters of SSLServerSocket + System.out.println(); + System.out.println("\tChecking SSLServerSocket of this SSLContext"); + System.out.println("\tChecking SSLServerSocket.getSSLParameters()"); + SSLServerSocketFactory sf = context.getServerSocketFactory(); + SSLServerSocket ssocket = (SSLServerSocket)sf.createServerSocket(); + parameters = ssocket.getSSLParameters(); + + protocols = parameters.getProtocols(); + failed |= !checkProtocols(protocols, cv.supportedProtocols); + + ciphers = parameters.getCipherSuites(); + failed |= !checkCipherSuites(ciphers); + + System.out.println("\tChecking SSLEngine.getEnabledProtocols()"); + protocols = ssocket.getEnabledProtocols(); + failed |= !checkProtocols(protocols, cv.supportedProtocols); + + System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()"); + ciphers = ssocket.getEnabledCipherSuites(); + failed |= !checkCipherSuites(ciphers); + + System.out.println("\tChecking SSLEngine.getSupportedProtocols()"); + protocols = ssocket.getSupportedProtocols(); + failed |= !checkProtocols(protocols, cv.supportedProtocols); + + System.out.println( + "\tChecking SSLEngine.getSupportedCipherSuites()"); + ciphers = ssocket.getSupportedCipherSuites(); + failed |= !checkCipherSuites(ciphers); + } + + if (failed) { + throw new Exception("Run into problems, see log for more details"); + } else { + System.out.println("\t... Success"); + } + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/DefaultEnabledProtocols.java Wed Dec 18 16:46:15 2013 -0800 @@ -0,0 +1,238 @@ +/* + * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +// SunJSSE does not support dynamic system properties, no way to re-use +// system properties in samevm/agentvm mode. + +/* + * @test + * @bug 7093640 + * @summary Enable TLS 1.1 and TLS 1.2 by default in client side of SunJSSE + * @run main/othervm DefaultEnabledProtocols + */ + +import javax.net.*; +import javax.net.ssl.*; +import java.util.Arrays; + +public class DefaultEnabledProtocols { + static enum ContextVersion { + TLS_CV_01("SSL", + new String[] {"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2"}), + TLS_CV_02("TLS", + new String[] {"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2"}), + TLS_CV_03("SSLv3", + new String[] {"SSLv3", "TLSv1"}), + TLS_CV_04("TLSv1", + new String[] {"SSLv3", "TLSv1"}), + TLS_CV_05("TLSv1.1", + new String[] {"SSLv3", "TLSv1", "TLSv1.1"}), + TLS_CV_06("TLSv1.2", + new String[] {"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2"}), + TLS_CV_07("Default", + new String[] {"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2"}); + + final String contextVersion; + final String[] enabledProtocols; + final static String[] supportedProtocols = new String[] { + "SSLv2Hello", "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2"}; + + ContextVersion(String contextVersion, String[] enabledProtocols) { + this.contextVersion = contextVersion; + this.enabledProtocols = enabledProtocols; + } + } + + private static boolean checkProtocols(String[] target, String[] expected) { + boolean success = true; + if (target.length == 0) { + System.out.println("\tError: No protocols"); + success = false; + } + + if (!Arrays.equals(target, expected)) { + System.out.println("\tError: Expected to get protocols " + + Arrays.toString(expected)); + System.out.println("\tError: The actual protocols " + + Arrays.toString(target)); + success = false; + } + + return success; + } + + private static boolean checkCipherSuites(String[] target) { + boolean success = true; + if (target.length == 0) { + System.out.println("\tError: No cipher suites"); + success = false; + } + + return success; + } + + public static void main(String[] args) throws Exception { + boolean failed = false; + for (ContextVersion cv : ContextVersion.values()) { + System.out.println("Checking SSLContext of " + cv.contextVersion); + SSLContext context = SSLContext.getInstance(cv.contextVersion); + + // Default SSLContext is initialized automatically. + if (!cv.contextVersion.equals("Default")) { + // Use default TK, KM and random. + context.init((KeyManager[])null, (TrustManager[])null, null); + } + + // + // Check SSLContext + // + // Check default SSLParameters of SSLContext + System.out.println("\tChecking default SSLParameters"); + SSLParameters parameters = context.getDefaultSSLParameters(); + + String[] protocols = parameters.getProtocols(); + failed |= !checkProtocols(protocols, cv.enabledProtocols); + + String[] ciphers = parameters.getCipherSuites(); + failed |= !checkCipherSuites(ciphers); + + // Check supported SSLParameters of SSLContext + System.out.println("\tChecking supported SSLParameters"); + parameters = context.getSupportedSSLParameters(); + + protocols = parameters.getProtocols(); + failed |= !checkProtocols(protocols, cv.supportedProtocols); + + ciphers = parameters.getCipherSuites(); + failed |= !checkCipherSuites(ciphers); + + // + // Check SSLEngine + // + // Check SSLParameters of SSLEngine + System.out.println(); + System.out.println("\tChecking SSLEngine of this SSLContext"); + System.out.println("\tChecking SSLEngine.getSSLParameters()"); + SSLEngine engine = context.createSSLEngine(); + engine.setUseClientMode(true); + parameters = engine.getSSLParameters(); + + protocols = parameters.getProtocols(); + failed |= !checkProtocols(protocols, cv.enabledProtocols); + + ciphers = parameters.getCipherSuites(); + failed |= !checkCipherSuites(ciphers); + + System.out.println("\tChecking SSLEngine.getEnabledProtocols()"); + protocols = engine.getEnabledProtocols(); + failed |= !checkProtocols(protocols, cv.enabledProtocols); + + System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()"); + ciphers = engine.getEnabledCipherSuites(); + failed |= !checkCipherSuites(ciphers); + + System.out.println("\tChecking SSLEngine.getSupportedProtocols()"); + protocols = engine.getSupportedProtocols(); + failed |= !checkProtocols(protocols, cv.supportedProtocols); + + System.out.println( + "\tChecking SSLEngine.getSupportedCipherSuites()"); + ciphers = engine.getSupportedCipherSuites(); + failed |= !checkCipherSuites(ciphers); + + // + // Check SSLSocket + // + // Check SSLParameters of SSLSocket + System.out.println(); + System.out.println("\tChecking SSLSocket of this SSLContext"); + System.out.println("\tChecking SSLSocket.getSSLParameters()"); + SocketFactory fac = context.getSocketFactory(); + SSLSocket socket = (SSLSocket)fac.createSocket(); + parameters = socket.getSSLParameters(); + + protocols = parameters.getProtocols(); + failed |= !checkProtocols(protocols, cv.enabledProtocols); + + ciphers = parameters.getCipherSuites(); + failed |= !checkCipherSuites(ciphers); + + System.out.println("\tChecking SSLEngine.getEnabledProtocols()"); + protocols = socket.getEnabledProtocols(); + failed |= !checkProtocols(protocols, cv.enabledProtocols); + + System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()"); + ciphers = socket.getEnabledCipherSuites(); + failed |= !checkCipherSuites(ciphers); + + System.out.println("\tChecking SSLEngine.getSupportedProtocols()"); + protocols = socket.getSupportedProtocols(); + failed |= !checkProtocols(protocols, cv.supportedProtocols); + + System.out.println( + "\tChecking SSLEngine.getSupportedCipherSuites()"); + ciphers = socket.getSupportedCipherSuites(); + failed |= !checkCipherSuites(ciphers); + + // + // Check SSLServerSocket + // + // Check SSLParameters of SSLServerSocket + System.out.println(); + System.out.println("\tChecking SSLServerSocket of this SSLContext"); + System.out.println("\tChecking SSLServerSocket.getSSLParameters()"); + SSLServerSocketFactory sf = context.getServerSocketFactory(); + SSLServerSocket ssocket = (SSLServerSocket)sf.createServerSocket(); + parameters = ssocket.getSSLParameters(); + + protocols = parameters.getProtocols(); + failed |= !checkProtocols(protocols, cv.supportedProtocols); + + ciphers = parameters.getCipherSuites(); + failed |= !checkCipherSuites(ciphers); + + System.out.println("\tChecking SSLEngine.getEnabledProtocols()"); + protocols = ssocket.getEnabledProtocols(); + failed |= !checkProtocols(protocols, cv.supportedProtocols); + + System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()"); + ciphers = ssocket.getEnabledCipherSuites(); + failed |= !checkCipherSuites(ciphers); + + System.out.println("\tChecking SSLEngine.getSupportedProtocols()"); + protocols = ssocket.getSupportedProtocols(); + failed |= !checkProtocols(protocols, cv.supportedProtocols); + + System.out.println( + "\tChecking SSLEngine.getSupportedCipherSuites()"); + ciphers = ssocket.getSupportedCipherSuites(); + failed |= !checkCipherSuites(ciphers); + } + + if (failed) { + throw new Exception("Run into problems, see log for more details"); + } else { + System.out.println("\t... Success"); + } + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/IllegalProtocolProperty.java Wed Dec 18 16:46:15 2013 -0800 @@ -0,0 +1,138 @@ +/* + * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +// SunJSSE does not support dynamic system properties, no way to re-use +// system properties in samevm/agentvm mode. + +/* + * @test + * @bug 7093640 + * @summary Enable TLS 1.1 and TLS 1.2 by default in client side of SunJSSE + * @run main/othervm -Djdk.tls.client.protocols="XSLv3,TLSv1" + * IllegalProtocolProperty + */ + +import javax.net.ssl.*; +import java.security.NoSuchAlgorithmException; + +public class IllegalProtocolProperty { + static enum ContextVersion { + TLS_CV_01("SSL", "TLSv1", "TLSv1.2", true), + TLS_CV_02("TLS", "TLSv1", "TLSv1.2", true), + TLS_CV_03("SSLv3", "TLSv1", "TLSv1.2", false), + TLS_CV_04("TLSv1", "TLSv1", "TLSv1.2", false), + TLS_CV_05("TLSv1.1", "TLSv1.1", "TLSv1.2", false), + TLS_CV_06("TLSv1.2", "TLSv1.2", "TLSv1.2", false), + TLS_CV_07("Default", "TLSv1", "TLSv1.2", true); + + final String contextVersion; + final String defaultProtocolVersion; + final String supportedProtocolVersion; + final boolean impacted; + + ContextVersion(String contextVersion, String defaultProtocolVersion, + String supportedProtocolVersion, boolean impacted) { + this.contextVersion = contextVersion; + this.defaultProtocolVersion = defaultProtocolVersion; + this.supportedProtocolVersion = supportedProtocolVersion; + this.impacted = impacted; + } + } + + public static void main(String[] args) throws Exception { + for (ContextVersion cv : ContextVersion.values()) { + System.out.println("Checking SSLContext of " + cv.contextVersion); + + SSLContext context; + try { + context = SSLContext.getInstance(cv.contextVersion); + if (cv.impacted) { + throw new Exception( + "illegal system property jdk.tls.client.protocols: " + + System.getProperty("jdk.tls.client.protocols")); + } + } catch (NoSuchAlgorithmException nsae) { + if (cv.impacted) { + System.out.println( + "\tIgnore: illegal system property " + + "jdk.tls.client.protocols=" + + System.getProperty("jdk.tls.client.protocols")); + continue; + } else { + throw nsae; + } + } + + // Default SSLContext is initialized automatically. + if (!cv.contextVersion.equals("Default")) { + // Use default TK, KM and random. + context.init((KeyManager[])null, (TrustManager[])null, null); + } + + SSLParameters parameters = context.getDefaultSSLParameters(); + + String[] protocols = parameters.getProtocols(); + String[] ciphers = parameters.getCipherSuites(); + + if (protocols.length == 0 || ciphers.length == 0) { + throw new Exception("No default protocols or cipher suites"); + } + + boolean isMatch = false; + for (String protocol : protocols) { + System.out.println("\tdefault protocol version " + protocol); + if (protocol.equals(cv.defaultProtocolVersion)) { + isMatch = true; + break; + } + } + + if (!isMatch) { + throw new Exception("No matched default protocol"); + } + + parameters = context.getSupportedSSLParameters(); + + protocols = parameters.getProtocols(); + ciphers = parameters.getCipherSuites(); + + if (protocols.length == 0 || ciphers.length == 0) { + throw new Exception("No supported protocols or cipher suites"); + } + + isMatch = false; + for (String protocol : protocols) { + System.out.println("\tsupported protocol version " + protocol); + if (protocol.equals(cv.supportedProtocolVersion)) { + isMatch = true; + break; + } + } + + if (!isMatch) { + throw new Exception("No matched supported protocol"); + } + System.out.println("\t... Success"); + } + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/NoOldVersionContext.java Wed Dec 18 16:46:15 2013 -0800 @@ -0,0 +1,239 @@ +/* + * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +// SunJSSE does not support dynamic system properties, no way to re-use +// system properties in samevm/agentvm mode. + +/* + * @test + * @bug 7093640 + * @summary Enable TLS 1.1 and TLS 1.2 by default in client side of SunJSSE + * @run main/othervm -Djdk.tls.client.protocols="TLSv1,TLSv1.1,TLSv1.2" + * NoOldVersionContext + */ + +import javax.net.*; +import javax.net.ssl.*; +import java.util.Arrays; + +public class NoOldVersionContext { + static enum ContextVersion { + TLS_CV_01("SSL", + new String[] {"TLSv1", "TLSv1.1", "TLSv1.2"}), + TLS_CV_02("TLS", + new String[] {"TLSv1", "TLSv1.1", "TLSv1.2"}), + TLS_CV_03("SSLv3", + new String[] {"SSLv3", "TLSv1"}), + TLS_CV_04("TLSv1", + new String[] {"SSLv3", "TLSv1"}), + TLS_CV_05("TLSv1.1", + new String[] {"SSLv3", "TLSv1", "TLSv1.1"}), + TLS_CV_06("TLSv1.2", + new String[] {"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2"}), + TLS_CV_07("Default", + new String[] {"TLSv1", "TLSv1.1", "TLSv1.2"}); + + final String contextVersion; + final String[] enabledProtocols; + final static String[] supportedProtocols = new String[] { + "SSLv2Hello", "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2"}; + + ContextVersion(String contextVersion, String[] enabledProtocols) { + this.contextVersion = contextVersion; + this.enabledProtocols = enabledProtocols; + } + } + + private static boolean checkProtocols(String[] target, String[] expected) { + boolean success = true; + if (target.length == 0) { + System.out.println("\tError: No protocols"); + success = false; + } + + if (!Arrays.equals(target, expected)) { + System.out.println("\tError: Expected to get protocols " + + Arrays.toString(expected)); + System.out.println("\tError: The actual protocols " + + Arrays.toString(target)); + success = false; + } + + return success; + } + + private static boolean checkCipherSuites(String[] target) { + boolean success = true; + if (target.length == 0) { + System.out.println("\tError: No cipher suites"); + success = false; + } + + return success; + } + + public static void main(String[] args) throws Exception { + boolean failed = false; + for (ContextVersion cv : ContextVersion.values()) { + System.out.println("Checking SSLContext of " + cv.contextVersion); + SSLContext context = SSLContext.getInstance(cv.contextVersion); + + // Default SSLContext is initialized automatically. + if (!cv.contextVersion.equals("Default")) { + // Use default TK, KM and random. + context.init((KeyManager[])null, (TrustManager[])null, null); + } + + // + // Check SSLContext + // + // Check default SSLParameters of SSLContext + System.out.println("\tChecking default SSLParameters"); + SSLParameters parameters = context.getDefaultSSLParameters(); + + String[] protocols = parameters.getProtocols(); + failed |= !checkProtocols(protocols, cv.enabledProtocols); + + String[] ciphers = parameters.getCipherSuites(); + failed |= !checkCipherSuites(ciphers); + + // Check supported SSLParameters of SSLContext + System.out.println("\tChecking supported SSLParameters"); + parameters = context.getSupportedSSLParameters(); + + protocols = parameters.getProtocols(); + failed |= !checkProtocols(protocols, cv.supportedProtocols); + + ciphers = parameters.getCipherSuites(); + failed |= !checkCipherSuites(ciphers); + + // + // Check SSLEngine + // + // Check SSLParameters of SSLEngine + System.out.println(); + System.out.println("\tChecking SSLEngine of this SSLContext"); + System.out.println("\tChecking SSLEngine.getSSLParameters()"); + SSLEngine engine = context.createSSLEngine(); + engine.setUseClientMode(true); + parameters = engine.getSSLParameters(); + + protocols = parameters.getProtocols(); + failed |= !checkProtocols(protocols, cv.enabledProtocols); + + ciphers = parameters.getCipherSuites(); + failed |= !checkCipherSuites(ciphers); + + System.out.println("\tChecking SSLEngine.getEnabledProtocols()"); + protocols = engine.getEnabledProtocols(); + failed |= !checkProtocols(protocols, cv.enabledProtocols); + + System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()"); + ciphers = engine.getEnabledCipherSuites(); + failed |= !checkCipherSuites(ciphers); + + System.out.println("\tChecking SSLEngine.getSupportedProtocols()"); + protocols = engine.getSupportedProtocols(); + failed |= !checkProtocols(protocols, cv.supportedProtocols); + + System.out.println( + "\tChecking SSLEngine.getSupportedCipherSuites()"); + ciphers = engine.getSupportedCipherSuites(); + failed |= !checkCipherSuites(ciphers); + + // + // Check SSLSocket + // + // Check SSLParameters of SSLSocket + System.out.println(); + System.out.println("\tChecking SSLSocket of this SSLContext"); + System.out.println("\tChecking SSLSocket.getSSLParameters()"); + SocketFactory fac = context.getSocketFactory(); + SSLSocket socket = (SSLSocket)fac.createSocket(); + parameters = socket.getSSLParameters(); + + protocols = parameters.getProtocols(); + failed |= !checkProtocols(protocols, cv.enabledProtocols); + + ciphers = parameters.getCipherSuites(); + failed |= !checkCipherSuites(ciphers); + + System.out.println("\tChecking SSLEngine.getEnabledProtocols()"); + protocols = socket.getEnabledProtocols(); + failed |= !checkProtocols(protocols, cv.enabledProtocols); + + System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()"); + ciphers = socket.getEnabledCipherSuites(); + failed |= !checkCipherSuites(ciphers); + + System.out.println("\tChecking SSLEngine.getSupportedProtocols()"); + protocols = socket.getSupportedProtocols(); + failed |= !checkProtocols(protocols, cv.supportedProtocols); + + System.out.println( + "\tChecking SSLEngine.getSupportedCipherSuites()"); + ciphers = socket.getSupportedCipherSuites(); + failed |= !checkCipherSuites(ciphers); + + // + // Check SSLServerSocket + // + // Check SSLParameters of SSLServerSocket + System.out.println(); + System.out.println("\tChecking SSLServerSocket of this SSLContext"); + System.out.println("\tChecking SSLServerSocket.getSSLParameters()"); + SSLServerSocketFactory sf = context.getServerSocketFactory(); + SSLServerSocket ssocket = (SSLServerSocket)sf.createServerSocket(); + parameters = ssocket.getSSLParameters(); + + protocols = parameters.getProtocols(); + failed |= !checkProtocols(protocols, cv.supportedProtocols); + + ciphers = parameters.getCipherSuites(); + failed |= !checkCipherSuites(ciphers); + + System.out.println("\tChecking SSLEngine.getEnabledProtocols()"); + protocols = ssocket.getEnabledProtocols(); + failed |= !checkProtocols(protocols, cv.supportedProtocols); + + System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()"); + ciphers = ssocket.getEnabledCipherSuites(); + failed |= !checkCipherSuites(ciphers); + + System.out.println("\tChecking SSLEngine.getSupportedProtocols()"); + protocols = ssocket.getSupportedProtocols(); + failed |= !checkProtocols(protocols, cv.supportedProtocols); + + System.out.println( + "\tChecking SSLEngine.getSupportedCipherSuites()"); + ciphers = ssocket.getSupportedCipherSuites(); + failed |= !checkCipherSuites(ciphers); + } + + if (failed) { + throw new Exception("Run into problems, see log for more details"); + } else { + System.out.println("\t... Success"); + } + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/SSLContextVersion.java Wed Dec 18 16:46:15 2013 -0800 @@ -0,0 +1,116 @@ +/* + * Copyright (c) 2011, 2013, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +// SunJSSE does not support dynamic system properties, no way to re-use +// system properties in samevm/agentvm mode. + +/* + * @test + * @bug 6976117 + * @summary SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets + * without TLSv1.1 enabled + * @run main/othervm SSLContextVersion + */ + +import javax.net.ssl.*; + +public class SSLContextVersion { + static enum ContextVersion { + TLS_CV_01("SSL", "TLSv1.2", "TLSv1.2"), + TLS_CV_02("TLS", "TLSv1.2", "TLSv1.2"), + TLS_CV_03("SSLv3", "TLSv1", "TLSv1.2"), + TLS_CV_04("TLSv1", "TLSv1", "TLSv1.2"), + TLS_CV_05("TLSv1.1", "TLSv1.1", "TLSv1.2"), + TLS_CV_06("TLSv1.2", "TLSv1.2", "TLSv1.2"), + TLS_CV_07("Default", "TLSv1.2", "TLSv1.2"); + + final String contextVersion; + final String defaultProtocolVersion; + final String supportedProtocolVersion; + + ContextVersion(String contextVersion, String defaultProtocolVersion, + String supportedProtocolVersion) { + this.contextVersion = contextVersion; + this.defaultProtocolVersion = defaultProtocolVersion; + this.supportedProtocolVersion = supportedProtocolVersion; + } + } + + public static void main(String[] args) throws Exception { + for (ContextVersion cv : ContextVersion.values()) { + System.out.println("Checking SSLContext of " + cv.contextVersion); + SSLContext context = SSLContext.getInstance(cv.contextVersion); + + // Default SSLContext is initialized automatically. + if (!cv.contextVersion.equals("Default")) { + // Use default TK, KM and random. + context.init((KeyManager[])null, (TrustManager[])null, null); + } + + SSLParameters parameters = context.getDefaultSSLParameters(); + + String[] protocols = parameters.getProtocols(); + String[] ciphers = parameters.getCipherSuites(); + + if (protocols.length == 0 || ciphers.length == 0) { + throw new Exception("No default protocols or cipher suites"); + } + + boolean isMatch = false; + for (String protocol : protocols) { + System.out.println("\tdefault protocol version " + protocol); + if (protocol.equals(cv.defaultProtocolVersion)) { + isMatch = true; + break; + } + } + + if (!isMatch) { + throw new Exception("No matched default protocol"); + } + + parameters = context.getSupportedSSLParameters(); + + protocols = parameters.getProtocols(); + ciphers = parameters.getCipherSuites(); + + if (protocols.length == 0 || ciphers.length == 0) { + throw new Exception("No supported protocols or cipher suites"); + } + + isMatch = false; + for (String protocol : protocols) { + System.out.println("\tsupported protocol version " + protocol); + if (protocol.equals(cv.supportedProtocolVersion)) { + isMatch = true; + break; + } + } + + if (!isMatch) { + throw new Exception("No matched supported protocol"); + } + System.out.println("\t... Success"); + } + } +}
--- a/test/sun/security/ssl/javax/net/ssl/SSLContextVersion.java Tue Dec 17 23:33:51 2013 -0800 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,112 +0,0 @@ -/* - * Copyright (c) 2011, 2012, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -/* - * @test - * @bug 6976117 - * @summary SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets - * without TLSv1.1 enabled - */ - -import javax.net.ssl.*; - -public class SSLContextVersion { - static enum ContextVersion { - TLS_CV_01("SSL", "TLSv1", "TLSv1.2"), - TLS_CV_02("TLS", "TLSv1", "TLSv1.2"), - TLS_CV_03("SSLv3", "TLSv1", "TLSv1.2"), - TLS_CV_04("TLSv1", "TLSv1", "TLSv1.2"), - TLS_CV_05("TLSv1.1", "TLSv1.1", "TLSv1.2"), - TLS_CV_06("TLSv1.2", "TLSv1.2", "TLSv1.2"), - TLS_CV_07("Default", "TLSv1", "TLSv1.2"); - - final String contextVersion; - final String defaultProtocolVersion; - final String supportedProtocolVersion; - - ContextVersion(String contextVersion, String defaultProtocolVersion, - String supportedProtocolVersion) { - this.contextVersion = contextVersion; - this.defaultProtocolVersion = defaultProtocolVersion; - this.supportedProtocolVersion = supportedProtocolVersion; - } - } - - public static void main(String[] args) throws Exception { - for (ContextVersion cv : ContextVersion.values()) { - System.out.println("Checking SSLContext of " + cv.contextVersion); - SSLContext context = SSLContext.getInstance(cv.contextVersion); - - // Default SSLContext is initialized automatically. - if (!cv.contextVersion.equals("Default")) { - // Use default TK, KM and random. - context.init((KeyManager[])null, (TrustManager[])null, null); - } - - SSLParameters parameters = context.getDefaultSSLParameters(); - - String[] protocols = parameters.getProtocols(); - String[] ciphers = parameters.getCipherSuites(); - - if (protocols.length == 0 || ciphers.length == 0) { - throw new Exception("No default protocols or cipher suites"); - } - - boolean isMatch = false; - for (String protocol : protocols) { - System.out.println("\tdefault protocol version " + protocol); - if (protocol.equals(cv.defaultProtocolVersion)) { - isMatch = true; - break; - } - } - - if (!isMatch) { - throw new Exception("No matched default protocol"); - } - - parameters = context.getSupportedSSLParameters(); - - protocols = parameters.getProtocols(); - ciphers = parameters.getCipherSuites(); - - if (protocols.length == 0 || ciphers.length == 0) { - throw new Exception("No supported protocols or cipher suites"); - } - - isMatch = false; - for (String protocol : protocols) { - System.out.println("\tsupported protocol version " + protocol); - if (protocol.equals(cv.supportedProtocolVersion)) { - isMatch = true; - break; - } - } - - if (!isMatch) { - throw new Exception("No matched supported protocol"); - } - System.out.println("\t... Success"); - } - } -}