Mercurial > hg > openjdk > jdk8u > jdk
changeset 10395:649c7ba69201 jdk8u31-b03
8057555: Less cryptic cipher suite management
Reviewed-by: xuelei, igerasim, mullan, asmotrak
Contributed-by: jamil.j.nimeh@oracle.com
author | juh |
---|---|
date | Fri, 03 Oct 2014 10:49:18 -0700 |
parents | b57d862e1316 |
children | 1ecc234bd389 |
files | src/share/classes/sun/security/ssl/ClientHandshaker.java src/share/classes/sun/security/ssl/Handshaker.java src/share/classes/sun/security/ssl/SSLEngineImpl.java src/share/classes/sun/security/ssl/SSLSocketImpl.java src/share/classes/sun/security/ssl/ServerHandshaker.java |
diffstat | 5 files changed, 38 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/src/share/classes/sun/security/ssl/ClientHandshaker.java Sun Aug 31 16:16:50 2014 +0400 +++ b/src/share/classes/sun/security/ssl/ClientHandshaker.java Fri Oct 03 10:49:18 2014 -0700 @@ -345,6 +345,13 @@ break; case HandshakeMessage.ht_finished: + // A ChangeCipherSpec record must have been received prior to + // reception of the Finished message (RFC 5246, 7.4.9). + if (!receivedChangeCipherSpec()) { + fatalSE(Alerts.alert_handshake_failure, + "Received Finished message before ChangeCipherSpec"); + } + this.serverFinished( new Finished(protocolVersion, input, cipherSuite)); break;
--- a/src/share/classes/sun/security/ssl/Handshaker.java Sun Aug 31 16:16:50 2014 +0400 +++ b/src/share/classes/sun/security/ssl/Handshaker.java Fri Oct 03 10:49:18 2014 -0700 @@ -360,6 +360,14 @@ } } + final boolean receivedChangeCipherSpec() { + if (conn != null) { + return conn.receivedChangeCipherSpec(); + } else { + return engine.receivedChangeCipherSpec(); + } + } + String getEndpointIdentificationAlgorithmSE() { SSLParameters paras; if (conn != null) {
--- a/src/share/classes/sun/security/ssl/SSLEngineImpl.java Sun Aug 31 16:16:50 2014 +0400 +++ b/src/share/classes/sun/security/ssl/SSLEngineImpl.java Fri Oct 03 10:49:18 2014 -0700 @@ -2140,6 +2140,14 @@ } } + /* + * Returns a boolean indicating whether the ChangeCipherSpec message + * has been received for this handshake. + */ + boolean receivedChangeCipherSpec() { + return receivedCCS; + } + /** * Returns a printable representation of this end of the connection. */
--- a/src/share/classes/sun/security/ssl/SSLSocketImpl.java Sun Aug 31 16:16:50 2014 +0400 +++ b/src/share/classes/sun/security/ssl/SSLSocketImpl.java Fri Oct 03 10:49:18 2014 -0700 @@ -2570,6 +2570,14 @@ } } + /* + * Returns a boolean indicating whether the ChangeCipherSpec message + * has been received for this handshake. + */ + boolean receivedChangeCipherSpec() { + return receivedCCS; + } + // // We allocate a separate thread to deliver handshake completion // events. This ensures that the notifications don't block the
--- a/src/share/classes/sun/security/ssl/ServerHandshaker.java Sun Aug 31 16:16:50 2014 +0400 +++ b/src/share/classes/sun/security/ssl/ServerHandshaker.java Fri Oct 03 10:49:18 2014 -0700 @@ -287,6 +287,13 @@ break; case HandshakeMessage.ht_finished: + // A ChangeCipherSpec record must have been received prior to + // reception of the Finished message (RFC 5246, 7.4.9). + if (!receivedChangeCipherSpec()) { + fatalSE(Alerts.alert_handshake_failure, + "Received Finished message before ChangeCipherSpec"); + } + this.clientFinished( new Finished(protocolVersion, input, cipherSuite)); break;