Mercurial > hg > release > icedtea7-forest-2.5 > jdk
changeset 8112:707b534fb895
8057555: Less cryptic cipher suite management
Reviewed-by: xuelei
Contributed-by: jamil.j.nimeh@oracle.com
author | igerasim |
---|---|
date | Wed, 08 Oct 2014 10:43:46 +0400 |
parents | 122ac65402e1 |
children | 7c18e8582dec |
files | src/share/classes/sun/security/ssl/ClientHandshaker.java src/share/classes/sun/security/ssl/Handshaker.java src/share/classes/sun/security/ssl/SSLEngineImpl.java src/share/classes/sun/security/ssl/SSLSocketImpl.java src/share/classes/sun/security/ssl/ServerHandshaker.java |
diffstat | 5 files changed, 38 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/src/share/classes/sun/security/ssl/ClientHandshaker.java Tue Oct 07 13:23:30 2014 +0100 +++ b/src/share/classes/sun/security/ssl/ClientHandshaker.java Wed Oct 08 10:43:46 2014 +0400 @@ -342,6 +342,13 @@ break; case HandshakeMessage.ht_finished: + // A ChangeCipherSpec record must have been received prior to + // reception of the Finished message (RFC 5246, 7.4.9). + if (!receivedChangeCipherSpec()) { + fatalSE(Alerts.alert_handshake_failure, + "Received Finished message before ChangeCipherSpec"); + } + this.serverFinished( new Finished(protocolVersion, input, cipherSuite)); break;
--- a/src/share/classes/sun/security/ssl/Handshaker.java Tue Oct 07 13:23:30 2014 +0100 +++ b/src/share/classes/sun/security/ssl/Handshaker.java Wed Oct 08 10:43:46 2014 +0400 @@ -351,6 +351,14 @@ } } + final boolean receivedChangeCipherSpec() { + if (conn != null) { + return conn.receivedChangeCipherSpec(); + } else { + return engine.receivedChangeCipherSpec(); + } + } + String getEndpointIdentificationAlgorithmSE() { SSLParameters paras; if (conn != null) {
--- a/src/share/classes/sun/security/ssl/SSLEngineImpl.java Tue Oct 07 13:23:30 2014 +0100 +++ b/src/share/classes/sun/security/ssl/SSLEngineImpl.java Wed Oct 08 10:43:46 2014 +0400 @@ -2085,6 +2085,14 @@ return Thread.currentThread().getName(); } + /* + * Returns a boolean indicating whether the ChangeCipherSpec message + * has been received for this handshake. + */ + boolean receivedChangeCipherSpec() { + return receivedCCS; + } + /** * Returns a printable representation of this end of the connection. */
--- a/src/share/classes/sun/security/ssl/SSLSocketImpl.java Tue Oct 07 13:23:30 2014 +0100 +++ b/src/share/classes/sun/security/ssl/SSLSocketImpl.java Wed Oct 08 10:43:46 2014 +0400 @@ -2498,6 +2498,14 @@ } } + /* + * Returns a boolean indicating whether the ChangeCipherSpec message + * has been received for this handshake. + */ + boolean receivedChangeCipherSpec() { + return receivedCCS; + } + // // We allocate a separate thread to deliver handshake completion // events. This ensures that the notifications don't block the
--- a/src/share/classes/sun/security/ssl/ServerHandshaker.java Tue Oct 07 13:23:30 2014 +0100 +++ b/src/share/classes/sun/security/ssl/ServerHandshaker.java Wed Oct 08 10:43:46 2014 +0400 @@ -240,6 +240,13 @@ break; case HandshakeMessage.ht_finished: + // A ChangeCipherSpec record must have been received prior to + // reception of the Finished message (RFC 5246, 7.4.9). + if (!receivedChangeCipherSpec()) { + fatalSE(Alerts.alert_handshake_failure, + "Received Finished message before ChangeCipherSpec"); + } + this.clientFinished( new Finished(protocolVersion, input, cipherSuite)); break;