changeset 8987:8d35f0985dd7

7093640: Enable client-side TLS 1.2 by default Reviewed-by: weijun, mullan, wetmore
author xuelei
date Wed, 18 Dec 2013 16:46:15 -0800
parents 9211877b25ba
children c841815be720
files src/share/classes/sun/security/ssl/ProtocolVersion.java src/share/classes/sun/security/ssl/SSLContextImpl.java src/share/classes/sun/security/ssl/SunJSSE.java test/sun/security/ssl/com/sun/net/ssl/internal/ssl/DHKeyExchange/DHEKeySizing.java test/sun/security/ssl/com/sun/net/ssl/internal/ssl/EngineArgs/DebugReportsOneExtraByte.java test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/CustomizedDefaultProtocols.java test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/DefaultEnabledProtocols.java test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/IllegalProtocolProperty.java test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/NoOldVersionContext.java test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/SSLContextVersion.java test/sun/security/ssl/javax/net/ssl/SSLContextVersion.java
diffstat 11 files changed, 1184 insertions(+), 295 deletions(-) [+]
line wrap: on
line diff
--- a/src/share/classes/sun/security/ssl/ProtocolVersion.java	Tue Dec 17 23:33:51 2013 -0800
+++ b/src/share/classes/sun/security/ssl/ProtocolVersion.java	Wed Dec 18 16:46:15 2013 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2002, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -80,8 +80,8 @@
     // maximum version we implement (TLS 1.2)
     final static ProtocolVersion MAX = TLS12;
 
-    // ProtocolVersion to use by default (TLS 1.0)
-    final static ProtocolVersion DEFAULT = TLS10;
+    // ProtocolVersion to use by default (TLS 1.2)
+    final static ProtocolVersion DEFAULT = TLS12;
 
     // Default version for hello messages (SSLv2Hello)
     final static ProtocolVersion DEFAULT_HELLO = FIPS ? TLS10 : SSL30;
--- a/src/share/classes/sun/security/ssl/SSLContextImpl.java	Tue Dec 17 23:33:51 2013 -0800
+++ b/src/share/classes/sun/security/ssl/SSLContextImpl.java	Wed Dec 18 16:46:15 2013 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -36,6 +36,7 @@
 import javax.net.ssl.*;
 
 import sun.security.provider.certpath.AlgorithmChecker;
+import sun.security.action.GetPropertyAction;
 
 public abstract class SSLContextImpl extends SSLContextSpi {
 
@@ -421,22 +422,21 @@
      */
 
     /*
-     * The conservative SSLContext implementation for TLS, SSL, SSLv3 and
-     * TLS10 algorithm.
+     * The base abstract SSLContext implementation.
      *
-     * This is a super class of DefaultSSLContext and TLS10Context.
+     * This abstract class encapsulates supported and the default server
+     * SSL parameters.
      *
      * @see SSLContext
      */
-    private static class ConservativeSSLContext extends SSLContextImpl {
+    private abstract static class AbstractSSLContext extends SSLContextImpl {
         // parameters
-        private static SSLParameters defaultServerSSLParams;
-        private static SSLParameters defaultClientSSLParams;
-        private static SSLParameters supportedSSLParams;
+        private final static SSLParameters defaultServerSSLParams;
+        private final static SSLParameters supportedSSLParams;
 
         static {
+            supportedSSLParams = new SSLParameters();
             if (SunJSSE.isFIPS()) {
-                supportedSSLParams = new SSLParameters();
                 supportedSSLParams.setProtocols(new String[] {
                     ProtocolVersion.TLS10.name,
                     ProtocolVersion.TLS11.name,
@@ -444,14 +444,7 @@
                 });
 
                 defaultServerSSLParams = supportedSSLParams;
-
-                defaultClientSSLParams = new SSLParameters();
-                defaultClientSSLParams.setProtocols(new String[] {
-                    ProtocolVersion.TLS10.name
-                });
-
             } else {
-                supportedSSLParams = new SSLParameters();
                 supportedSSLParams.setProtocols(new String[] {
                     ProtocolVersion.SSL20Hello.name,
                     ProtocolVersion.SSL30.name,
@@ -461,12 +454,6 @@
                 });
 
                 defaultServerSSLParams = supportedSSLParams;
-
-                defaultClientSSLParams = new SSLParameters();
-                defaultClientSSLParams.setProtocols(new String[] {
-                    ProtocolVersion.SSL30.name,
-                    ProtocolVersion.TLS10.name
-                });
             }
         }
 
@@ -476,22 +463,205 @@
         }
 
         @Override
-        SSLParameters getDefaultClientSSLParams() {
-            return defaultClientSSLParams;
-        }
-
-        @Override
         SSLParameters getSupportedSSLParams() {
             return supportedSSLParams;
         }
     }
 
     /*
-     * The SSLContext implementation for default algorithm
+     * The SSLContext implementation for SSLv3 and TLS10 algorithm
      *
      * @see SSLContext
      */
-    public static final class DefaultSSLContext extends ConservativeSSLContext {
+    public static final class TLS10Context extends AbstractSSLContext {
+        private final static SSLParameters defaultClientSSLParams;
+
+        static {
+            defaultClientSSLParams = new SSLParameters();
+            if (SunJSSE.isFIPS()) {
+                defaultClientSSLParams.setProtocols(new String[] {
+                    ProtocolVersion.TLS10.name
+                });
+
+            } else {
+                defaultClientSSLParams.setProtocols(new String[] {
+                    ProtocolVersion.SSL30.name,
+                    ProtocolVersion.TLS10.name
+                });
+            }
+        }
+
+        @Override
+        SSLParameters getDefaultClientSSLParams() {
+            return defaultClientSSLParams;
+        }
+    }
+
+    /*
+     * The SSLContext implementation for TLS11 algorithm
+     *
+     * @see SSLContext
+     */
+    public static final class TLS11Context extends AbstractSSLContext {
+        private final static SSLParameters defaultClientSSLParams;
+
+        static {
+            defaultClientSSLParams = new SSLParameters();
+            if (SunJSSE.isFIPS()) {
+                defaultClientSSLParams.setProtocols(new String[] {
+                    ProtocolVersion.TLS10.name,
+                    ProtocolVersion.TLS11.name
+                });
+
+            } else {
+                defaultClientSSLParams.setProtocols(new String[] {
+                    ProtocolVersion.SSL30.name,
+                    ProtocolVersion.TLS10.name,
+                    ProtocolVersion.TLS11.name
+                });
+            }
+        }
+
+        @Override
+        SSLParameters getDefaultClientSSLParams() {
+            return defaultClientSSLParams;
+        }
+    }
+
+    /*
+     * The SSLContext implementation for TLS12 algorithm
+     *
+     * @see SSLContext
+     */
+    public static final class TLS12Context extends AbstractSSLContext {
+        private final static SSLParameters defaultClientSSLParams;
+
+        static {
+            defaultClientSSLParams = new SSLParameters();
+            if (SunJSSE.isFIPS()) {
+                defaultClientSSLParams.setProtocols(new String[] {
+                    ProtocolVersion.TLS10.name,
+                    ProtocolVersion.TLS11.name,
+                    ProtocolVersion.TLS12.name
+                });
+
+            } else {
+                defaultClientSSLParams.setProtocols(new String[] {
+                    ProtocolVersion.SSL30.name,
+                    ProtocolVersion.TLS10.name,
+                    ProtocolVersion.TLS11.name,
+                    ProtocolVersion.TLS12.name
+                });
+            }
+        }
+
+        @Override
+        SSLParameters getDefaultClientSSLParams() {
+            return defaultClientSSLParams;
+        }
+    }
+
+    /*
+     * The SSLContext implementation for customized TLS protocols
+     *
+     * @see SSLContext
+     */
+    private static class CustomizedSSLContext extends AbstractSSLContext {
+        private final static String PROPERTY_NAME = "jdk.tls.client.protocols";
+        private final static SSLParameters defaultClientSSLParams;
+        private static IllegalArgumentException reservedException = null;
+
+        // Don't want a java.lang.LinkageError for illegal system property.
+        //
+        // Please don't throw exception in this static block.  Otherwise,
+        // java.lang.LinkageError may be thrown during the instantiation of
+        // the provider service. Instead, let's handle the initialization
+        // exception in constructor.
+        static {
+            String property = AccessController.doPrivileged(
+                    new GetPropertyAction(PROPERTY_NAME));
+            defaultClientSSLParams = new SSLParameters();
+            if (property == null || property.length() == 0) {
+                // the default enabled client TLS protocols
+                if (SunJSSE.isFIPS()) {
+                    defaultClientSSLParams.setProtocols(new String[] {
+                        ProtocolVersion.TLS10.name,
+                        ProtocolVersion.TLS11.name,
+                        ProtocolVersion.TLS12.name
+                    });
+
+                } else {
+                    defaultClientSSLParams.setProtocols(new String[] {
+                        ProtocolVersion.SSL30.name,
+                        ProtocolVersion.TLS10.name,
+                        ProtocolVersion.TLS11.name,
+                        ProtocolVersion.TLS12.name
+                    });
+                }
+            } else {
+                // remove double quote marks from beginning/end of the property
+                if (property.charAt(0) == '"' &&
+                        property.charAt(property.length() - 1) == '"') {
+                    property = property.substring(1, property.length() - 1);
+                }
+
+                String[] protocols = property.split(",");
+                for (int i = 0; i < protocols.length; i++) {
+                    protocols[i] = protocols[i].trim();
+                    // Is it a supported protocol name?
+                    try {
+                        ProtocolVersion.valueOf(protocols[i]);
+                    } catch (IllegalArgumentException iae) {
+                        reservedException = new IllegalArgumentException(
+                                PROPERTY_NAME + ": " + protocols[i] +
+                                " is not a standard SSL protocol name", iae);
+                    }
+                }
+
+                if ((reservedException == null) && SunJSSE.isFIPS()) {
+                    for (String protocol : protocols) {
+                        if (ProtocolVersion.SSL20Hello.name.equals(protocol) ||
+                                ProtocolVersion.SSL30.name.equals(protocol)) {
+                            reservedException = new IllegalArgumentException(
+                                    PROPERTY_NAME + ": " + protocol +
+                                    " is not FIPS compliant");
+                        }
+                    }
+                }
+
+                if (reservedException == null) {
+                    defaultClientSSLParams.setProtocols(protocols);
+               }
+            }
+        }
+
+        protected CustomizedSSLContext() {
+            if (reservedException != null) {
+                throw reservedException;
+            }
+        }
+
+        @Override
+        SSLParameters getDefaultClientSSLParams() {
+            return defaultClientSSLParams;
+        }
+    }
+
+    /*
+     * The SSLContext implementation for default "TLS" algorithm
+     *
+     * @see SSLContext
+     */
+    public static final class TLSContext extends CustomizedSSLContext {
+        // use the default constructor and methods
+    }
+
+    /*
+     * The SSLContext implementation for default "Default" algorithm
+     *
+     * @see SSLContext
+     */
+    public static final class DefaultSSLContext extends CustomizedSSLContext {
         private static final String NONE = "NONE";
         private static final String P11KEYSTORE = "PKCS11";
 
@@ -652,147 +822,6 @@
         }
     }
 
-    /*
-     * The SSLContext implementation for TLS, SSL, SSLv3 and TLS10 algorithm
-     *
-     * @see SSLContext
-     */
-    public static final class TLS10Context extends ConservativeSSLContext {
-        // use the default constructor and methods
-    }
-
-    /*
-     * The SSLContext implementation for TLS11 algorithm
-     *
-     * @see SSLContext
-     */
-    public static final class TLS11Context extends SSLContextImpl {
-        // parameters
-        private static SSLParameters defaultServerSSLParams;
-        private static SSLParameters defaultClientSSLParams;
-        private static SSLParameters supportedSSLParams;
-
-        static {
-            if (SunJSSE.isFIPS()) {
-                supportedSSLParams = new SSLParameters();
-                supportedSSLParams.setProtocols(new String[] {
-                    ProtocolVersion.TLS10.name,
-                    ProtocolVersion.TLS11.name,
-                    ProtocolVersion.TLS12.name
-                });
-
-                defaultServerSSLParams = supportedSSLParams;
-
-                defaultClientSSLParams = new SSLParameters();
-                defaultClientSSLParams.setProtocols(new String[] {
-                    ProtocolVersion.TLS10.name,
-                    ProtocolVersion.TLS11.name
-                });
-
-            } else {
-                supportedSSLParams = new SSLParameters();
-                supportedSSLParams.setProtocols(new String[] {
-                    ProtocolVersion.SSL20Hello.name,
-                    ProtocolVersion.SSL30.name,
-                    ProtocolVersion.TLS10.name,
-                    ProtocolVersion.TLS11.name,
-                    ProtocolVersion.TLS12.name
-                });
-
-                defaultServerSSLParams = supportedSSLParams;
-
-                defaultClientSSLParams = new SSLParameters();
-                defaultClientSSLParams.setProtocols(new String[] {
-                    ProtocolVersion.SSL30.name,
-                    ProtocolVersion.TLS10.name,
-                    ProtocolVersion.TLS11.name
-                });
-            }
-        }
-
-        @Override
-        SSLParameters getDefaultServerSSLParams() {
-            return defaultServerSSLParams;
-        }
-
-        @Override
-        SSLParameters getDefaultClientSSLParams() {
-            return defaultClientSSLParams;
-        }
-
-        @Override
-        SSLParameters getSupportedSSLParams() {
-            return supportedSSLParams;
-        }
-    }
-
-    /*
-     * The SSLContext implementation for TLS12 algorithm
-     *
-     * @see SSLContext
-     */
-    public static final class TLS12Context extends SSLContextImpl {
-        // parameters
-        private static SSLParameters defaultServerSSLParams;
-        private static SSLParameters defaultClientSSLParams;
-        private static SSLParameters supportedSSLParams;
-
-        static {
-            if (SunJSSE.isFIPS()) {
-                supportedSSLParams = new SSLParameters();
-                supportedSSLParams.setProtocols(new String[] {
-                    ProtocolVersion.TLS10.name,
-                    ProtocolVersion.TLS11.name,
-                    ProtocolVersion.TLS12.name
-                });
-
-                defaultServerSSLParams = supportedSSLParams;
-
-                defaultClientSSLParams = new SSLParameters();
-                defaultClientSSLParams.setProtocols(new String[] {
-                    ProtocolVersion.TLS10.name,
-                    ProtocolVersion.TLS11.name,
-                    ProtocolVersion.TLS12.name
-                });
-
-            } else {
-                supportedSSLParams = new SSLParameters();
-                supportedSSLParams.setProtocols(new String[] {
-                    ProtocolVersion.SSL20Hello.name,
-                    ProtocolVersion.SSL30.name,
-                    ProtocolVersion.TLS10.name,
-                    ProtocolVersion.TLS11.name,
-                    ProtocolVersion.TLS12.name
-                });
-
-                defaultServerSSLParams = supportedSSLParams;
-
-                defaultClientSSLParams = new SSLParameters();
-                defaultClientSSLParams.setProtocols(new String[] {
-                    ProtocolVersion.SSL30.name,
-                    ProtocolVersion.TLS10.name,
-                    ProtocolVersion.TLS11.name,
-                    ProtocolVersion.TLS12.name
-                });
-            }
-        }
-
-        @Override
-        SSLParameters getDefaultServerSSLParams() {
-            return defaultServerSSLParams;
-        }
-
-        @Override
-        SSLParameters getDefaultClientSSLParams() {
-            return defaultClientSSLParams;
-        }
-
-        @Override
-        SSLParameters getSupportedSSLParams() {
-            return supportedSSLParams;
-        }
-    }
-
 }
 
 
--- a/src/share/classes/sun/security/ssl/SunJSSE.java	Tue Dec 17 23:33:51 2013 -0800
+++ b/src/share/classes/sun/security/ssl/SunJSSE.java	Wed Dec 18 16:46:15 2013 -0800
@@ -60,7 +60,8 @@
     private static final long serialVersionUID = 3231825739635378733L;
 
     private static String info = "Sun JSSE provider" +
-        "(PKCS12, SunX509 key/trust factories, SSLv3, TLSv1)";
+        "(PKCS12, SunX509/PKIX key/trust factories, " +
+        "SSLv3/TLSv1/TLSv1.1/TLSv1.2)";
 
     private static String fipsInfo =
         "Sun JSSE provider (FIPS mode, crypto provider ";
@@ -208,16 +209,17 @@
 
         put("SSLContext.TLSv1",
             "sun.security.ssl.SSLContextImpl$TLS10Context");
-        put("Alg.Alias.SSLContext.TLS", "TLSv1");
-        if (isfips == false) {
-            put("Alg.Alias.SSLContext.SSL", "TLSv1");
-            put("Alg.Alias.SSLContext.SSLv3", "TLSv1");
-        }
-
         put("SSLContext.TLSv1.1",
             "sun.security.ssl.SSLContextImpl$TLS11Context");
         put("SSLContext.TLSv1.2",
             "sun.security.ssl.SSLContextImpl$TLS12Context");
+        put("SSLContext.TLS",
+            "sun.security.ssl.SSLContextImpl$TLSContext");
+        if (isfips == false) {
+            put("Alg.Alias.SSLContext.SSL", "TLS");
+            put("Alg.Alias.SSLContext.SSLv3", "TLSv1");
+        }
+
         put("SSLContext.Default",
             "sun.security.ssl.SSLContextImpl$DefaultSSLContext");
 
--- a/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/DHKeyExchange/DHEKeySizing.java	Tue Dec 17 23:33:51 2013 -0800
+++ b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/DHKeyExchange/DHEKeySizing.java	Wed Dec 18 16:46:15 2013 -0800
@@ -443,7 +443,7 @@
         TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
         tmf.init(ts);
 
-        SSLContext sslCtx = SSLContext.getInstance("TLS");
+        SSLContext sslCtx = SSLContext.getInstance("TLSv1");
         sslCtx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
 
         return sslCtx;
--- a/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/EngineArgs/DebugReportsOneExtraByte.java	Tue Dec 17 23:33:51 2013 -0800
+++ b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/EngineArgs/DebugReportsOneExtraByte.java	Wed Dec 18 16:46:15 2013 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -159,7 +159,7 @@
         TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
         tmf.init(ts);
 
-        SSLContext sslCtx = SSLContext.getInstance("TLS");
+        SSLContext sslCtx = SSLContext.getInstance("TLSv1");
 
         sslCtx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/CustomizedDefaultProtocols.java	Wed Dec 18 16:46:15 2013 -0800
@@ -0,0 +1,239 @@
+/*
+ * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+// SunJSSE does not support dynamic system properties, no way to re-use
+// system properties in samevm/agentvm mode.
+
+/*
+ * @test
+ * @bug 7093640
+ * @summary Enable TLS 1.1 and TLS 1.2 by default in client side of SunJSSE
+ * @run main/othervm -Djdk.tls.client.protocols="SSLv3,TLSv1,TLSv1.1"
+ *      CustomizedDefaultProtocols
+ */
+
+import javax.net.*;
+import javax.net.ssl.*;
+import java.util.Arrays;
+
+public class CustomizedDefaultProtocols {
+    static enum ContextVersion {
+        TLS_CV_01("SSL",
+                new String[] {"SSLv3", "TLSv1", "TLSv1.1"}),
+        TLS_CV_02("TLS",
+                new String[] {"SSLv3", "TLSv1", "TLSv1.1"}),
+        TLS_CV_03("SSLv3",
+                new String[] {"SSLv3", "TLSv1"}),
+        TLS_CV_04("TLSv1",
+                new String[] {"SSLv3", "TLSv1"}),
+        TLS_CV_05("TLSv1.1",
+                new String[] {"SSLv3", "TLSv1", "TLSv1.1"}),
+        TLS_CV_06("TLSv1.2",
+                new String[] {"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2"}),
+        TLS_CV_07("Default",
+                new String[] {"SSLv3", "TLSv1", "TLSv1.1"});
+
+        final String contextVersion;
+        final String[] enabledProtocols;
+        final static String[] supportedProtocols = new String[] {
+                "SSLv2Hello", "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2"};
+
+        ContextVersion(String contextVersion, String[] enabledProtocols) {
+            this.contextVersion = contextVersion;
+            this.enabledProtocols = enabledProtocols;
+        }
+    }
+
+    private static boolean checkProtocols(String[] target, String[] expected) {
+        boolean success = true;
+        if (target.length == 0) {
+            System.out.println("\tError: No protocols");
+            success = false;
+        }
+
+        if (!Arrays.equals(target, expected)) {
+            System.out.println("\tError: Expected to get protocols " +
+                    Arrays.toString(expected));
+            System.out.println("\tError: The actual protocols " +
+                    Arrays.toString(target));
+            success = false;
+        }
+
+        return success;
+    }
+
+    private static boolean checkCipherSuites(String[] target) {
+        boolean success = true;
+        if (target.length == 0) {
+            System.out.println("\tError: No cipher suites");
+            success = false;
+        }
+
+        return success;
+    }
+
+    public static void main(String[] args) throws Exception {
+        boolean failed = false;
+        for (ContextVersion cv : ContextVersion.values()) {
+            System.out.println("Checking SSLContext of " + cv.contextVersion);
+            SSLContext context = SSLContext.getInstance(cv.contextVersion);
+
+            // Default SSLContext is initialized automatically.
+            if (!cv.contextVersion.equals("Default")) {
+                // Use default TK, KM and random.
+                context.init((KeyManager[])null, (TrustManager[])null, null);
+            }
+
+            //
+            // Check SSLContext
+            //
+            // Check default SSLParameters of SSLContext
+            System.out.println("\tChecking default SSLParameters");
+            SSLParameters parameters = context.getDefaultSSLParameters();
+
+            String[] protocols = parameters.getProtocols();
+            failed |= !checkProtocols(protocols, cv.enabledProtocols);
+
+            String[] ciphers = parameters.getCipherSuites();
+            failed |= !checkCipherSuites(ciphers);
+
+            // Check supported SSLParameters of SSLContext
+            System.out.println("\tChecking supported SSLParameters");
+            parameters = context.getSupportedSSLParameters();
+
+            protocols = parameters.getProtocols();
+            failed |= !checkProtocols(protocols, cv.supportedProtocols);
+
+            ciphers = parameters.getCipherSuites();
+            failed |= !checkCipherSuites(ciphers);
+
+            //
+            // Check SSLEngine
+            //
+            // Check SSLParameters of SSLEngine
+            System.out.println();
+            System.out.println("\tChecking SSLEngine of this SSLContext");
+            System.out.println("\tChecking SSLEngine.getSSLParameters()");
+            SSLEngine engine = context.createSSLEngine();
+            engine.setUseClientMode(true);
+            parameters = engine.getSSLParameters();
+
+            protocols = parameters.getProtocols();
+            failed |= !checkProtocols(protocols, cv.enabledProtocols);
+
+            ciphers = parameters.getCipherSuites();
+            failed |= !checkCipherSuites(ciphers);
+
+            System.out.println("\tChecking SSLEngine.getEnabledProtocols()");
+            protocols = engine.getEnabledProtocols();
+            failed |= !checkProtocols(protocols, cv.enabledProtocols);
+
+            System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()");
+            ciphers = engine.getEnabledCipherSuites();
+            failed |= !checkCipherSuites(ciphers);
+
+            System.out.println("\tChecking SSLEngine.getSupportedProtocols()");
+            protocols = engine.getSupportedProtocols();
+            failed |= !checkProtocols(protocols, cv.supportedProtocols);
+
+            System.out.println(
+                    "\tChecking SSLEngine.getSupportedCipherSuites()");
+            ciphers = engine.getSupportedCipherSuites();
+            failed |= !checkCipherSuites(ciphers);
+
+            //
+            // Check SSLSocket
+            //
+            // Check SSLParameters of SSLSocket
+            System.out.println();
+            System.out.println("\tChecking SSLSocket of this SSLContext");
+            System.out.println("\tChecking SSLSocket.getSSLParameters()");
+            SocketFactory fac = context.getSocketFactory();
+            SSLSocket socket = (SSLSocket)fac.createSocket();
+            parameters = socket.getSSLParameters();
+
+            protocols = parameters.getProtocols();
+            failed |= !checkProtocols(protocols, cv.enabledProtocols);
+
+            ciphers = parameters.getCipherSuites();
+            failed |= !checkCipherSuites(ciphers);
+
+            System.out.println("\tChecking SSLEngine.getEnabledProtocols()");
+            protocols = socket.getEnabledProtocols();
+            failed |= !checkProtocols(protocols, cv.enabledProtocols);
+
+            System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()");
+            ciphers = socket.getEnabledCipherSuites();
+            failed |= !checkCipherSuites(ciphers);
+
+            System.out.println("\tChecking SSLEngine.getSupportedProtocols()");
+            protocols = socket.getSupportedProtocols();
+            failed |= !checkProtocols(protocols, cv.supportedProtocols);
+
+            System.out.println(
+                    "\tChecking SSLEngine.getSupportedCipherSuites()");
+            ciphers = socket.getSupportedCipherSuites();
+            failed |= !checkCipherSuites(ciphers);
+
+            //
+            // Check SSLServerSocket
+            //
+            // Check SSLParameters of SSLServerSocket
+            System.out.println();
+            System.out.println("\tChecking SSLServerSocket of this SSLContext");
+            System.out.println("\tChecking SSLServerSocket.getSSLParameters()");
+            SSLServerSocketFactory sf = context.getServerSocketFactory();
+            SSLServerSocket ssocket = (SSLServerSocket)sf.createServerSocket();
+            parameters = ssocket.getSSLParameters();
+
+            protocols = parameters.getProtocols();
+            failed |= !checkProtocols(protocols, cv.supportedProtocols);
+
+            ciphers = parameters.getCipherSuites();
+            failed |= !checkCipherSuites(ciphers);
+
+            System.out.println("\tChecking SSLEngine.getEnabledProtocols()");
+            protocols = ssocket.getEnabledProtocols();
+            failed |= !checkProtocols(protocols, cv.supportedProtocols);
+
+            System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()");
+            ciphers = ssocket.getEnabledCipherSuites();
+            failed |= !checkCipherSuites(ciphers);
+
+            System.out.println("\tChecking SSLEngine.getSupportedProtocols()");
+            protocols = ssocket.getSupportedProtocols();
+            failed |= !checkProtocols(protocols, cv.supportedProtocols);
+
+            System.out.println(
+                    "\tChecking SSLEngine.getSupportedCipherSuites()");
+            ciphers = ssocket.getSupportedCipherSuites();
+            failed |= !checkCipherSuites(ciphers);
+        }
+
+        if (failed) {
+            throw new Exception("Run into problems, see log for more details");
+        } else {
+            System.out.println("\t... Success");
+        }
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/DefaultEnabledProtocols.java	Wed Dec 18 16:46:15 2013 -0800
@@ -0,0 +1,238 @@
+/*
+ * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+// SunJSSE does not support dynamic system properties, no way to re-use
+// system properties in samevm/agentvm mode.
+
+/*
+ * @test
+ * @bug 7093640
+ * @summary Enable TLS 1.1 and TLS 1.2 by default in client side of SunJSSE
+ * @run main/othervm DefaultEnabledProtocols
+ */
+
+import javax.net.*;
+import javax.net.ssl.*;
+import java.util.Arrays;
+
+public class DefaultEnabledProtocols {
+    static enum ContextVersion {
+        TLS_CV_01("SSL",
+                new String[] {"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2"}),
+        TLS_CV_02("TLS",
+                new String[] {"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2"}),
+        TLS_CV_03("SSLv3",
+                new String[] {"SSLv3", "TLSv1"}),
+        TLS_CV_04("TLSv1",
+                new String[] {"SSLv3", "TLSv1"}),
+        TLS_CV_05("TLSv1.1",
+                new String[] {"SSLv3", "TLSv1", "TLSv1.1"}),
+        TLS_CV_06("TLSv1.2",
+                new String[] {"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2"}),
+        TLS_CV_07("Default",
+                new String[] {"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2"});
+
+        final String contextVersion;
+        final String[] enabledProtocols;
+        final static String[] supportedProtocols = new String[] {
+                "SSLv2Hello", "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2"};
+
+        ContextVersion(String contextVersion, String[] enabledProtocols) {
+            this.contextVersion = contextVersion;
+            this.enabledProtocols = enabledProtocols;
+        }
+    }
+
+    private static boolean checkProtocols(String[] target, String[] expected) {
+        boolean success = true;
+        if (target.length == 0) {
+            System.out.println("\tError: No protocols");
+            success = false;
+        }
+
+        if (!Arrays.equals(target, expected)) {
+            System.out.println("\tError: Expected to get protocols " +
+                    Arrays.toString(expected));
+            System.out.println("\tError: The actual protocols " +
+                    Arrays.toString(target));
+            success = false;
+        }
+
+        return success;
+    }
+
+    private static boolean checkCipherSuites(String[] target) {
+        boolean success = true;
+        if (target.length == 0) {
+            System.out.println("\tError: No cipher suites");
+            success = false;
+        }
+
+        return success;
+    }
+
+    public static void main(String[] args) throws Exception {
+        boolean failed = false;
+        for (ContextVersion cv : ContextVersion.values()) {
+            System.out.println("Checking SSLContext of " + cv.contextVersion);
+            SSLContext context = SSLContext.getInstance(cv.contextVersion);
+
+            // Default SSLContext is initialized automatically.
+            if (!cv.contextVersion.equals("Default")) {
+                // Use default TK, KM and random.
+                context.init((KeyManager[])null, (TrustManager[])null, null);
+            }
+
+            //
+            // Check SSLContext
+            //
+            // Check default SSLParameters of SSLContext
+            System.out.println("\tChecking default SSLParameters");
+            SSLParameters parameters = context.getDefaultSSLParameters();
+
+            String[] protocols = parameters.getProtocols();
+            failed |= !checkProtocols(protocols, cv.enabledProtocols);
+
+            String[] ciphers = parameters.getCipherSuites();
+            failed |= !checkCipherSuites(ciphers);
+
+            // Check supported SSLParameters of SSLContext
+            System.out.println("\tChecking supported SSLParameters");
+            parameters = context.getSupportedSSLParameters();
+
+            protocols = parameters.getProtocols();
+            failed |= !checkProtocols(protocols, cv.supportedProtocols);
+
+            ciphers = parameters.getCipherSuites();
+            failed |= !checkCipherSuites(ciphers);
+
+            //
+            // Check SSLEngine
+            //
+            // Check SSLParameters of SSLEngine
+            System.out.println();
+            System.out.println("\tChecking SSLEngine of this SSLContext");
+            System.out.println("\tChecking SSLEngine.getSSLParameters()");
+            SSLEngine engine = context.createSSLEngine();
+            engine.setUseClientMode(true);
+            parameters = engine.getSSLParameters();
+
+            protocols = parameters.getProtocols();
+            failed |= !checkProtocols(protocols, cv.enabledProtocols);
+
+            ciphers = parameters.getCipherSuites();
+            failed |= !checkCipherSuites(ciphers);
+
+            System.out.println("\tChecking SSLEngine.getEnabledProtocols()");
+            protocols = engine.getEnabledProtocols();
+            failed |= !checkProtocols(protocols, cv.enabledProtocols);
+
+            System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()");
+            ciphers = engine.getEnabledCipherSuites();
+            failed |= !checkCipherSuites(ciphers);
+
+            System.out.println("\tChecking SSLEngine.getSupportedProtocols()");
+            protocols = engine.getSupportedProtocols();
+            failed |= !checkProtocols(protocols, cv.supportedProtocols);
+
+            System.out.println(
+                    "\tChecking SSLEngine.getSupportedCipherSuites()");
+            ciphers = engine.getSupportedCipherSuites();
+            failed |= !checkCipherSuites(ciphers);
+
+            //
+            // Check SSLSocket
+            //
+            // Check SSLParameters of SSLSocket
+            System.out.println();
+            System.out.println("\tChecking SSLSocket of this SSLContext");
+            System.out.println("\tChecking SSLSocket.getSSLParameters()");
+            SocketFactory fac = context.getSocketFactory();
+            SSLSocket socket = (SSLSocket)fac.createSocket();
+            parameters = socket.getSSLParameters();
+
+            protocols = parameters.getProtocols();
+            failed |= !checkProtocols(protocols, cv.enabledProtocols);
+
+            ciphers = parameters.getCipherSuites();
+            failed |= !checkCipherSuites(ciphers);
+
+            System.out.println("\tChecking SSLEngine.getEnabledProtocols()");
+            protocols = socket.getEnabledProtocols();
+            failed |= !checkProtocols(protocols, cv.enabledProtocols);
+
+            System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()");
+            ciphers = socket.getEnabledCipherSuites();
+            failed |= !checkCipherSuites(ciphers);
+
+            System.out.println("\tChecking SSLEngine.getSupportedProtocols()");
+            protocols = socket.getSupportedProtocols();
+            failed |= !checkProtocols(protocols, cv.supportedProtocols);
+
+            System.out.println(
+                    "\tChecking SSLEngine.getSupportedCipherSuites()");
+            ciphers = socket.getSupportedCipherSuites();
+            failed |= !checkCipherSuites(ciphers);
+
+            //
+            // Check SSLServerSocket
+            //
+            // Check SSLParameters of SSLServerSocket
+            System.out.println();
+            System.out.println("\tChecking SSLServerSocket of this SSLContext");
+            System.out.println("\tChecking SSLServerSocket.getSSLParameters()");
+            SSLServerSocketFactory sf = context.getServerSocketFactory();
+            SSLServerSocket ssocket = (SSLServerSocket)sf.createServerSocket();
+            parameters = ssocket.getSSLParameters();
+
+            protocols = parameters.getProtocols();
+            failed |= !checkProtocols(protocols, cv.supportedProtocols);
+
+            ciphers = parameters.getCipherSuites();
+            failed |= !checkCipherSuites(ciphers);
+
+            System.out.println("\tChecking SSLEngine.getEnabledProtocols()");
+            protocols = ssocket.getEnabledProtocols();
+            failed |= !checkProtocols(protocols, cv.supportedProtocols);
+
+            System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()");
+            ciphers = ssocket.getEnabledCipherSuites();
+            failed |= !checkCipherSuites(ciphers);
+
+            System.out.println("\tChecking SSLEngine.getSupportedProtocols()");
+            protocols = ssocket.getSupportedProtocols();
+            failed |= !checkProtocols(protocols, cv.supportedProtocols);
+
+            System.out.println(
+                    "\tChecking SSLEngine.getSupportedCipherSuites()");
+            ciphers = ssocket.getSupportedCipherSuites();
+            failed |= !checkCipherSuites(ciphers);
+        }
+
+        if (failed) {
+            throw new Exception("Run into problems, see log for more details");
+        } else {
+            System.out.println("\t... Success");
+        }
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/IllegalProtocolProperty.java	Wed Dec 18 16:46:15 2013 -0800
@@ -0,0 +1,138 @@
+/*
+ * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+// SunJSSE does not support dynamic system properties, no way to re-use
+// system properties in samevm/agentvm mode.
+
+/*
+ * @test
+ * @bug 7093640
+ * @summary Enable TLS 1.1 and TLS 1.2 by default in client side of SunJSSE
+ * @run main/othervm -Djdk.tls.client.protocols="XSLv3,TLSv1"
+ *      IllegalProtocolProperty
+ */
+
+import javax.net.ssl.*;
+import java.security.NoSuchAlgorithmException;
+
+public class IllegalProtocolProperty {
+    static enum ContextVersion {
+        TLS_CV_01("SSL", "TLSv1", "TLSv1.2", true),
+        TLS_CV_02("TLS", "TLSv1", "TLSv1.2", true),
+        TLS_CV_03("SSLv3", "TLSv1", "TLSv1.2", false),
+        TLS_CV_04("TLSv1", "TLSv1", "TLSv1.2", false),
+        TLS_CV_05("TLSv1.1", "TLSv1.1", "TLSv1.2", false),
+        TLS_CV_06("TLSv1.2", "TLSv1.2", "TLSv1.2", false),
+        TLS_CV_07("Default", "TLSv1", "TLSv1.2", true);
+
+        final String contextVersion;
+        final String defaultProtocolVersion;
+        final String supportedProtocolVersion;
+        final boolean impacted;
+
+        ContextVersion(String contextVersion, String defaultProtocolVersion,
+                String supportedProtocolVersion, boolean impacted) {
+            this.contextVersion = contextVersion;
+            this.defaultProtocolVersion = defaultProtocolVersion;
+            this.supportedProtocolVersion = supportedProtocolVersion;
+            this.impacted = impacted;
+        }
+    }
+
+    public static void main(String[] args) throws Exception {
+        for (ContextVersion cv : ContextVersion.values()) {
+            System.out.println("Checking SSLContext of " + cv.contextVersion);
+
+            SSLContext context;
+            try {
+                context = SSLContext.getInstance(cv.contextVersion);
+                if (cv.impacted) {
+                    throw new Exception(
+                        "illegal system property jdk.tls.client.protocols: " +
+                        System.getProperty("jdk.tls.client.protocols"));
+                }
+            } catch (NoSuchAlgorithmException nsae) {
+                if (cv.impacted) {
+                    System.out.println(
+                        "\tIgnore: illegal system property " +
+                        "jdk.tls.client.protocols=" +
+                        System.getProperty("jdk.tls.client.protocols"));
+                    continue;
+                } else {
+                    throw nsae;
+                }
+            }
+
+            // Default SSLContext is initialized automatically.
+            if (!cv.contextVersion.equals("Default")) {
+                // Use default TK, KM and random.
+                context.init((KeyManager[])null, (TrustManager[])null, null);
+            }
+
+            SSLParameters parameters = context.getDefaultSSLParameters();
+
+            String[] protocols = parameters.getProtocols();
+            String[] ciphers = parameters.getCipherSuites();
+
+            if (protocols.length == 0 || ciphers.length == 0) {
+                throw new Exception("No default protocols or cipher suites");
+            }
+
+            boolean isMatch = false;
+            for (String protocol : protocols) {
+                System.out.println("\tdefault protocol version " + protocol);
+                if (protocol.equals(cv.defaultProtocolVersion)) {
+                    isMatch = true;
+                    break;
+                }
+            }
+
+            if (!isMatch) {
+                throw new Exception("No matched default protocol");
+            }
+
+            parameters = context.getSupportedSSLParameters();
+
+            protocols = parameters.getProtocols();
+            ciphers = parameters.getCipherSuites();
+
+            if (protocols.length == 0 || ciphers.length == 0) {
+                throw new Exception("No supported protocols or cipher suites");
+            }
+
+            isMatch = false;
+            for (String protocol : protocols) {
+                System.out.println("\tsupported protocol version " + protocol);
+                if (protocol.equals(cv.supportedProtocolVersion)) {
+                    isMatch = true;
+                    break;
+                }
+            }
+
+            if (!isMatch) {
+                throw new Exception("No matched supported protocol");
+            }
+            System.out.println("\t... Success");
+        }
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/NoOldVersionContext.java	Wed Dec 18 16:46:15 2013 -0800
@@ -0,0 +1,239 @@
+/*
+ * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+// SunJSSE does not support dynamic system properties, no way to re-use
+// system properties in samevm/agentvm mode.
+
+/*
+ * @test
+ * @bug 7093640
+ * @summary Enable TLS 1.1 and TLS 1.2 by default in client side of SunJSSE
+ * @run main/othervm -Djdk.tls.client.protocols="TLSv1,TLSv1.1,TLSv1.2"
+ *      NoOldVersionContext
+ */
+
+import javax.net.*;
+import javax.net.ssl.*;
+import java.util.Arrays;
+
+public class NoOldVersionContext {
+    static enum ContextVersion {
+        TLS_CV_01("SSL",
+                new String[] {"TLSv1", "TLSv1.1", "TLSv1.2"}),
+        TLS_CV_02("TLS",
+                new String[] {"TLSv1", "TLSv1.1", "TLSv1.2"}),
+        TLS_CV_03("SSLv3",
+                new String[] {"SSLv3", "TLSv1"}),
+        TLS_CV_04("TLSv1",
+                new String[] {"SSLv3", "TLSv1"}),
+        TLS_CV_05("TLSv1.1",
+                new String[] {"SSLv3", "TLSv1", "TLSv1.1"}),
+        TLS_CV_06("TLSv1.2",
+                new String[] {"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2"}),
+        TLS_CV_07("Default",
+                new String[] {"TLSv1", "TLSv1.1", "TLSv1.2"});
+
+        final String contextVersion;
+        final String[] enabledProtocols;
+        final static String[] supportedProtocols = new String[] {
+                "SSLv2Hello", "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2"};
+
+        ContextVersion(String contextVersion, String[] enabledProtocols) {
+            this.contextVersion = contextVersion;
+            this.enabledProtocols = enabledProtocols;
+        }
+    }
+
+    private static boolean checkProtocols(String[] target, String[] expected) {
+        boolean success = true;
+        if (target.length == 0) {
+            System.out.println("\tError: No protocols");
+            success = false;
+        }
+
+        if (!Arrays.equals(target, expected)) {
+            System.out.println("\tError: Expected to get protocols " +
+                    Arrays.toString(expected));
+            System.out.println("\tError: The actual protocols " +
+                    Arrays.toString(target));
+            success = false;
+        }
+
+        return success;
+    }
+
+    private static boolean checkCipherSuites(String[] target) {
+        boolean success = true;
+        if (target.length == 0) {
+            System.out.println("\tError: No cipher suites");
+            success = false;
+        }
+
+        return success;
+    }
+
+    public static void main(String[] args) throws Exception {
+        boolean failed = false;
+        for (ContextVersion cv : ContextVersion.values()) {
+            System.out.println("Checking SSLContext of " + cv.contextVersion);
+            SSLContext context = SSLContext.getInstance(cv.contextVersion);
+
+            // Default SSLContext is initialized automatically.
+            if (!cv.contextVersion.equals("Default")) {
+                // Use default TK, KM and random.
+                context.init((KeyManager[])null, (TrustManager[])null, null);
+            }
+
+            //
+            // Check SSLContext
+            //
+            // Check default SSLParameters of SSLContext
+            System.out.println("\tChecking default SSLParameters");
+            SSLParameters parameters = context.getDefaultSSLParameters();
+
+            String[] protocols = parameters.getProtocols();
+            failed |= !checkProtocols(protocols, cv.enabledProtocols);
+
+            String[] ciphers = parameters.getCipherSuites();
+            failed |= !checkCipherSuites(ciphers);
+
+            // Check supported SSLParameters of SSLContext
+            System.out.println("\tChecking supported SSLParameters");
+            parameters = context.getSupportedSSLParameters();
+
+            protocols = parameters.getProtocols();
+            failed |= !checkProtocols(protocols, cv.supportedProtocols);
+
+            ciphers = parameters.getCipherSuites();
+            failed |= !checkCipherSuites(ciphers);
+
+            //
+            // Check SSLEngine
+            //
+            // Check SSLParameters of SSLEngine
+            System.out.println();
+            System.out.println("\tChecking SSLEngine of this SSLContext");
+            System.out.println("\tChecking SSLEngine.getSSLParameters()");
+            SSLEngine engine = context.createSSLEngine();
+            engine.setUseClientMode(true);
+            parameters = engine.getSSLParameters();
+
+            protocols = parameters.getProtocols();
+            failed |= !checkProtocols(protocols, cv.enabledProtocols);
+
+            ciphers = parameters.getCipherSuites();
+            failed |= !checkCipherSuites(ciphers);
+
+            System.out.println("\tChecking SSLEngine.getEnabledProtocols()");
+            protocols = engine.getEnabledProtocols();
+            failed |= !checkProtocols(protocols, cv.enabledProtocols);
+
+            System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()");
+            ciphers = engine.getEnabledCipherSuites();
+            failed |= !checkCipherSuites(ciphers);
+
+            System.out.println("\tChecking SSLEngine.getSupportedProtocols()");
+            protocols = engine.getSupportedProtocols();
+            failed |= !checkProtocols(protocols, cv.supportedProtocols);
+
+            System.out.println(
+                    "\tChecking SSLEngine.getSupportedCipherSuites()");
+            ciphers = engine.getSupportedCipherSuites();
+            failed |= !checkCipherSuites(ciphers);
+
+            //
+            // Check SSLSocket
+            //
+            // Check SSLParameters of SSLSocket
+            System.out.println();
+            System.out.println("\tChecking SSLSocket of this SSLContext");
+            System.out.println("\tChecking SSLSocket.getSSLParameters()");
+            SocketFactory fac = context.getSocketFactory();
+            SSLSocket socket = (SSLSocket)fac.createSocket();
+            parameters = socket.getSSLParameters();
+
+            protocols = parameters.getProtocols();
+            failed |= !checkProtocols(protocols, cv.enabledProtocols);
+
+            ciphers = parameters.getCipherSuites();
+            failed |= !checkCipherSuites(ciphers);
+
+            System.out.println("\tChecking SSLEngine.getEnabledProtocols()");
+            protocols = socket.getEnabledProtocols();
+            failed |= !checkProtocols(protocols, cv.enabledProtocols);
+
+            System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()");
+            ciphers = socket.getEnabledCipherSuites();
+            failed |= !checkCipherSuites(ciphers);
+
+            System.out.println("\tChecking SSLEngine.getSupportedProtocols()");
+            protocols = socket.getSupportedProtocols();
+            failed |= !checkProtocols(protocols, cv.supportedProtocols);
+
+            System.out.println(
+                    "\tChecking SSLEngine.getSupportedCipherSuites()");
+            ciphers = socket.getSupportedCipherSuites();
+            failed |= !checkCipherSuites(ciphers);
+
+            //
+            // Check SSLServerSocket
+            //
+            // Check SSLParameters of SSLServerSocket
+            System.out.println();
+            System.out.println("\tChecking SSLServerSocket of this SSLContext");
+            System.out.println("\tChecking SSLServerSocket.getSSLParameters()");
+            SSLServerSocketFactory sf = context.getServerSocketFactory();
+            SSLServerSocket ssocket = (SSLServerSocket)sf.createServerSocket();
+            parameters = ssocket.getSSLParameters();
+
+            protocols = parameters.getProtocols();
+            failed |= !checkProtocols(protocols, cv.supportedProtocols);
+
+            ciphers = parameters.getCipherSuites();
+            failed |= !checkCipherSuites(ciphers);
+
+            System.out.println("\tChecking SSLEngine.getEnabledProtocols()");
+            protocols = ssocket.getEnabledProtocols();
+            failed |= !checkProtocols(protocols, cv.supportedProtocols);
+
+            System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()");
+            ciphers = ssocket.getEnabledCipherSuites();
+            failed |= !checkCipherSuites(ciphers);
+
+            System.out.println("\tChecking SSLEngine.getSupportedProtocols()");
+            protocols = ssocket.getSupportedProtocols();
+            failed |= !checkProtocols(protocols, cv.supportedProtocols);
+
+            System.out.println(
+                    "\tChecking SSLEngine.getSupportedCipherSuites()");
+            ciphers = ssocket.getSupportedCipherSuites();
+            failed |= !checkCipherSuites(ciphers);
+        }
+
+        if (failed) {
+            throw new Exception("Run into problems, see log for more details");
+        } else {
+            System.out.println("\t... Success");
+        }
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/SSLContextVersion.java	Wed Dec 18 16:46:15 2013 -0800
@@ -0,0 +1,116 @@
+/*
+ * Copyright (c) 2011, 2013, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+// SunJSSE does not support dynamic system properties, no way to re-use
+// system properties in samevm/agentvm mode.
+
+/*
+ * @test
+ * @bug 6976117
+ * @summary SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets
+ *          without TLSv1.1 enabled
+ * @run main/othervm SSLContextVersion
+ */
+
+import javax.net.ssl.*;
+
+public class SSLContextVersion {
+    static enum ContextVersion {
+        TLS_CV_01("SSL", "TLSv1.2", "TLSv1.2"),
+        TLS_CV_02("TLS", "TLSv1.2", "TLSv1.2"),
+        TLS_CV_03("SSLv3", "TLSv1", "TLSv1.2"),
+        TLS_CV_04("TLSv1", "TLSv1", "TLSv1.2"),
+        TLS_CV_05("TLSv1.1", "TLSv1.1", "TLSv1.2"),
+        TLS_CV_06("TLSv1.2", "TLSv1.2", "TLSv1.2"),
+        TLS_CV_07("Default", "TLSv1.2", "TLSv1.2");
+
+        final String contextVersion;
+        final String defaultProtocolVersion;
+        final String supportedProtocolVersion;
+
+        ContextVersion(String contextVersion, String defaultProtocolVersion,
+                String supportedProtocolVersion) {
+            this.contextVersion = contextVersion;
+            this.defaultProtocolVersion = defaultProtocolVersion;
+            this.supportedProtocolVersion = supportedProtocolVersion;
+        }
+    }
+
+    public static void main(String[] args) throws Exception {
+        for (ContextVersion cv : ContextVersion.values()) {
+            System.out.println("Checking SSLContext of " + cv.contextVersion);
+            SSLContext context = SSLContext.getInstance(cv.contextVersion);
+
+            // Default SSLContext is initialized automatically.
+            if (!cv.contextVersion.equals("Default")) {
+                // Use default TK, KM and random.
+                context.init((KeyManager[])null, (TrustManager[])null, null);
+            }
+
+            SSLParameters parameters = context.getDefaultSSLParameters();
+
+            String[] protocols = parameters.getProtocols();
+            String[] ciphers = parameters.getCipherSuites();
+
+            if (protocols.length == 0 || ciphers.length == 0) {
+                throw new Exception("No default protocols or cipher suites");
+            }
+
+            boolean isMatch = false;
+            for (String protocol : protocols) {
+                System.out.println("\tdefault protocol version " + protocol);
+                if (protocol.equals(cv.defaultProtocolVersion)) {
+                    isMatch = true;
+                    break;
+                }
+            }
+
+            if (!isMatch) {
+                throw new Exception("No matched default protocol");
+            }
+
+            parameters = context.getSupportedSSLParameters();
+
+            protocols = parameters.getProtocols();
+            ciphers = parameters.getCipherSuites();
+
+            if (protocols.length == 0 || ciphers.length == 0) {
+                throw new Exception("No supported protocols or cipher suites");
+            }
+
+            isMatch = false;
+            for (String protocol : protocols) {
+                System.out.println("\tsupported protocol version " + protocol);
+                if (protocol.equals(cv.supportedProtocolVersion)) {
+                    isMatch = true;
+                    break;
+                }
+            }
+
+            if (!isMatch) {
+                throw new Exception("No matched supported protocol");
+            }
+            System.out.println("\t... Success");
+        }
+    }
+}
--- a/test/sun/security/ssl/javax/net/ssl/SSLContextVersion.java	Tue Dec 17 23:33:51 2013 -0800
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,112 +0,0 @@
-/*
- * Copyright (c) 2011, 2012, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-/*
- * @test
- * @bug 6976117
- * @summary SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets
- *          without TLSv1.1 enabled
- */
-
-import javax.net.ssl.*;
-
-public class SSLContextVersion {
-    static enum ContextVersion {
-        TLS_CV_01("SSL", "TLSv1", "TLSv1.2"),
-        TLS_CV_02("TLS", "TLSv1", "TLSv1.2"),
-        TLS_CV_03("SSLv3", "TLSv1", "TLSv1.2"),
-        TLS_CV_04("TLSv1", "TLSv1", "TLSv1.2"),
-        TLS_CV_05("TLSv1.1", "TLSv1.1", "TLSv1.2"),
-        TLS_CV_06("TLSv1.2", "TLSv1.2", "TLSv1.2"),
-        TLS_CV_07("Default", "TLSv1", "TLSv1.2");
-
-        final String contextVersion;
-        final String defaultProtocolVersion;
-        final String supportedProtocolVersion;
-
-        ContextVersion(String contextVersion, String defaultProtocolVersion,
-                String supportedProtocolVersion) {
-            this.contextVersion = contextVersion;
-            this.defaultProtocolVersion = defaultProtocolVersion;
-            this.supportedProtocolVersion = supportedProtocolVersion;
-        }
-    }
-
-    public static void main(String[] args) throws Exception {
-        for (ContextVersion cv : ContextVersion.values()) {
-            System.out.println("Checking SSLContext of " + cv.contextVersion);
-            SSLContext context = SSLContext.getInstance(cv.contextVersion);
-
-            // Default SSLContext is initialized automatically.
-            if (!cv.contextVersion.equals("Default")) {
-                // Use default TK, KM and random.
-                context.init((KeyManager[])null, (TrustManager[])null, null);
-            }
-
-            SSLParameters parameters = context.getDefaultSSLParameters();
-
-            String[] protocols = parameters.getProtocols();
-            String[] ciphers = parameters.getCipherSuites();
-
-            if (protocols.length == 0 || ciphers.length == 0) {
-                throw new Exception("No default protocols or cipher suites");
-            }
-
-            boolean isMatch = false;
-            for (String protocol : protocols) {
-                System.out.println("\tdefault protocol version " + protocol);
-                if (protocol.equals(cv.defaultProtocolVersion)) {
-                    isMatch = true;
-                    break;
-                }
-            }
-
-            if (!isMatch) {
-                throw new Exception("No matched default protocol");
-            }
-
-            parameters = context.getSupportedSSLParameters();
-
-            protocols = parameters.getProtocols();
-            ciphers = parameters.getCipherSuites();
-
-            if (protocols.length == 0 || ciphers.length == 0) {
-                throw new Exception("No supported protocols or cipher suites");
-            }
-
-            isMatch = false;
-            for (String protocol : protocols) {
-                System.out.println("\tsupported protocol version " + protocol);
-                if (protocol.equals(cv.supportedProtocolVersion)) {
-                    isMatch = true;
-                    break;
-                }
-            }
-
-            if (!isMatch) {
-                throw new Exception("No matched supported protocol");
-            }
-            System.out.println("\t... Success");
-        }
-    }
-}