changeset 12139:4d240482f37e

8072515: Test Task: Develop new tests for JEP 219: Datagram Transport Layer Security (DTLS) Reviewed-by: xuelei, asmotrak, rhalade
author kshefov
date Fri, 05 Jun 2015 12:22:36 +0300
parents 046fd17bb9a0
children 10fcabee1cf1
files test/javax/net/ssl/DTLS/DTLSBufferOverflowUnderflowTest.java test/javax/net/ssl/DTLS/DTLSDataExchangeTest.java test/javax/net/ssl/DTLS/DTLSEnginesClosureTest.java test/javax/net/ssl/DTLS/DTLSHandshakeTest.java test/javax/net/ssl/DTLS/DTLSHandshakeWithReplicatedPacketsTest.java test/javax/net/ssl/DTLS/DTLSIncorrectAppDataTest.java test/javax/net/ssl/DTLS/DTLSMFLNTest.java test/javax/net/ssl/DTLS/DTLSNotEnabledRC4Test.java test/javax/net/ssl/DTLS/DTLSRehandshakeTest.java test/javax/net/ssl/DTLS/DTLSRehandshakeWithCipherChangeTest.java test/javax/net/ssl/DTLS/DTLSRehandshakeWithDataExTest.java test/javax/net/ssl/DTLS/DTLSSequenceNumberTest.java test/javax/net/ssl/DTLS/DTLSUnSupportedCiphersTest.java test/javax/net/ssl/DTLS/TEST.properties test/javax/net/ssl/DTLSv10/DTLSv10BufferOverflowUnderflowTest.java test/javax/net/ssl/DTLSv10/DTLSv10DataExchangeTest.java test/javax/net/ssl/DTLSv10/DTLSv10EnginesClosureTest.java test/javax/net/ssl/DTLSv10/DTLSv10HandshakeTest.java test/javax/net/ssl/DTLSv10/DTLSv10HandshakeWithReplicatedPacketsTest.java test/javax/net/ssl/DTLSv10/DTLSv10IncorrectAppDataTest.java test/javax/net/ssl/DTLSv10/DTLSv10MFLNTest.java test/javax/net/ssl/DTLSv10/DTLSv10NotEnabledRC4Test.java test/javax/net/ssl/DTLSv10/DTLSv10RehandshakeTest.java test/javax/net/ssl/DTLSv10/DTLSv10RehandshakeWithCipherChangeTest.java test/javax/net/ssl/DTLSv10/DTLSv10RehandshakeWithDataExTest.java test/javax/net/ssl/DTLSv10/DTLSv10SequenceNumberTest.java test/javax/net/ssl/DTLSv10/DTLSv10UnSupportedCiphersTest.java test/javax/net/ssl/DTLSv10/TEST.properties test/javax/net/ssl/TLSCommon/BufferOverflowUnderflowTest.java test/javax/net/ssl/TLSCommon/DataExchangeTest.java test/javax/net/ssl/TLSCommon/EnginesClosureTest.java test/javax/net/ssl/TLSCommon/HandshakeTest.java test/javax/net/ssl/TLSCommon/MFLNTest.java test/javax/net/ssl/TLSCommon/NotEnabledRC4Test.java test/javax/net/ssl/TLSCommon/RehandshakeTest.java test/javax/net/ssl/TLSCommon/RehandshakeWithCipherChangeTest.java test/javax/net/ssl/TLSCommon/RehandshakeWithDataExTest.java test/javax/net/ssl/TLSCommon/SSLEngineTestCase.java test/javax/net/ssl/TLSCommon/UnSupportedCiphersTest.java test/javax/net/ssl/TLSCommon/jaas.conf
diffstat 40 files changed, 3184 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/javax/net/ssl/DTLS/DTLSBufferOverflowUnderflowTest.java	Fri Jun 05 12:22:36 2015 +0300
@@ -0,0 +1,45 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8043758
+ * @summary Testing DTLS buffer overflow and underflow status when dealing with
+ *          application data.
+ * @library /sun/security/krb5/auto /javax/net/ssl/TLSCommon
+ * @run main/othervm -Dtest.security.protocol=DTLS
+ *      -Dtest.mode=norm DTLSBufferOverflowUnderflowTest
+ * @run main/othervm -Dtest.security.protocol=DTLS
+ *      -Dtest.mode=norm_sni DTLSBufferOverflowUnderflowTest
+ * @run main/othervm -Dtest.security.protocol=DTLS
+ *      -Dtest.mode=krb DTLSBufferOverflowUnderflowTest
+ */
+
+/**
+ * Testing DTLS incorrect app data packages unwrapping.
+ */
+public class DTLSBufferOverflowUnderflowTest {
+    public static void main(String[] args) {
+        BufferOverflowUnderflowTest.main(args);
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/javax/net/ssl/DTLS/DTLSDataExchangeTest.java	Fri Jun 05 12:22:36 2015 +0300
@@ -0,0 +1,46 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8043758
+ * @summary Testing DTLS application data exchange using each of the supported
+ *          cipher suites.
+ * @library /sun/security/krb5/auto /javax/net/ssl/TLSCommon
+ * @run main/othervm -Dtest.security.protocol=DTLS
+ *      -Dtest.mode=norm DTLSDataExchangeTest
+ * @run main/othervm -Dtest.security.protocol=DTLS
+ *      -Dtest.mode=norm_sni DTLSDataExchangeTest
+ * @run main/othervm -Dtest.security.protocol=DTLS
+ *      -Dtest.mode=krb DTLSDataExchangeTest
+ */
+
+/**
+ * Testing DTLS application data exchange using each of the supported cipher
+ * suites.
+ */
+public class DTLSDataExchangeTest {
+    public static void main(String[] args) {
+        DataExchangeTest.main(args);
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/javax/net/ssl/DTLS/DTLSEnginesClosureTest.java	Fri Jun 05 12:22:36 2015 +0300
@@ -0,0 +1,45 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8043758
+ * @summary Testing DTLS engines closing using each of the supported
+ *          cipher suites.
+ * @library /sun/security/krb5/auto /javax/net/ssl/TLSCommon
+ * @run main/othervm -Dtest.security.protocol=DTLS
+ *      -Dtest.mode=norm DTLSEnginesClosureTest
+ * @run main/othervm -Dtest.security.protocol=DTLS
+ *      -Dtest.mode=norm_sni DTLSEnginesClosureTest
+ * @run main/othervm -Dtest.security.protocol=DTLS
+ *      -Dtest.mode=krb DTLSEnginesClosureTest
+ */
+
+/**
+ * Testing DTLS engines closing using each of the supported cipher suites.
+ */
+public class DTLSEnginesClosureTest {
+    public static void main(String[] args) {
+        EnginesClosureTest.main(args);
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/javax/net/ssl/DTLS/DTLSHandshakeTest.java	Fri Jun 05 12:22:36 2015 +0300
@@ -0,0 +1,45 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8043758
+ * @summary Testing DTLS engines handshake using each of the supported
+ *          cipher suites.
+ * @library /sun/security/krb5/auto /javax/net/ssl/TLSCommon
+ * @run main/othervm -Dtest.security.protocol=DTLS
+ *      -Dtest.mode=norm DTLSHandshakeTest
+ * @run main/othervm -Dtest.security.protocol=DTLS
+ *      -Dtest.mode=norm_sni DTLSHandshakeTest
+ * @run main/othervm -Dtest.security.protocol=DTLS
+ *      -Dtest.mode=krb DTLSHandshakeTest
+ */
+
+/**
+ * Testing DTLS engines handshake using each of the supported cipher suites.
+ */
+public class DTLSHandshakeTest {
+    public static void main(String[] args) {
+        HandshakeTest.main(args);
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/javax/net/ssl/DTLS/DTLSHandshakeWithReplicatedPacketsTest.java	Fri Jun 05 12:22:36 2015 +0300
@@ -0,0 +1,70 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8043758
+ * @summary Testing DTLS engines handshake using each of the supported
+ *          cipher suites with replicated packets check.
+ * @library /sun/security/krb5/auto /javax/net/ssl/TLSCommon
+ * @run main/othervm -Dtest.security.protocol=DTLS
+ *      -Dtest.mode=norm DTLSHandshakeWithReplicatedPacketsTest
+ * @run main/othervm -Dtest.security.protocol=DTLS
+ *      -Dtest.mode=norm_sni DTLSHandshakeWithReplicatedPacketsTest
+ * @run main/othervm -Dtest.security.protocol=DTLS
+ *      -Dtest.mode=krb DTLSHandshakeWithReplicatedPacketsTest
+ */
+
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLEngine;
+import javax.net.ssl.SSLException;
+
+/**
+ * Testing DTLS engines handshake using each of the supported cipher suites with
+ * replicated packets check.
+ */
+public class DTLSHandshakeWithReplicatedPacketsTest extends SSLEngineTestCase {
+
+    private static String testMode;
+
+    public static void main(String[] args) {
+        DTLSHandshakeWithReplicatedPacketsTest test
+                = new DTLSHandshakeWithReplicatedPacketsTest();
+        setUpAndStartKDCIfNeeded();
+        test.runTests();
+    }
+
+    @Override
+    protected void testOneCipher(String cipher) throws SSLException {
+        SSLContext context = getContext();
+        int maxPacketSize = getMaxPacketSize();
+        boolean useSNI = !TEST_MODE.equals("norm");
+        SSLEngine clientEngine = getClientSSLEngine(context, useSNI);
+        SSLEngine serverEngine = getServerSSLEngine(context, useSNI);
+        clientEngine.setEnabledCipherSuites(new String[]{cipher});
+        serverEngine.setEnabledCipherSuites(new String[]{cipher});
+        serverEngine.setNeedClientAuth(!cipher.contains("anon"));
+        doHandshake(clientEngine, serverEngine, maxPacketSize,
+                HandshakeMode.INITIAL_HANDSHAKE, true);
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/javax/net/ssl/DTLS/DTLSIncorrectAppDataTest.java	Fri Jun 05 12:22:36 2015 +0300
@@ -0,0 +1,101 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8043758
+ * @summary Testing DTLS incorrect app data packages unwrapping.
+ * @key randomness
+ * @library /sun/security/krb5/auto /lib/testlibrary /javax/net/ssl/TLSCommon
+ * @run main/othervm -Dtest.security.protocol=DTLS
+ *      -Dtest.mode=norm DTLSIncorrectAppDataTest
+ * @run main/othervm -Dtest.security.protocol=DTLS
+ *      -Dtest.mode=norm_sni DTLSIncorrectAppDataTest
+ * @run main/othervm -Dtest.security.protocol=DTLS
+ *      -Dtest.mode=krb DTLSIncorrectAppDataTest
+ */
+
+import java.nio.ByteBuffer;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLEngine;
+import javax.net.ssl.SSLEngineResult;
+import javax.net.ssl.SSLException;
+import java.util.Random;
+import jdk.testlibrary.RandomFactory;
+
+/**
+ * Testing DTLS incorrect app data packages unwrapping. Incorrect application
+ * data packages should be ignored by DTLS SSLEngine.
+ */
+public class DTLSIncorrectAppDataTest extends SSLEngineTestCase {
+
+    private final String MESSAGE = "Hello peer!";
+
+    public static void main(String[] s) {
+        DTLSIncorrectAppDataTest test = new DTLSIncorrectAppDataTest();
+        setUpAndStartKDCIfNeeded();
+        test.runTests();
+    }
+
+    @Override
+    protected void testOneCipher(String cipher) {
+        SSLContext context = getContext();
+        int maxPacketSize = getMaxPacketSize();
+        boolean useSNI = !TEST_MODE.equals("norm");
+        SSLEngine clientEngine = getClientSSLEngine(context, useSNI);
+        SSLEngine serverEngine = getServerSSLEngine(context, useSNI);
+        clientEngine.setEnabledCipherSuites(new String[]{cipher});
+        serverEngine.setEnabledCipherSuites(new String[]{cipher});
+        serverEngine.setNeedClientAuth(!cipher.contains("anon"));
+        try {
+            doHandshake(clientEngine, serverEngine, maxPacketSize,
+                    HandshakeMode.INITIAL_HANDSHAKE);
+            checkIncorrectAppDataUnwrap(clientEngine, serverEngine);
+            checkIncorrectAppDataUnwrap(serverEngine, clientEngine);
+        } catch (SSLException ssle) {
+            throw new AssertionError("Error during handshake or sending app data",
+                    ssle);
+        }
+    }
+
+    private void checkIncorrectAppDataUnwrap(SSLEngine sendEngine,
+            SSLEngine recvEngine) throws SSLException {
+        String direction = sendEngine.getUseClientMode() ? "client"
+                : "server";
+        System.out.println("================================================="
+                + "===========");
+        System.out.println("Testing DTLS incorrect app data packages unwrapping"
+                + " by sending data from " + direction);
+        ByteBuffer app = ByteBuffer.wrap(MESSAGE.getBytes());
+        ByteBuffer net = doWrap(sendEngine, direction, 0, app);
+        final Random RNG = RandomFactory.getRandom();
+        int randomPlace = RNG.nextInt(net.remaining());
+        net.array()[randomPlace] += 1;
+        app = ByteBuffer.allocate(recvEngine.getSession()
+                .getApplicationBufferSize());
+        recvEngine.unwrap(net, app);
+        app.flip();
+        int length = app.remaining();
+        System.out.println("Unwrapped " + length + " bytes.");
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/javax/net/ssl/DTLS/DTLSMFLNTest.java	Fri Jun 05 12:22:36 2015 +0300
@@ -0,0 +1,47 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8043758
+ * @summary Testing DTLS engines handshake using each of the supported
+ *          cipher suites with different maximum fragment length. Testing of
+ *          MFLN extension.
+ * @library /sun/security/krb5/auto /javax/net/ssl/TLSCommon
+ * @run main/othervm -Dtest.security.protocol=DTLS
+ *      -Dtest.mode=norm DTLSMFLNTest
+ * @run main/othervm -Dtest.security.protocol=DTLS
+ *      -Dtest.mode=norm_sni DTLSMFLNTest
+ * @run main/othervm -Dtest.security.protocol=DTLS
+ *      -Dtest.mode=krb DTLSMFLNTest
+ */
+
+/**
+ * Testing DTLS engines handshake using each of the supported cipher suites with
+ * different maximum fragment length. Testing of MFLN extension.
+ */
+public class DTLSMFLNTest {
+    public static void main(String[] args) {
+        MFLNTest.main(args);
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/javax/net/ssl/DTLS/DTLSNotEnabledRC4Test.java	Fri Jun 05 12:22:36 2015 +0300
@@ -0,0 +1,39 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8043758
+ * @summary Testing DTLS engines do not enable RC4 ciphers by default.
+ * @library /sun/security/krb5/auto /javax/net/ssl/TLSCommon
+ * @run main/othervm -Dtest.security.protocol=DTLS DTLSNotEnabledRC4Test
+ */
+
+/**
+ * Testing DTLS engines do not enable RC4 ciphers by default.
+ */
+public class DTLSNotEnabledRC4Test {
+    public static void main(String[] args) throws Exception {
+        NotEnabledRC4Test.main(args);
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/javax/net/ssl/DTLS/DTLSRehandshakeTest.java	Fri Jun 05 12:22:36 2015 +0300
@@ -0,0 +1,46 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8043758
+ * @summary Testing DTLS engines re-handshaking using each of the supported
+ *          cipher suites.
+ * @library /sun/security/krb5/auto /javax/net/ssl/TLSCommon
+ * @run main/othervm -Dtest.security.protocol=DTLS
+ *      -Dtest.mode=norm DTLSRehandshakeTest
+ * @run main/othervm -Dtest.security.protocol=DTLS
+ *      -Dtest.mode=norm_sni DTLSRehandshakeTest
+ * @run main/othervm -Dtest.security.protocol=DTLS
+ *      -Dtest.mode=krb DTLSRehandshakeTest
+ */
+
+/**
+ * Testing DTLS engines re-handshaking using each of the supported cipher
+ * suites.
+ */
+public class DTLSRehandshakeTest {
+    public static void main(String[] args) {
+        RehandshakeTest.main(args);
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/javax/net/ssl/DTLS/DTLSRehandshakeWithCipherChangeTest.java	Fri Jun 05 12:22:36 2015 +0300
@@ -0,0 +1,43 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8043758
+ * @summary Testing DTLS engines re-handshaking with cipher change. New cipher
+ *          is taken randomly from the supporetd ciphers list.
+ * @key randomness
+ * @library /sun/security/krb5/auto /lib/testlibrary /javax/net/ssl/TLSCommon
+ * @run main/othervm -Dtest.security.protocol=DTLS
+ *      DTLSRehandshakeWithCipherChangeTest
+ */
+
+/**
+ * Testing DTLS engines re-handshaking with cipher change. New cipher is taken
+ * randomly from the supported ciphers list.
+ */
+public class DTLSRehandshakeWithCipherChangeTest {
+    public static void main(String[] args) {
+        RehandshakeWithCipherChangeTest.main(args);
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/javax/net/ssl/DTLS/DTLSRehandshakeWithDataExTest.java	Fri Jun 05 12:22:36 2015 +0300
@@ -0,0 +1,48 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8043758
+ * @summary Testing DTLS engines re-handshaking using each of the supported
+ *          cipher suites with application data exchange before and after
+ *          re-handshake and closing of the engines.
+ * @library /sun/security/krb5/auto /javax/net/ssl/TLSCommon
+ * @run main/othervm -Dtest.security.protocol=DTLS
+ *      -Dtest.mode=norm DTLSRehandshakeWithDataExTest
+ * @run main/othervm -Dtest.security.protocol=DTLS
+ *      -Dtest.mode=norm_sni DTLSRehandshakeWithDataExTest
+ * @run main/othervm -Dtest.security.protocol=DTLS
+ *      -Dtest.mode=krb DTLSRehandshakeWithDataExTest
+ */
+
+/**
+ * Testing DTLS engines re-handshaking using each of the supported cipher suites
+ * with application data exchange before and after re-handshake and closing of
+ * the engines.
+ */
+public class DTLSRehandshakeWithDataExTest {
+    public static void main(String[] args) {
+        RehandshakeWithDataExTest.main(args);
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/javax/net/ssl/DTLS/DTLSSequenceNumberTest.java	Fri Jun 05 12:22:36 2015 +0300
@@ -0,0 +1,176 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8043758
+ * @summary Testing DTLS records sequence number property support in application
+ *          data exchange.
+ * @key randomness
+ * @library /sun/security/krb5/auto /lib/testlibrary /javax/net/ssl/TLSCommon
+ * @run main/othervm -Dtest.security.protocol=DTLS
+ *      -Dtest.mode=norm DTLSSequenceNumberTest
+ * @run main/othervm -Dtest.security.protocol=DTLS
+ *      -Dtest.mode=norm_sni DTLSSequenceNumberTest
+ * @run main/othervm -Dtest.security.protocol=DTLS
+ *      -Dtest.mode=krb DTLSSequenceNumberTest
+ */
+
+import java.nio.ByteBuffer;
+import java.util.TreeMap;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLEngine;
+import javax.net.ssl.SSLEngineResult;
+import javax.net.ssl.SSLException;
+import java.util.Random;
+import jdk.testlibrary.RandomFactory;
+
+/**
+ * Testing DTLS records sequence number property support in application data
+ * exchange.
+ */
+public class DTLSSequenceNumberTest extends SSLEngineTestCase {
+
+    private final String BIG_MESSAGE = "Very very big message. One two three"
+            + " four five six seven eight nine ten eleven twelve thirteen"
+            + " fourteen fifteen sixteen seventeen eighteen nineteen twenty.";
+    private final byte[] BIG_MESSAGE_BYTES = BIG_MESSAGE.getBytes();
+    private final int PIECES_NUMBER = 15;
+
+    public static void main(String[] args) {
+        DTLSSequenceNumberTest test = new DTLSSequenceNumberTest();
+        setUpAndStartKDCIfNeeded();
+        test.runTests();
+    }
+
+    @Override
+    protected void testOneCipher(String cipher) throws SSLException {
+        SSLContext context = getContext();
+        int maxPacketSize = getMaxPacketSize();
+        boolean useSNI = !TEST_MODE.equals("norm");
+        SSLEngine clientEngine = getClientSSLEngine(context, useSNI);
+        SSLEngine serverEngine = getServerSSLEngine(context, useSNI);
+        clientEngine.setEnabledCipherSuites(new String[]{cipher});
+        serverEngine.setEnabledCipherSuites(new String[]{cipher});
+        serverEngine.setNeedClientAuth(!cipher.contains("anon"));
+        doHandshake(clientEngine, serverEngine, maxPacketSize,
+                HandshakeMode.INITIAL_HANDSHAKE);
+        checkSeqNumPropertyWithAppDataSend(clientEngine, serverEngine);
+        checkSeqNumPropertyWithAppDataSend(serverEngine, clientEngine);
+    }
+
+    private void checkSeqNumPropertyWithAppDataSend(SSLEngine sendEngine,
+            SSLEngine recvEngine) throws SSLException {
+        String sender, reciever;
+        if (sendEngine.getUseClientMode() && !recvEngine.getUseClientMode()) {
+            sender = "Client";
+            reciever = "Server";
+        } else if (recvEngine.getUseClientMode() && !sendEngine.getUseClientMode()) {
+            sender = "Server";
+            reciever = "Client";
+        } else {
+            throw new Error("Both engines are in the same mode");
+        }
+        System.out.println("================================================="
+                + "===========");
+        System.out.println("Checking DTLS sequence number support"
+                + " by sending data from " + sender + " to " + reciever);
+        ByteBuffer[] sentMessages = new ByteBuffer[PIECES_NUMBER];
+        ByteBuffer[] netBuffers = new ByteBuffer[PIECES_NUMBER];
+        TreeMap<Long, ByteBuffer> recvMap = new TreeMap<>(Long::compareUnsigned);
+        int symbolsInAMessage;
+        int symbolsInTheLastMessage;
+        int[] recievingSequence = new int[PIECES_NUMBER];
+        for (int i = 0; i < PIECES_NUMBER; i++) {
+            recievingSequence[i] = i;
+        }
+        shuffleArray(recievingSequence);
+        if (BIG_MESSAGE.length() % PIECES_NUMBER == 0) {
+            symbolsInAMessage = BIG_MESSAGE.length() / PIECES_NUMBER;
+            symbolsInTheLastMessage = symbolsInAMessage;
+        } else {
+            symbolsInAMessage = BIG_MESSAGE.length() / (PIECES_NUMBER - 1);
+            symbolsInTheLastMessage = BIG_MESSAGE.length() % (PIECES_NUMBER - 1);
+        }
+        for (int i = 0; i < PIECES_NUMBER - 1; i++) {
+            sentMessages[i] = ByteBuffer.wrap(BIG_MESSAGE_BYTES,
+                    i * symbolsInAMessage, symbolsInAMessage);
+        }
+        sentMessages[PIECES_NUMBER - 1] = ByteBuffer.wrap(BIG_MESSAGE_BYTES,
+                (PIECES_NUMBER - 1) * symbolsInAMessage, symbolsInTheLastMessage);
+        long prevSeqNum = 0L;
+        //Wrapping massages in direct order
+        for (int i = 0; i < PIECES_NUMBER; i++) {
+            netBuffers[i] = ByteBuffer.allocate(sendEngine.getSession()
+                    .getPacketBufferSize());
+            SSLEngineResult[] r = new SSLEngineResult[1];
+            netBuffers[i] = doWrap(sendEngine, sender, 0, sentMessages[i], r);
+            long seqNum = r[0].sequenceNumber();
+            if (Long.compareUnsigned(seqNum, prevSeqNum) <= 0) {
+                throw new AssertionError("Sequence number of the wrapped "
+                        + "message is less or equal than that of the"
+                        + " previous one! "
+                        + "Was " + prevSeqNum + ", now " + seqNum + ".");
+            }
+            prevSeqNum = seqNum;
+        }
+        //Unwrapping messages in random order and trying to reconstruct order
+        //from sequence number.
+        for (int i = 0; i < PIECES_NUMBER; i++) {
+            int recvNow = recievingSequence[i];
+            SSLEngineResult[] r = new SSLEngineResult[1];
+            ByteBuffer recvMassage = doUnWrap(recvEngine, reciever,
+                    netBuffers[recvNow], r);
+            long seqNum = r[0].sequenceNumber();
+            recvMap.put(seqNum, recvMassage);
+        }
+        int mapSize = recvMap.size();
+        if (mapSize != PIECES_NUMBER) {
+            throw new AssertionError("The number of received massages "
+                    + mapSize + " is not equal to the number of sent messages "
+                    + PIECES_NUMBER + "!");
+        }
+        byte[] recvBigMsgBytes = new byte[BIG_MESSAGE_BYTES.length];
+        int counter = 0;
+        for (ByteBuffer msg : recvMap.values()) {
+            System.arraycopy(msg.array(), 0, recvBigMsgBytes,
+                    counter * symbolsInAMessage, msg.remaining());
+            counter++;
+        }
+        String recvBigMsg = new String(recvBigMsgBytes);
+        if (!recvBigMsg.equals(BIG_MESSAGE)) {
+            throw new AssertionError("Received big message is not equal to"
+                    + " one that was sent! Received message is: " + recvBigMsg);
+        }
+    }
+
+    private static void shuffleArray(int[] ar) {
+        final Random RNG = RandomFactory.getRandom();
+        for (int i = ar.length - 1; i > 0; i--) {
+            int index = RNG.nextInt(i + 1);
+            int a = ar[index];
+            ar[index] = ar[i];
+            ar[i] = a;
+        }
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/javax/net/ssl/DTLS/DTLSUnSupportedCiphersTest.java	Fri Jun 05 12:22:36 2015 +0300
@@ -0,0 +1,40 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8043758
+ * @summary Testing that try to enable unsupported ciphers
+ *          causes IllegalArgumentException.
+ * @library /sun/security/krb5/auto /javax/net/ssl/TLSCommon
+ * @run main/othervm -Dtest.security.protocol=DTLS DTLSUnSupportedCiphersTest
+ */
+
+/**
+ * Testing that a try to enable unsupported ciphers causes IllegalArgumentException.
+ */
+public class DTLSUnSupportedCiphersTest {
+    public static void main(String[] args) {
+        UnSupportedCiphersTest.main(args);
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/javax/net/ssl/DTLS/TEST.properties	Fri Jun 05 12:22:36 2015 +0300
@@ -0,0 +1,1 @@
+modules=java.base java.security.jgss
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/javax/net/ssl/DTLSv10/DTLSv10BufferOverflowUnderflowTest.java	Fri Jun 05 12:22:36 2015 +0300
@@ -0,0 +1,45 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8043758
+ * @summary Testing DTLS buffer overflow and underflow status when dealing with
+ *          application data.
+ * @library /sun/security/krb5/auto /javax/net/ssl/TLSCommon
+ * @run main/othervm -Dtest.security.protocol=DTLSv1.0
+ *      -Dtest.mode=norm DTLSv10BufferOverflowUnderflowTest
+ * @run main/othervm -Dtest.security.protocol=DTLSv1.0
+ *      -Dtest.mode=norm_sni DTLSv10BufferOverflowUnderflowTest
+ * @run main/othervm -Dtest.security.protocol=DTLSv1.0
+ *      -Dtest.mode=krb DTLSv10BufferOverflowUnderflowTest
+ */
+
+/**
+ * Testing DTLS incorrect app data packages unwrapping.
+ */
+public class DTLSv10BufferOverflowUnderflowTest {
+    public static void main(String[] args) {
+        BufferOverflowUnderflowTest.main(args);
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/javax/net/ssl/DTLSv10/DTLSv10DataExchangeTest.java	Fri Jun 05 12:22:36 2015 +0300
@@ -0,0 +1,46 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8043758
+ * @summary Testing DTLS application data exchange using each of the supported
+ *          cipher suites.
+ * @library /sun/security/krb5/auto /javax/net/ssl/TLSCommon
+ * @run main/othervm -Dtest.security.protocol=DTLSv1.0
+ *      -Dtest.mode=norm DTLSv10DataExchangeTest
+ * @run main/othervm -Dtest.security.protocol=DTLSv1.0
+ *      -Dtest.mode=norm_sni DTLSv10DataExchangeTest
+ * @run main/othervm -Dtest.security.protocol=DTLSv1.0
+ *      -Dtest.mode=krb DTLSv10DataExchangeTest
+ */
+
+/**
+ * Testing DTLS application data exchange using each of the supported cipher
+ * suites.
+ */
+public class DTLSv10DataExchangeTest {
+    public static void main(String[] args) {
+        DataExchangeTest.main(args);
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/javax/net/ssl/DTLSv10/DTLSv10EnginesClosureTest.java	Fri Jun 05 12:22:36 2015 +0300
@@ -0,0 +1,45 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8043758
+ * @summary Testing DTLS engines closing using each of the supported
+ *          cipher suites.
+ * @library /sun/security/krb5/auto /javax/net/ssl/TLSCommon
+ * @run main/othervm -Dtest.security.protocol=DTLSv1.0
+ *      -Dtest.mode=norm DTLSv10EnginesClosureTest
+ * @run main/othervm -Dtest.security.protocol=DTLSv1.0
+ *      -Dtest.mode=norm_sni DTLSv10EnginesClosureTest
+ * @run main/othervm -Dtest.security.protocol=DTLSv1.0
+ *      -Dtest.mode=krb DTLSv10EnginesClosureTest
+ */
+
+/**
+ * Testing DTLS engines closing using each of the supported cipher suites.
+ */
+public class DTLSv10EnginesClosureTest {
+    public static void main(String[] args) {
+        EnginesClosureTest.main(args);
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/javax/net/ssl/DTLSv10/DTLSv10HandshakeTest.java	Fri Jun 05 12:22:36 2015 +0300
@@ -0,0 +1,45 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8043758
+ * @summary Testing DTLS engines handshake using each of the supported
+ *          cipher suites.
+ * @library /sun/security/krb5/auto /javax/net/ssl/TLSCommon
+ * @run main/othervm -Dtest.security.protocol=DTLSv1.0
+ *      -Dtest.mode=norm DTLSv10HandshakeTest
+ * @run main/othervm -Dtest.security.protocol=DTLSv1.0
+ *      -Dtest.mode=norm_sni DTLSv10HandshakeTest
+ * @run main/othervm -Dtest.security.protocol=DTLSv1.0
+ *      -Dtest.mode=krb DTLSv10HandshakeTest
+ */
+
+/**
+ * Testing DTLS engines handshake using each of the supported cipher suites.
+ */
+public class DTLSv10HandshakeTest {
+    public static void main(String[] args) {
+        HandshakeTest.main(args);
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/javax/net/ssl/DTLSv10/DTLSv10HandshakeWithReplicatedPacketsTest.java	Fri Jun 05 12:22:36 2015 +0300
@@ -0,0 +1,46 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8043758
+ * @summary Testing DTLS engines handshake using each of the supported
+ *          cipher suites with replicated packets check.
+ * @library /sun/security/krb5/auto /javax/net/ssl/TLSCommon /javax/net/ssl/DTLS
+ * @run main/othervm -Dtest.security.protocol=DTLSv1.0
+ *      -Dtest.mode=norm DTLSv10HandshakeWithReplicatedPacketsTest
+ * @run main/othervm -Dtest.security.protocol=DTLSv1.0
+ *      -Dtest.mode=norm_sni DTLSv10HandshakeWithReplicatedPacketsTest
+ * @run main/othervm -Dtest.security.protocol=DTLSv1.0
+ *      -Dtest.mode=krb DTLSv10HandshakeWithReplicatedPacketsTest
+ */
+
+/**
+ * Testing DTLS engines handshake using each of the supported cipher suites with
+ * replicated packets check.
+ */
+public class DTLSv10HandshakeWithReplicatedPacketsTest {
+    public static void main(String[] args) {
+        DTLSHandshakeWithReplicatedPacketsTest.main(args);
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/javax/net/ssl/DTLSv10/DTLSv10IncorrectAppDataTest.java	Fri Jun 05 12:22:36 2015 +0300
@@ -0,0 +1,46 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8043758
+ * @summary Testing DTLS incorrect app data packages unwrapping.
+ * @key randomness
+ * @library /sun/security/krb5/auto /lib/testlibrary /javax/net/ssl/TLSCommon /javax/net/ssl/DTLS
+ * @run main/othervm -Dtest.security.protocol=DTLSv1.0
+ *      -Dtest.mode=norm DTLSIncorrectAppDataTest
+ * @run main/othervm -Dtest.security.protocol=DTLSv1.0
+ *      -Dtest.mode=norm_sni DTLSIncorrectAppDataTest
+ * @run main/othervm -Dtest.security.protocol=DTLSv1.0
+ *      -Dtest.mode=krb DTLSIncorrectAppDataTest
+ */
+
+/**
+ * Testing DTLS incorrect app data packages unwrapping. Incorrect application
+ * data packages should be ignored by DTLS SSLEngine.
+ */
+public class DTLSv10IncorrectAppDataTest {
+    public static void main(String[] args) {
+        DTLSIncorrectAppDataTest.main(args);
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/javax/net/ssl/DTLSv10/DTLSv10MFLNTest.java	Fri Jun 05 12:22:36 2015 +0300
@@ -0,0 +1,47 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8043758
+ * @summary Testing DTLS engines handshake using each of the supported
+ *          cipher suites with different maximum fragment length. Testing of
+ *          MFLN extension.
+ * @library /sun/security/krb5/auto /javax/net/ssl/TLSCommon
+ * @run main/othervm -Dtest.security.protocol=DTLSv1.0
+ *      -Dtest.mode=norm DTLSv10MFLNTest
+ * @run main/othervm -Dtest.security.protocol=DTLSv1.0
+ *      -Dtest.mode=norm_sni DTLSv10MFLNTest
+ * @run main/othervm -Dtest.security.protocol=DTLSv1.0
+ *      -Dtest.mode=krb DTLSv10MFLNTest
+ */
+
+/**
+ * Testing DTLS engines handshake using each of the supported cipher suites with
+ * different maximum fragment length. Testing of MFLN extension.
+ */
+public class DTLSv10MFLNTest {
+    public static void main(String[] args) {
+        MFLNTest.main(args);
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/javax/net/ssl/DTLSv10/DTLSv10NotEnabledRC4Test.java	Fri Jun 05 12:22:36 2015 +0300
@@ -0,0 +1,39 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8043758
+ * @summary Testing DTLS engines do not enable RC4 ciphers by default.
+ * @library /sun/security/krb5/auto /javax/net/ssl/TLSCommon
+ * @run main/othervm -Dtest.security.protocol=DTLSv1.0 DTLSv10NotEnabledRC4Test
+ */
+
+/**
+ * Testing DTLS engines do not enable RC4 ciphers by default.
+ */
+public class DTLSv10NotEnabledRC4Test {
+    public static void main(String[] args) throws Exception {
+        NotEnabledRC4Test.main(args);
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/javax/net/ssl/DTLSv10/DTLSv10RehandshakeTest.java	Fri Jun 05 12:22:36 2015 +0300
@@ -0,0 +1,46 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8043758
+ * @summary Testing DTLS engines re-handshaking using each of the supported
+ *          cipher suites.
+ * @library /sun/security/krb5/auto /javax/net/ssl/TLSCommon
+ * @run main/othervm -Dtest.security.protocol=DTLSv1.0
+ *      -Dtest.mode=norm DTLSv10RehandshakeTest
+ * @run main/othervm -Dtest.security.protocol=DTLSv1.0
+ *      -Dtest.mode=norm_sni DTLSv10RehandshakeTest
+ * @run main/othervm -Dtest.security.protocol=DTLSv1.0
+ *      -Dtest.mode=krb DTLSv10RehandshakeTest
+ */
+
+/**
+ * Testing DTLS engines re-handshaking using each of the supported cipher
+ * suites.
+ */
+public class DTLSv10RehandshakeTest {
+    public static void main(String[] args) {
+        RehandshakeTest.main(args);
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/javax/net/ssl/DTLSv10/DTLSv10RehandshakeWithCipherChangeTest.java	Fri Jun 05 12:22:36 2015 +0300
@@ -0,0 +1,43 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8043758
+ * @summary Testing DTLS engines re-handshaking with cipher change. New cipher
+ *          is taken randomly from the supporetd ciphers list.
+ * @key randomness
+ * @library /sun/security/krb5/auto /lib/testlibrary /javax/net/ssl/TLSCommon
+ * @run main/othervm -Dtest.security.protocol=DTLSv1.0
+ *      DTLSv10RehandshakeWithCipherChangeTest
+ */
+
+/**
+ * Testing DTLS engines re-handshaking with cipher change. New cipher is taken
+ * randomly from the supported ciphers list.
+ */
+public class DTLSv10RehandshakeWithCipherChangeTest {
+    public static void main(String[] args) {
+        RehandshakeWithCipherChangeTest.main(args);
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/javax/net/ssl/DTLSv10/DTLSv10RehandshakeWithDataExTest.java	Fri Jun 05 12:22:36 2015 +0300
@@ -0,0 +1,48 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8043758
+ * @summary Testing DTLS engines re-handshaking using each of the supported
+ *          cipher suites with application data exchange before and after
+ *          re-handshake and closing of the engines.
+ * @library /sun/security/krb5/auto /javax/net/ssl/TLSCommon
+ * @run main/othervm -Dtest.security.protocol=DTLSv1.0
+ *      -Dtest.mode=norm DTLSv10RehandshakeWithDataExTest
+ * @run main/othervm -Dtest.security.protocol=DTLSv1.0
+ *      -Dtest.mode=norm_sni DTLSv10RehandshakeWithDataExTest
+ * @run main/othervm -Dtest.security.protocol=DTLSv1.0
+ *      -Dtest.mode=krb DTLSv10RehandshakeWithDataExTest
+ */
+
+/**
+ * Testing DTLS engines re-handshaking using each of the supported cipher suites
+ * with application data exchange before and after re-handshake and closing of
+ * the engines.
+ */
+public class DTLSv10RehandshakeWithDataExTest {
+    public static void main(String[] args) {
+        RehandshakeWithDataExTest.main(args);
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/javax/net/ssl/DTLSv10/DTLSv10SequenceNumberTest.java	Fri Jun 05 12:22:36 2015 +0300
@@ -0,0 +1,47 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8043758
+ * @summary Testing DTLS records sequence number property support in application
+ *          data exchange.
+ * @key randomness
+ * @library /sun/security/krb5/auto /lib/testlibrary /javax/net/ssl/TLSCommon /javax/net/ssl/DTLS
+ * @run main/othervm -Dtest.security.protocol=DTLSv1.0
+ *      -Dtest.mode=norm DTLSv10SequenceNumberTest
+ * @run main/othervm -Dtest.security.protocol=DTLSv1.0
+ *      -Dtest.mode=norm_sni DTLSv10SequenceNumberTest
+ * @run main/othervm -Dtest.security.protocol=DTLSv1.0
+ *      -Dtest.mode=krb DTLSv10SequenceNumberTest
+ */
+
+/**
+ * Testing DTLS records sequence number property support in application data
+ * exchange.
+ */
+public class DTLSv10SequenceNumberTest {
+    public static void main(String[] args) {
+        DTLSHandshakeWithReplicatedPacketsTest.main(args);
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/javax/net/ssl/DTLSv10/DTLSv10UnSupportedCiphersTest.java	Fri Jun 05 12:22:36 2015 +0300
@@ -0,0 +1,41 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8043758
+ * @summary Testing that try to enable unsupported ciphers
+ *          causes IllegalArgumentException.
+ * @library /sun/security/krb5/auto /javax/net/ssl/TLSCommon
+ * @run main/othervm -Dtest.security.protocol=DTLSv1.0
+ *      DTLSv10UnSupportedCiphersTest
+ */
+
+/**
+ * Testing that a try to enable unsupported ciphers causes IllegalArgumentException.
+ */
+public class DTLSv10UnSupportedCiphersTest {
+    public static void main(String[] args) {
+        UnSupportedCiphersTest.main(args);
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/javax/net/ssl/DTLSv10/TEST.properties	Fri Jun 05 12:22:36 2015 +0300
@@ -0,0 +1,1 @@
+modules=java.base java.security.jgss
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/javax/net/ssl/TLSCommon/BufferOverflowUnderflowTest.java	Fri Jun 05 12:22:36 2015 +0300
@@ -0,0 +1,135 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import java.nio.ByteBuffer;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLEngine;
+import javax.net.ssl.SSLEngineResult;
+import javax.net.ssl.SSLException;
+
+/**
+ * Testing SSLEngine incorrect app data packages unwrapping.
+ */
+public class BufferOverflowUnderflowTest extends SSLEngineTestCase {
+
+    private final String MESSAGE = "Hello peer!";
+
+    public static void main(String[] args) {
+        BufferOverflowUnderflowTest test = new BufferOverflowUnderflowTest();
+        setUpAndStartKDCIfNeeded();
+        test.runTests();
+    }
+
+    @Override
+    protected void testOneCipher(String cipher) throws SSLException {
+        SSLContext context = getContext();
+        int maxPacketSize = getMaxPacketSize();
+        boolean useSNI = !TEST_MODE.equals("norm");
+        SSLEngine clientEngine = getClientSSLEngine(context, useSNI);
+        SSLEngine serverEngine = getServerSSLEngine(context, useSNI);
+        clientEngine.setEnabledCipherSuites(new String[]{cipher});
+        serverEngine.setEnabledCipherSuites(new String[]{cipher});
+        serverEngine.setNeedClientAuth(!cipher.contains("anon"));
+        doHandshake(clientEngine, serverEngine, maxPacketSize,
+                HandshakeMode.INITIAL_HANDSHAKE);
+        checkBufferOverflowOnWrap(clientEngine);
+        checkBufferOverflowOnWrap(serverEngine);
+        checkBufferOverflowOnUnWrap(clientEngine, serverEngine);
+        checkBufferOverflowOnUnWrap(serverEngine, clientEngine);
+        checkBufferUnderflowOnUnWrap(serverEngine, clientEngine);
+        checkBufferUnderflowOnUnWrap(clientEngine, serverEngine);
+    }
+
+    private void checkBufferOverflowOnWrap(SSLEngine engine)
+            throws SSLException {
+        String mode = engine.getUseClientMode() ? "client"
+                : "server";
+        System.out.println("================================================="
+                + "===========");
+        System.out.println("Testing SSLEngine buffer overflow"
+                + " on wrap by " + mode);
+        ByteBuffer app = ByteBuffer.wrap(MESSAGE.getBytes());
+        //Making net buffer size less than required by 1 byte.
+        ByteBuffer net = ByteBuffer
+                .allocate(engine.getSession().getPacketBufferSize() - 1);
+        SSLEngineResult r = engine.wrap(app, net);
+        checkResult(r, SSLEngineResult.Status.BUFFER_OVERFLOW);
+        System.out.println("Passed");
+    }
+
+    private void checkBufferOverflowOnUnWrap(SSLEngine wrappingEngine,
+            SSLEngine unwrappingEngine)
+            throws SSLException {
+        String wrapperMode = wrappingEngine.getUseClientMode() ? "client"
+                : "server";
+        String unwrapperMode = unwrappingEngine.getUseClientMode() ? "client"
+                : "server";
+        if (wrapperMode.equals(unwrapperMode)) {
+            throw new Error("Test error: both engines are in the same mode!");
+        }
+        System.out.println("================================================="
+                + "===========");
+        System.out.println("Testing SSLEngine buffer overflow"
+                + " on unwrap by " + unwrapperMode);
+        ByteBuffer app = ByteBuffer.wrap(MESSAGE.getBytes());
+        ByteBuffer net = ByteBuffer
+                .allocate(wrappingEngine.getSession().getPacketBufferSize());
+        SSLEngineResult r = wrappingEngine.wrap(app, net);
+        checkResult(r, SSLEngineResult.Status.OK);
+        //Making app buffer size less than required by 1 byte.
+        app = ByteBuffer.allocate(MESSAGE.length() - 1);
+        net.flip();
+        r = unwrappingEngine.unwrap(net, app);
+        checkResult(r, SSLEngineResult.Status.BUFFER_OVERFLOW);
+        System.out.println("Passed");
+    }
+
+    private void checkBufferUnderflowOnUnWrap(SSLEngine wrappingEngine,
+            SSLEngine unwrappingEngine)
+            throws SSLException {
+        String wrapperMode = wrappingEngine.getUseClientMode() ? "client"
+                : "server";
+        String unwrapperMode = unwrappingEngine.getUseClientMode() ? "client"
+                : "server";
+        if (wrapperMode.equals(unwrapperMode)) {
+            throw new Error("Test error: both engines are in the same mode!");
+        }
+        System.out.println("================================================="
+                + "===========");
+        System.out.println("Testing SSLEngine buffer underflow"
+                + " on unwrap by " + unwrapperMode);
+        ByteBuffer app = ByteBuffer.wrap(MESSAGE.getBytes());
+        ByteBuffer net = ByteBuffer
+                .allocate(wrappingEngine.getSession().getPacketBufferSize());
+        SSLEngineResult r = wrappingEngine.wrap(app, net);
+        checkResult(r, SSLEngineResult.Status.OK);
+        app = ByteBuffer.allocate(unwrappingEngine.getSession()
+                .getApplicationBufferSize());
+        net.flip();
+        //Making net buffer size less than size of dtls message.
+        net.limit(net.limit() - 1);
+        r = unwrappingEngine.unwrap(net, app);
+        checkResult(r, SSLEngineResult.Status.BUFFER_UNDERFLOW);
+        System.out.println("Passed");
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/javax/net/ssl/TLSCommon/DataExchangeTest.java	Fri Jun 05 12:22:36 2015 +0300
@@ -0,0 +1,55 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLEngine;
+import javax.net.ssl.SSLException;
+
+/**
+ * Testing SSLEngine application data exchange using each of the supported cipher
+ * suites.
+ */
+public class DataExchangeTest extends SSLEngineTestCase {
+
+    public static void main(String[] args) {
+        DataExchangeTest test = new DataExchangeTest();
+        setUpAndStartKDCIfNeeded();
+        test.runTests();
+    }
+
+    @Override
+    protected void testOneCipher(String cipher) throws SSLException {
+        SSLContext context = getContext();
+        int maxPacketSize = getMaxPacketSize();
+        boolean useSNI = !TEST_MODE.equals("norm");
+        SSLEngine clientEngine = getClientSSLEngine(context, useSNI);
+        SSLEngine serverEngine = getServerSSLEngine(context, useSNI);
+        clientEngine.setEnabledCipherSuites(new String[]{cipher});
+        serverEngine.setEnabledCipherSuites(new String[]{cipher});
+        serverEngine.setNeedClientAuth(!cipher.contains("anon"));
+        doHandshake(clientEngine, serverEngine, maxPacketSize,
+                HandshakeMode.INITIAL_HANDSHAKE);
+        sendApplicationData(clientEngine, serverEngine);
+        sendApplicationData(serverEngine, clientEngine);
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/javax/net/ssl/TLSCommon/EnginesClosureTest.java	Fri Jun 05 12:22:36 2015 +0300
@@ -0,0 +1,63 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLEngine;
+import javax.net.ssl.SSLException;
+
+/**
+ * Testing SSLEngines closing using each of the supported cipher suites.
+ */
+public class EnginesClosureTest extends SSLEngineTestCase {
+
+    public static void main(String[] args) {
+        EnginesClosureTest test = new EnginesClosureTest();
+        setUpAndStartKDCIfNeeded();
+        test.runTests();
+    }
+
+    @Override
+    protected void testOneCipher(String cipher) throws SSLException {
+        closingTest(cipher, true);
+        closingTest(cipher, false);
+    }
+
+    private void closingTest(String cipher, boolean clientCloses)
+            throws SSLException {
+        SSLContext context = getContext();
+        int maxPacketSize = getMaxPacketSize();
+        boolean useSNI = !TEST_MODE.equals("norm");
+        SSLEngine clientEngine = getClientSSLEngine(context, useSNI);
+        SSLEngine serverEngine = getServerSSLEngine(context, useSNI);
+        clientEngine.setEnabledCipherSuites(new String[]{cipher});
+        serverEngine.setEnabledCipherSuites(new String[]{cipher});
+        serverEngine.setNeedClientAuth(!cipher.contains("anon"));
+        doHandshake(clientEngine, serverEngine, maxPacketSize,
+                HandshakeMode.INITIAL_HANDSHAKE);
+        if (clientCloses) {
+            closeEngines(clientEngine, serverEngine);
+        } else {
+            closeEngines(serverEngine, clientEngine);
+        }
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/javax/net/ssl/TLSCommon/HandshakeTest.java	Fri Jun 05 12:22:36 2015 +0300
@@ -0,0 +1,52 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLEngine;
+import javax.net.ssl.SSLException;
+
+/**
+ * Testing SSLEngines handshake using each of the supported cipher suites.
+ */
+public class HandshakeTest extends SSLEngineTestCase {
+
+    public static void main(String[] args) {
+        HandshakeTest test = new HandshakeTest();
+        setUpAndStartKDCIfNeeded();
+        test.runTests();
+    }
+
+    @Override
+    protected void testOneCipher(String cipher) throws SSLException {
+        SSLContext context = getContext();
+        int maxPacketSize = getMaxPacketSize();
+        boolean useSNI = !TEST_MODE.equals("norm");
+        SSLEngine clientEngine = getClientSSLEngine(context, useSNI);
+        SSLEngine serverEngine = getServerSSLEngine(context, useSNI);
+        clientEngine.setEnabledCipherSuites(new String[]{cipher});
+        serverEngine.setEnabledCipherSuites(new String[]{cipher});
+        serverEngine.setNeedClientAuth(!cipher.contains("anon"));
+        doHandshake(clientEngine, serverEngine, maxPacketSize,
+                HandshakeMode.INITIAL_HANDSHAKE);
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/javax/net/ssl/TLSCommon/MFLNTest.java	Fri Jun 05 12:22:36 2015 +0300
@@ -0,0 +1,63 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLEngine;
+import javax.net.ssl.SSLException;
+
+/**
+ * Testing SSLEngines handshake using each of the supported cipher suites with
+ * different maximum fragment length. Testing of MFLN extension.
+ */
+public class MFLNTest extends SSLEngineTestCase {
+
+    public static void main(String[] args) {
+        setUpAndStartKDCIfNeeded();
+        System.setProperty("jsse.enableMFLNExtension", "true");
+        for (int mfl = 4096; mfl >= 256; mfl /= 2) {
+            System.out.println("=============================================="
+                    + "==============");
+            System.out.printf("Testsing DTLS handshake with MFL = %d%n", mfl);
+            MFLNTest test = new MFLNTest(mfl);
+            test.runTests();
+        }
+    }
+
+    protected MFLNTest(int maxPacketSize) {
+        super(maxPacketSize);
+    }
+
+    @Override
+    protected void testOneCipher(String cipher) throws SSLException {
+        SSLContext context = getContext();
+        int maxPacketSize = getMaxPacketSize();
+        boolean useSNI = !TEST_MODE.equals("norm");
+        SSLEngine clientEngine = getClientSSLEngine(context, useSNI);
+        SSLEngine serverEngine = getServerSSLEngine(context, useSNI);
+        clientEngine.setEnabledCipherSuites(new String[]{cipher});
+        serverEngine.setEnabledCipherSuites(new String[]{cipher});
+        serverEngine.setNeedClientAuth(!cipher.contains("anon"));
+        doHandshake(clientEngine, serverEngine, maxPacketSize,
+                HandshakeMode.INITIAL_HANDSHAKE);
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/javax/net/ssl/TLSCommon/NotEnabledRC4Test.java	Fri Jun 05 12:22:36 2015 +0300
@@ -0,0 +1,54 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLEngine;
+
+/**
+ * Testing SSLEngines do not enable RC4 ciphers by default.
+ */
+public class NotEnabledRC4Test {
+
+    public static void main(String[] s) throws Exception {
+        SSLContext context = SSLEngineTestCase.getContext();
+        SSLEngine clientEngine = context.createSSLEngine();
+        clientEngine.setUseClientMode(true);
+        SSLEngine serverEngine = context.createSSLEngine();
+        serverEngine.setUseClientMode(false);
+        String[] cliEnabledCiphers = clientEngine.getEnabledCipherSuites();
+        rc4Test(cliEnabledCiphers, true);
+        String[] srvEnabledCiphers = serverEngine.getEnabledCipherSuites();
+        rc4Test(srvEnabledCiphers, false);
+    }
+
+    private static void rc4Test(String[] ciphers, boolean isClient) {
+        String mode = isClient ? "client" : "server";
+        for (String cipher : ciphers) {
+            if (cipher.contains("RC4")) {
+                throw new AssertionError("RC4 cipher " + cipher + " is enabled"
+                        + " by default on " + mode + " SSLEngine,"
+                        + " but it should not!");
+            }
+        }
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/javax/net/ssl/TLSCommon/RehandshakeTest.java	Fri Jun 05 12:22:36 2015 +0300
@@ -0,0 +1,58 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLEngine;
+import javax.net.ssl.SSLException;
+
+/**
+ * Testing SSLEngines re-handshaking using each of the supported cipher
+ * suites.
+ */
+public class RehandshakeTest extends SSLEngineTestCase {
+
+    public static void main(String[] args) {
+        RehandshakeTest test = new RehandshakeTest();
+        setUpAndStartKDCIfNeeded();
+        test.runTests();
+    }
+
+    @Override
+    protected void testOneCipher(String cipher) throws SSLException {
+        SSLContext context = getContext();
+        int maxPacketSize = getMaxPacketSize();
+        boolean useSNI = !TEST_MODE.equals("norm");
+        SSLEngine clientEngine = getClientSSLEngine(context, useSNI);
+        SSLEngine serverEngine = getServerSSLEngine(context, useSNI);
+        clientEngine.setEnabledCipherSuites(new String[]{cipher});
+        serverEngine.setEnabledCipherSuites(new String[]{cipher});
+        serverEngine.setNeedClientAuth(!cipher.contains("anon"));
+        doHandshake(clientEngine, serverEngine, maxPacketSize,
+                HandshakeMode.INITIAL_HANDSHAKE);
+        doHandshake(clientEngine, serverEngine, maxPacketSize,
+                HandshakeMode.REHANDSHAKE_BEGIN_CLIENT);
+        doHandshake(clientEngine, serverEngine, maxPacketSize,
+                HandshakeMode.REHANDSHAKE_BEGIN_SERVER);
+    }
+
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/javax/net/ssl/TLSCommon/RehandshakeWithCipherChangeTest.java	Fri Jun 05 12:22:36 2015 +0300
@@ -0,0 +1,85 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLEngine;
+import javax.net.ssl.SSLEngineResult;
+import javax.net.ssl.SSLException;
+import java.util.Random;
+import jdk.testlibrary.RandomFactory;
+
+/**
+ * Testing SSLEngines re-handshaking with cipher change. New cipher is taken
+ * randomly from the supported ciphers list.
+ */
+public class RehandshakeWithCipherChangeTest extends SSLEngineTestCase {
+
+    public static void main(String[] s) {
+        RehandshakeWithCipherChangeTest test
+                = new RehandshakeWithCipherChangeTest();
+        test.runTests(Ciphers.ENABLED_NON_KRB_NOT_ANON_CIPHERS);
+    }
+
+    @Override
+    protected void testOneCipher(String cipher) throws SSLException {
+        SSLContext context = getContext();
+        int maxPacketSize = getMaxPacketSize();
+        SSLEngine clientEngine = context.createSSLEngine();
+        clientEngine.setUseClientMode(true);
+        SSLEngine serverEngine = context.createSSLEngine();
+        serverEngine.setUseClientMode(false);
+        clientEngine.setEnabledCipherSuites(new String[]{cipher});
+        serverEngine.setEnabledCipherSuites(
+                Ciphers.ENABLED_NON_KRB_NOT_ANON_CIPHERS.ciphers);
+        String randomCipher;
+        serverEngine.setNeedClientAuth(true);
+        long initialEpoch = 0;
+        long secondEpoch = 0;
+        SSLEngineResult r;
+        doHandshake(clientEngine, serverEngine, maxPacketSize,
+                HandshakeMode.INITIAL_HANDSHAKE);
+        sendApplicationData(clientEngine, serverEngine);
+        r = sendApplicationData(serverEngine, clientEngine);
+        if (TESTED_SECURITY_PROTOCOL.contains("DTLS")) {
+            initialEpoch = r.sequenceNumber() >> 48;
+        }
+        final Random RNG = RandomFactory.getRandom();
+        randomCipher = Ciphers.ENABLED_NON_KRB_NOT_ANON_CIPHERS.ciphers[RNG
+                .nextInt(Ciphers.ENABLED_NON_KRB_NOT_ANON_CIPHERS.ciphers.length)];
+        clientEngine.setEnabledCipherSuites(new String[]{randomCipher});
+        doHandshake(clientEngine, serverEngine, maxPacketSize,
+                HandshakeMode.REHANDSHAKE_BEGIN_CLIENT);
+        sendApplicationData(clientEngine, serverEngine);
+        r = sendApplicationData(serverEngine, clientEngine);
+        if (TESTED_SECURITY_PROTOCOL.contains("DTLS")) {
+            secondEpoch = r.sequenceNumber() >> 48;
+            AssertionError epochError = new AssertionError("Epoch number"
+                    + " did not grow after re-handshake! "
+                    + " Was " + initialEpoch + ", now " + secondEpoch + ".");
+            if (Long.compareUnsigned(secondEpoch, initialEpoch) <= 0) {
+                throw epochError;
+            }
+        }
+        closeEngines(clientEngine, serverEngine);
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/javax/net/ssl/TLSCommon/RehandshakeWithDataExTest.java	Fri Jun 05 12:22:36 2015 +0300
@@ -0,0 +1,89 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLEngine;
+import javax.net.ssl.SSLEngineResult;
+import javax.net.ssl.SSLException;
+
+/**
+ * Testing SSLEngines re-handshaking using each of the supported cipher suites
+ * with application data exchange before and after re-handshake and closing of
+ * the engines.
+ */
+public class RehandshakeWithDataExTest extends SSLEngineTestCase {
+
+    public static void main(String[] args) {
+        RehandshakeWithDataExTest test = new RehandshakeWithDataExTest();
+        setUpAndStartKDCIfNeeded();
+        test.runTests();
+    }
+
+    @Override
+    protected void testOneCipher(String cipher) throws SSLException {
+        SSLContext context = getContext();
+        int maxPacketSize = getMaxPacketSize();
+        boolean useSNI = !TEST_MODE.equals("norm");
+        SSLEngine clientEngine = getClientSSLEngine(context, useSNI);
+        SSLEngine serverEngine = getServerSSLEngine(context, useSNI);
+        clientEngine.setEnabledCipherSuites(new String[]{cipher});
+        serverEngine.setEnabledCipherSuites(new String[]{cipher});
+        serverEngine.setNeedClientAuth(!cipher.contains("anon"));
+        long initialEpoch = 0;
+        long secondEpoch = 0;
+        long thirdEpoch = 0;
+        SSLEngineResult r;
+        doHandshake(clientEngine, serverEngine, maxPacketSize,
+                HandshakeMode.INITIAL_HANDSHAKE);
+        sendApplicationData(clientEngine, serverEngine);
+        r = sendApplicationData(serverEngine, clientEngine);
+        if (TESTED_SECURITY_PROTOCOL.contains("DTLS")) {
+            initialEpoch = r.sequenceNumber() >> 48;
+        }
+        doHandshake(clientEngine, serverEngine, maxPacketSize,
+                HandshakeMode.REHANDSHAKE_BEGIN_CLIENT);
+        sendApplicationData(clientEngine, serverEngine);
+        r = sendApplicationData(serverEngine, clientEngine);
+        AssertionError epochError = new AssertionError("Epoch number"
+                + " did not grow after re-handshake! "
+                + " Was " + initialEpoch + ", now " + secondEpoch + ".");
+        if (TESTED_SECURITY_PROTOCOL.contains("DTLS")) {
+            secondEpoch = r.sequenceNumber() >> 48;
+            if (Long.compareUnsigned(secondEpoch, initialEpoch) <= 0) {
+                throw epochError;
+            }
+        }
+        doHandshake(clientEngine, serverEngine, maxPacketSize,
+                HandshakeMode.REHANDSHAKE_BEGIN_SERVER);
+        sendApplicationData(clientEngine, serverEngine);
+        r = sendApplicationData(serverEngine, clientEngine);
+        if (TESTED_SECURITY_PROTOCOL.contains("DTLS")) {
+        thirdEpoch = r.sequenceNumber() >> 48;
+            if (Long.compareUnsigned(thirdEpoch, secondEpoch) <= 0) {
+                throw epochError;
+            }
+        }
+        closeEngines(clientEngine, serverEngine);
+    }
+
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/javax/net/ssl/TLSCommon/SSLEngineTestCase.java	Fri Jun 05 12:22:36 2015 +0300
@@ -0,0 +1,1081 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.SNIHostName;
+import javax.net.ssl.SNIMatcher;
+import javax.net.ssl.SNIServerName;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLEngine;
+import javax.net.ssl.SSLEngineResult;
+import javax.net.ssl.SSLException;
+import javax.net.ssl.SSLParameters;
+import javax.net.ssl.TrustManagerFactory;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.nio.ByteBuffer;
+import java.security.KeyManagementException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.CertificateException;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.Map;
+
+/**
+ * Basic class to inherit SSLEngine test cases from it. Tests apply for
+ * the TLS or DTLS security protocols and their versions.
+ */
+abstract public class SSLEngineTestCase {
+
+    public enum Ciphers {
+
+        /**
+         * Ciphers supported by the tested SSLEngine without those with kerberos
+         * authentication.
+         */
+        SUPPORTED_NON_KRB_CIPHERS(SSLEngineTestCase.SUPPORTED_NON_KRB_CIPHERS,
+                "Supported non kerberos"),
+        /**
+         * Ciphers supported by the tested SSLEngine without those with kerberos
+         * authentication and without those with SHA256 ans SHA384.
+         */
+        SUPPORTED_NON_KRB_NON_SHA_CIPHERS(SSLEngineTestCase.SUPPORTED_NON_KRB_NON_SHA_CIPHERS,
+                "Supported non kerberos non SHA256 and SHA384"),
+        /**
+         * Ciphers supported by the tested SSLEngine with kerberos authentication.
+         */
+        SUPPORTED_KRB_CIPHERS(SSLEngineTestCase.SUPPORTED_KRB_CIPHERS,
+                "Supported kerberos"),
+        /**
+         * Ciphers enabled by default for the tested SSLEngine without kerberos
+         * and anon.
+         */
+        ENABLED_NON_KRB_NOT_ANON_CIPHERS(
+                SSLEngineTestCase.ENABLED_NON_KRB_NOT_ANON_CIPHERS,
+                "Enabled by default non kerberos not anonymous"),
+        /**
+         * Ciphers unsupported by the tested SSLEngine.
+         */
+        UNSUPPORTED_CIPHERS(SSLEngineTestCase.UNSUPPORTED_CIPHERS,
+                "Unsupported");
+
+        Ciphers(String[] ciphers, String description) {
+            this.ciphers = ciphers;
+            this.description = description;
+        }
+
+        final String[] ciphers;
+        final String description;
+    }
+
+    /**
+     * Enumeration used to distinguish handshake mode in
+     * {@link SSLEngineTestCase#doHandshake(javax.net.ssl.SSLEngine,
+     * javax.net.ssl.SSLEngine, int, SSLEngineTestCase.HandshakeMode, boolean)
+     * SSLEngineTestCase.doHandshake} method.
+     */
+    public enum HandshakeMode {
+
+        /**
+         * Initial handshake done for the first time: both engines call
+         * {@link SSLEngine#beginHandshake()} method.
+         */
+        INITIAL_HANDSHAKE,
+        /**
+         * Repeated handshake done by client: client engine calls
+         * {@link SSLEngine#beginHandshake()} method.
+         */
+        REHANDSHAKE_BEGIN_CLIENT,
+        /**
+         * Repeated handshake done by server: server engine calls
+         * {@link SSLEngine#beginHandshake()} method.
+         */
+        REHANDSHAKE_BEGIN_SERVER;
+    }
+    /**
+     * Security protocol to be tested: "TLS" or "DTLS" or their versions,
+     * e.g. "TLSv1", "TLSv1.1", "TLSv1.2", "DTLSv1.0", "DTLSv1.2".
+     */
+    public static final String TESTED_SECURITY_PROTOCOL
+            = System.getProperty("test.security.protocol", "TLS");
+    /**
+     * Test mode: "norm", "norm_sni" or "krb".
+     * Modes "norm" and "norm_sni" are used to run
+     * with all supported non-kerberos ciphers.
+     * Mode "krb" is used to run with kerberos ciphers.
+     */
+    public static final String TEST_MODE
+            = System.getProperty("test.mode", "norm");
+
+    private static final String FS = System.getProperty("file.separator", "/");
+    private static final String PATH_TO_STORES = ".." + FS + "etc";
+    private static final String KEY_STORE_FILE = "keystore";
+    private static final String TRUST_STORE_FILE = "truststore";
+    private static final String PASSWD = "passphrase";
+
+    private static final String KEY_FILE_NAME
+            = System.getProperty("test.src", ".") + FS + PATH_TO_STORES
+            + FS + KEY_STORE_FILE;
+    private static final String TRUST_FILE_NAME
+            = System.getProperty("test.src", ".") + FS + PATH_TO_STORES
+            + FS + TRUST_STORE_FILE;
+
+    private static ByteBuffer net;
+    private static ByteBuffer netReplicatedClient;
+    private static ByteBuffer netReplicatedServer;
+    private static final int MAX_HANDSHAKE_LOOPS = 100;
+    private static final String EXCHANGE_MSG_SENT = "Hello, peer!";
+    private static boolean doUnwrapForNotHandshakingStatus;
+    private static boolean endHandshakeLoop = false;
+    private static final String TEST_SRC = System.getProperty("test.src", ".");
+    private static final String KTAB_FILENAME = "krb5.keytab.data";
+    private static final String KRB_REALM = "TEST.REALM";
+    private static final String KRBTGT_PRINCIPAL = "krbtgt/" + KRB_REALM;
+    private static final String KRB_USER = "USER";
+    private static final String KRB_USER_PASSWORD = "password";
+    private static final String KRB_USER_PRINCIPAL = KRB_USER + "@" + KRB_REALM;
+    private static final String KRB5_CONF_FILENAME = "krb5.conf";
+    private static final String PATH_TO_COMMON = ".." + FS + "TLSCommon";
+    private static final String JAAS_CONF_FILE = PATH_TO_COMMON
+            + FS + "jaas.conf";
+    private static final int DELAY = 1000;
+    private static final String HOST = "localhost";
+    private static final String SERVER_NAME = "service.localhost";
+    private static final String SNI_PATTERN = ".*";
+
+    private static final String[] SUPPORTED_NON_KRB_CIPHERS;
+
+    static {
+        try {
+            String[] allSupportedCiphers = getContext()
+                    .createSSLEngine().getSupportedCipherSuites();
+            List<String> supportedCiphersList = new LinkedList<>();
+            for (String cipher : allSupportedCiphers) {
+                if (!cipher.contains("KRB5")
+                        && !cipher.contains("TLS_EMPTY_RENEGOTIATION_INFO_SCSV")) {
+                    supportedCiphersList.add(cipher);
+                }
+            }
+            SUPPORTED_NON_KRB_CIPHERS = supportedCiphersList.toArray(new String[0]);
+        } catch (Exception ex) {
+            throw new Error("Unexpected issue", ex);
+        }
+    }
+
+    private static final String[] SUPPORTED_NON_KRB_NON_SHA_CIPHERS;
+
+    static {
+        try {
+            String[] allSupportedCiphers = getContext()
+                    .createSSLEngine().getSupportedCipherSuites();
+            List<String> supportedCiphersList = new LinkedList<>();
+            for (String cipher : allSupportedCiphers) {
+                if (!cipher.contains("KRB5")
+                        && !cipher.contains("TLS_EMPTY_RENEGOTIATION_INFO_SCSV")
+                        && !cipher.endsWith("_SHA256")
+                        && !cipher.endsWith("_SHA384")) {
+                    supportedCiphersList.add(cipher);
+                }
+            }
+            SUPPORTED_NON_KRB_NON_SHA_CIPHERS
+                    = supportedCiphersList.toArray(new String[0]);
+        } catch (Exception ex) {
+            throw new Error("Unexpected issue", ex);
+        }
+    }
+
+    private static final String[] SUPPORTED_KRB_CIPHERS;
+
+    static {
+        try {
+            String[] allSupportedCiphers = getContext()
+                    .createSSLEngine().getSupportedCipherSuites();
+            List<String> supportedCiphersList = new LinkedList<>();
+            for (String cipher : allSupportedCiphers) {
+                if (cipher.contains("KRB5")
+                        && !cipher.contains("TLS_EMPTY_RENEGOTIATION_INFO_SCSV")) {
+                    supportedCiphersList.add(cipher);
+                }
+            }
+            SUPPORTED_KRB_CIPHERS = supportedCiphersList.toArray(new String[0]);
+        } catch (Exception ex) {
+            throw new Error("Unexpected issue", ex);
+        }
+    }
+
+    private static final String[] ENABLED_NON_KRB_NOT_ANON_CIPHERS;
+
+    static {
+        try {
+            SSLEngine temporary = getContext().createSSLEngine();
+            temporary.setUseClientMode(true);
+            String[] enabledCiphers = temporary.getEnabledCipherSuites();
+            List<String> enabledCiphersList = new LinkedList<>();
+            for (String cipher : enabledCiphers) {
+                if (!cipher.contains("anon") && !cipher.contains("KRB5")
+                        && !cipher.contains("TLS_EMPTY_RENEGOTIATION_INFO_SCSV")) {
+                    enabledCiphersList.add(cipher);
+                }
+            }
+            ENABLED_NON_KRB_NOT_ANON_CIPHERS = enabledCiphersList.toArray(new String[0]);
+        } catch (Exception ex) {
+            throw new Error("Unexpected issue", ex);
+        }
+    }
+
+    private static final String[] UNSUPPORTED_CIPHERS = {
+            "SSL_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA",
+            "SSL_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA",
+            "SSL_DHE_DSS_WITH_RC4_128_SHA",
+            "SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA",
+            "SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA",
+            "SSL_DH_DSS_WITH_DES_CBC_SHA",
+            "SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA",
+            "SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA",
+            "SSL_DH_RSA_WITH_DES_CBC_SHA",
+            "SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA",
+            "SSL_FORTEZZA_DMS_WITH_NULL_SHA",
+            "SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA",
+            "SSL_RSA_EXPORT1024_WITH_RC4_56_SHA",
+            "SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5",
+            "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA",
+            "SSL_RSA_FIPS_WITH_DES_CBC_SHA",
+            "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5",
+            "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA",
+            "TLS_KRB5_WITH_IDEA_CBC_MD5",
+            "TLS_KRB5_WITH_IDEA_CBC_SHA",
+            "SSL_RSA_WITH_IDEA_CBC_SHA",
+            "TLS_DH_RSA_WITH_AES_128_GCM_SHA256",
+            "TLS_DH_RSA_WITH_AES_256_GCM_SHA384",
+            "TLS_DH_DSS_WITH_AES_128_GCM_SHA256",
+            "TLS_DH_DSS_WITH_AES_256_GCM_SHA384"
+    };
+
+    private final int maxPacketSize;
+
+    /**
+     * Constructs test case with the given MFLN maxMacketSize.
+     *
+     * @param maxPacketSize - MLFN extension max packet size.
+     */
+    public SSLEngineTestCase(int maxPacketSize) {
+        this.maxPacketSize = maxPacketSize;
+    }
+
+    /**
+     * Constructs test case with {@code maxPacketSize = 0}.
+     */
+    public SSLEngineTestCase() {
+        this.maxPacketSize = 0;
+    }
+
+    /**
+     * Wraps data with the specified engine.
+     *
+     * @param engine        - SSLEngine that wraps data.
+     * @param wrapper       - Set wrapper id, e.g. "server" of "client". Used for
+     *                      logging only.
+     * @param maxPacketSize - Max packet size to check that MFLN extension works
+     *                      or zero for no check.
+     * @param app           - Buffer with data to wrap.
+     * @return - Buffer with wrapped data.
+     * @throws SSLException - thrown on engine errors.
+     */
+    public static ByteBuffer doWrap(SSLEngine engine, String wrapper,
+                                    int maxPacketSize, ByteBuffer app)
+            throws SSLException {
+        return doWrap(engine, wrapper, maxPacketSize,
+                app, SSLEngineResult.Status.OK, null);
+    }
+
+    /**
+     * Wraps data with the specified engine.
+     *
+     * @param engine        - SSLEngine that wraps data.
+     * @param wrapper       - Set wrapper id, e.g. "server" of "client". Used for
+     *                      logging only.
+     * @param maxPacketSize - Max packet size to check that MFLN extension works
+     *                      or zero for no check.
+     * @param app           - Buffer with data to wrap.
+     * @param result        - Array which first element will be used to output wrap
+     *                      result object.
+     * @return - Buffer with wrapped data.
+     * @throws SSLException - thrown on engine errors.
+     */
+    public static ByteBuffer doWrap(SSLEngine engine, String wrapper,
+                                    int maxPacketSize, ByteBuffer app,
+                                    SSLEngineResult[] result)
+            throws SSLException {
+        return doWrap(engine, wrapper, maxPacketSize,
+                app, SSLEngineResult.Status.OK, result);
+    }
+
+    /**
+     * Wraps data with the specified engine.
+     *
+     * @param engine        - SSLEngine that wraps data.
+     * @param wrapper       - Set wrapper id, e.g. "server" of "client". Used for
+     *                      logging only.
+     * @param maxPacketSize - Max packet size to check that MFLN extension works
+     *                      or zero for no check.
+     * @param app           - Buffer with data to wrap.
+     * @param wantedStatus  - Specifies expected result status of wrapping.
+     * @return - Buffer with wrapped data.
+     * @throws SSLException - thrown on engine errors.
+     */
+    public static ByteBuffer doWrap(SSLEngine engine, String wrapper,
+                                    int maxPacketSize, ByteBuffer app,
+                                    SSLEngineResult.Status wantedStatus)
+            throws SSLException {
+        return doWrap(engine, wrapper, maxPacketSize,
+                app, wantedStatus, null);
+    }
+
+    /**
+     * Wraps data with the specified engine.
+     *
+     * @param engine        - SSLEngine that wraps data.
+     * @param wrapper       - Set wrapper id, e.g. "server" of "client". Used for
+     *                      logging only.
+     * @param maxPacketSize - Max packet size to check that MFLN extension works
+     *                      or zero for no check.
+     * @param app           - Buffer with data to wrap.
+     * @param wantedStatus  - Specifies expected result status of wrapping.
+     * @param result        - Array which first element will be used to output wrap
+     *                      result object.
+     * @return - Buffer with wrapped data.
+     * @throws SSLException - thrown on engine errors.
+     */
+    public static ByteBuffer doWrap(SSLEngine engine, String wrapper,
+                                    int maxPacketSize, ByteBuffer app,
+                                    SSLEngineResult.Status wantedStatus,
+                                    SSLEngineResult[] result)
+            throws SSLException {
+        ByteBuffer net = ByteBuffer.allocate(engine.getSession()
+                .getPacketBufferSize());
+        SSLEngineResult r = engine.wrap(app, net);
+        net.flip();
+        int length = net.remaining();
+        System.out.println(wrapper + " wrapped " + length + " bytes.");
+        System.out.println(wrapper + " handshake status is "
+                + engine.getHandshakeStatus());
+        if (maxPacketSize < length && maxPacketSize != 0) {
+            throw new AssertionError("Handshake wrapped net buffer length "
+                    + length + " exceeds maximum packet size "
+                    + maxPacketSize);
+        }
+        checkResult(r, wantedStatus);
+        if (result != null && result.length > 0) {
+            result[0] = r;
+        }
+        return net;
+    }
+
+    /**
+     * Unwraps data with the specified engine.
+     *
+     * @param engine    - SSLEngine that unwraps data.
+     * @param unwrapper - Set unwrapper id, e.g. "server" of "client". Used for
+     *                  logging only.
+     * @param net       - Buffer with data to unwrap.
+     * @return - Buffer with unwrapped data.
+     * @throws SSLException - thrown on engine errors.
+     */
+    public static ByteBuffer doUnWrap(SSLEngine engine, String unwrapper,
+                                      ByteBuffer net)
+            throws SSLException {
+        return doUnWrap(engine, unwrapper, net, SSLEngineResult.Status.OK, null);
+    }
+
+    /**
+     * Unwraps data with the specified engine.
+     *
+     * @param engine    - SSLEngine that unwraps data.
+     * @param unwrapper - Set unwrapper id, e.g. "server" of "client". Used for
+     *                  logging only.
+     * @param net       - Buffer with data to unwrap.
+     * @param result    - Array which first element will be used to output wrap
+     *                  result object.
+     * @return - Buffer with unwrapped data.
+     * @throws SSLException - thrown on engine errors.
+     */
+    public static ByteBuffer doUnWrap(SSLEngine engine, String unwrapper,
+                                      ByteBuffer net, SSLEngineResult[] result)
+            throws SSLException {
+        return doUnWrap(engine, unwrapper, net, SSLEngineResult.Status.OK, result);
+    }
+
+    /**
+     * Unwraps data with the specified engine.
+     *
+     * @param engine       - SSLEngine that unwraps data.
+     * @param unwrapper    - Set unwrapper id, e.g. "server" of "client". Used for
+     *                     logging only.
+     * @param net          - Buffer with data to unwrap.
+     * @param wantedStatus - Specifies expected result status of wrapping.
+     * @return - Buffer with unwrapped data.
+     * @throws SSLException - thrown on engine errors.
+     */
+    public static ByteBuffer doUnWrap(SSLEngine engine, String unwrapper,
+                                      ByteBuffer net,
+                                      SSLEngineResult.Status wantedStatus)
+            throws SSLException {
+        return doUnWrap(engine, unwrapper, net, wantedStatus, null);
+    }
+
+    /**
+     * Unwraps data with the specified engine.
+     *
+     * @param engine       - SSLEngine that unwraps data.
+     * @param unwrapper    - Set unwrapper id, e.g. "server" of "client". Used for
+     *                     logging only.
+     * @param net          - Buffer with data to unwrap.
+     * @param wantedStatus - Specifies expected result status of wrapping.
+     * @param result       - Array which first element will be used to output wrap
+     *                     result object.
+     * @return - Buffer with unwrapped data.
+     * @throws SSLException - thrown on engine errors.
+     */
+    public static ByteBuffer doUnWrap(SSLEngine engine, String unwrapper,
+                                      ByteBuffer net,
+                                      SSLEngineResult.Status wantedStatus,
+                                      SSLEngineResult[] result)
+            throws SSLException {
+        ByteBuffer app = ByteBuffer.allocate(engine.getSession()
+                .getApplicationBufferSize());
+        int length = net.remaining();
+        System.out.println(unwrapper + " unwrapping "
+                + length + " bytes...");
+        SSLEngineResult r = engine.unwrap(net, app);
+        app.flip();
+        System.out.println(unwrapper + " handshake status is "
+                + engine.getHandshakeStatus());
+        checkResult(r, wantedStatus);
+        if (result != null && result.length > 0) {
+            result[0] = r;
+        }
+        return app;
+    }
+
+    /**
+     * Does the handshake of the two specified engines according to the
+     * {@code mode} specified.
+     *
+     * @param clientEngine  - Client SSLEngine.
+     * @param serverEngine  - Server SSLEngine.
+     * @param maxPacketSize - Maximum packet size for MFLN of zero for no limit.
+     * @param mode          - Handshake mode according to {@link HandshakeMode} enum.
+     * @throws SSLException - thrown on engine errors.
+     */
+    public static void doHandshake(SSLEngine clientEngine,
+                                   SSLEngine serverEngine,
+                                   int maxPacketSize, HandshakeMode mode)
+            throws SSLException {
+        doHandshake(clientEngine, serverEngine, maxPacketSize, mode, false);
+    }
+
+    /**
+     * Does the handshake of the two specified engines according to the
+     * {@code mode} specified.
+     *
+     * @param clientEngine          - Client SSLEngine.
+     * @param serverEngine          - Server SSLEngine.
+     * @param maxPacketSize         - Maximum packet size for MFLN of zero for no limit.
+     * @param mode                  - Handshake mode according to {@link HandshakeMode} enum.
+     * @param enableReplicatedPacks - Set {@code true} to enable replicated
+     *                              packet sending.
+     * @throws SSLException - thrown on engine errors.
+     */
+    public static void doHandshake(SSLEngine clientEngine,
+                                   SSLEngine serverEngine, int maxPacketSize,
+                                   HandshakeMode mode,
+                                   boolean enableReplicatedPacks)
+            throws SSLException {
+        System.out.println("================================================="
+                + "===========");
+        System.out.println("Starting handshake " + mode.name());
+        int loop = 0;
+        if (maxPacketSize < 0) {
+            throw new Error("Test issue: maxPacketSize is less than zero!");
+        }
+        SSLParameters params = clientEngine.getSSLParameters();
+        params.setMaximumPacketSize(maxPacketSize);
+        clientEngine.setSSLParameters(params);
+        params = serverEngine.getSSLParameters();
+        params.setMaximumPacketSize(maxPacketSize);
+        serverEngine.setSSLParameters(params);
+        SSLEngine firstEngine;
+        SSLEngine secondEngine;
+        switch (mode) {
+            case INITIAL_HANDSHAKE:
+                firstEngine = clientEngine;
+                secondEngine = serverEngine;
+                doUnwrapForNotHandshakingStatus = false;
+                clientEngine.beginHandshake();
+                serverEngine.beginHandshake();
+                break;
+            case REHANDSHAKE_BEGIN_CLIENT:
+                firstEngine = clientEngine;
+                secondEngine = serverEngine;
+                doUnwrapForNotHandshakingStatus = true;
+                clientEngine.beginHandshake();
+                break;
+            case REHANDSHAKE_BEGIN_SERVER:
+                firstEngine = serverEngine;
+                secondEngine = clientEngine;
+                doUnwrapForNotHandshakingStatus = true;
+                serverEngine.beginHandshake();
+                break;
+            default:
+                throw new Error("Test issue: unknown handshake mode");
+        }
+        endHandshakeLoop = false;
+        while (!endHandshakeLoop) {
+            if (++loop > MAX_HANDSHAKE_LOOPS) {
+                throw new Error("Too much loops for handshaking");
+            }
+            System.out.println("==============================================");
+            System.out.println("Handshake loop " + loop);
+            SSLEngineResult.HandshakeStatus clientHSStatus
+                    = clientEngine.getHandshakeStatus();
+            SSLEngineResult.HandshakeStatus serverHSStatus
+                    = serverEngine.getHandshakeStatus();
+            System.out.println("Client handshake status "
+                    + clientHSStatus.name());
+            System.out.println("Server handshake status "
+                    + serverHSStatus.name());
+            handshakeProcess(firstEngine, secondEngine, maxPacketSize,
+                    enableReplicatedPacks);
+            handshakeProcess(secondEngine, firstEngine, maxPacketSize,
+                    enableReplicatedPacks);
+        }
+    }
+
+    /**
+     * Routine to send application data from one SSLEngine to another.
+     *
+     * @param fromEngine - Sending engine.
+     * @param toEngine   - Receiving engine.
+     * @return - Result of unwrap method of the receiving engine.
+     * @throws SSLException - thrown on engine errors.
+     */
+    public static SSLEngineResult sendApplicationData(SSLEngine fromEngine,
+                                                      SSLEngine toEngine)
+            throws SSLException {
+        String sender = null;
+        String reciever = null;
+        String excMsgSent = EXCHANGE_MSG_SENT;
+        if (fromEngine.getUseClientMode() && !toEngine.getUseClientMode()) {
+            sender = "Client";
+            reciever = "Server";
+            excMsgSent += " Client.";
+        } else if (toEngine.getUseClientMode() && !fromEngine.getUseClientMode()) {
+            sender = "Server";
+            reciever = "Client";
+            excMsgSent += " Server.";
+        } else {
+            throw new Error("Test issue: both engines are in the same mode");
+        }
+        System.out.println("================================================="
+                + "===========");
+        System.out.println("Trying to send application data from " + sender
+                + " to " + reciever);
+        ByteBuffer clientAppSent
+                = ByteBuffer.wrap(excMsgSent.getBytes());
+        net = doWrap(fromEngine, sender, 0, clientAppSent);
+        SSLEngineResult[] r = new SSLEngineResult[1];
+        ByteBuffer serverAppRecv = doUnWrap(toEngine, reciever, net, r);
+        byte[] serverAppRecvTrunc = Arrays.copyOf(serverAppRecv.array(),
+                serverAppRecv.limit());
+        String msgRecv = new String(serverAppRecvTrunc);
+        if (!msgRecv.equals(excMsgSent)) {
+            throw new AssertionError(sender + " to " + reciever
+                    + ": application data"
+                    + " has been altered while sending."
+                    + " Message sent: " + "\"" + excMsgSent + "\"."
+                    + " Message recieved: " + "\"" + msgRecv + "\".");
+        }
+        System.out.println("Successful sending application data from " + sender
+                + " to " + reciever);
+        return r[0];
+    }
+
+    /**
+     * Close engines by sending "close outbound" message from one SSLEngine to
+     * another.
+     *
+     * @param fromEngine - Sending engine.
+     * @param toEngine   - Receiving engine.
+     * @throws SSLException - thrown on engine errors.
+     */
+    public static void closeEngines(SSLEngine fromEngine,
+                                    SSLEngine toEngine) throws SSLException {
+        String from = null;
+        String to = null;
+        ByteBuffer app;
+        if (fromEngine.getUseClientMode() && !toEngine.getUseClientMode()) {
+            from = "Client";
+            to = "Server";
+        } else if (toEngine.getUseClientMode() && !fromEngine.getUseClientMode()) {
+            from = "Server";
+            to = "Client";
+        } else {
+            throw new Error("Both engines are in the same mode");
+        }
+        System.out.println("=========================================================");
+        System.out.println("Trying to close engines from " + from + " to " + to);
+        // Sending close outbound request to peer
+        fromEngine.closeOutbound();
+        app = ByteBuffer.allocate(fromEngine.getSession().getApplicationBufferSize());
+        net = doWrap(fromEngine, from, 0, app, SSLEngineResult.Status.CLOSED);
+        doUnWrap(toEngine, to, net, SSLEngineResult.Status.CLOSED);
+        app = ByteBuffer.allocate(fromEngine.getSession().getApplicationBufferSize());
+        net = doWrap(toEngine, to, 0, app, SSLEngineResult.Status.CLOSED);
+        doUnWrap(fromEngine, from, net, SSLEngineResult.Status.CLOSED);
+        if (!toEngine.isInboundDone()) {
+            throw new AssertionError(from + " sent close request to " + to
+                    + ", but " + to + "did not close inbound.");
+        }
+        // Executing close inbound
+        fromEngine.closeInbound();
+        app = ByteBuffer.allocate(fromEngine.getSession().getApplicationBufferSize());
+        net = doWrap(fromEngine, from, 0, app, SSLEngineResult.Status.CLOSED);
+        doUnWrap(toEngine, to, net, SSLEngineResult.Status.CLOSED);
+        if (!toEngine.isOutboundDone()) {
+            throw new AssertionError(from + "sent close request to " + to
+                    + ", but " + to + "did not close outbound.");
+        }
+        System.out.println("Successful closing from " + from + " to " + to);
+    }
+
+    /**
+     * Runs the same test case for all given {@code ciphers}. Method counts all
+     * failures and throws {@code AssertionError} if one or more tests fail.
+     *
+     * @param ciphers - Ciphers that should be tested.
+     */
+    public void runTests(Ciphers ciphers) {
+        int total = ciphers.ciphers.length;
+        int failed = testSomeCiphers(ciphers);
+        if (failed > 0) {
+            throw new AssertionError("" + failed + " of " + total
+                    + " tests failed!");
+        }
+        System.out.println("All tests passed!");
+    }
+
+    /**
+     * Runs test cases for ciphers defined by the test mode.
+     */
+    public void runTests() {
+        switch (TEST_MODE) {
+            case "norm":
+            case "norm_sni":
+                switch (TESTED_SECURITY_PROTOCOL) {
+                    case "DTLSv1.0":
+                    case "TLSv1":
+                    case "TLSv1.1":
+                        runTests(Ciphers.SUPPORTED_NON_KRB_NON_SHA_CIPHERS);
+                        break;
+                    default:
+                        runTests(Ciphers.SUPPORTED_NON_KRB_CIPHERS);
+                }
+                break;
+            case "krb":
+                runTests(Ciphers.SUPPORTED_KRB_CIPHERS);
+                break;
+            default:
+                throw new Error("Test error: unexpected test mode: " + TEST_MODE);
+        }
+    }
+
+    /**
+     * Returns maxPacketSize value used for MFLN extension testing
+     *
+     * @return - MLFN extension max packet size.
+     */
+    public int getMaxPacketSize() {
+        return maxPacketSize;
+    }
+
+    /**
+     * Checks that status of result {@code r} is {@code wantedStatus}.
+     *
+     * @param r            - Result.
+     * @param wantedStatus - Wanted status of the result.
+     * @throws AssertionError - if status or {@code r} is not
+     *                        {@code wantedStatus}.
+     */
+    public static void checkResult(SSLEngineResult r,
+                                   SSLEngineResult.Status wantedStatus) {
+        SSLEngineResult.Status rs = r.getStatus();
+        if (!rs.equals(wantedStatus)) {
+            throw new AssertionError("Unexpected status " + rs.name()
+                    + ", should be " + wantedStatus.name());
+        }
+    }
+
+    /**
+     * Returns SSLContext with TESTED_SECURITY_PROTOCOL protocol and sets up keys.
+     *
+     * @return - SSLContext with a protocol specified by TESTED_SECURITY_PROTOCOL.
+     */
+    public static SSLContext getContext() {
+        try {
+            KeyStore ks = KeyStore.getInstance("JKS");
+            KeyStore ts = KeyStore.getInstance("JKS");
+            char[] passphrase = PASSWD.toCharArray();
+            try (FileInputStream keyFileStream = new FileInputStream(KEY_FILE_NAME)) {
+                ks.load(keyFileStream, passphrase);
+            }
+            try (FileInputStream trustFileStream = new FileInputStream(TRUST_FILE_NAME)) {
+                ts.load(trustFileStream, passphrase);
+            }
+            KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
+            kmf.init(ks, passphrase);
+            TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
+            tmf.init(ts);
+            SSLContext sslCtx = SSLContext.getInstance(TESTED_SECURITY_PROTOCOL);
+            sslCtx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
+            return sslCtx;
+        } catch (KeyStoreException | IOException | NoSuchAlgorithmException |
+                CertificateException | UnrecoverableKeyException |
+                KeyManagementException ex) {
+            throw new Error("Unexpected exception", ex);
+        }
+    }
+
+    /**
+     * Sets up and starts kerberos KDC server.
+     */
+    public static void setUpAndStartKDC() {
+        String servicePrincipal = "host/" + SERVER_NAME + "@" + KRB_REALM;
+        Map<String, String> principals = new HashMap<>();
+        principals.put(KRB_USER_PRINCIPAL, KRB_USER_PASSWORD);
+        principals.put(KRBTGT_PRINCIPAL, null);
+        principals.put(servicePrincipal, null);
+        System.setProperty("java.security.krb5.conf", KRB5_CONF_FILENAME);
+        startKDC(KRB_REALM, principals, KTAB_FILENAME);
+        System.setProperty("java.security.auth.login.config",
+                TEST_SRC + FS + JAAS_CONF_FILE);
+        System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
+    }
+
+    /**
+     * Sets up and starts kerberos KDC server if SSLEngineTestCase.TEST_MODE is "krb".
+     */
+    public static void setUpAndStartKDCIfNeeded() {
+        if (TEST_MODE.equals("krb")) {
+            setUpAndStartKDC();
+        }
+    }
+
+    /**
+     * Returns client ssl engine.
+     *
+     * @param context - SSLContext to get SSLEngine from.
+     * @param useSNI  - flag used to enable or disable using SNI extension.
+     *                Needed for Kerberos.
+     */
+    public static SSLEngine getClientSSLEngine(SSLContext context, boolean useSNI) {
+        SSLEngine clientEngine = context.createSSLEngine(HOST, 80);
+        clientEngine.setUseClientMode(true);
+        if (useSNI) {
+            SNIHostName serverName = new SNIHostName(SERVER_NAME);
+            List<SNIServerName> serverNames = new ArrayList<>();
+            serverNames.add(serverName);
+            SSLParameters params = clientEngine.getSSLParameters();
+            params.setServerNames(serverNames);
+            clientEngine.setSSLParameters(params);
+        }
+        return clientEngine;
+    }
+
+    /**
+     * Returns server ssl engine.
+     *
+     * @param context - SSLContext to get SSLEngine from.
+     * @param useSNI  - flag used to enable or disable using SNI extension.
+     *                Needed for Kerberos.
+     */
+    public static SSLEngine getServerSSLEngine(SSLContext context, boolean useSNI) {
+        SSLEngine serverEngine = context.createSSLEngine();
+        serverEngine.setUseClientMode(false);
+        if (useSNI) {
+            SNIMatcher matcher = SNIHostName.createSNIMatcher(SNI_PATTERN);
+            List<SNIMatcher> matchers = new ArrayList<>();
+            matchers.add(matcher);
+            SSLParameters params = serverEngine.getSSLParameters();
+            params.setSNIMatchers(matchers);
+            serverEngine.setSSLParameters(params);
+        }
+        return serverEngine;
+    }
+
+    /**
+     * Runs the test case for one cipher suite.
+     *
+     * @param cipher - Cipher suite name.
+     * @throws SSLException - If tests fails.
+     */
+    abstract protected void testOneCipher(String cipher)
+            throws SSLException;
+
+    /**
+     * Iterates through an array of ciphers and runs the same test case for
+     * every entry.
+     *
+     * @param ciphers - Array of cipher names.
+     * @return - Number of tests failed.
+     */
+    protected int testSomeCiphers(Ciphers ciphers) {
+        int failedNum = 0;
+        String description = ciphers.description;
+        System.out.println("==================================================="
+                + "=========");
+        System.out.println(description + " ciphers testing");
+        System.out.println("==================================================="
+                + "=========");
+        for (String cs : ciphers.ciphers) {
+            System.out.println("-----------------------------------------------"
+                    + "-------------");
+            System.out.println("Testing cipher suite " + cs);
+            System.out.println("-----------------------------------------------"
+                    + "-------------");
+            Throwable error = null;
+            try {
+                testOneCipher(cs);
+            } catch (Throwable t) {
+                error = t;
+            }
+            switch (ciphers) {
+                case SUPPORTED_NON_KRB_CIPHERS:
+                case SUPPORTED_NON_KRB_NON_SHA_CIPHERS:
+                case SUPPORTED_KRB_CIPHERS:
+                case ENABLED_NON_KRB_NOT_ANON_CIPHERS:
+                    if (error != null) {
+                        System.out.println("Test Failed: " + cs);
+                        System.err.println("Test Exception for " + cs);
+                        error.printStackTrace();
+                        failedNum++;
+                    } else {
+                        System.out.println("Test Passed: " + cs);
+                    }
+                    break;
+                case UNSUPPORTED_CIPHERS:
+                    if (error == null) {
+                        System.out.println("Test Failed: " + cs);
+                        System.err.println("Test for " + cs + " should have thrown"
+                                + " IllegalArgumentException, but it has not!");
+                        failedNum++;
+                    } else if (!(error instanceof IllegalArgumentException)) {
+                        System.out.println("Test Failed: " + cs);
+                        System.err.println("Test Exception for " + cs);
+                        error.printStackTrace();
+                        failedNum++;
+                    } else {
+                        System.out.println("Test Passed: " + cs);
+                    }
+                    break;
+                default:
+                    throw new Error("Test issue: unexpected ciphers: "
+                            + ciphers.name());
+            }
+        }
+        return failedNum;
+    }
+
+    /**
+     * Method used for the handshake routine.
+     *
+     * @param wrapingEngine         - Engine that is expected to wrap data.
+     * @param unwrapingEngine       - Engine that is expected to unwrap data.
+     * @param maxPacketSize         - Maximum packet size for MFLN of zero for no limit.
+     * @param enableReplicatedPacks - Set {@code true} to enable replicated
+     *                              packet sending.
+     * @throws SSLException - thrown on engine errors.
+     */
+    private static void handshakeProcess(SSLEngine wrapingEngine,
+                                         SSLEngine unwrapingEngine,
+                                         int maxPacketSize,
+                                         boolean enableReplicatedPacks)
+            throws SSLException {
+        SSLEngineResult.HandshakeStatus wrapingHSStatus = wrapingEngine
+                .getHandshakeStatus();
+        SSLEngineResult.HandshakeStatus unwrapingHSStatus = unwrapingEngine
+                .getHandshakeStatus();
+        SSLEngineResult r;
+        String wrapper, unwrapper;
+        if (wrapingEngine.getUseClientMode()
+                && !unwrapingEngine.getUseClientMode()) {
+            wrapper = "Client";
+            unwrapper = "Server";
+        } else if (unwrapingEngine.getUseClientMode()
+                && !wrapingEngine.getUseClientMode()) {
+            wrapper = "Server";
+            unwrapper = "Client";
+        } else {
+            throw new Error("Both engines are in the same mode");
+        }
+        switch (wrapingHSStatus) {
+            case NEED_WRAP:
+                if (enableReplicatedPacks) {
+                    if (net != null) {
+                        net.flip();
+                        if (net.remaining() != 0) {
+                            if (wrapingEngine.getUseClientMode()) {
+                                netReplicatedServer = net;
+                            } else {
+                                netReplicatedClient = net;
+                            }
+                        }
+                    }
+                }
+                ByteBuffer app = ByteBuffer.allocate(wrapingEngine.getSession()
+                        .getApplicationBufferSize());
+                net = doWrap(wrapingEngine, wrapper, maxPacketSize, app);
+            case NOT_HANDSHAKING:
+                switch (unwrapingHSStatus) {
+                    case NEED_TASK:
+                        runDelegatedTasks(unwrapingEngine);
+                    case NEED_UNWRAP:
+                        doUnWrap(unwrapingEngine, unwrapper, net);
+                        if (enableReplicatedPacks) {
+                            System.out.println("Unwrapping replicated packet...");
+                            if (unwrapingEngine.getHandshakeStatus()
+                                    .equals(SSLEngineResult.HandshakeStatus.NEED_TASK)) {
+                                runDelegatedTasks(unwrapingEngine);
+                            }
+                            runDelegatedTasks(unwrapingEngine);
+                            ByteBuffer netReplicated;
+                            if (unwrapingEngine.getUseClientMode()) {
+                                netReplicated = netReplicatedClient;
+                            } else {
+                                netReplicated = netReplicatedServer;
+                            }
+                            if (netReplicated != null) {
+                                doUnWrap(unwrapingEngine, unwrapper, netReplicated);
+                            } else {
+                                net.flip();
+                                doUnWrap(unwrapingEngine, unwrapper, net);
+                            }
+                        }
+                        break;
+                    case NEED_UNWRAP_AGAIN:
+                        break;
+                    case NOT_HANDSHAKING:
+                        if (doUnwrapForNotHandshakingStatus) {
+                            doUnWrap(unwrapingEngine, unwrapper, net);
+                            doUnwrapForNotHandshakingStatus = false;
+                            break;
+                        } else {
+                            endHandshakeLoop = true;
+                        }
+                        break;
+                    default:
+                        throw new Error("Unexpected unwraping engine handshake status "
+                                + unwrapingHSStatus.name());
+                }
+                break;
+            case NEED_UNWRAP:
+                break;
+            case NEED_UNWRAP_AGAIN:
+                net.flip();
+                doUnWrap(wrapingEngine, wrapper, net);
+                break;
+            case NEED_TASK:
+                runDelegatedTasks(wrapingEngine);
+                break;
+            default:
+                throw new Error("Unexpected wraping engine handshake status "
+                        + wrapingHSStatus.name());
+        }
+    }
+
+    private static void runDelegatedTasks(SSLEngine engine) {
+        Runnable runnable;
+        System.out.println("Running delegated tasks...");
+        while ((runnable = engine.getDelegatedTask()) != null) {
+            runnable.run();
+        }
+        SSLEngineResult.HandshakeStatus hs = engine.getHandshakeStatus();
+        if (hs == SSLEngineResult.HandshakeStatus.NEED_TASK) {
+            throw new Error("Handshake shouldn't need additional tasks.");
+        }
+    }
+
+    /**
+     * Start a KDC server:
+     * - create a KDC instance
+     * - create Kerberos principals
+     * - save Kerberos configuration
+     * - save keys to keytab file
+     * - no pre-auth is required
+     */
+    private static void startKDC(String realm, Map<String, String> principals,
+                                 String ktab) {
+        try {
+            KDC kdc = KDC.create(realm, HOST, 0, true);
+            kdc.setOption(KDC.Option.PREAUTH_REQUIRED, Boolean.FALSE);
+            if (principals != null) {
+                principals.entrySet().stream().forEach((entry) -> {
+                    String name = entry.getKey();
+                    String password = entry.getValue();
+                    if (password == null || password.isEmpty()) {
+                        System.out.println("KDC: add a principal '" + name
+                                + "' with a random password");
+                        kdc.addPrincipalRandKey(name);
+                    } else {
+                        System.out.println("KDC: add a principal '" + name
+                                + "' with '" + password + "' password");
+                        kdc.addPrincipal(name, password.toCharArray());
+                    }
+                });
+            }
+            KDC.saveConfig(KRB5_CONF_FILENAME, kdc);
+            if (ktab != null) {
+                File ktabFile = new File(ktab);
+                if (ktabFile.exists()) {
+                    System.out.println("KDC: append keys to an exising "
+                            + "keytab file " + ktab);
+                    kdc.appendKtab(ktab);
+                } else {
+                    System.out.println("KDC: create a new keytab file "
+                            + ktab);
+                    kdc.writeKtab(ktab);
+                }
+            }
+            System.out.println("KDC: started on " + HOST + ":" + kdc.getPort()
+                    + " with '" + realm + "' realm");
+        } catch (Exception e) {
+            throw new RuntimeException("KDC: unexpected exception", e);
+        }
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/javax/net/ssl/TLSCommon/UnSupportedCiphersTest.java	Fri Jun 05 12:22:36 2015 +0300
@@ -0,0 +1,55 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLEngine;
+
+/**
+ * Testing that try to enable unsupported ciphers causes IllegalArgumentException.
+ */
+public class UnSupportedCiphersTest extends SSLEngineTestCase {
+
+    public static void main(String[] s) {
+        UnSupportedCiphersTest test = new UnSupportedCiphersTest();
+        test.runTests(Ciphers.UNSUPPORTED_CIPHERS);
+    }
+
+    @Override
+    protected void testOneCipher(String cipher) {
+        unsupTest(cipher, true);
+        unsupTest(cipher, false);
+    }
+
+    private void unsupTest(String cipher, boolean clientTest) {
+        SSLContext context = getContext();
+        SSLEngine clientEngine = context.createSSLEngine();
+        clientEngine.setUseClientMode(true);
+        SSLEngine serverEngine = context.createSSLEngine();
+        serverEngine.setUseClientMode(false);
+        if (clientTest) {
+            clientEngine.setEnabledCipherSuites(new String[]{cipher});
+        } else {
+            serverEngine.setEnabledCipherSuites(new String[]{cipher});
+        }
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/javax/net/ssl/TLSCommon/jaas.conf	Fri Jun 05 12:22:36 2015 +0300
@@ -0,0 +1,17 @@
+com.sun.net.ssl.client {
+    com.sun.security.auth.module.Krb5LoginModule required
+    principal="USER@TEST.REALM"
+    doNotPrompt=true
+    useKeyTab=true
+    keyTab="krb5.keytab.data";
+};
+
+com.sun.net.ssl.server {
+    com.sun.security.auth.module.Krb5LoginModule required
+    principal="host/service.localhost@TEST.REALM"
+    isInitiator=false
+    useKeyTab=true
+    keyTab="krb5.keytab.data"
+    storeKey=true;
+};
+