changeset 48620:daf6989df7c5

8175075: Add 3DES to the default disabled algorithm security property Reviewed-by: xuelei, mullan, rhalade
author igerasim
date Fri, 19 Jan 2018 17:27:12 -0800
parents 6b05fffba257
children c78afd5995fb
files src/java.base/share/conf/security/java.security test/jdk/java/net/httpclient/http2/TLSConnection.java test/jdk/javax/net/ssl/DTLS/CipherSuite.java test/jdk/sun/net/www/protocol/https/NewImpl/ComHostnameVerifier.java test/jdk/sun/net/www/protocol/https/NewImpl/JavaxHostnameVerifier.java
diffstat 5 files changed, 28 insertions(+), 18 deletions(-) [+]
line wrap: on
line diff
--- a/src/java.base/share/conf/security/java.security	Wed Jan 17 15:47:44 2018 -0800
+++ b/src/java.base/share/conf/security/java.security	Fri Jan 19 17:27:12 2018 -0800
@@ -676,7 +676,7 @@
 # Example:
 #   jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
 jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024, \
-    EC keySize < 224, DES40_CBC, RC4_40
+    EC keySize < 224, DES40_CBC, RC4_40, 3DES_EDE_CBC
 
 #
 # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS)
--- a/test/jdk/java/net/httpclient/http2/TLSConnection.java	Wed Jan 17 15:47:44 2018 -0800
+++ b/test/jdk/java/net/httpclient/http2/TLSConnection.java	Fri Jan 19 17:27:12 2018 -0800
@@ -27,6 +27,7 @@
 import java.io.OutputStream;
 import java.net.URI;
 import java.net.URISyntaxException;
+import java.security.Security;
 import jdk.incubator.http.HttpClient;
 import jdk.incubator.http.HttpRequest;
 
@@ -50,9 +51,11 @@
 
     private static final String KEYSTORE = System.getProperty("test.src")
             + File.separator + "keystore.p12";
-   private static final String PASSWORD = "password";
+    private static final String PASSWORD = "password";
 
     public static void main(String[] args) throws Exception {
+        // re-enable 3DES
+        Security.setProperty("jdk.tls.disabledAlgorithms", "");
 
         // enable all logging
         System.setProperty("jdk.httpclient.HttpClient.log", "all,frames:all");
--- a/test/jdk/javax/net/ssl/DTLS/CipherSuite.java	Wed Jan 17 15:47:44 2018 -0800
+++ b/test/jdk/javax/net/ssl/DTLS/CipherSuite.java	Fri Jan 19 17:27:12 2018 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2015, 2018, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -38,7 +38,7 @@
  * @run main/othervm CipherSuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
  * @run main/othervm CipherSuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
  * @run main/othervm CipherSuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA
- * @run main/othervm CipherSuite TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
+ * @run main/othervm CipherSuite TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA re-enable
  * @run main/othervm CipherSuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
  * @run main/othervm CipherSuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  * @run main/othervm CipherSuite TLS_RSA_WITH_AES_128_GCM_SHA256
@@ -49,6 +49,7 @@
  */
 
 import javax.net.ssl.SSLEngine;
+import java.security.Security;
 
 /**
  * Test common DTLS cipher suites.
@@ -59,6 +60,10 @@
     volatile static String cipherSuite;
 
     public static void main(String[] args) throws Exception {
+        if (args.length > 1 && "re-enable".equals(args[1])) {
+            Security.setProperty("jdk.tls.disabledAlgorithms", "");
+        }
+
         cipherSuite = args[0];
 
         CipherSuite testCase = new CipherSuite();
--- a/test/jdk/sun/net/www/protocol/https/NewImpl/ComHostnameVerifier.java	Wed Jan 17 15:47:44 2018 -0800
+++ b/test/jdk/sun/net/www/protocol/https/NewImpl/ComHostnameVerifier.java	Fri Jan 19 17:27:12 2018 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2001, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2018, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -21,23 +21,22 @@
  * questions.
  */
 
+// SunJSSE does not support dynamic system properties, no way to re-use
+// system properties in samevm/agentvm mode.
+
 /*
  * @test
- * @bug 4474255
- * @test 1.1 01/06/27
- * @bug 4484246
+ * @bug 4474255 4484246
  * @summary When an application enables anonymous SSL cipher suite,
  *        Hostname verification is not required
  * @modules java.base/com.sun.net.ssl
  *          java.base/com.sun.net.ssl.internal.www.protocol.https
  * @run main/othervm ComHostnameVerifier
- *
- *     SunJSSE does not support dynamic system properties, no way to re-use
- *     system properties in samevm/agentvm mode.
  */
 
 import java.io.*;
 import java.net.*;
+import java.security.Security;
 import javax.net.ssl.*;
 import javax.security.cert.*;
 import com.sun.net.ssl.HostnameVerifier;
@@ -261,6 +260,8 @@
     volatile Exception clientException = null;
 
     public static void main(String[] args) throws Exception {
+        // re-enable 3DES
+        Security.setProperty("jdk.tls.disabledAlgorithms", "");
 
         if (debug)
             System.setProperty("javax.net.debug", "all");
--- a/test/jdk/sun/net/www/protocol/https/NewImpl/JavaxHostnameVerifier.java	Wed Jan 17 15:47:44 2018 -0800
+++ b/test/jdk/sun/net/www/protocol/https/NewImpl/JavaxHostnameVerifier.java	Fri Jan 19 17:27:12 2018 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2001, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2018, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -21,21 +21,20 @@
  * questions.
  */
 
+// SunJSSE does not support dynamic system properties, no way to re-use
+// system properties in samevm/agentvm mode.
+
 /*
  * @test
- * @bug 4474255
- * @test 1.1 01/06/27
- * @bug 4484246
+ * @bug 4474255 4484246
  * @summary When an application enables anonymous SSL cipher suite,
  *        Hostname verification is not required
  * @run main/othervm JavaxHostnameVerifier
- *
- *     SunJSSE does not support dynamic system properties, no way to re-use
- *     system properties in samevm/agentvm mode.
  */
 
 import java.io.*;
 import java.net.*;
+import java.security.Security;
 import java.security.cert.*;
 import javax.net.ssl.*;
 
@@ -244,6 +243,8 @@
     volatile Exception clientException = null;
 
     public static void main(String[] args) throws Exception {
+        // re-enable 3DES
+        Security.setProperty("jdk.tls.disabledAlgorithms", "");
 
         if (debug)
             System.setProperty("javax.net.debug", "all");