changeset 39140:86f21a96d0ab

8152745: javax/net/ssl/TLS/TestJSSE.java fails intermittently: Unsupported or unrecognized SSL message Reviewed-by: xuelei
author asmotrak
date Wed, 22 Jun 2016 09:33:16 -0700
parents 8c8f2162a4bc
children e5d52546ba3a
files jdk/test/javax/net/ssl/TLS/CipherTestUtils.java jdk/test/javax/net/ssl/TLS/JSSEClient.java jdk/test/javax/net/ssl/TLS/JSSEServer.java jdk/test/javax/net/ssl/TLS/TestJSSE.java jdk/test/javax/net/ssl/TLS/TestJSSEClientDefaultProtocol.java jdk/test/javax/net/ssl/TLS/TestJSSEClientProtocol.java jdk/test/javax/net/ssl/TLS/TestJSSENoCommonProtocols.java jdk/test/javax/net/ssl/TLS/TestJSSEServerProtocol.java
diffstat 8 files changed, 322 insertions(+), 215 deletions(-) [+]
line wrap: on
line diff
--- a/jdk/test/javax/net/ssl/TLS/CipherTestUtils.java	Wed Jun 22 08:51:32 2016 -0700
+++ b/jdk/test/javax/net/ssl/TLS/CipherTestUtils.java	Wed Jun 22 09:33:16 2016 -0700
@@ -1,4 +1,4 @@
-/**
+/*
  * Copyright (c) 2010, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
@@ -73,6 +73,7 @@
     private static final List<TestParameters> TESTS = new ArrayList<>(3);
     private static final List<Exception> EXCEPTIONS
             = Collections.synchronizedList(new ArrayList<>(1));
+
     private static final String CLIENT_PUBLIC_KEY
         = "-----BEGIN CERTIFICATE-----\n"
         + "MIICtTCCAh4CCQDkYJ46DMcGRjANBgkqhkiG9w0BAQUFADCBnDELMAkGA1UEBhMC\n"
@@ -191,7 +192,7 @@
     private final X509TrustManager clientTrustManager;
     private final X509TrustManager serverTrustManager;
 
-    static abstract class Server implements Runnable {
+    static abstract class Server implements Runnable, AutoCloseable {
 
         final CipherTestUtils cipherTest;
 
@@ -240,12 +241,11 @@
 
     public static class TestParameters {
 
-        String cipherSuite;
-        String protocol;
-        String clientAuth;
+        final String cipherSuite;
+        final String protocol;
+        final String clientAuth;
 
-        TestParameters(String cipherSuite, String protocol,
-                String clientAuth) {
+        TestParameters(String cipherSuite, String protocol, String clientAuth) {
             this.cipherSuite = cipherSuite;
             this.protocol = protocol;
             this.clientAuth = clientAuth;
@@ -267,10 +267,7 @@
 
     private static volatile CipherTestUtils instance = null;
 
-    public static CipherTestUtils getInstance() throws IOException,
-            FileNotFoundException, KeyStoreException,
-            NoSuchAlgorithmException, CertificateException,
-            UnrecoverableKeyException, InvalidKeySpecException {
+    public static CipherTestUtils getInstance() throws Exception {
         if (instance == null) {
             synchronized (CipherTestUtils.class) {
                 if (instance == null) {
@@ -281,21 +278,10 @@
         return instance;
     }
 
-    public static void setTestedArguments(String testedProtocol,
-            String testedCipherSuite) {
-
-        TestParameters testedParams;
-
-        String cipherSuite = testedCipherSuite.trim();
-        if (cipherSuite.startsWith("SSL_")) {
-            testedParams =
-                new TestParameters(cipherSuite, testedProtocol, null);
-            TESTS.add(testedParams);
-
-        } else {
-            System.out.println("Your input Cipher suites is not correct, "
-                    + "please try another one .");
-        }
+    public static void setTestedArguments(String protocol, String ciphersuite) {
+        ciphersuite = ciphersuite.trim();
+        TestParameters params = new TestParameters(ciphersuite, protocol, null);
+        TESTS.add(params);
     }
 
     public X509ExtendedKeyManager getClientKeyManager() {
@@ -318,10 +304,7 @@
         EXCEPTIONS.add(e);
     }
 
-    private CipherTestUtils()
-            throws IOException, FileNotFoundException, KeyStoreException,
-            NoSuchAlgorithmException, CertificateException,
-            UnrecoverableKeyException, InvalidKeySpecException {
+    private CipherTestUtils() throws Exception {
         factory = (SSLSocketFactory) SSLSocketFactory.getDefault();
         KeyStore serverKeyStore = createServerKeyStore(SERVER_PUBLIC_KEY,
                 SERVER_PRIVATE_KEY);
@@ -329,12 +312,11 @@
                 CA_PRIVATE_KEY);
 
         if (serverKeyStore != null) {
-            KeyManagerFactory keyFactory1
-                    = KeyManagerFactory.getInstance(
+            KeyManagerFactory keyFactory = KeyManagerFactory.getInstance(
                             KeyManagerFactory.getDefaultAlgorithm());
-            keyFactory1.init(serverKeyStore, PASSWORD);
-            serverKeyManager = (X509ExtendedKeyManager) keyFactory1.
-                    getKeyManagers()[0];
+            keyFactory.init(serverKeyStore, PASSWORD);
+            serverKeyManager = (X509ExtendedKeyManager)
+                    keyFactory.getKeyManagers()[0];
         } else {
             serverKeyManager = null;
         }
@@ -346,12 +328,11 @@
         clientKeyStore =
                 createServerKeyStore(CLIENT_PUBLIC_KEY,CLIENT_PRIVATE_KEY);
         if (clientKeyStore != null) {
-            KeyManagerFactory keyFactory
-                    = KeyManagerFactory.getInstance(
+            KeyManagerFactory keyFactory = KeyManagerFactory.getInstance(
                             KeyManagerFactory.getDefaultAlgorithm());
             keyFactory.init(clientKeyStore, PASSWORD);
-            clientKeyManager = (X509ExtendedKeyManager) keyFactory.
-                    getKeyManagers()[0];
+            clientKeyManager = (X509ExtendedKeyManager)
+                    keyFactory.getKeyManagers()[0];
         } else {
             clientKeyManager = null;
         }
@@ -395,8 +376,8 @@
             this.cipherTest = cipherTest;
         }
 
-        Client(CipherTestUtils cipherTest,
-                String testedCipherSuite) throws Exception {
+        Client(CipherTestUtils cipherTest, String testedCipherSuite)
+                throws Exception {
             this.cipherTest = cipherTest;
         }
 
@@ -417,7 +398,7 @@
                     CipherTestUtils.addFailure(e);
                     System.out.println("** Failed " + params
                             + "**, got exception:");
-                    e.printStackTrace(System.err);
+                    e.printStackTrace(System.out);
                 }
             });
         }
@@ -448,11 +429,7 @@
     }
 
     public static void printStringArray(String[] stringArray) {
-        System.out.print(stringArray.length + " : ");
-        for (String stringArray1 : stringArray) {
-            System.out.print(stringArray1);
-            System.out.print(",");
-        }
+        System.out.println(Arrays.toString(stringArray));
         System.out.println();
     }
 
@@ -496,15 +473,15 @@
         System.out.println("-----------------------");
     }
 
-    private static KeyStore createServerKeyStore(String publicKeyStr,
+    private static KeyStore createServerKeyStore(String publicKey,
             String keySpecStr) throws KeyStoreException, IOException,
             NoSuchAlgorithmException, CertificateException,
             InvalidKeySpecException {
 
         KeyStore ks = KeyStore.getInstance("JKS");
         ks.load(null, null);
-        if (publicKeyStr == null || keySpecStr == null) {
-            throw new IllegalArgumentException("publicKeyStr or "
+        if (publicKey == null || keySpecStr == null) {
+            throw new IllegalArgumentException("publicKey or "
                     + "keySpecStr cannot be null");
         }
         String strippedPrivateKey = keySpecStr.substring(
@@ -518,8 +495,7 @@
                 = (RSAPrivateKey) kf.generatePrivate(priKeySpec);
 
         // generate certificate chain
-        try (InputStream is =
-                new ByteArrayInputStream(publicKeyStr.getBytes())) {
+        try (InputStream is = new ByteArrayInputStream(publicKey.getBytes())) {
             // generate certificate from cert string
             CertificateFactory cf = CertificateFactory.getInstance("X.509");
             Certificate keyCert = cf.generateCertificate(is);
@@ -530,10 +506,9 @@
         return ks;
     }
 
-    public static int mainServer(PeerFactory peerFactory,
+    public static Server mainServer(PeerFactory peerFactory,
             String expectedException) throws Exception {
 
-        long time = System.currentTimeMillis();
         setTestedArguments(peerFactory.getTestedProtocol(),
                 peerFactory.getTestedCipher());
 
@@ -542,14 +517,11 @@
         secureRandom.nextInt();
 
         CipherTestUtils cipherTest = CipherTestUtils.getInstance();
-        Server server = peerFactory.newServer(cipherTest, PeerFactory.FREE_PORT);
-        Thread serverThread = new Thread(server, "Server");
+        Server srv = peerFactory.newServer(cipherTest, PeerFactory.FREE_PORT);
+        Thread serverThread = new Thread(srv, "Server");
         serverThread.start();
 
-        time = System.currentTimeMillis() - time;
-        System.out.println("Elapsed time " + time);
-
-        return server.getPort();
+        return srv;
     }
 
     public static void mainClient(PeerFactory peerFactory, int port,
@@ -566,7 +538,6 @@
         CipherTestUtils cipherTest = CipherTestUtils.getInstance();
         peerFactory.newClient(cipherTest, port).run();
         cipherTest.checkResult(expectedException);
-        JSSEServer.closeServer = true;
 
         time = System.currentTimeMillis() - time;
         System.out.println("Elapsed time " + time);
@@ -582,9 +553,11 @@
 
         abstract String getTestedCipher();
 
-        abstract Client newClient(CipherTestUtils cipherTest, int testPort) throws Exception;
+        abstract Client newClient(CipherTestUtils cipherTest, int testPort)
+                throws Exception;
 
-        abstract Server newServer(CipherTestUtils cipherTest, int testPort) throws Exception;
+        abstract Server newServer(CipherTestUtils cipherTest, int testPort)
+                throws Exception;
 
         boolean isSupported(String cipherSuite) {
             return true;
@@ -618,7 +591,7 @@
         try {
             trustManager.checkClientTrusted(chain, authType);
         } catch (CertificateException excep) {
-            System.out.println("ERROR in client trust manager");
+            System.out.println("ERROR in client trust manager: " + excep);
         }
     }
 
@@ -628,7 +601,7 @@
         try {
             trustManager.checkServerTrusted(chain, authType);
         } catch (CertificateException excep) {
-            System.out.println("ERROR in server Trust manger");
+            System.out.println("ERROR in server trust manager: " + excep);
         }
     }
 
--- a/jdk/test/javax/net/ssl/TLS/JSSEClient.java	Wed Jun 22 08:51:32 2016 -0700
+++ b/jdk/test/javax/net/ssl/TLS/JSSEClient.java	Wed Jun 22 09:33:16 2016 -0700
@@ -1,5 +1,5 @@
-/**
- * Copyright (c) 2010, 2014, Oracle and/or its affiliates. All rights reserved.
+/*
+ * Copyright (c) 2010, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it under
@@ -35,39 +35,37 @@
     private static final String DEFAULT = "DEFAULT";
     private static final String TLS = "TLS";
 
-    private final SSLContext sslContext;
+    private final SSLContext context;
     private final MyX509KeyManager keyManager;
-    private final int serverPort;
-    private final String serverHost;
-    private final String testedProtocol;
+    private final int port;
+    private final String host;
+    private final String protocol;
 
-    JSSEClient(CipherTestUtils cipherTest, String serverHost, int serverPort,
-            String testedProtocols, String testedCipherSuite) throws Exception {
-        super(cipherTest, testedCipherSuite);
-        this.serverHost = serverHost;
-        this.serverPort = serverPort;
-        this.testedProtocol = testedProtocols;
-        this.keyManager =
-                new MyX509KeyManager(cipherTest.getClientKeyManager());
-        sslContext = SSLContext.getInstance(TLS);
+    JSSEClient(CipherTestUtils cipherTest, String host, int port,
+            String protocols, String ciphersuite) throws Exception {
+        super(cipherTest, ciphersuite);
+        this.host = host;
+        this.port = port;
+        this.protocol = protocols;
+        this.keyManager = new MyX509KeyManager(
+                                    cipherTest.getClientKeyManager());
+        context = SSLContext.getInstance(TLS);
     }
 
     @Override
     void runTest(CipherTestUtils.TestParameters params) throws Exception {
-        SSLSocket socket = null;
-        try {
-            System.out.println("Connecting to server...");
-            keyManager.setAuthType(params.clientAuth);
-            sslContext.init(new KeyManager[]{keyManager},
-                    new TrustManager[]{cipherTest.getClientTrustManager()},
-                    CipherTestUtils.secureRandom);
-            SSLSocketFactory factory = (SSLSocketFactory) sslContext.
-                    getSocketFactory();
-            socket = (SSLSocket) factory.createSocket(serverHost,
-                    serverPort);
+        keyManager.setAuthType(params.clientAuth);
+        context.init(
+                new KeyManager[]{ keyManager },
+                new TrustManager[]{ cipherTest.getClientTrustManager() },
+                CipherTestUtils.secureRandom);
+        SSLSocketFactory factory = (SSLSocketFactory)context.getSocketFactory();
+
+        System.out.println("Connecting to server...");
+        try (SSLSocket socket = (SSLSocket) factory.createSocket(host, port)) {
             socket.setSoTimeout(CipherTestUtils.TIMEOUT);
             socket.setEnabledCipherSuites(params.cipherSuite.split(","));
-            if (params.protocol != null && !params.protocol.trim().equals("")
+            if (params.protocol != null && !params.protocol.trim().isEmpty()
                     && !params.protocol.trim().equals(DEFAULT)) {
                 socket.setEnabledProtocols(params.protocol.split(","));
             }
@@ -105,16 +103,11 @@
                 if ("EC".equals(keyAlg)) {
                     keyAlg = "ECDSA";
                 }
-                if (params.clientAuth == null ? keyAlg != null
-                        : !params.clientAuth.equals(keyAlg)) {
+                if (!params.clientAuth.equals(keyAlg)) {
                     throw new RuntimeException("Certificate type mismatch: "
                             + keyAlg + " != " + params.clientAuth);
                 }
             }
-        } finally {
-            if (socket != null) {
-                socket.close();
-            }
         }
     }
 }
--- a/jdk/test/javax/net/ssl/TLS/JSSEServer.java	Wed Jun 22 08:51:32 2016 -0700
+++ b/jdk/test/javax/net/ssl/TLS/JSSEServer.java	Wed Jun 22 09:33:16 2016 -0700
@@ -1,4 +1,4 @@
-/**
+/*
  * Copyright (c) 2010, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
@@ -33,13 +33,11 @@
 public class JSSEServer extends CipherTestUtils.Server {
 
     private final SSLServerSocket serverSocket;
-    private final int serverPort;
-    static volatile boolean closeServer = false;
+    private static volatile boolean closeServer = false;
 
     JSSEServer(CipherTestUtils cipherTest, int serverPort,
             String protocol, String cipherSuite) throws Exception {
         super(cipherTest);
-        this.serverPort = serverPort;
         SSLContext serverContext = SSLContext.getInstance("TLS");
         serverContext.init(new KeyManager[]{cipherTest.getServerKeyManager()},
                 new TrustManager[]{cipherTest.getServerTrustManager()},
@@ -56,7 +54,7 @@
 
     @Override
     public void run() {
-        System.out.println("JSSE Server listening on port " + serverPort);
+        System.out.println("JSSE Server listening on port " + getPort());
         while (!closeServer) {
             try (final SSLSocket socket = (SSLSocket) serverSocket.accept()) {
                 socket.setSoTimeout(CipherTestUtils.TIMEOUT);
@@ -68,12 +66,12 @@
                 } catch (IOException e) {
                     CipherTestUtils.addFailure(e);
                     System.out.println("Got IOException:");
-                    e.printStackTrace(System.err);
+                    e.printStackTrace(System.out);
                 }
             } catch (Exception e) {
                 CipherTestUtils.addFailure(e);
                 System.out.println("Exception:");
-                e.printStackTrace(System.err);
+                e.printStackTrace(System.out);
             }
         }
     }
@@ -81,4 +79,12 @@
     int getPort() {
         return serverSocket.getLocalPort();
     }
+
+    @Override
+    public void close() throws IOException {
+        closeServer = true;
+        if (serverSocket != null && !serverSocket.isClosed()) {
+            serverSocket.close();
+        }
+    }
 }
--- a/jdk/test/javax/net/ssl/TLS/TestJSSE.java	Wed Jun 22 08:51:32 2016 -0700
+++ b/jdk/test/javax/net/ssl/TLS/TestJSSE.java	Wed Jun 22 09:33:16 2016 -0700
@@ -1,4 +1,4 @@
-/**
+/*
  * Copyright (c) 2010, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
@@ -20,59 +20,9 @@
  * questions.
  */
 
-import static java.lang.System.out;
 import java.security.Provider;
 import java.security.Security;
 
-/**
- * @test
- * @bug 8049429
- * @modules java.management
- *          jdk.crypto.ec/sun.security.ec
- * @compile CipherTestUtils.java JSSEClient.java JSSEServer.java
- * @summary Test that all cipher suites work in all versions and all client
- * authentication types. The way this is setup the server is stateless and
- * all checking is done on the client side.
- * @run main/othervm -DSERVER_PROTOCOL=SSLv3
- *        -DCLIENT_PROTOCOL=SSLv3
- *        -DCIPHER=SSL_RSA_WITH_RC4_128_MD5 TestJSSE
- * @run main/othervm -DSERVER_PROTOCOL=TLSv1
- *        -DCLIENT_PROTOCOL=SSLv3,TLSv1,TLSv1.1,TLSv1.2
- *        -DCIPHER=SSL_RSA_WITH_RC4_128_MD5 TestJSSE
- * @run main/othervm -DSERVER_PROTOCOL=TLSv1.1
- *        -DCLIENT_PROTOCOL=SSLv3,TLSv1,TLSv1.1,TLSv1.2
- *        -DCIPHER=SSL_RSA_WITH_RC4_128_MD5 TestJSSE
- * @run main/othervm -DSERVER_PROTOCOL=TLSv1.2
- *        -DCLIENT_PROTOCOL=SSLv3,TLSv1,TLSv1.1,TLSv1.2
- *        -DCIPHER=SSL_RSA_WITH_RC4_128_MD5 TestJSSE
- * @run main/othervm -DSERVER_PROTOCOL=SSLv3,TLSv1
- *        -DCLIENT_PROTOCOL=TLSv1 -DCIPHER=SSL_RSA_WITH_RC4_128_MD5 TestJSSE
- * @run main/othervm -DSERVER_PROTOCOL=SSLv3,TLSv1,TLSv1.1
- *        -DCLIENT_PROTOCOL=TLSv1.1 -DCIPHER=SSL_RSA_WITH_RC4_128_MD5 TestJSSE
- * @run main/othervm -DSERVER_PROTOCOL=SSLv3
- *        -DCLIENT_PROTOCOL=TLSv1.1,TLSv1.2
- *        -DCIPHER=SSL_RSA_WITH_RC4_128_MD5
- *        TestJSSE javax.net.ssl.SSLHandshakeException
- * @run main/othervm -DSERVER_PROTOCOL=TLSv1
- *        -DCLIENT_PROTOCOL=TLSv1.1,TLSv1.2
- *        -DCIPHER=SSL_RSA_WITH_RC4_128_MD5
- *        TestJSSE javax.net.ssl.SSLHandshakeException
- * @run main/othervm -DSERVER_PROTOCOL=SSLv3,TLSv1,TLSv1.1,TLSv1.2
- *        -DCLIENT_PROTOCOL=TLSv1.2 -DCIPHER=SSL_RSA_WITH_RC4_128_MD5 TestJSSE
- * @run main/othervm -DSERVER_PROTOCOL=SSLv2Hello,SSLv3,TLSv1
- *        -DCLIENT_PROTOCOL=DEFAULT -DCIPHER=SSL_RSA_WITH_RC4_128_MD5 TestJSSE
- * @run main/othervm -DSERVER_PROTOCOL=SSLv2Hello,SSLv3,TLSv1,TLSv1.1,TLSv1.2
- *        -DCLIENT_PROTOCOL=DEFAULT -DCIPHER=SSL_RSA_WITH_RC4_128_MD5 TestJSSE
- * @run main/othervm -DSERVER_PROTOCOL=SSLv2Hello,SSLv3,TLSv1,TLSv1.1,TLSv1.2
- *        -DCLIENT_PROTOCOL=DEFAULT -Djdk.tls.client.protocols=TLSv1
- *        -DCIPHER=SSL_RSA_WITH_RC4_128_MD5 TestJSSE
- * @run main/othervm -DSERVER_PROTOCOL=SSLv2Hello,SSLv3,TLSv1
- *        -DCLIENT_PROTOCOL=DEFAULT -Djdk.tls.client.protocols=TLSv1.2
- *        -DCIPHER=SSL_RSA_WITH_RC4_128_MD5
- *        TestJSSE javax.net.ssl.SSLHandshakeException
- *
- */
-
 public class TestJSSE {
 
     private static final String LOCAL_IP = "127.0.0.1";
@@ -82,72 +32,64 @@
         // and keys used in this test are not disabled.
         Security.setProperty("jdk.tls.disabledAlgorithms", "");
 
-        String serverProtocol = System.getProperty("SERVER_PROTOCOL");
-        String clientProtocol = System.getProperty("CLIENT_PROTOCOL");
+        // enable debug output
+        System.setProperty("javax.net.debug", "ssl,record");
+
+        String srvProtocol = System.getProperty("SERVER_PROTOCOL");
+        String clnProtocol = System.getProperty("CLIENT_PROTOCOL");
         String cipher = System.getProperty("CIPHER");
-        if (serverProtocol == null
-                || clientProtocol == null
-                || cipher == null) {
-            throw new IllegalArgumentException("SERVER_PROTOCOL "
-                    + "or CLIENT_PROTOCOL or CIPHER is missing");
+        if (srvProtocol == null || clnProtocol == null || cipher == null) {
+            throw new IllegalArgumentException("Incorrect parameters");
         }
-        out.println("ServerProtocol =" + serverProtocol);
-        out.println("ClientProtocol =" + clientProtocol);
-        out.println("Cipher         =" + cipher);
-        int port = server(serverProtocol, cipher, args);
-        client(port, clientProtocol, cipher, args);
 
-    }
+        System.out.println("ServerProtocol = " + srvProtocol);
+        System.out.println("ClientProtocol = " + clnProtocol);
+        System.out.println("Cipher         = " + cipher);
 
-    public static void client(int testPort,
-            String testProtocols, String testCipher,
-            String... exception) throws Exception {
-        String expectedException = exception.length >= 1
-                ? exception[0] : null;
-        out.println("=========================================");
-        out.println(" Testing - https://" + LOCAL_IP + ":" + testPort);
-        out.println(" Testing - Protocol : " + testProtocols);
-        out.println(" Testing - Cipher : " + testCipher);
-        try {
-            CipherTestUtils.mainClient(new JSSEFactory(LOCAL_IP, testProtocols,
-                        testCipher, "Client JSSE"),
-                    testPort, expectedException);
-        } catch (Exception e) {
-            throw new RuntimeException(e);
+        try (CipherTestUtils.Server srv = server(srvProtocol, cipher, args)) {
+            client(srv.getPort(), clnProtocol, cipher, args);
         }
     }
 
-    public static int server(String testProtocol, String testCipher,
-            String... exception) throws Exception {
+    public static void client(int port, String protocols, String cipher,
+            String... exceptions) throws Exception {
 
-        String expectedException = exception.length >= 1
-                ? exception[0] : null;
-        out.println(" This is Server");
-        out.println(" Testing Protocol: " + testProtocol);
-        out.println(" Testing Cipher: " + testCipher);
+        String expectedExcp = exceptions.length >= 1 ? exceptions[0] : null;
 
-        try {
-            int port = CipherTestUtils.mainServer(new JSSEFactory(
-                        null, testProtocol, testCipher, "Server JSSE"),
-                    expectedException);
+        System.out.println("This is client");
+        System.out.println("Testing protocol: " + protocols);
+        System.out.println("Testing cipher  : " + cipher);
 
-            out.println(" Testing Port: " + port);
-            return port;
-        } catch (Exception e) {
-            throw new RuntimeException(e);
-        }
+        CipherTestUtils.mainClient(
+            new JSSEFactory(LOCAL_IP, protocols, cipher, "Client JSSE"),
+            port, expectedExcp);
+    }
+
+    public static CipherTestUtils.Server server(String protocol,
+                String cipher, String... exceptions) throws Exception {
+
+        String expectedExcp = exceptions.length >= 1 ? exceptions[0] : null;
+
+        System.out.println("This is server");
+        System.out.println("Testing protocol: " + protocol);
+        System.out.println("Testing cipher  : " + cipher);
+
+        return CipherTestUtils.mainServer(
+            new JSSEFactory(null, protocol, cipher, "Server JSSE"),
+            expectedExcp);
     }
 
     private static class JSSEFactory extends CipherTestUtils.PeerFactory {
 
-        final String testedCipherSuite, testedProtocol, testHost;
-        final String name;
+        private final String cipher;
+        private final String protocol;
+        private final String host;
+        private final String name;
 
-        JSSEFactory(String testHost, String testedProtocol,
-                String testedCipherSuite, String name) {
-            this.testedCipherSuite = testedCipherSuite;
-            this.testedProtocol = testedProtocol;
-            this.testHost = testHost;
+        JSSEFactory(String host, String protocol, String cipher, String name) {
+            this.cipher = cipher;
+            this.protocol = protocol;
+            this.host = host;
             this.name = name;
         }
 
@@ -158,26 +100,24 @@
 
         @Override
         String getTestedCipher() {
-            return testedCipherSuite;
+            return cipher;
         }
 
         @Override
         String getTestedProtocol() {
-            return testedProtocol;
+            return protocol;
         }
 
         @Override
-        CipherTestUtils.Client newClient(CipherTestUtils cipherTest, int testPort)
+        CipherTestUtils.Client newClient(CipherTestUtils cipherTest, int port)
                 throws Exception {
-            return new JSSEClient(cipherTest, testHost, testPort,
-                    testedProtocol, testedCipherSuite);
+            return new JSSEClient(cipherTest, host, port, protocol, cipher);
         }
 
         @Override
-        CipherTestUtils.Server newServer(CipherTestUtils cipherTest, int testPort)
+        CipherTestUtils.Server newServer(CipherTestUtils cipherTest, int port)
                 throws Exception {
-            return new JSSEServer(cipherTest, testPort,
-                    testedProtocol, testedCipherSuite);
+            return new JSSEServer(cipherTest, port, protocol, cipher);
         }
     }
 }
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/javax/net/ssl/TLS/TestJSSEClientDefaultProtocol.java	Wed Jun 22 09:33:16 2016 -0700
@@ -0,0 +1,54 @@
+/*
+ * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License version 2 only, as published by
+ * the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+ * A PARTICULAR PURPOSE. See the GNU General Public License version 2 for more
+ * details (a copy is included in the LICENSE file that accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version 2
+ * along with this work; if not, write to the Free Software Foundation, Inc., 51
+ * Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA or
+ * visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8049429
+ * @modules java.management
+ *          jdk.crypto.ec/sun.security.ec
+ * @summary Test that all cipher suites work in all versions and all client
+ *          authentication types. The way this is setup the server is stateless
+ *          and all checking is done on the client side.
+ * @compile CipherTestUtils.java JSSEClient.java JSSEServer.java
+ * @run main/othervm
+ *              -DSERVER_PROTOCOL=SSLv2Hello,SSLv3,TLSv1
+ *              -DCLIENT_PROTOCOL=DEFAULT
+ *              -DCIPHER=SSL_RSA_WITH_RC4_128_MD5
+ *          TestJSSE
+ * @run main/othervm
+ *              -DSERVER_PROTOCOL=SSLv2Hello,SSLv3,TLSv1,TLSv1.1,TLSv1.2
+ *              -DCLIENT_PROTOCOL=DEFAULT
+ *              -DCIPHER=SSL_RSA_WITH_RC4_128_MD5
+ *          TestJSSE
+ * @run main/othervm
+ *              -DSERVER_PROTOCOL=SSLv2Hello,SSLv3,TLSv1,TLSv1.1,TLSv1.2
+ *              -DCLIENT_PROTOCOL=DEFAULT
+ *              -Djdk.tls.client.protocols=TLSv1
+ *              -DCIPHER=SSL_RSA_WITH_RC4_128_MD5
+ *          TestJSSE
+ * @run main/othervm
+ *              -DSERVER_PROTOCOL=SSLv2Hello,SSLv3,TLSv1
+ *              -DCLIENT_PROTOCOL=DEFAULT
+ *              -Djdk.tls.client.protocols=TLSv1.2
+ *              -DCIPHER=SSL_RSA_WITH_RC4_128_MD5
+ *          TestJSSE javax.net.ssl.SSLHandshakeException
+ */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/javax/net/ssl/TLS/TestJSSEClientProtocol.java	Wed Jun 22 09:33:16 2016 -0700
@@ -0,0 +1,52 @@
+/*
+ * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License version 2 only, as published by
+ * the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+ * A PARTICULAR PURPOSE. See the GNU General Public License version 2 for more
+ * details (a copy is included in the LICENSE file that accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version 2
+ * along with this work; if not, write to the Free Software Foundation, Inc., 51
+ * Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA or
+ * visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8049429
+ * @modules java.management
+ *          jdk.crypto.ec/sun.security.ec
+ * @summary Test that all cipher suites work in all versions and all client
+ *          authentication types. The way this is setup the server is stateless
+ *          and all checking is done on the client side.
+ * @compile CipherTestUtils.java JSSEClient.java JSSEServer.java
+ * @run main/othervm
+ *              -DSERVER_PROTOCOL=SSLv3
+ *              -DCLIENT_PROTOCOL=SSLv3
+ *              -DCIPHER=SSL_RSA_WITH_RC4_128_MD5
+ *          TestJSSE
+ * @run main/othervm
+ *              -DSERVER_PROTOCOL=SSLv3,TLSv1
+ *              -DCLIENT_PROTOCOL=TLSv1
+ *              -DCIPHER=SSL_RSA_WITH_RC4_128_MD5
+ *          TestJSSE
+ * @run main/othervm
+ *              -DSERVER_PROTOCOL=SSLv3,TLSv1,TLSv1.1
+ *              -DCLIENT_PROTOCOL=TLSv1.1
+ *              -DCIPHER=SSL_RSA_WITH_RC4_128_MD5
+ *          TestJSSE
+ * @run main/othervm
+ *              -DSERVER_PROTOCOL=SSLv3,TLSv1,TLSv1.1,TLSv1.2
+ *              -DCLIENT_PROTOCOL=TLSv1.2
+ *              -DCIPHER=SSL_RSA_WITH_RC4_128_MD5
+ *          TestJSSE
+ */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/javax/net/ssl/TLS/TestJSSENoCommonProtocols.java	Wed Jun 22 09:33:16 2016 -0700
@@ -0,0 +1,37 @@
+/*
+ * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License version 2 only, as published by
+ * the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+ * A PARTICULAR PURPOSE. See the GNU General Public License version 2 for more
+ * details (a copy is included in the LICENSE file that accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version 2
+ * along with this work; if not, write to the Free Software Foundation, Inc., 51
+ * Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA or
+ * visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8049429
+ * @modules java.management
+ *          jdk.crypto.ec/sun.security.ec
+ * @summary Test that all cipher suites work in all versions and all client
+ *          authentication types. The way this is setup the server is stateless
+ *          and all checking is done on the client side.
+ * @compile CipherTestUtils.java JSSEClient.java JSSEServer.java
+ * @run main/othervm
+ *              -DSERVER_PROTOCOL=TLSv1
+ *              -DCLIENT_PROTOCOL=TLSv1.1,TLSv1.2
+ *              -DCIPHER=SSL_RSA_WITH_RC4_128_MD5
+ *          TestJSSE javax.net.ssl.SSLHandshakeException
+ */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/javax/net/ssl/TLS/TestJSSEServerProtocol.java	Wed Jun 22 09:33:16 2016 -0700
@@ -0,0 +1,52 @@
+/*
+ * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License version 2 only, as published by
+ * the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+ * A PARTICULAR PURPOSE. See the GNU General Public License version 2 for more
+ * details (a copy is included in the LICENSE file that accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version 2
+ * along with this work; if not, write to the Free Software Foundation, Inc., 51
+ * Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA or
+ * visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8049429
+ * @modules java.management
+ *          jdk.crypto.ec/sun.security.ec
+ * @summary Test that all cipher suites work in all versions and all client
+ *          authentication types. The way this is setup the server is stateless
+ *          and all checking is done on the client side.
+ * @compile CipherTestUtils.java JSSEClient.java JSSEServer.java
+ * @run main/othervm
+ *              -DSERVER_PROTOCOL=SSLv3
+ *              -DCLIENT_PROTOCOL=TLSv1.1,TLSv1.2
+ *              -DCIPHER=SSL_RSA_WITH_RC4_128_MD5
+ *          TestJSSE javax.net.ssl.SSLHandshakeException
+ * @run main/othervm
+ *              -DSERVER_PROTOCOL=TLSv1
+ *              -DCLIENT_PROTOCOL=SSLv3,TLSv1,TLSv1.1,TLSv1.2
+ *              -DCIPHER=SSL_RSA_WITH_RC4_128_MD5
+ *          TestJSSE
+ * @run main/othervm
+ *              -DSERVER_PROTOCOL=TLSv1.1
+ *              -DCLIENT_PROTOCOL=SSLv3,TLSv1,TLSv1.1,TLSv1.2
+ *              -DCIPHER=SSL_RSA_WITH_RC4_128_MD5
+ *          TestJSSE
+ * @run main/othervm
+ *              -DSERVER_PROTOCOL=TLSv1.2
+ *              -DCLIENT_PROTOCOL=SSLv3,TLSv1,TLSv1.1,TLSv1.2
+ *              -DCIPHER=SSL_RSA_WITH_RC4_128_MD5
+ *          TestJSSE
+ */