changeset 36008:3113bdef9cb1

8148500: [Spec] Enabled SSL Protocols may not be used Reviewed-by: mullan, jnimeh
author xuelei
date Thu, 18 Feb 2016 02:49:44 +0000
parents 1d78df8f6a94
children 2dbdf909ac81
files jdk/src/java.base/share/classes/javax/net/ssl/SSLEngine.java jdk/src/java.base/share/classes/javax/net/ssl/SSLServerSocket.java jdk/src/java.base/share/classes/javax/net/ssl/SSLSocket.java
diffstat 3 files changed, 34 insertions(+), 17 deletions(-) [+]
line wrap: on
line diff
--- a/jdk/src/java.base/share/classes/javax/net/ssl/SSLEngine.java	Thu Feb 18 02:36:38 2016 +0000
+++ b/jdk/src/java.base/share/classes/javax/net/ssl/SSLEngine.java	Thu Feb 18 02:49:44 2016 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -875,10 +875,11 @@
      * created, all enabled cipher suites support a minimum quality of
      * service.  Thus, in some environments this value might be empty.
      * <P>
-     * Even if a suite has been enabled, it might never be used.  (For
-     * example, the peer does not support it, the requisite
-     * certificates/private keys for the suite are not available, or an
-     * anonymous suite is enabled but authentication is required.)
+     * Note that even if a suite is enabled, it may never be used. This
+     * can occur if the peer does not support it, or its use is restricted,
+     * or the requisite certificates (and private keys) for the suite are
+     * not available, or an anonymous suite is enabled but authentication
+     * is required.
      *
      * @return  an array of cipher suite names
      * @see     #getSupportedCipherSuites()
@@ -920,6 +921,11 @@
     /**
      * Returns the names of the protocol versions which are currently
      * enabled for use with this {@code SSLEngine}.
+     * <P>
+     * Note that even if a protocol is enabled, it may never be used.
+     * This can occur if the peer does not support the protocol, or its
+     * use is restricted, or there are no enabled cipher suites supported
+     * by the protocol.
      *
      * @return  an array of protocols
      * @see     #setEnabledProtocols(String [])
--- a/jdk/src/java.base/share/classes/javax/net/ssl/SSLServerSocket.java	Thu Feb 18 02:36:38 2016 +0000
+++ b/jdk/src/java.base/share/classes/javax/net/ssl/SSLServerSocket.java	Thu Feb 18 02:49:44 2016 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -190,12 +190,11 @@
      * default guarantees a minimum quality of service in all enabled
      * cipher suites.
      * <P>
-     * There are several reasons why an enabled cipher suite might
-     * not actually be used.  For example:  the server socket might
-     * not have appropriate private keys available to it or the cipher
-     * suite might be anonymous, precluding the use of client authentication,
-     * while the server socket has been told to require that sort of
-     * authentication.
+     * Note that even if a suite is enabled, it may never be used. This
+     * can occur if the peer does not support it, or its use is restricted,
+     * or the requisite certificates (and private keys) for the suite are
+     * not available, or an anonymous suite is enabled but authentication
+     * is required.
      *
      * @return an array of cipher suites enabled
      * @see #getSupportedCipherSuites()
@@ -258,6 +257,11 @@
     /**
      * Returns the names of the protocols which are currently
      * enabled for use by the newly accepted connections.
+     * <P>
+     * Note that even if a protocol is enabled, it may never be used.
+     * This can occur if the peer does not support the protocol, or its
+     * use is restricted, or there are no enabled cipher suites supported
+     * by the protocol.
      *
      * @return an array of protocol names
      * @see #getSupportedProtocols()
--- a/jdk/src/java.base/share/classes/javax/net/ssl/SSLSocket.java	Thu Feb 18 02:36:38 2016 +0000
+++ b/jdk/src/java.base/share/classes/javax/net/ssl/SSLSocket.java	Thu Feb 18 02:49:44 2016 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -279,10 +279,11 @@
      * created, all enabled cipher suites support a minimum quality of
      * service.  Thus, in some environments this value might be empty.
      * <P>
-     * Even if a suite has been enabled, it might never be used.  (For
-     * example, the peer does not support it, the requisite certificates
-     * (and private keys) for the suite are not available, or an
-     * anonymous suite is enabled but authentication is required.
+     * Note that even if a suite is enabled, it may never be used. This
+     * can occur if the peer does not support it, or its use is restricted,
+     * or the requisite certificates (and private keys) for the suite are
+     * not available, or an anonymous suite is enabled but authentication
+     * is required.
      *
      * @return an array of cipher suite names
      * @see #getSupportedCipherSuites()
@@ -324,6 +325,12 @@
     /**
      * Returns the names of the protocol versions which are currently
      * enabled for use on this connection.
+     * <P>
+     * Note that even if a protocol is enabled, it may never be used.
+     * This can occur if the peer does not support the protocol, or its
+     * use is restricted, or there are no enabled cipher suites supported
+     * by the protocol.
+     *
      * @see #setEnabledProtocols(String [])
      * @return an array of protocols
      */