1 /* 2 * Copyright (c) 2020, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 // 25 // SunJSSE does not support dynamic system properties, no way to re-use 26 // system properties in samevm/agentvm mode. 27 // 28 29 /* 30 * @test 31 * @bug 8202343 32 * @summary Check that SSLv3, TLSv1 and TLSv1.1 are disabled by default 33 * @run main/othervm SSLContextDefault 34 */ 35 36 import java.util.Arrays; 37 import java.util.Collections; 38 import java.util.List; 39 import javax.net.ssl.*; 40 41 public class SSLContextDefault { 42 43 private final static String[] protocols = { 44 "", "SSL", "TLS", "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3" 45 }; 46 47 private final static List<String> disabledProtocols = 48 Collections.unmodifiableList( 49 Arrays.asList("SSLv3", "TLSv1", "TLSv1.1")); 50 51 public static void main(String[] args) throws Exception { 52 for (String protocol : protocols) { 53 System.out.println("//"); 54 System.out.println("// " + "Testing for SSLContext of " + 55 (protocol.isEmpty() ? "<default>" : protocol)); 56 System.out.println("//"); 57 checkForProtocols(protocol); 58 System.out.println(); 59 } 60 } 61 62 public static void checkForProtocols(String protocol) throws Exception { 63 SSLContext context; 64 if (protocol.isEmpty()) { 65 context = SSLContext.getDefault(); 66 } else { 67 context = SSLContext.getInstance(protocol); 68 context.init(null, null, null); 69 } 70 71 // check for the presence of supported protocols of SSLContext 72 SSLParameters parameters = context.getSupportedSSLParameters(); 73 checkProtocols(parameters.getProtocols(), 74 "Supported protocols in SSLContext", false); 75 76 77 // check for the presence of default protocols of SSLContext 78 parameters = context.getDefaultSSLParameters(); 79 checkProtocols(parameters.getProtocols(), 80 "Enabled protocols in SSLContext", true); 81 82 // check for the presence of supported protocols of SSLEngine 83 SSLEngine engine = context.createSSLEngine(); 84 checkProtocols(engine.getSupportedProtocols(), 85 "Supported protocols in SSLEngine", false); 86 87 // Check for the presence of default protocols of SSLEngine 88 checkProtocols(engine.getEnabledProtocols(), 89 "Enabled protocols in SSLEngine", true); 90 91 SSLSocketFactory factory = context.getSocketFactory(); 92 try (SSLSocket socket = (SSLSocket)factory.createSocket()) { 93 // check for the presence of supported protocols of SSLSocket 94 checkProtocols(socket.getSupportedProtocols(), 95 "Supported cipher suites in SSLSocket", false); 96 97 // Check for the presence of default protocols of SSLSocket 98 checkProtocols(socket.getEnabledProtocols(), 99 "Enabled protocols in SSLSocket", true); 100 } 101 102 SSLServerSocketFactory serverFactory = context.getServerSocketFactory(); 103 try (SSLServerSocket serverSocket = 104 (SSLServerSocket)serverFactory.createServerSocket()) { 105 // check for the presence of supported protocols of SSLServerSocket 106 checkProtocols(serverSocket.getSupportedProtocols(), 107 "Supported cipher suites in SSLServerSocket", false); 108 109 // Check for the presence of default protocols of SSLServerSocket 110 checkProtocols(serverSocket.getEnabledProtocols(), 111 "Enabled protocols in SSLServerSocket", true); 112 } 113 } 114 115 private static void checkProtocols(String[] protocols, 116 String title, boolean disabled) throws Exception { 117 showProtocols(protocols, title); 118 119 if (disabled) { 120 for (String protocol : protocols ) { 121 if (disabledProtocols.contains(protocol)) { 122 throw new Exception(protocol + 123 " should not be enabled by default"); 124 } 125 } 126 } else { 127 List<String> protocolsList = Collections.unmodifiableList( 128 Arrays.asList(protocols)); 129 for (String disabledProtocol : disabledProtocols) { 130 if (!protocolsList.contains(disabledProtocol)) { 131 throw new Exception(disabledProtocol + 132 " should be supported by default"); 133 } 134 } 135 } 136 } 137 138 private static void showProtocols(String[] protocols, String title) { 139 System.out.println(title + "[" + protocols.length + "]:"); 140 for (String protocol : protocols) { 141 System.out.println(" " + protocol); 142 } 143 } 144 }