1 /* 2 * Copyright (c) 2012, 2015, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 // 25 // SunJSSE does not support dynamic system properties, no way to re-use 26 // system properties in samevm/agentvm mode. 27 // 28 29 /* 30 * @test 31 * @bug 7174244 32 * @summary NPE in Krb5ProxyImpl.getServerKeys() 33 * @run main/othervm CipherSuitesInOrder 34 */ 35 36 import java.util.*; 37 import javax.net.ssl.*; 38 import java.security.Security; 39 40 public class CipherSuitesInOrder { 41 42 // supported ciphersuites 43 private final static List<String> supportedCipherSuites = 44 Arrays.<String>asList( 45 "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", 46 "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", 47 "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", 48 "TLS_RSA_WITH_AES_256_GCM_SHA384", 49 "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384", 50 "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384", 51 "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", 52 "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384", 53 "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", 54 "TLS_RSA_WITH_AES_128_GCM_SHA256", 55 "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256", 56 "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256", 57 "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", 58 "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256", 59 60 "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", 61 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", 62 "TLS_RSA_WITH_AES_256_CBC_SHA256", 63 "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384", 64 "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384", 65 "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", 66 "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256", 67 "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", 68 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", 69 "TLS_RSA_WITH_AES_256_CBC_SHA", 70 "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", 71 "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", 72 "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", 73 "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", 74 "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", 75 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", 76 "TLS_RSA_WITH_AES_128_CBC_SHA256", 77 "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256", 78 "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256", 79 "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", 80 "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256", 81 "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", 82 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", 83 "TLS_RSA_WITH_AES_128_CBC_SHA", 84 "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", 85 "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", 86 "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", 87 "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", 88 89 "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", 90 "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", 91 "SSL_RSA_WITH_3DES_EDE_CBC_SHA", 92 "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", 93 "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", 94 "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA", 95 "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA", 96 97 "TLS_EMPTY_RENEGOTIATION_INFO_SCSV", 98 99 "TLS_DH_anon_WITH_AES_256_GCM_SHA384", 100 "TLS_DH_anon_WITH_AES_128_GCM_SHA256", 101 102 "TLS_DH_anon_WITH_AES_256_CBC_SHA256", 103 "TLS_ECDH_anon_WITH_AES_256_CBC_SHA", 104 "TLS_DH_anon_WITH_AES_256_CBC_SHA", 105 "TLS_DH_anon_WITH_AES_128_CBC_SHA256", 106 "TLS_ECDH_anon_WITH_AES_128_CBC_SHA", 107 "TLS_DH_anon_WITH_AES_128_CBC_SHA", 108 "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA", 109 "SSL_DH_anon_WITH_3DES_EDE_CBC_SHA", 110 111 "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", 112 "TLS_ECDHE_RSA_WITH_RC4_128_SHA", 113 "SSL_RSA_WITH_RC4_128_SHA", 114 "TLS_ECDH_ECDSA_WITH_RC4_128_SHA", 115 "TLS_ECDH_RSA_WITH_RC4_128_SHA", 116 "SSL_RSA_WITH_RC4_128_MD5", 117 "TLS_ECDH_anon_WITH_RC4_128_SHA", 118 "SSL_DH_anon_WITH_RC4_128_MD5", 119 120 "SSL_RSA_WITH_DES_CBC_SHA", 121 "SSL_DHE_RSA_WITH_DES_CBC_SHA", 122 "SSL_DHE_DSS_WITH_DES_CBC_SHA", 123 "SSL_DH_anon_WITH_DES_CBC_SHA", 124 "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", 125 "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", 126 "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", 127 "SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA", 128 129 "SSL_RSA_EXPORT_WITH_RC4_40_MD5", 130 "SSL_DH_anon_EXPORT_WITH_RC4_40_MD5", 131 132 "TLS_RSA_WITH_NULL_SHA256", 133 "TLS_ECDHE_ECDSA_WITH_NULL_SHA", 134 "TLS_ECDHE_RSA_WITH_NULL_SHA", 135 "SSL_RSA_WITH_NULL_SHA", 136 "TLS_ECDH_ECDSA_WITH_NULL_SHA", 137 "TLS_ECDH_RSA_WITH_NULL_SHA", 138 "TLS_ECDH_anon_WITH_NULL_SHA", 139 "SSL_RSA_WITH_NULL_MD5", 140 141 "TLS_KRB5_WITH_3DES_EDE_CBC_SHA", 142 "TLS_KRB5_WITH_3DES_EDE_CBC_MD5", 143 "TLS_KRB5_WITH_RC4_128_SHA", 144 "TLS_KRB5_WITH_RC4_128_MD5", 145 "TLS_KRB5_WITH_DES_CBC_SHA", 146 "TLS_KRB5_WITH_DES_CBC_MD5", 147 "TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA", 148 "TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5", 149 "TLS_KRB5_EXPORT_WITH_RC4_40_SHA", 150 "TLS_KRB5_EXPORT_WITH_RC4_40_MD5" 151 ); 152 153 private final static String[] protocols = { 154 "", "SSL", "TLS", "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2" 155 }; 156 157 158 public static void main(String[] args) throws Exception { 159 // show all of the supported cipher suites 160 showSuites(supportedCipherSuites.toArray(new String[0]), 161 "All supported cipher suites"); 162 163 for (String protocol : protocols) { 164 System.out.println("//"); 165 System.out.println("// " + 166 "Testing for SSLContext of " + protocol); 167 System.out.println("//"); 168 checkForProtocols(protocol); 169 } 170 } 171 172 public static void checkForProtocols(String protocol) throws Exception { 173 SSLContext context; 174 if (protocol.isEmpty()) { 175 context = SSLContext.getDefault(); 176 } else { 177 context = SSLContext.getInstance(protocol); 178 context.init(null, null, null); 179 } 180 181 // check the order of default cipher suites of SSLContext 182 SSLParameters parameters = context.getDefaultSSLParameters(); 183 checkSuites(parameters.getCipherSuites(), 184 "Default cipher suites in SSLContext"); 185 186 // check the order of supported cipher suites of SSLContext 187 parameters = context.getSupportedSSLParameters(); 188 checkSuites(parameters.getCipherSuites(), 189 "Supported cipher suites in SSLContext"); 190 191 192 // 193 // Check the cipher suites order of SSLEngine 194 // 195 SSLEngine engine = context.createSSLEngine(); 196 197 // check the order of endabled cipher suites 198 String[] ciphers = engine.getEnabledCipherSuites(); 199 checkSuites(ciphers, 200 "Enabled cipher suites in SSLEngine"); 201 202 // check the order of supported cipher suites 203 ciphers = engine.getSupportedCipherSuites(); 204 checkSuites(ciphers, 205 "Supported cipher suites in SSLEngine"); 206 207 // 208 // Check the cipher suites order of SSLSocket 209 // 210 SSLSocketFactory factory = context.getSocketFactory(); 211 try (SSLSocket socket = (SSLSocket)factory.createSocket()) { 212 213 // check the order of endabled cipher suites 214 ciphers = socket.getEnabledCipherSuites(); 215 checkSuites(ciphers, 216 "Enabled cipher suites in SSLSocket"); 217 218 // check the order of supported cipher suites 219 ciphers = socket.getSupportedCipherSuites(); 220 checkSuites(ciphers, 221 "Supported cipher suites in SSLSocket"); 222 } 223 224 // 225 // Check the cipher suites order of SSLServerSocket 226 // 227 SSLServerSocketFactory serverFactory = context.getServerSocketFactory(); 228 try (SSLServerSocket serverSocket = 229 (SSLServerSocket)serverFactory.createServerSocket()) { 230 // check the order of endabled cipher suites 231 ciphers = serverSocket.getEnabledCipherSuites(); 232 checkSuites(ciphers, 233 "Enabled cipher suites in SSLServerSocket"); 234 235 // check the order of supported cipher suites 236 ciphers = serverSocket.getSupportedCipherSuites(); 237 checkSuites(ciphers, 238 "Supported cipher suites in SSLServerSocket"); 239 } 240 } 241 242 private static void checkSuites(String[] suites, String title) { 243 showSuites(suites, title); 244 245 int loc = -1; 246 int index = 0; 247 for (String suite : suites) { 248 index = supportedCipherSuites.indexOf(suite); 249 if (index <= loc) { 250 throw new RuntimeException(suite + " is not in order"); 251 } 252 253 loc = index; 254 } 255 } 256 257 private static void showSuites(String[] suites, String title) { 258 System.out.println(title + "[" + suites.length + "]:"); 259 for (String suite : suites) { 260 System.out.println(" " + suite); 261 } 262 } 263 }