169 private Object thrownLock = new Object();
170
171 /* Class and subclass dynamic debugging support */
172 static final Debug debug = Debug.getInstance("ssl");
173
174 // By default, disable the unsafe legacy session renegotiation
175 static final boolean allowUnsafeRenegotiation = Debug.getBooleanProperty(
176 "sun.security.ssl.allowUnsafeRenegotiation", false);
177
178 // For maximum interoperability and backward compatibility, RFC 5746
179 // allows server (or client) to accept ClientHello (or ServerHello)
180 // message without the secure renegotiation_info extension or SCSV.
181 //
182 // For maximum security, RFC 5746 also allows server (or client) to
183 // reject such message with a fatal "handshake_failure" alert.
184 //
185 // By default, allow such legacy hello messages.
186 static final boolean allowLegacyHelloMessages = Debug.getBooleanProperty(
187 "sun.security.ssl.allowLegacyHelloMessages", true);
188
189 // need to dispose the object when it is invalidated
190 boolean invalidated;
191
192 Handshaker(SSLSocketImpl c, SSLContextImpl context,
193 ProtocolList enabledProtocols, boolean needCertVerify,
194 boolean isClient, ProtocolVersion activeProtocolVersion,
195 boolean isInitialHandshake, boolean secureRenegotiation,
196 byte[] clientVerifyData, byte[] serverVerifyData) {
197 this.conn = c;
198 init(context, enabledProtocols, needCertVerify, isClient,
199 activeProtocolVersion, isInitialHandshake, secureRenegotiation,
200 clientVerifyData, serverVerifyData);
201 }
202
203 Handshaker(SSLEngineImpl engine, SSLContextImpl context,
204 ProtocolList enabledProtocols, boolean needCertVerify,
205 boolean isClient, ProtocolVersion activeProtocolVersion,
206 boolean isInitialHandshake, boolean secureRenegotiation,
207 byte[] clientVerifyData, byte[] serverVerifyData) {
208 this.engine = engine;
|
169 private Object thrownLock = new Object();
170
171 /* Class and subclass dynamic debugging support */
172 static final Debug debug = Debug.getInstance("ssl");
173
174 // By default, disable the unsafe legacy session renegotiation
175 static final boolean allowUnsafeRenegotiation = Debug.getBooleanProperty(
176 "sun.security.ssl.allowUnsafeRenegotiation", false);
177
178 // For maximum interoperability and backward compatibility, RFC 5746
179 // allows server (or client) to accept ClientHello (or ServerHello)
180 // message without the secure renegotiation_info extension or SCSV.
181 //
182 // For maximum security, RFC 5746 also allows server (or client) to
183 // reject such message with a fatal "handshake_failure" alert.
184 //
185 // By default, allow such legacy hello messages.
186 static final boolean allowLegacyHelloMessages = Debug.getBooleanProperty(
187 "sun.security.ssl.allowLegacyHelloMessages", true);
188
189 // To prevent the TLS renegotiation issues, by setting system property
190 // "jdk.tls.rejectClientInitializedRenego" to true, applications in server
191 // side can disable all client initiated SSL renegotiations regardless
192 // of the support of TLS protocols.
193 //
194 // By default, allow client initiated renegotiations.
195 static final boolean rejectClientInitializedRenego =
196 Debug.getBooleanProperty(
197 "jdk.tls.rejectClientInitializedRenego", false);
198
199 // need to dispose the object when it is invalidated
200 boolean invalidated;
201
202 Handshaker(SSLSocketImpl c, SSLContextImpl context,
203 ProtocolList enabledProtocols, boolean needCertVerify,
204 boolean isClient, ProtocolVersion activeProtocolVersion,
205 boolean isInitialHandshake, boolean secureRenegotiation,
206 byte[] clientVerifyData, byte[] serverVerifyData) {
207 this.conn = c;
208 init(context, enabledProtocols, needCertVerify, isClient,
209 activeProtocolVersion, isInitialHandshake, secureRenegotiation,
210 clientVerifyData, serverVerifyData);
211 }
212
213 Handshaker(SSLEngineImpl engine, SSLContextImpl context,
214 ProtocolList enabledProtocols, boolean needCertVerify,
215 boolean isClient, ProtocolVersion activeProtocolVersion,
216 boolean isInitialHandshake, boolean secureRenegotiation,
217 byte[] clientVerifyData, byte[] serverVerifyData) {
218 this.engine = engine;
|