src/share/classes/sun/security/ssl/Handshaker.java

Print this page
7188658 Add possibility to disable client initiated renegotiation


 169     private Object thrownLock = new Object();
 170 
 171     /* Class and subclass dynamic debugging support */
 172     static final Debug debug = Debug.getInstance("ssl");
 173 
 174     // By default, disable the unsafe legacy session renegotiation
 175     static final boolean allowUnsafeRenegotiation = Debug.getBooleanProperty(
 176                     "sun.security.ssl.allowUnsafeRenegotiation", false);
 177 
 178     // For maximum interoperability and backward compatibility, RFC 5746
 179     // allows server (or client) to accept ClientHello (or ServerHello)
 180     // message without the secure renegotiation_info extension or SCSV.
 181     //
 182     // For maximum security, RFC 5746 also allows server (or client) to
 183     // reject such message with a fatal "handshake_failure" alert.
 184     //
 185     // By default, allow such legacy hello messages.
 186     static final boolean allowLegacyHelloMessages = Debug.getBooleanProperty(
 187                     "sun.security.ssl.allowLegacyHelloMessages", true);
 188 










 189     // need to dispose the object when it is invalidated
 190     boolean invalidated;
 191 
 192     Handshaker(SSLSocketImpl c, SSLContextImpl context,
 193             ProtocolList enabledProtocols, boolean needCertVerify,
 194             boolean isClient, ProtocolVersion activeProtocolVersion,
 195             boolean isInitialHandshake, boolean secureRenegotiation,
 196             byte[] clientVerifyData, byte[] serverVerifyData) {
 197         this.conn = c;
 198         init(context, enabledProtocols, needCertVerify, isClient,
 199             activeProtocolVersion, isInitialHandshake, secureRenegotiation,
 200             clientVerifyData, serverVerifyData);
 201     }
 202 
 203     Handshaker(SSLEngineImpl engine, SSLContextImpl context,
 204             ProtocolList enabledProtocols, boolean needCertVerify,
 205             boolean isClient, ProtocolVersion activeProtocolVersion,
 206             boolean isInitialHandshake, boolean secureRenegotiation,
 207             byte[] clientVerifyData, byte[] serverVerifyData) {
 208         this.engine = engine;




 169     private Object thrownLock = new Object();
 170 
 171     /* Class and subclass dynamic debugging support */
 172     static final Debug debug = Debug.getInstance("ssl");
 173 
 174     // By default, disable the unsafe legacy session renegotiation
 175     static final boolean allowUnsafeRenegotiation = Debug.getBooleanProperty(
 176                     "sun.security.ssl.allowUnsafeRenegotiation", false);
 177 
 178     // For maximum interoperability and backward compatibility, RFC 5746
 179     // allows server (or client) to accept ClientHello (or ServerHello)
 180     // message without the secure renegotiation_info extension or SCSV.
 181     //
 182     // For maximum security, RFC 5746 also allows server (or client) to
 183     // reject such message with a fatal "handshake_failure" alert.
 184     //
 185     // By default, allow such legacy hello messages.
 186     static final boolean allowLegacyHelloMessages = Debug.getBooleanProperty(
 187                     "sun.security.ssl.allowLegacyHelloMessages", true);
 188 
 189     // To prevent the TLS renegotiation issues, by setting system property
 190     // "jdk.tls.rejectClientInitializedRenego" to true, applications in server
 191     // side can disable all client initiated SSL renegotiations regardless
 192     // of the support of TLS protocols.
 193     //
 194     // By default, allow client initiated renegotiations.
 195     static final boolean rejectClientInitializedRenego =
 196             Debug.getBooleanProperty(
 197                 "jdk.tls.rejectClientInitializedRenego", false);
 198 
 199     // need to dispose the object when it is invalidated
 200     boolean invalidated;
 201 
 202     Handshaker(SSLSocketImpl c, SSLContextImpl context,
 203             ProtocolList enabledProtocols, boolean needCertVerify,
 204             boolean isClient, ProtocolVersion activeProtocolVersion,
 205             boolean isInitialHandshake, boolean secureRenegotiation,
 206             byte[] clientVerifyData, byte[] serverVerifyData) {
 207         this.conn = c;
 208         init(context, enabledProtocols, needCertVerify, isClient,
 209             activeProtocolVersion, isInitialHandshake, secureRenegotiation,
 210             clientVerifyData, serverVerifyData);
 211     }
 212 
 213     Handshaker(SSLEngineImpl engine, SSLContextImpl context,
 214             ProtocolList enabledProtocols, boolean needCertVerify,
 215             boolean isClient, ProtocolVersion activeProtocolVersion,
 216             boolean isInitialHandshake, boolean secureRenegotiation,
 217             byte[] clientVerifyData, byte[] serverVerifyData) {
 218         this.engine = engine;