1 /* 2 * Copyright (c) 2020, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 // 25 // SunJSSE does not support dynamic system properties, no way to re-use 26 // system properties in samevm/agentvm mode. 27 // 28 29 /* 30 * @test 31 * @bug 8202343 32 * @summary Check that SSLv3, TLSv1 and TLSv1.1 are disabled by default 33 * @run main/othervm SSLContextDefault 34 */ 35 36 import java.util.Arrays; 37 import java.util.Collections; 38 import java.util.List; 39 import javax.net.ssl.*; 40 41 public class SSLContextDefault { 42 43 private final static String[] protocols = { 44 "", "SSL", "TLS", "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3" 45 }; 46 47 private final static List<String> disabledProtocols; 48 49 static { 50 List<String> protocols = Arrays.asList("SSLv3", "TLSv1", "TLSv1.1"); 51 protocols = Collections.unmodifiableList(protocols); 52 disabledProtocols = protocols; 53 } 54 55 public static void main(String[] args) throws Exception { 56 for (String protocol : protocols) { 57 System.out.println("//"); 58 System.out.println("// " + "Testing for SSLContext of " + 59 (protocol.isEmpty() ? "<default>" : protocol)); 60 System.out.println("//"); 61 checkForProtocols(protocol); 62 System.out.println(); 63 } 64 } 65 66 public static void checkForProtocols(String protocol) throws Exception { 67 SSLContext context; 68 if (protocol.isEmpty()) { 69 context = SSLContext.getDefault(); 70 } else { 71 context = SSLContext.getInstance(protocol); 72 context.init(null, null, null); 73 } 74 75 // check for the presence of supported protocols of SSLContext 76 SSLParameters parameters = context.getSupportedSSLParameters(); 77 checkProtocols(parameters.getProtocols(), 78 "Supported protocols in SSLContext", false); 79 80 81 // check for the presence of default protocols of SSLContext 82 parameters = context.getDefaultSSLParameters(); 83 checkProtocols(parameters.getProtocols(), 84 "Enabled protocols in SSLContext", true); 85 86 // check for the presence of supported protocols of SSLEngine 87 SSLEngine engine = context.createSSLEngine(); 88 checkProtocols(engine.getSupportedProtocols(), 89 "Supported protocols in SSLEngine", false); 90 91 // Check for the presence of default protocols of SSLEngine 92 checkProtocols(engine.getEnabledProtocols(), 93 "Enabled protocols in SSLEngine", true); 94 95 SSLSocketFactory factory = context.getSocketFactory(); 96 try (SSLSocket socket = (SSLSocket)factory.createSocket()) { 97 // check for the presence of supported protocols of SSLSocket 98 checkProtocols(socket.getSupportedProtocols(), 99 "Supported cipher suites in SSLSocket", false); 100 101 // Check for the presence of default protocols of SSLSocket 102 checkProtocols(socket.getEnabledProtocols(), 103 "Enabled protocols in SSLSocket", true); 104 } 105 106 SSLServerSocketFactory serverFactory = context.getServerSocketFactory(); 107 try (SSLServerSocket serverSocket = 108 (SSLServerSocket)serverFactory.createServerSocket()) { 109 // check for the presence of supported protocols of SSLServerSocket 110 checkProtocols(serverSocket.getSupportedProtocols(), 111 "Supported cipher suites in SSLServerSocket", false); 112 113 // Check for the presence of default protocols of SSLServerSocket 114 checkProtocols(serverSocket.getEnabledProtocols(), 115 "Enabled protocols in SSLServerSocket", true); 116 } 117 } 118 119 private static void checkProtocols(String[] protocols, 120 String title, boolean disabled) throws Exception { 121 showProtocols(protocols, title); 122 123 if (disabled) { 124 for (String protocol : protocols ) { 125 if (disabledProtocols.contains(protocol)) { 126 throw new Exception(protocol + 127 " should not be enabled by default"); 128 } 129 } 130 } else { 131 List<String> protocolsList = Arrays.asList(protocols); 132 protocolsList = Collections.unmodifiableList(protocolsList); 133 for (String disabledProtocol : disabledProtocols) { 134 if (!protocolsList.contains(disabledProtocol)) { 135 throw new Exception(disabledProtocol + 136 " should be supported by default"); 137 } 138 } 139 } 140 } 141 142 private static void showProtocols(String[] protocols, String title) { 143 System.out.println(title + "[" + protocols.length + "]:"); 144 for (String protocol : protocols) { 145 System.out.println(" " + protocol); 146 } 147 } 148 }