1 /* 2 * Copyright (c) 2012, 2019, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 // 25 // SunJSSE does not support dynamic system properties, no way to re-use 26 // system properties in samevm/agentvm mode. 27 // 28 29 /* 30 * @test 31 * @bug 7174244 8234728 32 * @summary Test for ciphersuites order 33 * @run main/othervm CipherSuitesInOrder 34 */ 35 36 import java.util.*; 37 import javax.net.ssl.*; 38 39 public class CipherSuitesInOrder { 40 41 // Supported ciphersuites 42 private final static List<String> supportedCipherSuites 43 = Arrays.<String>asList( 44 "TLS_AES_128_GCM_SHA256", 45 "TLS_AES_256_GCM_SHA384", 46 "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", 47 "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", 48 "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", 49 "TLS_RSA_WITH_AES_256_GCM_SHA384", 50 "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384", 51 "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384", 52 "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", 53 "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384", 54 "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", 55 "TLS_RSA_WITH_AES_128_GCM_SHA256", 56 "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256", 57 "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256", 58 "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", 59 "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256", 60 61 "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", 62 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", 63 "TLS_RSA_WITH_AES_256_CBC_SHA256", 64 "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384", 65 "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384", 66 "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", 67 "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256", 68 "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", 69 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", 70 "TLS_RSA_WITH_AES_256_CBC_SHA", 71 "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", 72 "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", 73 "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", 74 "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", 75 "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", 76 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", 77 "TLS_RSA_WITH_AES_128_CBC_SHA256", 78 "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256", 79 "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256", 80 "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", 81 "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256", 82 "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", 83 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", 84 "TLS_RSA_WITH_AES_128_CBC_SHA", 85 "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", 86 "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", 87 "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", 88 "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", 89 90 "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", 91 "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", 92 "SSL_RSA_WITH_3DES_EDE_CBC_SHA", 93 "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", 94 "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", 95 "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA", 96 "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA", 97 98 "TLS_EMPTY_RENEGOTIATION_INFO_SCSV", 99 100 "TLS_DH_anon_WITH_AES_256_GCM_SHA384", 101 "TLS_DH_anon_WITH_AES_128_GCM_SHA256", 102 103 "TLS_DH_anon_WITH_AES_256_CBC_SHA256", 104 "TLS_ECDH_anon_WITH_AES_256_CBC_SHA", 105 "TLS_DH_anon_WITH_AES_256_CBC_SHA", 106 "TLS_DH_anon_WITH_AES_128_CBC_SHA256", 107 "TLS_ECDH_anon_WITH_AES_128_CBC_SHA", 108 "TLS_DH_anon_WITH_AES_128_CBC_SHA", 109 "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA", 110 "SSL_DH_anon_WITH_3DES_EDE_CBC_SHA", 111 112 "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", 113 "TLS_ECDHE_RSA_WITH_RC4_128_SHA", 114 "SSL_RSA_WITH_RC4_128_SHA", 115 "TLS_ECDH_ECDSA_WITH_RC4_128_SHA", 116 "TLS_ECDH_RSA_WITH_RC4_128_SHA", 117 "SSL_RSA_WITH_RC4_128_MD5", 118 "TLS_ECDH_anon_WITH_RC4_128_SHA", 119 "SSL_DH_anon_WITH_RC4_128_MD5", 120 121 "SSL_RSA_WITH_DES_CBC_SHA", 122 "SSL_DHE_RSA_WITH_DES_CBC_SHA", 123 "SSL_DHE_DSS_WITH_DES_CBC_SHA", 124 "SSL_DH_anon_WITH_DES_CBC_SHA", 125 "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", 126 "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", 127 "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", 128 "SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA", 129 130 "SSL_RSA_EXPORT_WITH_RC4_40_MD5", 131 "SSL_DH_anon_EXPORT_WITH_RC4_40_MD5", 132 133 "TLS_RSA_WITH_NULL_SHA256", 134 "TLS_ECDHE_ECDSA_WITH_NULL_SHA", 135 "TLS_ECDHE_RSA_WITH_NULL_SHA", 136 "SSL_RSA_WITH_NULL_SHA", 137 "TLS_ECDH_ECDSA_WITH_NULL_SHA", 138 "TLS_ECDH_RSA_WITH_NULL_SHA", 139 "TLS_ECDH_anon_WITH_NULL_SHA", 140 "SSL_RSA_WITH_NULL_MD5", 141 142 "TLS_KRB5_WITH_3DES_EDE_CBC_SHA", 143 "TLS_KRB5_WITH_3DES_EDE_CBC_MD5", 144 "TLS_KRB5_WITH_RC4_128_SHA", 145 "TLS_KRB5_WITH_RC4_128_MD5", 146 "TLS_KRB5_WITH_DES_CBC_SHA", 147 "TLS_KRB5_WITH_DES_CBC_MD5", 148 "TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA", 149 "TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5", 150 "TLS_KRB5_EXPORT_WITH_RC4_40_SHA", 151 "TLS_KRB5_EXPORT_WITH_RC4_40_MD5" 152 ); 153 154 private final static String[] protocols = { 155 "", "SSL", "TLS", "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3" 156 }; 157 158 159 public static void main(String[] args) throws Exception { 160 // show all of the supported cipher suites 161 showSuites(supportedCipherSuites.toArray(new String[0]), 162 "All supported cipher suites"); 163 164 for (String protocol : protocols) { 165 System.out.println("//"); 166 System.out.println("// " 167 + "Testing for SSLContext of " + protocol); 168 System.out.println("//"); 169 checkForProtocols(protocol); 170 } 171 } 172 173 public static void checkForProtocols(String protocol) throws Exception { 174 SSLContext context; 175 if (protocol.isEmpty()) { 176 context = SSLContext.getDefault(); 177 } else { 178 context = SSLContext.getInstance(protocol); 179 context.init(null, null, null); 180 } 181 182 // check the order of default cipher suites of SSLContext 183 SSLParameters parameters = context.getDefaultSSLParameters(); 184 checkSuites(parameters.getCipherSuites(), 185 "Default cipher suites in SSLContext"); 186 187 // check the order of supported cipher suites of SSLContext 188 parameters = context.getSupportedSSLParameters(); 189 checkSuites(parameters.getCipherSuites(), 190 "Supported cipher suites in SSLContext"); 191 192 // 193 // Check the cipher suites order of SSLEngine 194 // 195 SSLEngine engine = context.createSSLEngine(); 196 197 // check the order of endabled cipher suites 198 String[] ciphers = engine.getEnabledCipherSuites(); 199 checkSuites(ciphers, 200 "Enabled cipher suites in SSLEngine"); 201 202 // check the order of supported cipher suites 203 ciphers = engine.getSupportedCipherSuites(); 204 checkSuites(ciphers, 205 "Supported cipher suites in SSLEngine"); 206 207 // 208 // Check the cipher suites order of SSLSocket 209 // 210 SSLSocketFactory factory = context.getSocketFactory(); 211 try (SSLSocket socket = (SSLSocket) factory.createSocket()) { 212 213 // check the order of endabled cipher suites 214 ciphers = socket.getEnabledCipherSuites(); 215 checkSuites(ciphers, 216 "Enabled cipher suites in SSLSocket"); 217 218 // check the order of supported cipher suites 219 ciphers = socket.getSupportedCipherSuites(); 220 checkSuites(ciphers, 221 "Supported cipher suites in SSLSocket"); 222 } 223 224 // 225 // Check the cipher suites order of SSLServerSocket 226 // 227 SSLServerSocketFactory serverFactory = context.getServerSocketFactory(); 228 try (SSLServerSocket serverSocket 229 = (SSLServerSocket) serverFactory.createServerSocket()) { 230 // check the order of endabled cipher suites 231 ciphers = serverSocket.getEnabledCipherSuites(); 232 checkSuites(ciphers, 233 "Enabled cipher suites in SSLServerSocket"); 234 235 // check the order of supported cipher suites 236 ciphers = serverSocket.getSupportedCipherSuites(); 237 checkSuites(ciphers, 238 "Supported cipher suites in SSLServerSocket"); 239 } 240 } 241 242 private static void checkSuites(String[] suites, String title) { 243 showSuites(suites, title); 244 245 int loc = -1; 246 int index = 0; 247 for (String suite : suites) { 248 index = supportedCipherSuites.indexOf(suite); 249 if (index <= loc) { 250 throw new RuntimeException(suite + " is not in order"); 251 } 252 loc = index; 253 } 254 } 255 256 private static void showSuites(String[] suites, String title) { 257 System.out.println(title + "[" + suites.length + "]:"); 258 for (String suite : suites) { 259 System.out.println(" " + suite); 260 } 261 } 262 }