< prev index next >
src/java.base/share/classes/sun/security/ssl/CipherSuite.java
Print this page
rev 54061 : 8226374: Restrict TLS signature schemes and named groups
Reviewed-by: mullan
*** 33,44 ****
import java.util.List;
import static sun.security.ssl.CipherSuite.HashAlg.*;
import static sun.security.ssl.CipherSuite.KeyExchange.*;
import static sun.security.ssl.CipherSuite.MacAlg.*;
import static sun.security.ssl.SSLCipher.*;
! import sun.security.ssl.NamedGroup.NamedGroupType;
! import static sun.security.ssl.NamedGroup.NamedGroupType.*;
/**
* Enum for SSL/(D)TLS cipher suites.
*
* Please refer to the "TLS Cipher Suite Registry" section for more details
--- 33,44 ----
import java.util.List;
import static sun.security.ssl.CipherSuite.HashAlg.*;
import static sun.security.ssl.CipherSuite.KeyExchange.*;
import static sun.security.ssl.CipherSuite.MacAlg.*;
import static sun.security.ssl.SSLCipher.*;
! import sun.security.ssl.NamedGroup.NamedGroupSpec;
! import static sun.security.ssl.NamedGroup.NamedGroupSpec.*;
/**
* Enum for SSL/(D)TLS cipher suites.
*
* Please refer to the "TLS Cipher Suite Registry" section for more details
*** 1053,1068 ****
K_SCSV ("SCSV", true, true, NAMED_GROUP_NONE);
// name of the key exchange algorithm, e.g. DHE_DSS
final String name;
final boolean allowed;
! final NamedGroupType[] groupTypes;
private final boolean alwaysAvailable;
private final boolean isAnonymous;
KeyExchange(String name, boolean allowed,
! boolean isAnonymous, NamedGroupType... groupTypes) {
this.name = name;
this.groupTypes = groupTypes;
this.allowed = allowed;
this.alwaysAvailable = allowed && (!name.startsWith("EC"));
--- 1053,1068 ----
K_SCSV ("SCSV", true, true, NAMED_GROUP_NONE);
// name of the key exchange algorithm, e.g. DHE_DSS
final String name;
final boolean allowed;
! final NamedGroupSpec[] groupTypes;
private final boolean alwaysAvailable;
private final boolean isAnonymous;
KeyExchange(String name, boolean allowed,
! boolean isAnonymous, NamedGroupSpec... groupTypes) {
this.name = name;
this.groupTypes = groupTypes;
this.allowed = allowed;
this.alwaysAvailable = allowed && (!name.startsWith("EC"));
*** 1072,1083 ****
boolean isAvailable() {
if (alwaysAvailable) {
return true;
}
! if (NamedGroupType.arrayContains(
! groupTypes, NamedGroupType.NAMED_GROUP_ECDHE)) {
return (allowed && JsseJce.isEcAvailable());
} else {
return allowed;
}
}
--- 1072,1083 ----
boolean isAvailable() {
if (alwaysAvailable) {
return true;
}
! if (NamedGroupSpec.arrayContains(groupTypes,
! NamedGroupSpec.NAMED_GROUP_ECDHE)) {
return (allowed && JsseJce.isEcAvailable());
} else {
return allowed;
}
}
< prev index next >