Skip to content

Commit

Permalink
8279164: Disable TLS_ECDH_* cipher suites
Browse files Browse the repository at this point in the history
Reviewed-by: xuelei, rhalade, wetmore
  • Loading branch information
seanjmullan committed Nov 7, 2022
1 parent d634dde commit 00d22f6
Show file tree
Hide file tree
Showing 4 changed files with 45 additions and 94 deletions.
3 changes: 2 additions & 1 deletion src/java.base/share/conf/security/java.security
Original file line number Diff line number Diff line change
Expand Up @@ -746,7 +746,8 @@ http.auth.digest.disabledAlgorithms = MD5, SHA-1
# jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048, \
# rsa_pkcs1_sha1, secp224r1
jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, DTLSv1.0, RC4, DES, \
MD5withRSA, DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL
MD5withRSA, DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \
ECDH

#
# Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS)
Expand Down
4 changes: 2 additions & 2 deletions test/jdk/javax/net/ssl/DTLS/CipherSuite.java
Original file line number Diff line number Diff line change
Expand Up @@ -43,10 +43,10 @@
* @run main/othervm CipherSuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
* @run main/othervm CipherSuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* @run main/othervm CipherSuite TLS_RSA_WITH_AES_128_GCM_SHA256
* @run main/othervm CipherSuite TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
* @run main/othervm CipherSuite TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 re-enable
* @run main/othervm CipherSuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
* @run main/othervm CipherSuite TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
* @run main/othervm CipherSuite TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
* @run main/othervm CipherSuite TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 re-enable
*/

import javax.net.ssl.SSLEngine;
Expand Down
36 changes: 23 additions & 13 deletions test/jdk/javax/net/ssl/ciphersuites/DisabledAlgorithms.java
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@

/*
* @test
* @bug 8076221 8211883 8163327
* @bug 8076221 8211883 8163327 8279164
* @summary Check if weak cipher suites are disabled
* @modules jdk.crypto.ec
* @run main/othervm DisabledAlgorithms default
Expand Down Expand Up @@ -60,9 +60,8 @@ public class DisabledAlgorithms {
System.getProperty("test.src", "./") + "/" + pathToStores +
"/" + trustStoreFile;

// supported 3DES, DES, RC4, NULL, and anon cipher suites
// it does not contain KRB5 cipher suites because they need a KDC
private static final String[] desede_des_rc4_null_anon_ciphersuites
// disabled 3DES, DES, RC4, NULL, anon, and ECDH cipher suites
private static final String[] disabled_ciphersuites
= new String[] {
"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
"TLS_ECDHE_RSA_WITH_RC4_128_SHA",
Expand Down Expand Up @@ -109,7 +108,19 @@ public class DisabledAlgorithms {
"SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA",
"TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA",
"TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA",
"SSL_RSA_WITH_3DES_EDE_CBC_SHA"
"SSL_RSA_WITH_3DES_EDE_CBC_SHA",
"TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384",
"TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384",
"TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256",
"TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256",
"TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA",
"TLS_ECDH_RSA_WITH_AES_256_CBC_SHA",
"TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA",
"TLS_ECDH_RSA_WITH_AES_128_CBC_SHA"
};

public static void main(String[] args) throws Exception {
Expand All @@ -128,9 +139,8 @@ public static void main(String[] args) throws Exception {
System.out.println("jdk.tls.disabledAlgorithms = "
+ Security.getProperty("jdk.tls.disabledAlgorithms"));

// check if 3DES, DES, RC4, NULL, and anon cipher suites
// can't be used by default
checkFailure(desede_des_rc4_null_anon_ciphersuites);
// check that disabled cipher suites can't be used by default
checkFailure(disabled_ciphersuites);
break;
case "empty":
// reset jdk.tls.disabledAlgorithms
Expand All @@ -144,9 +154,9 @@ public static void main(String[] args) throws Exception {
System.out.println("jdk.certpath.disabledAlgorithms = "
+ Security.getProperty("jdk.certpath.disabledAlgorithms"));

// check if 3DES, DES, RC4, NULL, and anon cipher suites
// can be used if jdk.{tls,certpath}.disabledAlgorithms is empty
checkSuccess(desede_des_rc4_null_anon_ciphersuites);
// check that disabled cipher suites can be used if
// jdk.{tls,certpath}.disabledAlgorithms is empty
checkSuccess(disabled_ciphersuites);
break;
default:
throw new RuntimeException("Wrong parameter: " + args[0]);
Expand All @@ -172,11 +182,12 @@ private static void checkFailure(String[] ciphersuites) throws Exception {
throw new RuntimeException("Expected SSLHandshakeException "
+ "not thrown");
} catch (SSLHandshakeException e) {
System.out.println("Expected exception on client side: "
System.out.println("Got expected exception on client side: "
+ e);
}
}

server.stop();
while (server.isRunning()) {
sleep();
}
Expand Down Expand Up @@ -272,7 +283,6 @@ public void run() {
} catch (SSLHandshakeException e) {
System.out.println("Server: run: " + e);
sslError = true;
stopped = true;
} catch (IOException e) {
if (!stopped) {
System.out.println("Server: run: unexpected exception: "
Expand Down
96 changes: 18 additions & 78 deletions test/jdk/javax/net/ssl/sanity/ciphersuites/CheckCipherSuites.java
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2002, 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2002, 2022, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
Expand All @@ -23,7 +23,7 @@

/*
* @test
* @bug 4750141 4895631 8217579 8163326
* @bug 4750141 4895631 8217579 8163326 8279164
* @summary Check enabled and supported ciphersuites are correct
* @run main/othervm CheckCipherSuites default
* @run main/othervm CheckCipherSuites limited
Expand All @@ -50,54 +50,38 @@ public class CheckCipherSuites {
// Not suite B, but we want it to position the suite early
"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",

// AES_256(GCM) - ECDHE - forward screcy
// AES_256(GCM) - ECDHE - forward secrecy
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",

// AES_128(GCM) - ECDHE - forward screcy
// AES_128(GCM) - ECDHE - forward secrecy
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",

// AES_256(GCM) - DHE - forward screcy
// AES_256(GCM) - DHE - forward secrecy
"TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
"TLS_DHE_DSS_WITH_AES_256_GCM_SHA384",

// AES_128(GCM) - DHE - forward screcy
// AES_128(GCM) - DHE - forward secrecy
"TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_DHE_DSS_WITH_AES_128_GCM_SHA256",

// AES_256(CBC) - ECDHE - forward screcy
// AES_256(CBC) - ECDHE - forward secrecy
"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",

// AES_256(CBC) - ECDHE - forward screcy
// AES_256(CBC) - ECDHE - forward secrecy
"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",

// AES_256(CBC) - DHE - forward screcy
// AES_256(CBC) - DHE - forward secrecy
"TLS_DHE_RSA_WITH_AES_256_CBC_SHA256",
"TLS_DHE_DSS_WITH_AES_256_CBC_SHA256",

// AES_128(CBC) - DHE - forward screcy
// AES_128(CBC) - DHE - forward secrecy
"TLS_DHE_RSA_WITH_AES_128_CBC_SHA256",
"TLS_DHE_DSS_WITH_AES_128_CBC_SHA256",

// AES_256(GCM) - not forward screcy
"TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384",

// AES_128(GCM) - not forward screcy
"TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256",

// AES_256(CBC) - not forward screcy
"TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384",
"TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384",

// AES_128(CBC) - not forward screcy
"TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256",
"TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256",

// AES_256(CBC) - ECDHE - using SHA
"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
Expand All @@ -114,14 +98,6 @@ public class CheckCipherSuites {
"TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
"TLS_DHE_DSS_WITH_AES_128_CBC_SHA",

// AES_256(CBC) - using SHA, not forward screcy
"TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA",
"TLS_ECDH_RSA_WITH_AES_256_CBC_SHA",

// AES_128(CBC) - using SHA, not forward screcy
"TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA",
"TLS_ECDH_RSA_WITH_AES_128_CBC_SHA",

// deprecated
"TLS_RSA_WITH_AES_256_GCM_SHA384",
"TLS_RSA_WITH_AES_128_GCM_SHA256",
Expand All @@ -144,16 +120,10 @@ public class CheckCipherSuites {
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
"TLS_DHE_RSA_WITH_AES_128_CBC_SHA256",
"TLS_DHE_DSS_WITH_AES_128_CBC_SHA256",
"TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256",
"TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256",
"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
"TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
"TLS_DHE_DSS_WITH_AES_128_CBC_SHA",
"TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA",
"TLS_ECDH_RSA_WITH_AES_128_CBC_SHA",
"TLS_RSA_WITH_AES_128_GCM_SHA256",
"TLS_RSA_WITH_AES_128_CBC_SHA256",
"TLS_RSA_WITH_AES_128_CBC_SHA",
Expand All @@ -175,54 +145,38 @@ public class CheckCipherSuites {
// Not suite B, but we want it to position the suite early
"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",

// AES_256(GCM) - ECDHE - forward screcy
// AES_256(GCM) - ECDHE - forward secrecy
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",

// AES_128(GCM) - ECDHE - forward screcy
// AES_128(GCM) - ECDHE - forward secrecy
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",

// AES_256(GCM) - DHE - forward screcy
// AES_256(GCM) - DHE - forward secrecy
"TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
"TLS_DHE_DSS_WITH_AES_256_GCM_SHA384",

// AES_128(GCM) - DHE - forward screcy
// AES_128(GCM) - DHE - forward secrecy
"TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_DHE_DSS_WITH_AES_128_GCM_SHA256",

// AES_256(CBC) - ECDHE - forward screcy
// AES_256(CBC) - ECDHE - forward secrecy
"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",

// AES_256(CBC) - ECDHE - forward screcy
// AES_256(CBC) - ECDHE - forward secrecy
"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",

// AES_256(CBC) - DHE - forward screcy
// AES_256(CBC) - DHE - forward secrecy
"TLS_DHE_RSA_WITH_AES_256_CBC_SHA256",
"TLS_DHE_DSS_WITH_AES_256_CBC_SHA256",

// AES_128(CBC) - DHE - forward screcy
// AES_128(CBC) - DHE - forward secrecy
"TLS_DHE_RSA_WITH_AES_128_CBC_SHA256",
"TLS_DHE_DSS_WITH_AES_128_CBC_SHA256",

// AES_256(GCM) - not forward screcy
"TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384",

// AES_128(GCM) - not forward screcy
"TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256",

// AES_256(CBC) - not forward screcy
"TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384",
"TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384",

// AES_128(CBC) - not forward screcy
"TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256",
"TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256",

// AES_256(CBC) - ECDHE - using SHA
"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
Expand All @@ -239,14 +193,6 @@ public class CheckCipherSuites {
"TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
"TLS_DHE_DSS_WITH_AES_128_CBC_SHA",

// AES_256(CBC) - using SHA, not forward screcy
"TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA",
"TLS_ECDH_RSA_WITH_AES_256_CBC_SHA",

// AES_128(CBC) - using SHA, not forward screcy
"TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA",
"TLS_ECDH_RSA_WITH_AES_128_CBC_SHA",

// deprecated
"TLS_RSA_WITH_AES_256_GCM_SHA384",
"TLS_RSA_WITH_AES_128_GCM_SHA256",
Expand All @@ -269,16 +215,10 @@ public class CheckCipherSuites {
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
"TLS_DHE_RSA_WITH_AES_128_CBC_SHA256",
"TLS_DHE_DSS_WITH_AES_128_CBC_SHA256",
"TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256",
"TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256",
"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
"TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
"TLS_DHE_DSS_WITH_AES_128_CBC_SHA",
"TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA",
"TLS_ECDH_RSA_WITH_AES_128_CBC_SHA",
"TLS_RSA_WITH_AES_128_GCM_SHA256",
"TLS_RSA_WITH_AES_128_CBC_SHA256",
"TLS_RSA_WITH_AES_128_CBC_SHA",
Expand Down

1 comment on commit 00d22f6

@openjdk-notifier
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please sign in to comment.