|
32 | 32 | * @summary make ephemeral DH key match the length of the certificate key |
33 | 33 | * @library /javax/net/ssl/templates |
34 | 34 | * @run main/othervm -Djdk.tls.client.enableSessionTicketExtension=false |
35 | | - * DHEKeySizing TLS_DHE_RSA_WITH_AES_128_CBC_SHA false 1643 267 |
| 35 | + * DHEKeySizing TLS_DHE_RSA_WITH_AES_128_CBC_SHA 1643 267 TLSv1 |
36 | 36 | * @run main/othervm -Djsse.enableFFDHE=false |
37 | 37 | * -Djdk.tls.client.enableSessionTicketExtension=false |
38 | | - * DHEKeySizing SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA true 1259 75 |
| 38 | + * DHEKeySizing SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA 1259 75 TLSv1.1 |
39 | 39 | * @run main/othervm -Djsse.enableFFDHE=false |
40 | 40 | * -Djdk.tls.ephemeralDHKeySize=matched |
41 | 41 | * -Djdk.tls.client.enableSessionTicketExtension=false |
42 | | - * DHEKeySizing SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA true 1259 75 |
| 42 | + * DHEKeySizing SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA 1259 75 TLSv1.2 |
43 | 43 | * @run main/othervm -Djsse.enableFFDHE=false |
44 | 44 | * -Djdk.tls.ephemeralDHKeySize=legacy |
45 | 45 | * -Djdk.tls.client.enableSessionTicketExtension=false |
46 | | - * DHEKeySizing SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA true 1259 75 |
| 46 | + * DHEKeySizing SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA 1259 75 TLSv1 |
47 | 47 | * @run main/othervm -Djsse.enableFFDHE=false |
48 | 48 | * -Djdk.tls.ephemeralDHKeySize=1024 |
49 | 49 | * -Djdk.tls.client.enableSessionTicketExtension=false |
50 | | - * DHEKeySizing SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA true 1259 75 |
51 | | - * |
| 50 | + * DHEKeySizing SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA 1259 75 TLSv1.1 |
52 | 51 | * @run main/othervm -Djsse.enableFFDHE=false |
53 | 52 | * -Djdk.tls.client.enableSessionTicketExtension=false |
54 | | - * DHEKeySizing SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA true 233 75 |
55 | | - * |
| 53 | + * DHEKeySizing SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA 233 75 TLSv1.2 |
56 | 54 | * @run main/othervm -Djsse.enableFFDHE=false |
57 | 55 | * -Djdk.tls.client.enableSessionTicketExtension=false |
58 | | - * DHEKeySizing TLS_DHE_RSA_WITH_AES_128_CBC_SHA false 1643 267 |
| 56 | + * DHEKeySizing TLS_DHE_RSA_WITH_AES_128_CBC_SHA 1643 267 TLSv1 |
59 | 57 | * @run main/othervm -Djsse.enableFFDHE=false |
60 | 58 | * -Djdk.tls.ephemeralDHKeySize=legacy |
61 | 59 | * -Djdk.tls.client.enableSessionTicketExtension=false |
62 | | - * DHEKeySizing TLS_DHE_RSA_WITH_AES_128_CBC_SHA false 1323 107 |
| 60 | + * DHEKeySizing TLS_DHE_RSA_WITH_AES_128_CBC_SHA 1323 107 TLSv1.1 |
63 | 61 | * @run main/othervm -Djsse.enableFFDHE=false |
64 | 62 | * -Djdk.tls.ephemeralDHKeySize=matched |
65 | 63 | * -Djdk.tls.client.enableSessionTicketExtension=false |
66 | | - * DHEKeySizing TLS_DHE_RSA_WITH_AES_128_CBC_SHA false 1643 267 |
| 64 | + * DHEKeySizing TLS_DHE_RSA_WITH_AES_128_CBC_SHA 1645 267 TLSv1.2 |
67 | 65 | * @run main/othervm -Djsse.enableFFDHE=false |
68 | 66 | * -Djdk.tls.ephemeralDHKeySize=1024 |
69 | 67 | * -Djdk.tls.client.enableSessionTicketExtension=false |
70 | | - * DHEKeySizing TLS_DHE_RSA_WITH_AES_128_CBC_SHA false 1387 139 |
71 | | - * |
| 68 | + * DHEKeySizing TLS_DHE_RSA_WITH_AES_128_CBC_SHA 1387 139 TLSv1 |
72 | 69 | * @run main/othervm -Djsse.enableFFDHE=false |
73 | 70 | * -Djdk.tls.client.enableSessionTicketExtension=false |
74 | | - * DHEKeySizing SSL_DH_anon_WITH_RC4_128_MD5 false 617 267 |
| 71 | + * DHEKeySizing SSL_DH_anon_WITH_RC4_128_MD5 617 267 TLSv1.1 |
75 | 72 | * @run main/othervm -Djsse.enableFFDHE=false |
76 | 73 | * -Djdk.tls.client.enableSessionTicketExtension=false |
77 | 74 | * -Djdk.tls.ephemeralDHKeySize=legacy |
78 | | - * DHEKeySizing SSL_DH_anon_WITH_RC4_128_MD5 false 297 107 |
| 75 | + * DHEKeySizing SSL_DH_anon_WITH_RC4_128_MD5 297 107 TLSv1.2 |
79 | 76 | * @run main/othervm -Djsse.enableFFDHE=false |
80 | 77 | * -Djdk.tls.client.enableSessionTicketExtension=false |
81 | 78 | * -Djdk.tls.ephemeralDHKeySize=matched |
82 | | - * DHEKeySizing SSL_DH_anon_WITH_RC4_128_MD5 false 617 267 |
| 79 | + * DHEKeySizing SSL_DH_anon_WITH_RC4_128_MD5 617 267 TLSv1 |
83 | 80 | * @run main/othervm -Djsse.enableFFDHE=false |
84 | 81 | * -Djdk.tls.client.enableSessionTicketExtension=false |
85 | 82 | * -Djdk.tls.ephemeralDHKeySize=1024 |
86 | | - * DHEKeySizing SSL_DH_anon_WITH_RC4_128_MD5 false 361 139 |
| 83 | + * DHEKeySizing SSL_DH_anon_WITH_RC4_128_MD5 361 139 TLSv1.1 |
87 | 84 | */ |
88 | 85 |
|
89 | 86 | /* |
@@ -133,11 +130,13 @@ public class DHEKeySizing extends SSLEngineTemplate { |
133 | 130 | // key length bias because of the stripping of leading zero bytes of |
134 | 131 | // negotiated DH keys. |
135 | 132 | // |
136 | | - // This is an effort to mimum intermittent failure when we cannot |
| 133 | + // This is an effort to minimize intermittent failures when we cannot |
137 | 134 | // estimate what's the exact number of leading zero bytes of |
138 | 135 | // negotiated DH keys. |
139 | 136 | private final static int KEY_LEN_BIAS = 6; |
140 | 137 |
|
| 138 | + private static String protocol; |
| 139 | + |
141 | 140 | private void checkResult(ByteBuffer bbIn, ByteBuffer bbOut, |
142 | 141 | SSLEngineResult result, |
143 | 142 | Status status, HandshakeStatus hsStatus, |
@@ -175,8 +174,8 @@ private void checkResult(ByteBuffer bbIn, ByteBuffer bbOut, |
175 | 174 | } |
176 | 175 | } |
177 | 176 |
|
178 | | - private void test(String cipherSuite, boolean exportable, |
179 | | - int lenServerKeyEx, int lenClientKeyEx) throws Exception { |
| 177 | + private void test(String cipherSuite, int lenServerKeyEx, |
| 178 | + int lenClientKeyEx) throws Exception { |
180 | 179 |
|
181 | 180 | SSLEngineResult result1; // clientEngine's results from last operation |
182 | 181 | SSLEngineResult result2; // serverEngine's results from last operation |
@@ -316,15 +315,16 @@ public static void main(String args[]) throws Exception { |
316 | 315 | if (args.length != 4) { |
317 | 316 | System.out.println( |
318 | 317 | "Usage: java DHEKeySizing cipher-suite " + |
319 | | - "exportable(true|false)\n" + |
320 | | - " size-of-server-hello-record size-of-client-key-exchange"); |
| 318 | + "size-of-server-hello-record\n" + |
| 319 | + " size-of-client-key-exchange protocol"); |
321 | 320 | throw new Exception("Incorrect usage!"); |
322 | 321 | } |
323 | 322 |
|
| 323 | + protocol = args[3]; |
| 324 | + |
324 | 325 | (new DHEKeySizing()).test(args[0], |
325 | | - Boolean.parseBoolean(args[1]), |
326 | | - Integer.parseInt(args[2]), |
327 | | - Integer.parseInt(args[3])); |
| 326 | + Integer.parseInt(args[1]), |
| 327 | + Integer.parseInt(args[2])); |
328 | 328 | System.out.println("Test Passed."); |
329 | 329 | } |
330 | 330 |
|
@@ -359,12 +359,12 @@ protected SSLContext createClientSSLContext() throws Exception { |
359 | 359 |
|
360 | 360 | @Override |
361 | 361 | protected ContextParameters getClientContextParameters() { |
362 | | - return new ContextParameters("TLSv1", "PKIX", "NewSunX509"); |
| 362 | + return new ContextParameters(protocol, "PKIX", "NewSunX509"); |
363 | 363 | } |
364 | 364 |
|
365 | 365 | @Override |
366 | 366 | protected ContextParameters getServerContextParameters() { |
367 | | - return new ContextParameters("TLSv1", "PKIX", "NewSunX509"); |
| 367 | + return new ContextParameters(protocol, "PKIX", "NewSunX509"); |
368 | 368 | } |
369 | 369 |
|
370 | 370 | private static void log(String str) { |
|
0 commit comments