Skip to content

Commit

Permalink
8235448: code cleanup in SSLContextImpl.java
Browse files Browse the repository at this point in the history
Reviewed-by: mbaesken
Backport-of: baebce3
  • Loading branch information
GoeLin committed Mar 1, 2023
1 parent 5802a9a commit 15bdc4d
Showing 1 changed file with 35 additions and 45 deletions.
80 changes: 35 additions & 45 deletions src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@

package sun.security.ssl;

import java.io.*;
import java.io.FileInputStream;
import java.net.Socket;
import java.security.*;
import java.security.cert.*;
Expand Down Expand Up @@ -617,26 +617,6 @@ SSLEngine createSSLEngineImpl(String host, int port) {
boolean isDTLS() {
return false;
}

static ProtocolVersion[] getSupportedProtocols() {
if (SunJSSE.isFIPS()) {
return new ProtocolVersion[] {
ProtocolVersion.TLS13,
ProtocolVersion.TLS12,
ProtocolVersion.TLS11,
ProtocolVersion.TLS10
};
} else {
return new ProtocolVersion[]{
ProtocolVersion.TLS13,
ProtocolVersion.TLS12,
ProtocolVersion.TLS11,
ProtocolVersion.TLS10,
ProtocolVersion.SSL30,
ProtocolVersion.SSL20Hello
};
}
}
}

/*
Expand Down Expand Up @@ -934,9 +914,41 @@ private static List<ProtocolVersion> customizedProtocols(
ProtocolVersion[] candidates;
if (refactored.isEmpty()) {
if (client) {
candidates = getProtocols();
// default client protocols
if (SunJSSE.isFIPS()) {
candidates = new ProtocolVersion[] {
ProtocolVersion.TLS13,
ProtocolVersion.TLS12,
ProtocolVersion.TLS11,
ProtocolVersion.TLS10
};
} else {
candidates = new ProtocolVersion[] {
ProtocolVersion.TLS13,
ProtocolVersion.TLS12,
ProtocolVersion.TLS11,
ProtocolVersion.TLS10,
ProtocolVersion.SSL30
};
}
} else {
candidates = getSupportedProtocols();
if (SunJSSE.isFIPS()) {
candidates = new ProtocolVersion[] {
ProtocolVersion.TLS13,
ProtocolVersion.TLS12,
ProtocolVersion.TLS11,
ProtocolVersion.TLS10
};
} else {
candidates = new ProtocolVersion[] {
ProtocolVersion.TLS13,
ProtocolVersion.TLS12,
ProtocolVersion.TLS11,
ProtocolVersion.TLS10,
ProtocolVersion.SSL30,
ProtocolVersion.SSL20Hello
};
}
}
} else {
// Use the customized TLS protocols.
Expand All @@ -947,25 +959,6 @@ private static List<ProtocolVersion> customizedProtocols(
return getAvailableProtocols(candidates);
}

static ProtocolVersion[] getProtocols() {
if (SunJSSE.isFIPS()) {
return new ProtocolVersion[]{
ProtocolVersion.TLS13,
ProtocolVersion.TLS12,
ProtocolVersion.TLS11,
ProtocolVersion.TLS10
};
} else {
return new ProtocolVersion[]{
ProtocolVersion.TLS13,
ProtocolVersion.TLS12,
ProtocolVersion.TLS11,
ProtocolVersion.TLS10,
ProtocolVersion.SSL30
};
}
}

protected CustomizedTLSContext() {
if (reservedException != null) {
throw reservedException;
Expand All @@ -991,8 +984,6 @@ List<CipherSuite> getClientDefaultCipherSuites() {
List<CipherSuite> getServerDefaultCipherSuites() {
return serverDefaultCipherSuites;
}


}

/*
Expand Down Expand Up @@ -1243,7 +1234,6 @@ private abstract static class AbstractDTLSContext extends SSLContextImpl {
private static final List<CipherSuite> serverDefaultCipherSuites;

static {
// Both DTLSv1.0 and DTLSv1.2 can be used in FIPS mode.
supportedProtocols = Arrays.asList(
ProtocolVersion.DTLS12,
ProtocolVersion.DTLS10
Expand Down

1 comment on commit 15bdc4d

@openjdk-notifier
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please sign in to comment.