Skip to content
Permalink
Browse files

8234728: Some security tests should support TLSv1.3

Tests were updated to support TLSv1.3 and cipher suite order

Reviewed-by: xuelei
  • Loading branch information
Sibabrata Sahoo
Sibabrata Sahoo committed Dec 13, 2019
1 parent e6b381f commit 58cce5fbf4eb64eb14588893d456bcfb006944bf
@@ -100,7 +100,7 @@
K_ECDHE_ECDSA, B_CC20_P1305, M_NULL, H_SHA256),

//
// Forward screcy cipher suites.
// Forward secrecy cipher suites.
//

// AES_256(GCM) - ECDHE
@@ -271,7 +271,7 @@
ProtocolVersion.PROTOCOLS_TO_12,
K_DHE_DSS, B_AES_128, M_SHA, H_SHA256),

// AES_256(CBC) - using SHA, not forward screcy
// AES_256(CBC) - using SHA, not forward secrecy
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA(
0xC005, true, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", "",
ProtocolVersion.PROTOCOLS_TO_12,
@@ -281,7 +281,7 @@
ProtocolVersion.PROTOCOLS_TO_12,
K_ECDH_RSA, B_AES_256, M_SHA, H_SHA256),

// AES_128(CBC) - using SHA, not forward screcy
// AES_128(CBC) - using SHA, not forward secrecy
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA(
0xC004, true, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", "",
ProtocolVersion.PROTOCOLS_TO_12,
@@ -319,13 +319,13 @@
ProtocolVersion.PROTOCOLS_OF_12,
K_RSA, B_AES_128, M_SHA256, H_SHA256),

// RSA, AES_256(CBC) - using SHA, not forward screcy
// RSA, AES_256(CBC) - using SHA, not forward secrecy
TLS_RSA_WITH_AES_256_CBC_SHA(
0x0035, true, "TLS_RSA_WITH_AES_256_CBC_SHA", "",
ProtocolVersion.PROTOCOLS_TO_12,
K_RSA, B_AES_256, M_SHA, H_SHA256),

// RSA, AES_128(CBC) - using SHA, not forward screcy
// RSA, AES_128(CBC) - using SHA, not forward secrecy
TLS_RSA_WITH_AES_128_CBC_SHA(
0x002F, true, "TLS_RSA_WITH_AES_128_CBC_SHA", "",
ProtocolVersion.PROTOCOLS_TO_12,
@@ -464,7 +464,7 @@
ProtocolVersion.PROTOCOLS_TO_TLS12,
K_DH_ANON, B_RC4_128, M_MD5, H_SHA256),

// weak cipher suites obsoleted in TLS 1.2 [RFC 5246]
// Weak cipher suites obsoleted in TLS 1.2 [RFC 5246]
SSL_RSA_WITH_DES_CBC_SHA(
0x0009, false, "SSL_RSA_WITH_DES_CBC_SHA",
"TLS_RSA_WITH_DES_CBC_SHA",
@@ -486,7 +486,7 @@
ProtocolVersion.PROTOCOLS_TO_11,
K_DH_ANON, B_DES, M_SHA, H_NONE),

// weak cipher suites obsoleted in TLS 1.1 [RFC 4346]
// Weak cipher suites obsoleted in TLS 1.1 [RFC 4346]
SSL_RSA_EXPORT_WITH_DES40_CBC_SHA(
0x0008, false, "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA",
"TLS_RSA_EXPORT_WITH_DES40_CBC_SHA",
@@ -518,7 +518,7 @@
ProtocolVersion.PROTOCOLS_TO_10,
K_DH_ANON, B_RC4_40, M_MD5, H_NONE),

// no traffic encryption cipher suites
// No traffic encryption cipher suites
TLS_RSA_WITH_NULL_SHA256(
0x003B, false, "TLS_RSA_WITH_NULL_SHA256", "",
ProtocolVersion.PROTOCOLS_OF_12,
@@ -554,14 +554,14 @@
ProtocolVersion.PROTOCOLS_TO_12,
K_RSA, B_NULL, M_MD5, H_SHA256),

// Definition of the CipherSuites that are not supported but the names
// Definition of the cipher suites that are not supported but the names
// are known.
TLS_AES_128_CCM_SHA256( // TLS 1.3
"TLS_AES_128_CCM_SHA256", 0x1304),
TLS_AES_128_CCM_8_SHA256( // TLS 1.3
"TLS_AES_128_CCM_8_SHA256", 0x1305),

// remaining unsupported ciphersuites defined in RFC2246.
// Remaining unsupported cipher suites defined in RFC2246.
CS_0006("SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5", 0x0006),
CS_0007("SSL_RSA_WITH_IDEA_CBC_SHA", 0x0007),
CS_000B("SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA", 0x000b),
@@ -571,18 +571,18 @@
CS_000F("SSL_DH_RSA_WITH_DES_CBC_SHA", 0x000f),
CS_0010("SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA", 0x0010),

// SSL 3.0 Fortezza ciphersuites
// SSL 3.0 Fortezza cipher suites
CS_001C("SSL_FORTEZZA_DMS_WITH_NULL_SHA", 0x001c),
CS_001D("SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA", 0x001d),

// 1024/56 bit exportable ciphersuites from expired internet draft
// 1024/56 bit exportable cipher suites from expired internet draft
CS_0062("SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA", 0x0062),
CS_0063("SSL_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA", 0x0063),
CS_0064("SSL_RSA_EXPORT1024_WITH_RC4_56_SHA", 0x0064),
CS_0065("SSL_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA", 0x0065),
CS_0066("SSL_DHE_DSS_WITH_RC4_128_SHA", 0x0066),

// Netscape old and new SSL 3.0 FIPS ciphersuites
// Netscape old and new SSL 3.0 FIPS cipher suites
// see http://www.mozilla.org/projects/security/pki/nss/ssl/fips-ssl-ciphersuites.html
CS_FFE0("NETSCAPE_RSA_FIPS_WITH_3DES_EDE_CBC_SHA", 0xffe0),
CS_FFE1("NETSCAPE_RSA_FIPS_WITH_DES_CBC_SHA", 0xffe1),

0 comments on commit 58cce5f

Please sign in to comment.
You can’t perform that action at this time.