[7u] RFR 8202343: Disable TLS 1.0 and 1.1
Andrew Brygin
abrygin at azul.com
Sun Apr 11 16:08:41 UTC 2021
Hello,
I would like to propose a 7u backport of 8202343 for a parity with
Oracle's 7u301.
Bug: https://bugs.openjdk.java.net/browse/JDK-8202343
8u commit: https://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/f2f0ceec19fb
7u webrev: http://cr.openjdk.java.net/~bae/7u/8202343/webrev.00/
The change does not apply cleanly: the context for platform
java.security files differs because of absence of JDK-8076221: Disable
RC4 cipher suites, which was not backported to 7u. Manually added
'TLSv1' and 'TLSv1.1' to the 'jdk.tls.disabledAlgorithms' property for
each platform file.
Summary of test changes:
* test/javax/net/ssl/TLS/TLSClientPropertyTest.java
copyright years adjustment
context changes
* test/lib/security/SecurityUtils.java
replace stream API with arrays, lists, and string builder.
* test/sun/security/ssl/HandshakeHash/HandshakeHashCloneExhaustion.java
copyright years adjustment
* test/sun/security/ssl/ClientHandshaker/LengthCheckTest.java
actual location in 7u:
test/sun/security/ssl/com/sun/net/ssl/internal/ssl/ClientHandshaker/LengthCheckTest.java
patch applies cleanly
* test/sun/security/ssl/SSLContextImpl/SSLContextDefault.java
there is no TLSv1.3 in 7u, so the test has been updated accordingly.
* test/javax/net/ssl/SSLEngine/Arrays.java
actual location in 7u:
test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/Arrays.java
This test has been updated in 8u as a part of
8245681: Add TLSv1.3 regression test from 11.0.7
So, suggested solution for the old version included in to 7u
is to just re-enable TLSv1, and TLSv1.1
* test/javax/net/ssl/TLSv11/GenericBlockCipher.java
actual location in 7u:
test/sun/security/ssl/javax/net/ssl/TLSv11/GenericBlockCipher.java
copyright years adjustment
* test/javax/net/ssl/sanity/ciphersuites/SystemPropCipherSuitesOrder.java
* test/javax/net/ssl/sanity/ciphersuites/TLSCipherSuitesOrder.java
no such tests in 7u
* test/sun/security/ssl/EngineArgs/DebugReportsOneExtraByte.java
actual location in 7u:
test/sun/security/ssl/com/sun/net/ssl/internal/ssl/EngineArgs/DebugReportsOneExtraByte.java
test library changes:
lib -> lib/testlibrary
jdk.test.lib.process.OutputAnalyzer -> jdk.testlibrary.OutputAnalyzer
jdk.test.lib.process.ProcessTools -> jdk.testlibrary.ProcessTools
Change expected output from
"WRITE: TLS10 application_data, length = 8"
to
"WRITE: TLSv1 Application Data, length = 8"
in order to reflect different logging style in 7u.
* test/sun/security/ssl/SSLContextImpl/IllegalProtocolProperty.java
actual location in 7u:
test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/IllegalProtocolProperty.java
patch applies cleanly
* test/sun/security/ssl/SSLContextImpl/SSLContextVersion.java
actual location in 7u:
test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/SSLContextVersion.java
patch applies cleanly
* test/sun/security/ssl/SSLEngineImpl/EmptyExtensionData.java
actual location in 7u:
test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLEngineImpl/EmptyExtensionData.java
copyright years adjustment
context changes due to absent fix for
8024444: Change to use othervm mode of tests in SSLEngineImpl
* test/sun/security/ssl/SSLEngineImpl/SSLEngineBadBufferArrayAccess.java
actual location in 7u:
test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLEngineImpl/SSLEngineBadBufferArrayAccess.java
copyright years adjustment
Additional tests from 7u, which require TLSv1/TLSv1.1
* test/sun/security/ssl/javax/net/ssl/TLSv11/GenericStreamCipher.java
* test/sun/security/ssl/templates/SSLSocketSSLEngineTemplate.java
Testing: regression tests for sun/security/ssl and javax/net/ssl do not
reveal new regressions.
Thanks,
Andrew
More information about the jdk7u-dev
mailing list