[7u] RFR 8202343: Disable TLS 1.0 and 1.1
Dmitry Cherepanov
dcherepanov at azul.com
Tue Apr 13 16:00:59 UTC 2021
Hi Andrew,
The change looks good to me.
Thanks,
Dmitry
On 11.04.2021 19:08, Andrew Brygin wrote:
> Hello,
>
> I would like to propose a 7u backport of 8202343 for a parity with
> Oracle's 7u301.
>
> Bug: https://bugs.openjdk.java.net/browse/JDK-8202343
> 8u commit: https://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/f2f0ceec19fb
> 7u webrev: http://cr.openjdk.java.net/~bae/7u/8202343/webrev.00/
>
> The change does not apply cleanly: the context for platform
> java.security files differs because of absence of JDK-8076221: Disable
> RC4 cipher suites, which was not backported to 7u. Manually added
> 'TLSv1' and 'TLSv1.1' to the 'jdk.tls.disabledAlgorithms' property for
> each platform file.
>
> Summary of test changes:
> * test/javax/net/ssl/TLS/TLSClientPropertyTest.java
> copyright years adjustment
> context changes
>
> * test/lib/security/SecurityUtils.java
> replace stream API with arrays, lists, and string builder.
>
> * test/sun/security/ssl/HandshakeHash/HandshakeHashCloneExhaustion.java
> copyright years adjustment
>
> * test/sun/security/ssl/ClientHandshaker/LengthCheckTest.java
> actual location in 7u:
>
> test/sun/security/ssl/com/sun/net/ssl/internal/ssl/ClientHandshaker/LengthCheckTest.java
> patch applies cleanly
>
> * test/sun/security/ssl/SSLContextImpl/SSLContextDefault.java
> there is no TLSv1.3 in 7u, so the test has been updated accordingly.
>
> * test/javax/net/ssl/SSLEngine/Arrays.java
> actual location in 7u:
> test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/Arrays.java
> This test has been updated in 8u as a part of
> 8245681: Add TLSv1.3 regression test from 11.0.7
>
> So, suggested solution for the old version included in to 7u
> is to just re-enable TLSv1, and TLSv1.1
>
> * test/javax/net/ssl/TLSv11/GenericBlockCipher.java
> actual location in 7u:
> test/sun/security/ssl/javax/net/ssl/TLSv11/GenericBlockCipher.java
> copyright years adjustment
>
> * test/javax/net/ssl/sanity/ciphersuites/SystemPropCipherSuitesOrder.java
> * test/javax/net/ssl/sanity/ciphersuites/TLSCipherSuitesOrder.java
> no such tests in 7u
>
> * test/sun/security/ssl/EngineArgs/DebugReportsOneExtraByte.java
> actual location in 7u:
>
> test/sun/security/ssl/com/sun/net/ssl/internal/ssl/EngineArgs/DebugReportsOneExtraByte.java
> test library changes:
> lib -> lib/testlibrary
> jdk.test.lib.process.OutputAnalyzer -> jdk.testlibrary.OutputAnalyzer
> jdk.test.lib.process.ProcessTools -> jdk.testlibrary.ProcessTools
>
> Change expected output from
> "WRITE: TLS10 application_data, length = 8"
> to
> "WRITE: TLSv1 Application Data, length = 8"
> in order to reflect different logging style in 7u.
>
> * test/sun/security/ssl/SSLContextImpl/IllegalProtocolProperty.java
> actual location in 7u:
>
> test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/IllegalProtocolProperty.java
> patch applies cleanly
>
> * test/sun/security/ssl/SSLContextImpl/SSLContextVersion.java
> actual location in 7u:
>
> test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/SSLContextVersion.java
> patch applies cleanly
>
> * test/sun/security/ssl/SSLEngineImpl/EmptyExtensionData.java
> actual location in 7u:
>
> test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLEngineImpl/EmptyExtensionData.java
> copyright years adjustment
> context changes due to absent fix for
> 8024444: Change to use othervm mode of tests in SSLEngineImpl
>
> * test/sun/security/ssl/SSLEngineImpl/SSLEngineBadBufferArrayAccess.java
> actual location in 7u:
>
> test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLEngineImpl/SSLEngineBadBufferArrayAccess.java
> copyright years adjustment
>
> Additional tests from 7u, which require TLSv1/TLSv1.1
>
> * test/sun/security/ssl/javax/net/ssl/TLSv11/GenericStreamCipher.java
> * test/sun/security/ssl/templates/SSLSocketSSLEngineTemplate.java
>
> Testing: regression tests for sun/security/ssl and javax/net/ssl do not
> reveal new regressions.
>
> Thanks,
> Andrew
More information about the jdk7u-dev
mailing list