RFR: 8269933: test/jdk/javax/net/ssl/compatibility/JdkInfo incorrect verification of protocol and cipher support

Fernando Guallini fguallini at openjdk.java.net
Wed Jul 7 15:30:11 UTC 2021


test/jdk/javax/net/ssl/compatibility/JdkInfo is a helper class for the compatibility tests. It is verifying whether a protocol or cipher suite is supported/enabled by setting all the allowed values as a string, and then invoking String contains() to return whether a specific version is supported. This approach is problematic when, for instance, supportedProtocols is equal to 'TLSv1.3,TLSv1.2', then supportedProtocols.contains("TLSv1") will return true, given that 'TLSv1' is effectively a substring of 'TLSv1.3'.

Proposed fix: Set the supported/enabled protocols and ciphers as elements in lists, and use List contains() to find matches

-------------

Commit messages:
 - refactored JdkInfo

Changes: https://git.openjdk.java.net/jdk/pull/4710/files
 Webrev: https://webrevs.openjdk.java.net/?repo=jdk&pr=4710&range=00
  Issue: https://bugs.openjdk.java.net/browse/JDK-8269933
  Stats: 27 lines in 1 file changed: 15 ins; 0 del; 12 mod
  Patch: https://git.openjdk.java.net/jdk/pull/4710.diff
  Fetch: git fetch https://git.openjdk.java.net/jdk pull/4710/head:pull/4710

PR: https://git.openjdk.java.net/jdk/pull/4710



More information about the security-dev mailing list