RFR: 8269933: test/jdk/javax/net/ssl/compatibility/JdkInfo incorrect verification of protocol and cipher support
Fernando Guallini
fguallini at openjdk.java.net
Wed Jul 7 15:30:11 UTC 2021
test/jdk/javax/net/ssl/compatibility/JdkInfo is a helper class for the compatibility tests. It is verifying whether a protocol or cipher suite is supported/enabled by setting all the allowed values as a string, and then invoking String contains() to return whether a specific version is supported. This approach is problematic when, for instance, supportedProtocols is equal to 'TLSv1.3,TLSv1.2', then supportedProtocols.contains("TLSv1") will return true, given that 'TLSv1' is effectively a substring of 'TLSv1.3'.
Proposed fix: Set the supported/enabled protocols and ciphers as elements in lists, and use List contains() to find matches
-------------
Commit messages:
- refactored JdkInfo
Changes: https://git.openjdk.java.net/jdk/pull/4710/files
Webrev: https://webrevs.openjdk.java.net/?repo=jdk&pr=4710&range=00
Issue: https://bugs.openjdk.java.net/browse/JDK-8269933
Stats: 27 lines in 1 file changed: 15 ins; 0 del; 12 mod
Patch: https://git.openjdk.java.net/jdk/pull/4710.diff
Fetch: git fetch https://git.openjdk.java.net/jdk pull/4710/head:pull/4710
PR: https://git.openjdk.java.net/jdk/pull/4710
More information about the security-dev
mailing list