RFR: 8269933: test/jdk/javax/net/ssl/compatibility/JdkInfo incorrect verification of protocol and cipher support
Xue-Lei Andrew Fan
xuelei at openjdk.java.net
Wed Jul 7 17:32:50 UTC 2021
On Wed, 7 Jul 2021 15:23:09 GMT, Fernando Guallini <fguallini at openjdk.org> wrote:
> test/jdk/javax/net/ssl/compatibility/JdkInfo is a helper class for the compatibility tests. It is verifying whether a protocol or cipher suite is supported/enabled by setting all the allowed values as a string, and then invoking String contains() to return whether a specific version is supported. This approach is problematic when, for instance, supportedProtocols is equal to 'TLSv1.3,TLSv1.2', then supportedProtocols.contains("TLSv1") will return true, given that 'TLSv1' is effectively a substring of 'TLSv1.3'.
>
> Proposed fix: Set the supported/enabled protocols and ciphers as elements in lists, and use List contains() to find matches
Marked as reviewed by xuelei (Reviewer).
-------------
PR: https://git.openjdk.java.net/jdk/pull/4710
More information about the security-dev
mailing list