RFR: 8356544: Implement additional tests for ciphersuites disabled with wildcards

Rajan Halade rhalade at openjdk.org
Wed Nov 19 19:46:54 UTC 2025 

On Mon, 27 Oct 2025 15:54:34 GMT, Matthew Donovan <mdonovan at openjdk.org> wrote:

> This PR extends the tests from JDK-8341964 and verifies a TLS server (or client) will not negotiate a ciphersuite requested by the remote peer but disabled with a wildcard.

Changes requested by rhalade (Reviewer).

test/jdk/sun/security/ssl/CipherSuite/DisabledCipherSuitesNotNegotiated.java line 26:

> 24: /*
> 25:  * @test
> 26:  * @library /test/lib

add @bug with 8341964

test/jdk/sun/security/ssl/CipherSuite/DisabledCipherSuitesNotNegotiated.java line 76:

> 74:                 try {
> 75:                     clientSocket.getInputStream().readAllBytes();
> 76:                     throw new Exception("The expected handshake exception was not thrown.");

can you suffix this message with server and client?

test/jdk/sun/security/ssl/CipherSuite/DisabledCipherSuitesNotNegotiated.java line 86:

> 84: 
> 85:     private static void runClient(boolean disableInClient, int portNumber) throws Exception {
> 86:         SSLContext ctx = SSLContext.getInstance("TLSv1.2");

I prefer to have the `TLSv1.2` defined as final constant at class level so it is clear that this test is only for TLSv1.2

test/jdk/sun/security/ssl/CipherSuite/DisabledCipherSuitesNotNegotiated.java line 104:

> 102: 
> 103:     public static void main(String [] args) throws Exception {
> 104:         if (args.length == 1) {

fail here if the test is called without any arguments.

test/jdk/sun/security/ssl/CipherSuite/DisabledCipherSuitesNotNegotiated.java line 150:

> 148:     }
> 149: 
> 150: }

missing line at end

-------------

PR Review: https://git.openjdk.org/jdk/pull/28003#pullrequestreview-3484306760
PR Review Comment: https://git.openjdk.org/jdk/pull/28003#discussion_r2543220505
PR Review Comment: https://git.openjdk.org/jdk/pull/28003#discussion_r2543298915
PR Review Comment: https://git.openjdk.org/jdk/pull/28003#discussion_r2543301078
PR Review Comment: https://git.openjdk.org/jdk/pull/28003#discussion_r2543302049
PR Review Comment: https://git.openjdk.org/jdk/pull/28003#discussion_r2543222718

More information about the security-dev mailing list