< prev index next >

src/java.base/share/classes/sun/security/ssl/CipherSuite.java

Print this page

        

*** 33,44 **** import java.util.List; import static sun.security.ssl.CipherSuite.HashAlg.*; import static sun.security.ssl.CipherSuite.KeyExchange.*; import static sun.security.ssl.CipherSuite.MacAlg.*; import static sun.security.ssl.SSLCipher.*; ! import sun.security.ssl.NamedGroup.NamedGroupType; ! import static sun.security.ssl.NamedGroup.NamedGroupType.*; /** * Enum for SSL/(D)TLS cipher suites. * * Please refer to the "TLS Cipher Suite Registry" section for more details --- 33,44 ---- import java.util.List; import static sun.security.ssl.CipherSuite.HashAlg.*; import static sun.security.ssl.CipherSuite.KeyExchange.*; import static sun.security.ssl.CipherSuite.MacAlg.*; import static sun.security.ssl.SSLCipher.*; ! import sun.security.ssl.SupportedGroupsExtension.NamedGroupType; ! import static sun.security.ssl.SupportedGroupsExtension.NamedGroupType.*; /** * Enum for SSL/(D)TLS cipher suites. * * Please refer to the "TLS Cipher Suite Registry" section for more details
*** 182,192 **** 0x0040, true, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256", "", ProtocolVersion.PROTOCOLS_OF_12, K_DHE_DSS, B_AES_128, M_SHA256, H_SHA256), // ! // not forward secret cipher suites. // // AES_256(GCM) TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384( 0xC02E, true, "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384", "", --- 182,192 ---- 0x0040, true, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256", "", ProtocolVersion.PROTOCOLS_OF_12, K_DHE_DSS, B_AES_128, M_SHA256, H_SHA256), // ! // not forward screcy cipher suites. // // AES_256(GCM) TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384( 0xC02E, true, "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384", "",
*** 1104,1153 **** K_DHE_RSA ("DHE_RSA", true, false, NAMED_GROUP_FFDHE), K_DHE_RSA_EXPORT("DHE_RSA_EXPORT", true, false, NAMED_GROUP_NONE), K_DH_ANON ("DH_anon", true, true, NAMED_GROUP_FFDHE), K_DH_ANON_EXPORT("DH_anon_EXPORT", true, true, NAMED_GROUP_NONE), ! // These KeyExchanges can use either ECDHE/XDH, so we'll use a ! // varargs here. ! K_ECDH_ECDSA ("ECDH_ECDSA", JsseJce.ALLOW_ECC, false, ! NAMED_GROUP_ECDHE, NAMED_GROUP_XDH), ! K_ECDH_RSA ("ECDH_RSA", JsseJce.ALLOW_ECC, false, ! NAMED_GROUP_ECDHE, NAMED_GROUP_XDH), ! K_ECDHE_ECDSA ("ECDHE_ECDSA", JsseJce.ALLOW_ECC, false, ! NAMED_GROUP_ECDHE, NAMED_GROUP_XDH), ! K_ECDHE_RSA ("ECDHE_RSA", JsseJce.ALLOW_ECC, false, ! NAMED_GROUP_ECDHE, NAMED_GROUP_XDH), ! K_ECDH_ANON ("ECDH_anon", JsseJce.ALLOW_ECC, true, ! NAMED_GROUP_ECDHE, NAMED_GROUP_XDH), // renegotiation protection request signaling cipher suite K_SCSV ("SCSV", true, true, NAMED_GROUP_NONE); // name of the key exchange algorithm, e.g. DHE_DSS final String name; final boolean allowed; ! final NamedGroupType[] groupTypes; private final boolean alwaysAvailable; private final boolean isAnonymous; KeyExchange(String name, boolean allowed, ! boolean isAnonymous, NamedGroupType... groupTypes) { this.name = name; ! this.groupTypes = groupTypes; ! this.allowed = allowed; ! this.alwaysAvailable = allowed && (!name.startsWith("EC")); this.isAnonymous = isAnonymous; } boolean isAvailable() { if (alwaysAvailable) { return true; } ! if (NamedGroupType.arrayContains( ! groupTypes, NamedGroupType.NAMED_GROUP_ECDHE)) { return (allowed && JsseJce.isEcAvailable()); } else { return allowed; } } --- 1104,1148 ---- K_DHE_RSA ("DHE_RSA", true, false, NAMED_GROUP_FFDHE), K_DHE_RSA_EXPORT("DHE_RSA_EXPORT", true, false, NAMED_GROUP_NONE), K_DH_ANON ("DH_anon", true, true, NAMED_GROUP_FFDHE), K_DH_ANON_EXPORT("DH_anon_EXPORT", true, true, NAMED_GROUP_NONE), ! K_ECDH_ECDSA ("ECDH_ECDSA", true, false, NAMED_GROUP_ECDHE), ! K_ECDH_RSA ("ECDH_RSA", true, false, NAMED_GROUP_ECDHE), ! K_ECDHE_ECDSA ("ECDHE_ECDSA", true, false, NAMED_GROUP_ECDHE), ! K_ECDHE_RSA ("ECDHE_RSA", true, false, NAMED_GROUP_ECDHE), ! K_ECDH_ANON ("ECDH_anon", true, true, NAMED_GROUP_ECDHE), // renegotiation protection request signaling cipher suite K_SCSV ("SCSV", true, true, NAMED_GROUP_NONE); // name of the key exchange algorithm, e.g. DHE_DSS final String name; final boolean allowed; ! final NamedGroupType groupType; private final boolean alwaysAvailable; private final boolean isAnonymous; KeyExchange(String name, boolean allowed, ! boolean isAnonymous, NamedGroupType groupType) { this.name = name; ! if (groupType == NAMED_GROUP_ECDHE) { ! this.allowed = JsseJce.ALLOW_ECC; ! } else { ! this.allowed = allowed; ! } ! this.groupType = groupType; this.alwaysAvailable = allowed && (!name.startsWith("EC")); this.isAnonymous = isAnonymous; } boolean isAvailable() { if (alwaysAvailable) { return true; } ! if (groupType == NAMED_GROUP_ECDHE) { return (allowed && JsseJce.isEcAvailable()); } else { return allowed; } }
< prev index next >