< prev index next >

src/java.base/share/classes/sun/security/ssl/CipherSuite.java

Print this page

        

@@ -33,12 +33,12 @@
 import java.util.List;
 import static sun.security.ssl.CipherSuite.HashAlg.*;
 import static sun.security.ssl.CipherSuite.KeyExchange.*;
 import static sun.security.ssl.CipherSuite.MacAlg.*;
 import static sun.security.ssl.SSLCipher.*;
-import sun.security.ssl.NamedGroup.NamedGroupType;
-import static sun.security.ssl.NamedGroup.NamedGroupType.*;
+import sun.security.ssl.SupportedGroupsExtension.NamedGroupType;
+import static sun.security.ssl.SupportedGroupsExtension.NamedGroupType.*;
 
 /**
  * Enum for SSL/(D)TLS cipher suites.
  *
  * Please refer to the "TLS Cipher Suite Registry" section for more details

@@ -182,11 +182,11 @@
             0x0040, true, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256", "",
             ProtocolVersion.PROTOCOLS_OF_12,
             K_DHE_DSS, B_AES_128, M_SHA256, H_SHA256),
 
     //
-    // not forward secret cipher suites.
+    // not forward screcy cipher suites.
     //
 
     // AES_256(GCM)
     TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384(
             0xC02E, true, "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384", "",

@@ -1104,50 +1104,45 @@
         K_DHE_RSA       ("DHE_RSA",        true,  false,  NAMED_GROUP_FFDHE),
         K_DHE_RSA_EXPORT("DHE_RSA_EXPORT", true,  false,  NAMED_GROUP_NONE),
         K_DH_ANON       ("DH_anon",        true,  true,   NAMED_GROUP_FFDHE),
         K_DH_ANON_EXPORT("DH_anon_EXPORT", true,  true,   NAMED_GROUP_NONE),
 
-        // These KeyExchanges can use either ECDHE/XDH, so we'll use a
-        // varargs here.
-        K_ECDH_ECDSA    ("ECDH_ECDSA",     JsseJce.ALLOW_ECC,  false,
-                NAMED_GROUP_ECDHE, NAMED_GROUP_XDH),
-        K_ECDH_RSA      ("ECDH_RSA",       JsseJce.ALLOW_ECC,  false,
-            NAMED_GROUP_ECDHE, NAMED_GROUP_XDH),
-        K_ECDHE_ECDSA   ("ECDHE_ECDSA",    JsseJce.ALLOW_ECC,  false,
-            NAMED_GROUP_ECDHE, NAMED_GROUP_XDH),
-        K_ECDHE_RSA     ("ECDHE_RSA",      JsseJce.ALLOW_ECC,  false,
-            NAMED_GROUP_ECDHE, NAMED_GROUP_XDH),
-        K_ECDH_ANON     ("ECDH_anon",      JsseJce.ALLOW_ECC,  true,
-            NAMED_GROUP_ECDHE, NAMED_GROUP_XDH),
+        K_ECDH_ECDSA    ("ECDH_ECDSA",     true,  false,  NAMED_GROUP_ECDHE),
+        K_ECDH_RSA      ("ECDH_RSA",       true,  false,  NAMED_GROUP_ECDHE),
+        K_ECDHE_ECDSA   ("ECDHE_ECDSA",    true,  false,  NAMED_GROUP_ECDHE),
+        K_ECDHE_RSA     ("ECDHE_RSA",      true,  false,  NAMED_GROUP_ECDHE),
+        K_ECDH_ANON     ("ECDH_anon",      true,  true,   NAMED_GROUP_ECDHE),
 
         // renegotiation protection request signaling cipher suite
         K_SCSV          ("SCSV",           true,  true,   NAMED_GROUP_NONE);
 
         // name of the key exchange algorithm, e.g. DHE_DSS
         final String name;
         final boolean allowed;
-        final NamedGroupType[] groupTypes;
+        final NamedGroupType groupType;
         private final boolean alwaysAvailable;
         private final boolean isAnonymous;
 
         KeyExchange(String name, boolean allowed,
-                boolean isAnonymous, NamedGroupType... groupTypes) {
+                boolean isAnonymous, NamedGroupType groupType) {
             this.name = name;
-            this.groupTypes = groupTypes;
-            this.allowed = allowed;
-
+            if (groupType == NAMED_GROUP_ECDHE) {
+                this.allowed = JsseJce.ALLOW_ECC;
+            } else {
+                this.allowed = allowed;
+            }
+            this.groupType = groupType;
             this.alwaysAvailable = allowed && (!name.startsWith("EC"));
             this.isAnonymous = isAnonymous;
         }
 
         boolean isAvailable() {
             if (alwaysAvailable) {
                 return true;
             }
 
-            if (NamedGroupType.arrayContains(
-                    groupTypes, NamedGroupType.NAMED_GROUP_ECDHE)) {
+            if (groupType == NAMED_GROUP_ECDHE) {
                 return (allowed && JsseJce.isEcAvailable());
             } else {
                 return allowed;
             }
         }
< prev index next >