archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-08-28 07:14:30 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

8223482: Unsupported ciphersuites may be offered by a TLS client

Browse source 
Reviewed-by: xuelei
This commit is contained in:
Martin Balao 2019-05-28 19:01:38 -03:00
parent c4f8325420
commit ebf8e1c0ac
3 changed files with 33 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

27
src/java.base/share/classes/sun/security/ssl/SSLCipher.java
View file

@ -31,6 +31,7 @@ import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.PrivilegedAction;
import java.security.SecureRandom;
import java.security.Security;
@ -42,6 +43,7 @@ import java.util.Map;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.ShortBufferException;
import javax.crypto.spec.GCMParameterSpec;
@ -491,16 +493,31 @@ enum SSLCipher {
// availability of this bulk cipher
//
// We assume all supported ciphers are always available since they are
// shipped with the SunJCE provider. However, AES/256 is unavailable
// when the default JCE policy jurisdiction files are installed because
// of key length restrictions.
this.isAvailable = allowed && isUnlimited(keySize, transformation);
// AES/256 is unavailable when the default JCE policy jurisdiction files
// are installed because of key length restrictions.
this.isAvailable = allowed && isUnlimited(keySize, transformation) &&
isTransformationAvailable(transformation);
this.readCipherGenerators = readCipherGenerators;
this.writeCipherGenerators = writeCipherGenerators;
}
private static boolean isTransformationAvailable(String transformation) {
if (transformation.equals("NULL")) {
return true;
}
try {
Cipher.getInstance(transformation);
return true;
} catch (NoSuchAlgorithmException | NoSuchPaddingException e) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
SSLLogger.fine("Transformation " + transformation + " is" +
" not available.");
}
}
return false;
}
SSLReadCipher createReadCipher(Authenticator authenticator,
ProtocolVersion protocolVersion,
SecretKey key, IvParameterSpec iv,