8279164: Disable TLS_ECDH_* cipher suites · openjdk/jdk8u-dev@b1e2ea8 (original) (raw)

1

`/*

2

3

` * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.

4

` *

5

` * This code is free software; you can redistribute it and/or modify it

`@@ -23,7 +23,7 @@

23

24

`/*

25

` * @test

26

@bug 4750141 4895631 8217579 8163326

26

@bug 4750141 4895631 8217579 8163326 8279164

27

` * @summary Check enabled and supported ciphersuites are correct

28

` * @run main/othervm CheckCipherSuites default

29

` * @run main/othervm CheckCipherSuites limited

`@@ -46,52 +46,36 @@ public class CheckCipherSuites {

46

`"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",

47

`"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",

48

49

// AES_256(GCM) - ECDHE - forward screcy

49

// AES_256(GCM) - ECDHE - forward secrecy

50

`"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",

51

52

// AES_128(GCM) - ECDHE - forward screcy

52

// AES_128(GCM) - ECDHE - forward secrecy

53

`"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",

54

55

// AES_256(GCM) - DHE - forward screcy

55

// AES_256(GCM) - DHE - forward secrecy

56

`"TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",

57

`"TLS_DHE_DSS_WITH_AES_256_GCM_SHA384",

58

59

// AES_128(GCM) - DHE - forward screcy

59

// AES_128(GCM) - DHE - forward secrecy

60

`"TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",

61

`"TLS_DHE_DSS_WITH_AES_128_GCM_SHA256",

62

63

// AES_256(CBC) - ECDHE - forward screcy

63

// AES_256(CBC) - ECDHE - forward secrecy

64

`"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",

65

`"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",

66

67

// AES_256(CBC) - ECDHE - forward screcy

67

// AES_256(CBC) - ECDHE - forward secrecy

68

`"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",

69

`"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",

70

71

// AES_256(CBC) - DHE - forward screcy

71

// AES_256(CBC) - DHE - forward secrecy

72

`"TLS_DHE_RSA_WITH_AES_256_CBC_SHA256",

73

`"TLS_DHE_DSS_WITH_AES_256_CBC_SHA256",

74

75

// AES_128(CBC) - DHE - forward screcy

75

// AES_128(CBC) - DHE - forward secrecy

76

`"TLS_DHE_RSA_WITH_AES_128_CBC_SHA256",

77

`"TLS_DHE_DSS_WITH_AES_128_CBC_SHA256",

78

79

// AES_256(GCM) - not forward screcy

80

"TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384",

81

"TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384",

82

-

83

// AES_128(GCM) - not forward screcy

84

"TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256",

85

"TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256",

86

-

87

// AES_256(CBC) - not forward screcy

88

"TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384",

89

"TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384",

90

-

91

// AES_128(CBC) - not forward screcy

92

"TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256",

93

"TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256",

94

-

95

79

`// AES_256(CBC) - ECDHE - using SHA

96

80

`"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",

97

81

`"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",

`@@ -108,14 +92,6 @@ public class CheckCipherSuites {

108

92

`"TLS_DHE_RSA_WITH_AES_128_CBC_SHA",

109

93

`"TLS_DHE_DSS_WITH_AES_128_CBC_SHA",

110

94

111

// AES_256(CBC) - using SHA, not forward screcy

112

"TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA",

113

"TLS_ECDH_RSA_WITH_AES_256_CBC_SHA",

114

-

115

// AES_128(CBC) - using SHA, not forward screcy

116

"TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA",

117

"TLS_ECDH_RSA_WITH_AES_128_CBC_SHA",

118

-

119

95

`// deprecated

120

96

`"TLS_RSA_WITH_AES_256_GCM_SHA384",

121

97

`"TLS_RSA_WITH_AES_128_GCM_SHA256",

`@@ -138,16 +114,10 @@ public class CheckCipherSuites {

138

114

`"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",

139

115

`"TLS_DHE_RSA_WITH_AES_128_CBC_SHA256",

140

116

`"TLS_DHE_DSS_WITH_AES_128_CBC_SHA256",

141

"TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256",

142

"TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256",

143

"TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256",

144

"TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256",

145

117

`"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",

146

118

`"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",

147

119

`"TLS_DHE_RSA_WITH_AES_128_CBC_SHA",

148

120

`"TLS_DHE_DSS_WITH_AES_128_CBC_SHA",

149

"TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA",

150

"TLS_ECDH_RSA_WITH_AES_128_CBC_SHA",

151

121

`"TLS_RSA_WITH_AES_128_GCM_SHA256",

152

122

`"TLS_RSA_WITH_AES_128_CBC_SHA256",

153

123

`"TLS_RSA_WITH_AES_128_CBC_SHA",

`@@ -165,52 +135,36 @@ public class CheckCipherSuites {

165

135

`"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",

166

136

`"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",

167

137

168

// AES_256(GCM) - ECDHE - forward screcy

138

// AES_256(GCM) - ECDHE - forward secrecy

169

139

`"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",

170

140

171

// AES_128(GCM) - ECDHE - forward screcy

141

// AES_128(GCM) - ECDHE - forward secrecy

172

142

`"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",

173

143

174

// AES_256(GCM) - DHE - forward screcy

144

// AES_256(GCM) - DHE - forward secrecy

175

145

`"TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",

176

146

`"TLS_DHE_DSS_WITH_AES_256_GCM_SHA384",

177

147

178

// AES_128(GCM) - DHE - forward screcy

148

// AES_128(GCM) - DHE - forward secrecy

179

149

`"TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",

180

150

`"TLS_DHE_DSS_WITH_AES_128_GCM_SHA256",

181

151

182

// AES_256(CBC) - ECDHE - forward screcy

152

// AES_256(CBC) - ECDHE - forward secrecy

183

153

`"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",

184

154

`"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",

185

155

186

// AES_256(CBC) - ECDHE - forward screcy

156

// AES_256(CBC) - ECDHE - forward secrecy

187

157

`"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",

188

158

`"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",

189

159

190

// AES_256(CBC) - DHE - forward screcy

160

// AES_256(CBC) - DHE - forward secrecy

191

161

`"TLS_DHE_RSA_WITH_AES_256_CBC_SHA256",

192

162

`"TLS_DHE_DSS_WITH_AES_256_CBC_SHA256",

193

163

194

// AES_128(CBC) - DHE - forward screcy

164

// AES_128(CBC) - DHE - forward secrecy

195

165

`"TLS_DHE_RSA_WITH_AES_128_CBC_SHA256",

196

166

`"TLS_DHE_DSS_WITH_AES_128_CBC_SHA256",

197

167

198

// AES_256(GCM) - not forward screcy

199

"TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384",

200

"TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384",

201

-

202

// AES_128(GCM) - not forward screcy

203

"TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256",

204

"TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256",

205

-

206

// AES_256(CBC) - not forward screcy

207

"TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384",

208

"TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384",

209

-

210

// AES_128(CBC) - not forward screcy

211

"TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256",

212

"TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256",

213

-

214

168

`// AES_256(CBC) - ECDHE - using SHA

215

169

`"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",

216

170

`"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",

`@@ -227,14 +181,6 @@ public class CheckCipherSuites {

227

181

`"TLS_DHE_RSA_WITH_AES_128_CBC_SHA",

228

182

`"TLS_DHE_DSS_WITH_AES_128_CBC_SHA",

229

183

230

// AES_256(CBC) - using SHA, not forward screcy

231

"TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA",

232

"TLS_ECDH_RSA_WITH_AES_256_CBC_SHA",

233

-

234

// AES_128(CBC) - using SHA, not forward screcy

235

"TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA",

236

"TLS_ECDH_RSA_WITH_AES_128_CBC_SHA",

237

-

238

184

`// deprecated

239

185

`"TLS_RSA_WITH_AES_256_GCM_SHA384",

240

186

`"TLS_RSA_WITH_AES_128_GCM_SHA256",

`@@ -257,16 +203,10 @@ public class CheckCipherSuites {

257

203

`"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",

258

204

`"TLS_DHE_RSA_WITH_AES_128_CBC_SHA256",

259

205

`"TLS_DHE_DSS_WITH_AES_128_CBC_SHA256",

260

"TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256",

261

"TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256",

262

"TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256",

263

"TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256",

264

206

`"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",

265

207

`"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",

266

208

`"TLS_DHE_RSA_WITH_AES_128_CBC_SHA",

267

209

`"TLS_DHE_DSS_WITH_AES_128_CBC_SHA",

268

"TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA",

269

"TLS_ECDH_RSA_WITH_AES_128_CBC_SHA",

270

210

`"TLS_RSA_WITH_AES_128_GCM_SHA256",

271

211

`"TLS_RSA_WITH_AES_128_CBC_SHA256",

272

212

`"TLS_RSA_WITH_AES_128_CBC_SHA",