# HG changeset patch

# User Andrew John Hughes <gnu.andrew@redhat.com>

# Date 1453759602 0

#      Mon Jan 25 22:06:42 2016 +0000

# Node ID 412e3ce4141e2ddb01c8fb099fc0823d783e7b3d

# Parent  33e9441c53fc29f1aa1f496eedda845b6e405473

S8076221, PR2808: Disable RC4 cipher suites

2016-01-25  Andrew John Hughes  <gnu.andrew@redhat.com>

	* Makefile.am:

	(ICEDTEA_PATCHES): Add new patches.

	* NEWS: Updated.

	* patches/openjdk/8076221-pr2808-disable_rc4_cipher_suites.patch:

	Backport of 8076221 to OpenJDK 6 b38.

	* patches/openjdk/8078823-disabledalgorithms_fails_intermittently.patch:

	Improve reliability of DisabledAlgorithms test.

	* patches/pr2808-fix_disabled_algorithms_test.patch:

	Remove Java 7 features from new DisabledAlgorithms test.

diff -r 33e9441c53fc -r 412e3ce4141e patches/openjdk/8076221-pr2808-disable_rc4_cipher_suites.patch

--- /dev/null	Thu Jan 01 00:00:00 1970 +0000

+++ b/patches/openjdk/8076221-pr2808-disable_rc4_cipher_suites.patch	Mon Jan 25 22:06:42 2016 +0000

@@ -0,0 +1,553 @@

+# HG changeset patch

+# User xuelei

+# Date 1429096621 0

+#      Wed Apr 15 11:17:01 2015 +0000

+# Node ID 6a24fc5e32a359335538bfa453040fc2d9ba13e9

+# Parent  fe93a8cd20a56dc59e5f2464d7e6bd0d52b807b3

+8076221: Disable RC4 cipher suites

+Reviewed-by: xuelei, wetmore

+

+diff -Nru openjdk.orig/jdk/src/share/lib/security/java.security-linux openjdk/jdk/src/share/lib/security/java.security-linux

+--- openjdk.orig/jdk/src/share/lib/security/java.security-linux	2016-01-20 01:47:58.000000000 +0000

++++ openjdk/jdk/src/share/lib/security/java.security-linux	2016-01-25 20:25:35.722972332 +0000

+@@ -451,7 +451,7 @@

+ #

+ # Example:

+ #   jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048

+-jdk.tls.disabledAlgorithms=SSLv3, DH keySize < 768

++jdk.tls.disabledAlgorithms=SSLv3, RC4, DH keySize < 768

+ 

+ # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS)

+ # processing in JSSE implementation.

+diff -Nru openjdk.orig/jdk/src/share/lib/security/java.security-solaris openjdk/jdk/src/share/lib/security/java.security-solaris

+--- openjdk.orig/jdk/src/share/lib/security/java.security-solaris	2016-01-20 01:47:58.000000000 +0000

++++ openjdk/jdk/src/share/lib/security/java.security-solaris	2016-01-25 20:24:27.088115212 +0000

+@@ -411,7 +411,7 @@

+ #

+ # Example:

+ #   jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048

+-jdk.tls.disabledAlgorithms=SSLv3, DH keySize < 768

++jdk.tls.disabledAlgorithms=SSLv3, RC4, DH keySize < 768

+ 

+ # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS)

+ # processing in JSSE implementation.

+diff -Nru openjdk.orig/jdk/src/share/lib/security/java.security-windows openjdk/jdk/src/share/lib/security/java.security-windows

+--- openjdk.orig/jdk/src/share/lib/security/java.security-windows	2016-01-20 01:47:58.000000000 +0000

++++ openjdk/jdk/src/share/lib/security/java.security-windows	2016-01-25 20:23:50.300727758 +0000

+@@ -428,7 +428,7 @@

+ #

+ # Example:

+ #   jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048

+-jdk.tls.disabledAlgorithms=SSLv3, DH keySize < 768

++jdk.tls.disabledAlgorithms=SSLv3, RC4, DH keySize < 768

+ 

+ # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS)

+ # processing in JSSE implementation.

+diff -Nru openjdk.orig/jdk/test/javax/net/ssl/ciphersuites/DisabledAlgorithms.java openjdk/jdk/test/javax/net/ssl/ciphersuites/DisabledAlgorithms.java

+--- openjdk.orig/jdk/test/javax/net/ssl/ciphersuites/DisabledAlgorithms.java	1970-01-01 01:00:00.000000000 +0100

++++ openjdk/jdk/test/javax/net/ssl/ciphersuites/DisabledAlgorithms.java	2016-01-25 20:17:49.902742622 +0000

+@@ -0,0 +1,362 @@

++/*

++ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.

++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.

++ *

++ * This code is free software; you can redistribute it and/or modify it

++ * under the terms of the GNU General Public License version 2 only, as

++ * published by the Free Software Foundation.

++ *

++ * This code is distributed in the hope that it will be useful, but WITHOUT

++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or

++ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License

++ * version 2 for more details (a copy is included in the LICENSE file that

++ * accompanied this code).

++ *

++ * You should have received a copy of the GNU General Public License version

++ * 2 along with this work; if not, write to the Free Software Foundation,

++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

++ *

++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA

++ * or visit www.oracle.com if you need additional information or have any

++ * questions.

++ */

++

++import java.io.BufferedInputStream;

++import java.io.BufferedOutputStream;

++import java.io.IOException;

++import java.io.InputStream;

++import java.io.OutputStream;

++import java.security.NoSuchAlgorithmException;

++import java.security.Security;

++import java.util.concurrent.TimeUnit;

++import javax.net.ssl.SSLContext;

++import javax.net.ssl.SSLHandshakeException;

++import javax.net.ssl.SSLServerSocket;

++import javax.net.ssl.SSLServerSocketFactory;

++import javax.net.ssl.SSLSocket;

++import javax.net.ssl.SSLSocketFactory;

++

++/**

++ * @test

++ * @bug 8076221

++ * @summary Check if weak cipher suites are disabled

++ * @run main/othervm DisabledAlgorithms default

++ * @run main/othervm DisabledAlgorithms empty

++ */

++public class DisabledAlgorithms {

++

++    private static final String pathToStores =

++            "../../../../sun/security/ssl/etc";

++    private static final String keyStoreFile = "keystore";

++    private static final String trustStoreFile = "truststore";

++    private static final String passwd = "passphrase";

++

++    private static final String keyFilename =

++            System.getProperty("test.src", "./") + "/" + pathToStores +

++                "/" + keyStoreFile;

++

++    private static final String trustFilename =

++            System.getProperty("test.src", "./") + "/" + pathToStores +

++                "/" + trustStoreFile;

++

++    // supported RC4 cipher suites

++    // it does not contain KRB5 cipher suites because they need a KDC

++    private static final String[] rc4_ciphersuites = new String[] {

++        "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",

++        "TLS_ECDHE_RSA_WITH_RC4_128_SHA",

++        "SSL_RSA_WITH_RC4_128_SHA",

++        "TLS_ECDH_ECDSA_WITH_RC4_128_SHA",

++        "TLS_ECDH_RSA_WITH_RC4_128_SHA",

++        "SSL_RSA_WITH_RC4_128_MD5",

++        "TLS_ECDH_anon_WITH_RC4_128_SHA",

++        "SSL_DH_anon_WITH_RC4_128_MD5"

++    };

++

++    public static void main(String[] args) throws Exception {

++        if (args.length < 1) {

++            throw new RuntimeException("No parameters specified");

++        }

++

++        System.setProperty("javax.net.ssl.keyStore", keyFilename);

++        System.setProperty("javax.net.ssl.keyStorePassword", passwd);

++        System.setProperty("javax.net.ssl.trustStore", trustFilename);

++        System.setProperty("javax.net.ssl.trustStorePassword", passwd);

++

++        switch (args[0]) {

++            case "default":

++                // use default jdk.tls.disabledAlgorithms

++                System.out.println("jdk.tls.disabledAlgorithms = "

++                        + Security.getProperty("jdk.tls.disabledAlgorithms"));

++

++                // check if RC4 cipher suites can't be used by default

++                checkFailure(rc4_ciphersuites);

++                break;

++            case "empty":

++                // reset jdk.tls.disabledAlgorithms

++                Security.setProperty("jdk.tls.disabledAlgorithms", "");

++                System.out.println("jdk.tls.disabledAlgorithms = "

++                        + Security.getProperty("jdk.tls.disabledAlgorithms"));

++

++                // check if RC4 cipher suites can be used

++                // if jdk.tls.disabledAlgorithms is empty

++                checkSuccess(rc4_ciphersuites);

++                break;

++            default:

++                throw new RuntimeException("Wrong parameter: " + args[0]);

++        }

++    }

++

++    /*

++     * Checks if that specified cipher suites cannot be used.

++     */

++    private static void checkFailure(String[] ciphersuites) throws Exception {

++        try (SSLServer server = SSLServer.init(ciphersuites)) {

++            startNewThread(server);

++            while (!server.isRunning()) {

++                sleep();

++            }

++

++            int port = server.getPort();

++            for (String ciphersuite : ciphersuites) {

++                try (SSLClient client = SSLClient.init(port, ciphersuite)) {

++                    client.connect();

++                    throw new RuntimeException("Expected SSLHandshakeException "

++                            + "not thrown");

++                } catch (SSLHandshakeException e) {

++                    System.out.println("Expected exception on client side: "

++                            + e);

++                }

++            }

++

++            server.stop();

++            while (server.isRunning()) {

++                sleep();

++            }

++

++            if (!server.sslError()) {

++                throw new RuntimeException("Expected SSL exception "

++                        + "not thrown on server side");

++            }

++        }

++

++    }

++

++    /*

++     * Checks if specified cipher suites can be used.

++     */

++    private static void checkSuccess(String[] ciphersuites) throws Exception {

++        try (SSLServer server = SSLServer.init(ciphersuites)) {

++            startNewThread(server);

++            while (!server.isRunning()) {

++                sleep();

++            }

++

++            int port = server.getPort();

++            for (String ciphersuite : ciphersuites) {

++                try (SSLClient client = SSLClient.init(port, ciphersuite)) {

++                    client.connect();

++                    String negotiated = client.getNegotiatedCipherSuite();

++                    System.out.println("Negotiated cipher suite: "

++                            + negotiated);

++                    if (!negotiated.equals(ciphersuite)) {

++                        throw new RuntimeException("Unexpected cipher suite: "

++                                + negotiated);

++                    }

++                }

++            }

++

++            server.stop();

++            while (server.isRunning()) {

++                sleep();

++            }

++

++            if (server.error()) {

++                throw new RuntimeException("Unexpected error on server side");

++            }

++        }

++

++    }

++

++    private static Thread startNewThread(SSLServer server) {

++        Thread serverThread = new Thread(server, "SSL server thread");

++        serverThread.setDaemon(true);

++        serverThread.start();

++        return serverThread;

++    }

++

++    private static void sleep() {

++        try {

++            TimeUnit.MILLISECONDS.sleep(50);

++        } catch (InterruptedException e) {

++            // do nothing

++        }

++    }

++

++    static class SSLServer implements Runnable, AutoCloseable {

++

++        private final SSLServerSocket ssocket;

++        private volatile boolean stopped = false;

++        private volatile boolean running = false;

++        private volatile boolean sslError = false;

++        private volatile boolean otherError = false;

++

++        private SSLServer(SSLServerSocket ssocket) {

++            this.ssocket = ssocket;

++        }

++

++        @Override

++        public void run() {

++            System.out.println("Server: started");

++            running = true;

++            while (!stopped) {

++                try (SSLSocket socket = (SSLSocket) ssocket.accept()) {

++                    System.out.println("Server: accepted client connection");

++                    InputStream in = socket.getInputStream();

++                    OutputStream out = socket.getOutputStream();

++                    int b = in.read();

++                    if (b < 0) {

++                        throw new IOException("Unexpected EOF");

++                    }

++                    System.out.println("Server: send data: " + b);

++                    out.write(b);

++                    out.flush();

++                    socket.getSession().invalidate();

++                } catch (SSLHandshakeException e) {

++                    System.out.println("Server: run: " + e);

++                    sslError = true;

++                } catch (IOException e) {

++                    if (!stopped) {

++                        System.out.println("Server: run: " + e);

++                        e.printStackTrace();

++                        otherError = true;

++                    }

++                }

++            }

++

++            System.out.println("Server: finished");

++            running = false;

++        }

++

++        int getPort() {

++            return ssocket.getLocalPort();

++        }

++

++        String[] getEnabledCiperSuites() {

++            return ssocket.getEnabledCipherSuites();

++        }

++

++        boolean isRunning() {

++            return running;

++        }

++

++        boolean sslError() {

++            return sslError;

++        }

++

++        boolean error() {

++            return sslError || otherError;

++        }

++

++        void stop() {

++            stopped = true;

++            if (!ssocket.isClosed()) {

++                try {

++                    ssocket.close();

++                } catch (IOException e) {

++                    System.out.println("Server: close: " + e);

++                }

++            }

++        }

++

++        @Override

++        public void close() {

++            stop();

++        }

++

++        static SSLServer init(String[] ciphersuites)

++                throws IOException {

++            SSLServerSocketFactory ssf = (SSLServerSocketFactory)

++                    SSLServerSocketFactory.getDefault();

++            SSLServerSocket ssocket = (SSLServerSocket)

++                    ssf.createServerSocket(0);

++

++            if (ciphersuites != null) {

++                System.out.println("Server: enable cipher suites: "

++                        + java.util.Arrays.toString(ciphersuites));

++                ssocket.setEnabledCipherSuites(ciphersuites);

++            }

++

++            return new SSLServer(ssocket);

++        }

++    }

++

++    static class SSLClient implements AutoCloseable {

++

++        private final SSLSocket socket;

++

++        private SSLClient(SSLSocket socket) {

++            this.socket = socket;

++        }

++

++        void connect() throws IOException {

++            System.out.println("Client: connect to server");

++            try (

++                    BufferedInputStream bis = new BufferedInputStream(

++                            socket.getInputStream());

++                    BufferedOutputStream bos = new BufferedOutputStream(

++                            socket.getOutputStream())) {

++                bos.write('x');

++                bos.flush();

++

++                int read = bis.read();

++                if (read < 0) {

++                    throw new IOException("Client: couldn't read a response");

++                }

++                socket.getSession().invalidate();

++            }

++        }

++

++        String[] getEnabledCiperSuites() {

++            return socket.getEnabledCipherSuites();

++        }

++

++        String getNegotiatedCipherSuite() {

++            return socket.getSession().getCipherSuite();

++        }

++

++        @Override

++        public void close() throws Exception {

++            if (!socket.isClosed()) {

++                try {

++                    socket.close();

++                } catch (IOException e) {

++                    System.out.println("Client: close: " + e);

++                }

++            }

++        }

++

++        static SSLClient init(int port)

++                throws NoSuchAlgorithmException, IOException {

++            return init(port, null);

++        }

++

++        static SSLClient init(int port, String ciphersuite)

++                throws NoSuchAlgorithmException, IOException {

++            SSLContext context = SSLContext.getDefault();

++            SSLSocketFactory ssf = (SSLSocketFactory)

++                    context.getSocketFactory();

++            SSLSocket socket = (SSLSocket) ssf.createSocket("localhost", port);

++

++            if (ciphersuite != null) {

++                System.out.println("Client: enable cipher suite: "

++                        + ciphersuite);

++                socket.setEnabledCipherSuites(new String[] { ciphersuite });

++            }

++

++            return new SSLClient(socket);

++        }

++

++    }

++

++

++}

+diff -Nru openjdk.orig/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/ClientHandshaker/CipherSuiteOrder.java openjdk/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/ClientHandshaker/CipherSuiteOrder.java

+--- openjdk.orig/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/ClientHandshaker/CipherSuiteOrder.java	2016-01-20 01:42:21.000000000 +0000

++++ openjdk/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/ClientHandshaker/CipherSuiteOrder.java	2016-01-25 20:23:28.749086605 +0000

+@@ -1,5 +1,5 @@

+ /*

+- * Copyright (c) 2001, 2002, Oracle and/or its affiliates. All rights reserved.

++ * Copyright (c) 2001, 2015, Oracle and/or its affiliates. All rights reserved.

+  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.

+  *

+  * This code is free software; you can redistribute it and/or modify it

+@@ -30,7 +30,7 @@

+  */

+ 

+ import java.io.*;

+-import java.net.*;

++import java.security.Security;

+ import javax.net.ssl.*;

+ 

+ public class CipherSuiteOrder {

+@@ -192,6 +192,10 @@

+     volatile Exception clientException = null;

+ 

+     public static void main(String[] args) throws Exception {

++        // reset the security property to make sure that the algorithms

++        // and keys used in this test are not disabled.

++        Security.setProperty("jdk.tls.disabledAlgorithms", "");

++

+         String keyFilename =

+             System.getProperty("test.src", "./") + "/" + pathToStores +

+                 "/" + keyStoreFile;

+diff -Nru openjdk.orig/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/DHKeyExchange/DHEKeySizing.java openjdk/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/DHKeyExchange/DHEKeySizing.java

+--- openjdk.orig/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/DHKeyExchange/DHEKeySizing.java	2016-01-25 20:15:46.384811880 +0000

++++ openjdk/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/DHKeyExchange/DHEKeySizing.java	2016-01-25 20:17:49.902742622 +0000

+@@ -1,5 +1,5 @@

+ /*

+- * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.

++ * Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved.

+  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.

+  *

+  * This code is free software; you can redistribute it and/or modify it

+@@ -102,10 +102,10 @@

+ import java.nio.*;

+ import java.security.KeyStore;

+ import java.security.KeyFactory;

++import java.security.Security;

+ import java.security.cert.Certificate;

+ import java.security.cert.CertificateFactory;

+ import java.security.spec.PKCS8EncodedKeySpec;

+-import java.security.spec.*;

+ import java.security.interfaces.*;

+ import java.util.Base64;

+ 

+@@ -367,6 +367,10 @@

+     }

+ 

+     public static void main(String args[]) throws Exception {

++        // reset the security property to make sure that the algorithms

++        // and keys used in this test are not disabled.

++        Security.setProperty("jdk.tls.disabledAlgorithms", "");

++

+         if (args.length != 4) {

+             System.out.println(

+                 "Usage: java DHEKeySizing cipher-suite " +

+diff -Nru openjdk.orig/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/CheckStatus.java openjdk/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/CheckStatus.java

+--- openjdk.orig/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/CheckStatus.java	2016-01-20 01:42:24.000000000 +0000

++++ openjdk/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/CheckStatus.java	2016-01-25 20:17:49.902742622 +0000

+@@ -1,5 +1,5 @@

+ /*

+- * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.

++ * Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved.

+  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.

+  *

+  * This code is free software; you can redistribute it and/or modify it

+@@ -622,6 +622,9 @@

+     }

+ 

+     public static void main(String args[]) throws Exception {

++        // reset the security property to make sure that the algorithms

++        // and keys used in this test are not disabled.

++        Security.setProperty("jdk.tls.disabledAlgorithms", "");

+ 

+         CheckStatus cs;

+ 

+diff -Nru openjdk.orig/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/ConnectionTest.java openjdk/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/ConnectionTest.java

+--- openjdk.orig/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/ConnectionTest.java	2016-01-20 01:42:24.000000000 +0000

++++ openjdk/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/ConnectionTest.java	2016-01-25 20:20:24.580152890 +0000

+@@ -33,6 +33,8 @@

+  * The code could certainly be tightened up a lot.

+  *

+  * @author Brad Wetmore

++ *

++ * @run main/othervm ConnectionTest

+  */

+ 

+ import javax.net.ssl.*;

+@@ -672,6 +674,10 @@

+     }

+ 

+     public static void main(String args[]) throws Exception {

++        // reset the security property to make sure that the algorithms

++        // and keys used in this test are not disabled.

++        Security.setProperty("jdk.tls.disabledAlgorithms", "");

++

+         ConnectionTest ct = new ConnectionTest();

+         ct.test();

+     }

+diff -Nru openjdk.orig/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/LargeBufs.java openjdk/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/LargeBufs.java

+--- openjdk.orig/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/LargeBufs.java	2016-01-20 01:42:24.000000000 +0000

++++ openjdk/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/LargeBufs.java	2016-01-25 20:19:17.305278447 +0000

+@@ -180,6 +180,9 @@

+     }

+ 

+     public static void main(String args[]) throws Exception {

++        // reset the security property to make sure that the algorithms

++        // and keys used in this test are not disabled.

++        Security.setProperty("jdk.tls.disabledAlgorithms", "");

+ 

+         LargeBufs test;

+ 

+diff -Nru openjdk.orig/jdk/test/sun/security/ssl/javax/net/ssl/TLSv11/GenericStreamCipher.java openjdk/jdk/test/sun/security/ssl/javax/net/ssl/TLSv11/GenericStreamCipher.java

+--- openjdk.orig/jdk/test/sun/security/ssl/javax/net/ssl/TLSv11/GenericStreamCipher.java	2016-01-20 01:42:25.000000000 +0000

++++ openjdk/jdk/test/sun/security/ssl/javax/net/ssl/TLSv11/GenericStreamCipher.java	2016-01-25 20:18:53.009685445 +0000

+@@ -33,7 +33,7 @@

+  */

+ 

+ import java.io.*;

+-import java.net.*;

++import java.security.Security;

+ import javax.net.ssl.*;

+ 

+ public class GenericStreamCipher {

+@@ -161,6 +161,10 @@

+     volatile Exception clientException = null;

+ 

+     public static void main(String[] args) throws Exception {

++        // reset the security property to make sure that the algorithms

++        // and keys used in this test are not disabled.

++        Security.setProperty("jdk.tls.disabledAlgorithms", "");

++

+         String keyFilename =

+             System.getProperty("test.src", ".") + "/" + pathToStores +

+                 "/" + keyStoreFile;

diff -r 33e9441c53fc -r 412e3ce4141e patches/openjdk/8078823-disabledalgorithms_fails_intermittently.patch

--- /dev/null	Thu Jan 01 00:00:00 1970 +0000

+++ b/patches/openjdk/8078823-disabledalgorithms_fails_intermittently.patch	Mon Jan 25 22:06:42 2016 +0000

@@ -0,0 +1,58 @@

+# HG changeset patch

+# User asmotrak

+# Date 1435145895 -10800

+#      Wed Jun 24 14:38:15 2015 +0300

+# Node ID 66bf77932d57ef00e0c68c19c5e45e0b1de80fad

+# Parent  fddcb008fd1d285ed7d84011a43cdf556ab16bcb

+8078823: javax/net/ssl/ciphersuites/DisabledAlgorithms.java fails intermittently

+Reviewed-by: xuelei

+

+diff -r fddcb008fd1d -r 66bf77932d57 test/javax/net/ssl/ciphersuites/DisabledAlgorithms.java

+--- openjdk/jdk/test/javax/net/ssl/ciphersuites/DisabledAlgorithms.java	Tue Jun 23 15:07:18 2015 +0100

++++ openjdk/jdk/test/javax/net/ssl/ciphersuites/DisabledAlgorithms.java	Wed Jun 24 14:38:15 2015 +0300

+@@ -104,6 +104,8 @@

+             default:

+                 throw new RuntimeException("Wrong parameter: " + args[0]);

+         }

++

++        System.out.println("Test passed");

+     }

+ 

+     /*

+@@ -128,7 +130,6 @@

+                 }

+             }

+ 

+-            server.stop();

+             while (server.isRunning()) {

+                 sleep();

+             }

+@@ -224,11 +225,19 @@

+                 } catch (SSLHandshakeException e) {

+                     System.out.println("Server: run: " + e);

+                     sslError = true;

++                    stopped = true;

+                 } catch (IOException e) {

+                     if (!stopped) {

+-                        System.out.println("Server: run: " + e);

++                        System.out.println("Server: run: unexpected exception: "

++                                + e);

+                         e.printStackTrace();

+                         otherError = true;

++                        stopped = true;

++                    } else {

++                        System.out.println("Server: run: " + e);

++                        System.out.println("The exception above occurred "

++                                    + "because socket was closed, "

++                                    + "please ignore it");

+                     }

+                 }

+             }

+@@ -261,6 +270,7 @@

+             stopped = true;

+             if (!ssocket.isClosed()) {

+                 try {

++                    System.out.println("Server: close socket");

+                     ssocket.close();

+                 } catch (IOException e) {

+                     System.out.println("Server: close: " + e);

diff -r 33e9441c53fc -r 412e3ce4141e patches/pr2808-fix_disabled_algorithms_test.patch

--- /dev/null	Thu Jan 01 00:00:00 1970 +0000

+++ b/patches/pr2808-fix_disabled_algorithms_test.patch	Mon Jan 25 22:06:42 2016 +0000

@@ -0,0 +1,226 @@

+--- openjdk.orig/jdk/test/javax/net/ssl/ciphersuites/DisabledAlgorithms.java	2015-10-21 05:20:57.910156611 +0100

++++ openjdk/jdk/test/javax/net/ssl/ciphersuites/DisabledAlgorithms.java	2016-01-25 21:58:39.334103875 +0000

+@@ -82,16 +82,14 @@

+         System.setProperty("javax.net.ssl.trustStore", trustFilename);

+         System.setProperty("javax.net.ssl.trustStorePassword", passwd);

+ 

+-        switch (args[0]) {

+-            case "default":

++        if ("default".equals(args[0])) {

+                 // use default jdk.tls.disabledAlgorithms

+                 System.out.println("jdk.tls.disabledAlgorithms = "

+                         + Security.getProperty("jdk.tls.disabledAlgorithms"));

+ 

+                 // check if RC4 cipher suites can't be used by default

+                 checkFailure(rc4_ciphersuites);

+-                break;

+-            case "empty":

++        } else if ("empty".equals(args[0])) {

+                 // reset jdk.tls.disabledAlgorithms

+                 Security.setProperty("jdk.tls.disabledAlgorithms", "");

+                 System.out.println("jdk.tls.disabledAlgorithms = "

+@@ -100,19 +98,19 @@

+                 // check if RC4 cipher suites can be used

+                 // if jdk.tls.disabledAlgorithms is empty

+                 checkSuccess(rc4_ciphersuites);

+-                break;

+-            default:

++        } else {

+                 throw new RuntimeException("Wrong parameter: " + args[0]);

+         }

+-

+-        System.out.println("Test passed");

+     }

+ 

+     /*

+      * Checks if that specified cipher suites cannot be used.

+      */

+     private static void checkFailure(String[] ciphersuites) throws Exception {

+-        try (SSLServer server = SSLServer.init(ciphersuites)) {

++        SSLServer server = null;

++

++        try {

++            server = SSLServer.init(ciphersuites);

+             startNewThread(server);

+             while (!server.isRunning()) {

+                 sleep();

+@@ -120,16 +118,21 @@

+ 

+             int port = server.getPort();

+             for (String ciphersuite : ciphersuites) {

+-                try (SSLClient client = SSLClient.init(port, ciphersuite)) {

++                SSLClient client = null;

++                try {

++                    client = SSLClient.init(port, ciphersuite);

+                     client.connect();

+                     throw new RuntimeException("Expected SSLHandshakeException "

+                             + "not thrown");

+                 } catch (SSLHandshakeException e) {

+                     System.out.println("Expected exception on client side: "

+                             + e);

++                } finally {

++                    if (client != null) { client.close(); }

+                 }

+             }

+ 

++            server.stop();

+             while (server.isRunning()) {

+                 sleep();

+             }

+@@ -138,15 +141,18 @@

+                 throw new RuntimeException("Expected SSL exception "

+                         + "not thrown on server side");

+             }

++        } finally {

++            if (server != null ) { server.close(); }

+         }