|
 |
0a1101 |
diff -r cdfd161703ed src/share/classes/sun/security/ssl/HelloExtensions.java
|
|
|
0a1101 |
--- openjdk/jdk/src/share/classes/sun/security/ssl/HelloExtensions.java Wed Oct 23 05:22:55 2013 +0100
|
|
|
0a1101 |
+++ openjdk/jdk/src/share/classes/sun/security/ssl/HelloExtensions.java Thu Nov 07 12:41:45 2013 +0000
|
|
|
0a1101 |
@@ -435,25 +435,11 @@
|
|
|
0a1101 |
// the extension value to send in the ClientHello message
|
|
|
0a1101 |
static final SupportedEllipticCurvesExtension DEFAULT;
|
|
|
0a1101 |
|
|
|
0a1101 |
- private static final boolean fips;
|
|
|
0a1101 |
-
|
|
|
0a1101 |
static {
|
|
|
0a1101 |
- int[] ids;
|
|
|
0a1101 |
- fips = SunJSSE.isFIPS();
|
|
|
0a1101 |
- if (fips == false) {
|
|
|
0a1101 |
- ids = new int[] {
|
|
|
0a1101 |
- // NIST curves first
|
|
|
0a1101 |
- // prefer NIST P-256, rest in order of increasing key length
|
|
|
0a1101 |
- 23, 1, 3, 19, 21, 6, 7, 9, 10, 24, 11, 12, 25, 13, 14,
|
|
|
0a1101 |
- // non-NIST curves
|
|
|
0a1101 |
- 15, 16, 17, 2, 18, 4, 5, 20, 8, 22,
|
|
|
0a1101 |
- };
|
|
|
0a1101 |
- } else {
|
|
|
0a1101 |
- ids = new int[] {
|
|
|
0a1101 |
- // same as above, but allow only NIST curves in FIPS mode
|
|
|
0a1101 |
- 23, 1, 3, 19, 21, 6, 7, 9, 10, 24, 11, 12, 25, 13, 14,
|
|
|
0a1101 |
- };
|
|
|
0a1101 |
- }
|
|
|
0a1101 |
+ int[] ids = new int[] {
|
|
|
0a1101 |
+ // NSS currently only supports these three NIST curves
|
|
|
0a1101 |
+ 23, 24, 25
|
|
|
0a1101 |
+ };
|
|
|
0a1101 |
DEFAULT = new SupportedEllipticCurvesExtension(ids);
|
|
|
0a1101 |
}
|
|
|
0a1101 |
|
|
|
0a1101 |
@@ -545,10 +531,6 @@
|
|
|
0a1101 |
if ((index <= 0) || (index >= NAMED_CURVE_OID_TABLE.length)) {
|
|
|
0a1101 |
return false;
|
|
|
0a1101 |
}
|
|
|
0a1101 |
- if (fips == false) {
|
|
|
0a1101 |
- // in non-FIPS mode, we support all valid indices
|
|
|
0a1101 |
- return true;
|
|
|
0a1101 |
- }
|
|
|
0a1101 |
return DEFAULT.contains(index);
|
|
|
0a1101 |
}
|
|
|
0a1101 |
|