|
 |
2b939e |
diff -r a5c3d9643077 src/share/classes/sun/security/ssl/SupportedEllipticCurvesExtension.java
|
|
|
2b939e |
--- openjdk/jdk/src/share/classes/sun/security/ssl/SupportedEllipticCurvesExtension.java Tue Feb 10 16:24:28 2015 +0000
|
|
|
2b939e |
+++ openjdk/jdk/src/share/classes/sun/security/ssl/SupportedEllipticCurvesExtension.java Thu May 14 04:01:02 2015 +0100
|
|
|
2b939e |
@@ -37,25 +37,11 @@
|
|
|
2b939e |
// the extension value to send in the ClientHello message
|
|
|
2b939e |
static final SupportedEllipticCurvesExtension DEFAULT;
|
|
|
2b939e |
|
|
|
2b939e |
- private static final boolean fips;
|
|
|
2b939e |
-
|
|
|
2b939e |
static {
|
|
|
2b939e |
- int[] ids;
|
|
|
2b939e |
- fips = SunJSSE.isFIPS();
|
|
|
2b939e |
- if (fips == false) {
|
|
|
2b939e |
- ids = new int[] {
|
|
|
2b939e |
- // NIST curves first
|
|
|
2b939e |
- // prefer NIST P-256, rest in order of increasing key length
|
|
|
2b939e |
- 23, 1, 3, 19, 21, 6, 7, 9, 10, 24, 11, 12, 25, 13, 14,
|
|
|
2b939e |
- // non-NIST curves
|
|
|
2b939e |
- 15, 16, 17, 2, 18, 4, 5, 20, 8, 22,
|
|
|
2b939e |
- };
|
|
|
2b939e |
- } else {
|
|
|
2b939e |
- ids = new int[] {
|
|
|
2b939e |
- // same as above, but allow only NIST curves in FIPS mode
|
|
|
2b939e |
- 23, 1, 3, 19, 21, 6, 7, 9, 10, 24, 11, 12, 25, 13, 14,
|
|
|
2b939e |
- };
|
|
|
2b939e |
- }
|
|
|
2b939e |
+ int[] ids = new int[] {
|
|
|
2b939e |
+ // NSS currently only supports these three NIST curves
|
|
|
2b939e |
+ 23, 24, 25
|
|
|
2b939e |
+ };
|
|
|
2b939e |
DEFAULT = new SupportedEllipticCurvesExtension(ids);
|
|
|
2b939e |
}
|
|
|
2b939e |
|
|
|
2b939e |
@@ -150,10 +136,6 @@
|
|
|
2b939e |
if ((index <= 0) || (index >= NAMED_CURVE_OID_TABLE.length)) {
|
|
|
2b939e |
return false;
|
|
|
2b939e |
}
|
|
|
2b939e |
- if (fips == false) {
|
|
|
2b939e |
- // in non-FIPS mode, we support all valid indices
|
|
|
2b939e |
- return true;
|
|
|
2b939e |
- }
|
|
|
2b939e |
return DEFAULT.contains(index);
|
|
|
2b939e |
}
|
|
|
2b939e |
|