Blame SOURCES/rh1022017-reduce_ssl_curves.patch
|
 |
67e3c5 |
diff --git openjdk.orig///src/java.base/share/classes/sun/security/ssl/SupportedGroupsExtension.java openjdk///src/java.base/share/classes/sun/security/ssl/SupportedGroupsExtension.java
|
|
|
67e3c5 |
--- openjdk.orig///src/java.base/share/classes/sun/security/ssl/SupportedGroupsExtension.java
|
|
|
67e3c5 |
+++ openjdk///src/java.base/share/classes/sun/security/ssl/SupportedGroupsExtension.java
|
|
|
67e3c5 |
@@ -515,50 +515,19 @@
|
|
|
67e3c5 |
}
|
|
|
67e3c5 |
} else { // default groups
|
|
|
67e3c5 |
NamedGroup[] groups;
|
|
|
67e3c5 |
- if (requireFips) {
|
|
|
67e3c5 |
- groups = new NamedGroup[] {
|
|
|
67e3c5 |
- // only NIST curves in FIPS mode
|
|
|
67e3c5 |
- NamedGroup.SECP256_R1,
|
|
|
67e3c5 |
- NamedGroup.SECP384_R1,
|
|
|
67e3c5 |
- NamedGroup.SECP521_R1,
|
|
|
67e3c5 |
- NamedGroup.SECT283_K1,
|
|
|
67e3c5 |
- NamedGroup.SECT283_R1,
|
|
|
67e3c5 |
- NamedGroup.SECT409_K1,
|
|
|
67e3c5 |
- NamedGroup.SECT409_R1,
|
|
|
67e3c5 |
- NamedGroup.SECT571_K1,
|
|
|
67e3c5 |
- NamedGroup.SECT571_R1,
|
|
|
67e3c5 |
+ groups = new NamedGroup[] {
|
|
|
67e3c5 |
+ // only NIST curves in FIPS mode
|
|
|
67e3c5 |
+ NamedGroup.SECP256_R1,
|
|
|
67e3c5 |
+ NamedGroup.SECP384_R1,
|
|
|
67e3c5 |
+ NamedGroup.SECP521_R1,
|
|
|
67e3c5 |
|
|
|
67e3c5 |
- // FFDHE 2048
|
|
|
67e3c5 |
- NamedGroup.FFDHE_2048,
|
|
|
67e3c5 |
- NamedGroup.FFDHE_3072,
|
|
|
67e3c5 |
- NamedGroup.FFDHE_4096,
|
|
|
67e3c5 |
- NamedGroup.FFDHE_6144,
|
|
|
67e3c5 |
- NamedGroup.FFDHE_8192,
|
|
|
67e3c5 |
- };
|
|
|
67e3c5 |
- } else {
|
|
|
67e3c5 |
- groups = new NamedGroup[] {
|
|
|
67e3c5 |
- // NIST curves first
|
|
|
67e3c5 |
- NamedGroup.SECP256_R1,
|
|
|
67e3c5 |
- NamedGroup.SECP384_R1,
|
|
|
67e3c5 |
- NamedGroup.SECP521_R1,
|
|
|
67e3c5 |
- NamedGroup.SECT283_K1,
|
|
|
67e3c5 |
- NamedGroup.SECT283_R1,
|
|
|
67e3c5 |
- NamedGroup.SECT409_K1,
|
|
|
67e3c5 |
- NamedGroup.SECT409_R1,
|
|
|
67e3c5 |
- NamedGroup.SECT571_K1,
|
|
|
67e3c5 |
- NamedGroup.SECT571_R1,
|
|
|
67e3c5 |
-
|
|
|
67e3c5 |
- // non-NIST curves
|
|
|
67e3c5 |
- NamedGroup.SECP256_K1,
|
|
|
67e3c5 |
-
|
|
|
67e3c5 |
- // FFDHE 2048
|
|
|
67e3c5 |
- NamedGroup.FFDHE_2048,
|
|
|
67e3c5 |
- NamedGroup.FFDHE_3072,
|
|
|
67e3c5 |
- NamedGroup.FFDHE_4096,
|
|
|
67e3c5 |
- NamedGroup.FFDHE_6144,
|
|
|
67e3c5 |
- NamedGroup.FFDHE_8192,
|
|
|
67e3c5 |
- };
|
|
|
67e3c5 |
- }
|
|
|
67e3c5 |
+ // FFDHE 2048
|
|
|
67e3c5 |
+ NamedGroup.FFDHE_2048,
|
|
|
67e3c5 |
+ NamedGroup.FFDHE_3072,
|
|
|
67e3c5 |
+ NamedGroup.FFDHE_4096,
|
|
|
67e3c5 |
+ NamedGroup.FFDHE_6144,
|
|
|
67e3c5 |
+ NamedGroup.FFDHE_8192,
|
|
|
67e3c5 |
+ };
|
|
|
67e3c5 |
|
|
|
67e3c5 |
groupList = new ArrayList<>(groups.length);
|
|
|
67e3c5 |
for (NamedGroup group : groups) {
|