|
|
582125 |
From 82f4b9a032f942fdc005e12a408c8e87c9ea0f36 Mon Sep 17 00:00:00 2001
|
|
|
582125 |
From: Christina Fu <cfu@redhat.com>
|
|
|
582125 |
Date: Thu, 28 Jun 2018 17:42:36 -0700
|
|
|
582125 |
Subject: [PATCH] Ticket #4 Add support for TLS_*_SHA384 ciphers
|
|
|
582125 |
|
|
|
582125 |
This patch adds support for TLS_*_SHA384 ciphers.
|
|
|
582125 |
|
|
|
582125 |
Fixes https://pagure.io/jss/issue/4
|
|
|
582125 |
---
|
|
|
582125 |
org/mozilla/jss/ssl/SSLCipher.java | 7 +++++
|
|
|
582125 |
org/mozilla/jss/ssl/SSLSocket.java | 7 +++++
|
|
|
582125 |
org/mozilla/jss/tests/Constants.java | 11 ++++++--
|
|
|
582125 |
org/mozilla/jss/tests/SSLClientAuth.java | 45 ++++++++++++++++++++++++++++++++
|
|
|
582125 |
4 files changed, 68 insertions(+), 2 deletions(-)
|
|
|
582125 |
|
|
|
582125 |
diff --git a/org/mozilla/jss/ssl/SSLCipher.java b/org/mozilla/jss/ssl/SSLCipher.java
|
|
|
582125 |
index 30acdd7..278126b 100644
|
|
|
08bafd |
--- a/jss/org/mozilla/jss/ssl/SSLCipher.java
|
|
|
08bafd |
+++ b/jss/org/mozilla/jss/ssl/SSLCipher.java
|
|
|
582125 |
@@ -258,8 +258,11 @@ public enum SSLCipher {
|
|
|
582125 |
TLS_RSA_WITH_SEED_CBC_SHA (0x0096),
|
|
|
582125 |
|
|
|
582125 |
TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009C),
|
|
|
582125 |
+ TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009D),
|
|
|
582125 |
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x009E),
|
|
|
582125 |
+ TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x009F),
|
|
|
582125 |
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 (0x00A2),
|
|
|
582125 |
+ TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 (0x00A3),
|
|
|
582125 |
|
|
|
582125 |
TLS_ECDH_ECDSA_WITH_NULL_SHA (0xc001, true),
|
|
|
582125 |
TLS_ECDH_ECDSA_WITH_RC4_128_SHA (0xc002, true),
|
|
|
582125 |
@@ -292,11 +295,15 @@ public enum SSLCipher {
|
|
|
582125 |
TLS_ECDH_anon_WITH_AES_256_CBC_SHA (0xc019, true),
|
|
|
582125 |
|
|
|
582125 |
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023, true),
|
|
|
582125 |
+ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xc024, true),
|
|
|
582125 |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027, true),
|
|
|
582125 |
+ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028, true),
|
|
|
582125 |
|
|
|
582125 |
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02B, true),
|
|
|
582125 |
+ TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02C, true),
|
|
|
582125 |
TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02D, true),
|
|
|
582125 |
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02F, true),
|
|
|
582125 |
+ TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030, true),
|
|
|
582125 |
TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 (0xc031, true);
|
|
|
582125 |
|
|
|
582125 |
private int id;
|
|
|
582125 |
diff --git a/org/mozilla/jss/ssl/SSLSocket.java b/org/mozilla/jss/ssl/SSLSocket.java
|
|
|
582125 |
index 0dd39fd..e104d3c 100644
|
|
|
08bafd |
--- a/jss/org/mozilla/jss/ssl/SSLSocket.java
|
|
|
08bafd |
+++ b/jss/org/mozilla/jss/ssl/SSLSocket.java
|
|
|
582125 |
@@ -268,8 +268,11 @@ public class SSLSocket extends java.net.Socket {
|
|
|
582125 |
public final static int TLS_RSA_WITH_SEED_CBC_SHA = 0x0096;
|
|
|
582125 |
|
|
|
582125 |
public final static int TLS_RSA_WITH_AES_128_GCM_SHA256 = 0x009C;
|
|
|
582125 |
+ public final static int TLS_RSA_WITH_AES_256_GCM_SHA384 = 0x009D;
|
|
|
582125 |
public final static int TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = 0x009E;
|
|
|
582125 |
+ public final static int TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = 0x009F;
|
|
|
582125 |
public final static int TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 = 0x00A2;
|
|
|
582125 |
+ public final static int TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 = 0x00A3;
|
|
|
582125 |
|
|
|
582125 |
public final static int TLS_ECDH_ECDSA_WITH_NULL_SHA = 0xc001;
|
|
|
582125 |
public final static int TLS_ECDH_ECDSA_WITH_RC4_128_SHA = 0xc002;
|
|
|
582125 |
@@ -302,11 +305,15 @@ public class SSLSocket extends java.net.Socket {
|
|
|
582125 |
public final static int TLS_ECDH_anon_WITH_AES_256_CBC_SHA = 0xc019;
|
|
|
582125 |
|
|
|
582125 |
public final static int TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = 0xc023;
|
|
|
582125 |
+ public final static int TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 = 0xc024;
|
|
|
582125 |
public final static int TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = 0xc027;
|
|
|
582125 |
+ public final static int TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 = 0xc028;
|
|
|
582125 |
|
|
|
582125 |
public final static int TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 0xc02B;
|
|
|
582125 |
+ public final static int TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = 0xc02C;
|
|
|
582125 |
public final static int TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 = 0xc02D;
|
|
|
582125 |
public final static int TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 0xc02F;
|
|
|
582125 |
+ public final static int TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = 0xc030;
|
|
|
582125 |
public final static int TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 = 0xc031;
|
|
|
582125 |
|
|
|
582125 |
/*
|
|
|
582125 |
diff --git a/org/mozilla/jss/tests/Constants.java b/org/mozilla/jss/tests/Constants.java
|
|
|
582125 |
index e613034..d79ad72 100755
|
|
|
08bafd |
--- a/jss/org/mozilla/jss/tests/Constants.java
|
|
|
08bafd |
+++ b/jss/org/mozilla/jss/tests/Constants.java
|
|
|
582125 |
@@ -142,8 +142,15 @@ public interface Constants {
|
|
|
582125 |
/*77*/ new cipher(SSLSocket.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"),
|
|
|
582125 |
/*78*/ new cipher(SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"),
|
|
|
582125 |
/*79*/ new cipher(SSLSocket.TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256"),
|
|
|
582125 |
-/*78*/ new cipher(SSLSocket.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"),
|
|
|
582125 |
-/*80*/ new cipher(SSLSocket.TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256")
|
|
|
582125 |
+/*80*/ new cipher(SSLSocket.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"),
|
|
|
582125 |
+/*81*/ new cipher(SSLSocket.TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256"),
|
|
|
582125 |
+/*82*/ new cipher(SSLSocket.TLS_RSA_WITH_AES_256_GCM_SHA384, "TLS_RSA_WITH_AES_256_GCM_SHA384"),
|
|
|
582125 |
+/*83*/ new cipher(SSLSocket.TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384"),
|
|
|
582125 |
+/*84*/ new cipher(SSLSocket.TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384"),
|
|
|
582125 |
+/*85*/ new cipher(SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384"),
|
|
|
582125 |
+/*86*/ new cipher(SSLSocket.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"),
|
|
|
582125 |
+/*87*/ new cipher(SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"),
|
|
|
582125 |
+/*88*/ new cipher(SSLSocket.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384")
|
|
|
582125 |
};
|
|
|
582125 |
|
|
|
582125 |
/** Cipher supported by JSSE (JDK 1.5.x) */
|
|
|
582125 |
diff --git a/org/mozilla/jss/tests/SSLClientAuth.java b/org/mozilla/jss/tests/SSLClientAuth.java
|
|
|
582125 |
index e1c6163..b656b82 100644
|
|
|
08bafd |
--- a/jss/org/mozilla/jss/tests/SSLClientAuth.java
|
|
|
08bafd |
+++ b/jss/org/mozilla/jss/tests/SSLClientAuth.java
|
|
|
582125 |
@@ -148,6 +148,8 @@ public class SSLClientAuth implements Runnable {
|
|
|
582125 |
|
|
|
582125 |
}
|
|
|
582125 |
configureDefaultSSLoptions();
|
|
|
582125 |
+
|
|
|
582125 |
+ testSpecificCiphers();
|
|
|
582125 |
|
|
|
582125 |
useNickname = false;
|
|
|
582125 |
testConnection();
|
|
|
582125 |
@@ -265,6 +267,49 @@ public class SSLClientAuth implements Runnable {
|
|
|
582125 |
System.exit(1);
|
|
|
582125 |
}
|
|
|
582125 |
}
|
|
|
582125 |
+
|
|
|
582125 |
+ // test one or more specific ciphers
|
|
|
582125 |
+ // -- normally for newly added ciphers
|
|
|
582125 |
+ private void testSpecificCiphers() {
|
|
|
582125 |
+ try {
|
|
|
582125 |
+ //Disable SSL2 and SSL3 ciphers
|
|
|
582125 |
+ SSLSocket.enableSSL2Default(false);
|
|
|
582125 |
+ SSLSocket.enableSSL3Default(false);
|
|
|
582125 |
+ /* TLS is enabled by default */
|
|
|
582125 |
+
|
|
|
582125 |
+ /* Enable Session tickets by default */
|
|
|
582125 |
+ SSLSocket.enableSessionTicketsDefault(true);
|
|
|
582125 |
+
|
|
|
582125 |
+ /*
|
|
|
582125 |
+ * when testing specific ciphers:
|
|
|
582125 |
+ * 1. flip this to true
|
|
|
582125 |
+ * 2. change the ciphers comparison (the code below was from
|
|
|
582125 |
+ * the latest test
|
|
|
582125 |
+ */
|
|
|
582125 |
+ if (false) {
|
|
|
582125 |
+ System.out.println("testing new TLS_*SHA384 ciphers");
|
|
|
582125 |
+ System.out.println("Enable ony two new ciphers.");
|
|
|
582125 |
+ int ciphers[] =
|
|
|
582125 |
+ org.mozilla.jss.ssl.SSLSocket.getImplementedCipherSuites();
|
|
|
582125 |
+ for (int i = 0; i < ciphers.length; ++i) {
|
|
|
582125 |
+ if (ciphers[i] == 157 || ciphers[i] == 159) {
|
|
|
582125 |
+ System.out.println("enabling cipher: " + ciphers[i]);
|
|
|
582125 |
+ /* enable a couple SHA384 ciphers */
|
|
|
582125 |
+ SSLSocket.setCipherPreferenceDefault(ciphers[i], true);
|
|
|
582125 |
+ } else {
|
|
|
582125 |
+ System.out.println("disabling cipher: " + ciphers[i]);
|
|
|
582125 |
+ /* disable the non SHA384 ciphers */
|
|
|
582125 |
+ SSLSocket.setCipherPreferenceDefault(ciphers[i], false);
|
|
|
582125 |
+ }
|
|
|
582125 |
+ }
|
|
|
582125 |
+ }
|
|
|
582125 |
+
|
|
|
582125 |
+ } catch (SocketException ex) {
|
|
|
582125 |
+ System.out.println("Error configuring ciphers.");
|
|
|
582125 |
+ ex.printStackTrace();
|
|
|
582125 |
+ System.exit(1);
|
|
|
582125 |
+ }
|
|
|
582125 |
+ }
|
|
|
582125 |
|
|
|
582125 |
private void testConnection() throws Exception {
|
|
|
582125 |
serverReady = false;
|
|
|
582125 |
--
|
|
|
08bafd |
2.14.4
|
|
|
582125 |
|