rpms / jss

Clone
Source Code
GIT

Blame SOURCES/jss-add-TLS-SHA384-ciphers.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8-beta-stream-10.6 c8-stream-10.6 c8s-stream-10.6 c9 c9-beta
  1.   daca20d7de892c5674c39c6af901bb08b4997cf9
  2.   SOURCES
  3.   jss-add-TLS-SHA384-ciphers.patch
Blob History Raw
daca20 
From 82f4b9a032f942fdc005e12a408c8e87c9ea0f36 Mon Sep 17 00:00:00 2001
daca20 
From: Christina Fu <cfu@redhat.com>
daca20 
Date: Thu, 28 Jun 2018 17:42:36 -0700
daca20 
Subject: [PATCH] Ticket #4 Add support for TLS_*_SHA384 ciphers
daca20
daca20 
This patch adds support for TLS_*_SHA384 ciphers.
daca20
daca20 
Fixes https://pagure.io/jss/issue/4
daca20 
---
daca20 
 org/mozilla/jss/ssl/SSLCipher.java       |  7 +++++
daca20 
 org/mozilla/jss/ssl/SSLSocket.java       |  7 +++++
daca20 
 org/mozilla/jss/tests/Constants.java     | 11 ++++++--
daca20 
 org/mozilla/jss/tests/SSLClientAuth.java | 45 ++++++++++++++++++++++++++++++++
daca20 
 4 files changed, 68 insertions(+), 2 deletions(-)
daca20
daca20 
diff --git a/org/mozilla/jss/ssl/SSLCipher.java b/org/mozilla/jss/ssl/SSLCipher.java
daca20 
index 30acdd7..278126b 100644
daca20 
--- a/org/mozilla/jss/ssl/SSLCipher.java
daca20 
+++ b/org/mozilla/jss/ssl/SSLCipher.java
daca20 
@@ -258,8 +258,11 @@ public enum SSLCipher {
daca20 
     TLS_RSA_WITH_SEED_CBC_SHA                    (0x0096),
daca20
daca20 
     TLS_RSA_WITH_AES_128_GCM_SHA256              (0x009C),
daca20 
+    TLS_RSA_WITH_AES_256_GCM_SHA384              (0x009D),
daca20 
     TLS_DHE_RSA_WITH_AES_128_GCM_SHA256          (0x009E),
daca20 
+    TLS_DHE_RSA_WITH_AES_256_GCM_SHA384          (0x009F),
daca20 
     TLS_DHE_DSS_WITH_AES_128_GCM_SHA256          (0x00A2),
daca20 
+    TLS_DHE_DSS_WITH_AES_256_GCM_SHA384          (0x00A3),
daca20
daca20 
     TLS_ECDH_ECDSA_WITH_NULL_SHA                 (0xc001, true),
daca20 
     TLS_ECDH_ECDSA_WITH_RC4_128_SHA              (0xc002, true),
daca20 
@@ -292,11 +295,15 @@ public enum SSLCipher {
daca20 
     TLS_ECDH_anon_WITH_AES_256_CBC_SHA           (0xc019, true),
daca20
daca20 
     TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256      (0xc023, true),
daca20 
+    TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384      (0xc024, true),
daca20 
     TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256        (0xc027, true),
daca20 
+    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384        (0xc028, true),
daca20
daca20 
     TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256      (0xc02B, true),
daca20 
+    TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384      (0xc02C, true),
daca20 
     TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256       (0xc02D, true),
daca20 
     TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256        (0xc02F, true),
daca20 
+    TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384        (0xc030, true),
daca20 
     TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256         (0xc031, true);
daca20
daca20 
     private int id;
daca20 
diff --git a/org/mozilla/jss/ssl/SSLSocket.java b/org/mozilla/jss/ssl/SSLSocket.java
daca20 
index 0dd39fd..e104d3c 100644
daca20 
--- a/org/mozilla/jss/ssl/SSLSocket.java
daca20 
+++ b/org/mozilla/jss/ssl/SSLSocket.java
daca20 
@@ -268,8 +268,11 @@ public class SSLSocket extends java.net.Socket {
daca20 
     public final static int TLS_RSA_WITH_SEED_CBC_SHA                    = 0x0096;
daca20
daca20 
     public final static int TLS_RSA_WITH_AES_128_GCM_SHA256              = 0x009C;
daca20 
+    public final static int TLS_RSA_WITH_AES_256_GCM_SHA384              = 0x009D;
daca20 
     public final static int TLS_DHE_RSA_WITH_AES_128_GCM_SHA256          = 0x009E;
daca20 
+    public final static int TLS_DHE_RSA_WITH_AES_256_GCM_SHA384          = 0x009F;
daca20 
     public final static int TLS_DHE_DSS_WITH_AES_128_GCM_SHA256          = 0x00A2;
daca20 
+    public final static int TLS_DHE_DSS_WITH_AES_256_GCM_SHA384          = 0x00A3;
daca20
daca20 
     public final static int TLS_ECDH_ECDSA_WITH_NULL_SHA                 = 0xc001;
daca20 
     public final static int TLS_ECDH_ECDSA_WITH_RC4_128_SHA              = 0xc002;
daca20 
@@ -302,11 +305,15 @@ public class SSLSocket extends java.net.Socket {
daca20 
     public final static int TLS_ECDH_anon_WITH_AES_256_CBC_SHA           = 0xc019;
daca20
daca20 
     public final static int TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256      = 0xc023;
daca20 
+    public final static int TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384      = 0xc024;
daca20 
     public final static int TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256        = 0xc027;
daca20 
+    public final static int TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384        = 0xc028;
daca20
daca20 
     public final static int TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256      = 0xc02B;
daca20 
+    public final static int TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384      = 0xc02C;
daca20 
     public final static int TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256       = 0xc02D;
daca20 
     public final static int TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256        = 0xc02F;
daca20 
+    public final static int TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384       = 0xc030;
daca20 
     public final static int TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256         = 0xc031;
daca20
daca20 
     /*
daca20 
diff --git a/org/mozilla/jss/tests/Constants.java b/org/mozilla/jss/tests/Constants.java
daca20 
index e613034..d79ad72 100755
daca20 
--- a/org/mozilla/jss/tests/Constants.java
daca20 
+++ b/org/mozilla/jss/tests/Constants.java
daca20 
@@ -142,8 +142,15 @@ public interface Constants {
daca20 
 /*77*/  new cipher(SSLSocket.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"),
daca20 
 /*78*/  new cipher(SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"),
daca20 
 /*79*/  new cipher(SSLSocket.TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256"),
daca20 
-/*78*/  new cipher(SSLSocket.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"),
daca20 
-/*80*/  new cipher(SSLSocket.TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256")
daca20 
+/*80*/  new cipher(SSLSocket.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"),
daca20 
+/*81*/  new cipher(SSLSocket.TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256"),
daca20 
+/*82*/  new cipher(SSLSocket.TLS_RSA_WITH_AES_256_GCM_SHA384, "TLS_RSA_WITH_AES_256_GCM_SHA384"),
daca20 
+/*83*/  new cipher(SSLSocket.TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384"),
daca20 
+/*84*/  new cipher(SSLSocket.TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384"),
daca20 
+/*85*/  new cipher(SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384"),
daca20 
+/*86*/  new cipher(SSLSocket.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"),
daca20 
+/*87*/  new cipher(SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"),
daca20 
+/*88*/  new cipher(SSLSocket.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384")
daca20 
     };
daca20
daca20 
     /** Cipher supported by JSSE (JDK 1.5.x) */
daca20 
diff --git a/org/mozilla/jss/tests/SSLClientAuth.java b/org/mozilla/jss/tests/SSLClientAuth.java
daca20 
index e1c6163..b656b82 100644
daca20 
--- a/org/mozilla/jss/tests/SSLClientAuth.java
daca20 
+++ b/org/mozilla/jss/tests/SSLClientAuth.java
daca20 
@@ -148,6 +148,8 @@ public class SSLClientAuth implements Runnable {
daca20
daca20 
         }
daca20 
         configureDefaultSSLoptions();
daca20 
+
daca20 
+        testSpecificCiphers();
daca20
daca20 
         useNickname = false;
daca20 
         testConnection();
daca20 
@@ -265,6 +267,49 @@ public class SSLClientAuth implements Runnable {
daca20 
             System.exit(1);
daca20 
         }
daca20 
     }
daca20 
+
daca20 
+    // test one or more specific ciphers
daca20 
+    //   -- normally for newly added ciphers
daca20 
+    private void testSpecificCiphers() {
daca20 
+        try {
daca20 
+            //Disable SSL2 and SSL3 ciphers
daca20 
+            SSLSocket.enableSSL2Default(false);
daca20 
+            SSLSocket.enableSSL3Default(false);
daca20 
+            /* TLS is enabled by default */
daca20 
+
daca20 
+            /* Enable Session tickets by default */
daca20 
+            SSLSocket.enableSessionTicketsDefault(true);
daca20 
+
daca20 
+            /*
daca20 
+             *  when testing specific ciphers:
daca20 
+             *  1. flip this to true
daca20 
+             *  2. change the ciphers comparison (the code below was from
daca20 
+             *     the latest test
daca20 
+             */
daca20 
+            if (false) {
daca20 
+                System.out.println("testing new TLS_*SHA384 ciphers");
daca20 
+                System.out.println("Enable ony two new ciphers.");
daca20 
+                int ciphers[] =
daca20 
+                        org.mozilla.jss.ssl.SSLSocket.getImplementedCipherSuites();
daca20 
+                for (int i = 0; i < ciphers.length;  ++i) {
daca20 
+                    if (ciphers[i] == 157 || ciphers[i] == 159) {
daca20 
+                        System.out.println("enabling cipher: " + ciphers[i]);
daca20 
+                        /* enable a couple SHA384 ciphers */
daca20 
+                        SSLSocket.setCipherPreferenceDefault(ciphers[i], true);
daca20 
+                    } else {
daca20 
+                        System.out.println("disabling cipher: " + ciphers[i]);
daca20 
+                        /* disable the non SHA384 ciphers */
daca20 
+                        SSLSocket.setCipherPreferenceDefault(ciphers[i], false);
daca20 
+                    }
daca20 
+                }
daca20 
+            }
daca20 
+
daca20 
+        } catch (SocketException ex) {
daca20 
+            System.out.println("Error configuring ciphers.");
daca20 
+            ex.printStackTrace();
daca20 
+            System.exit(1);
daca20 
+        }
daca20 
+    }
daca20
daca20 
     private void testConnection() throws Exception {
daca20 
         serverReady = false;
daca20 
--
daca20 
1.8.3.1
daca20

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation