src/java.base/share/classes/sun/security/ssl/CipherSuite.java
Print this page
rev 10851 : Implement TLS_FALLBACK_SCSV
*** 353,363 ****
// Kerberos cipher suites
K_KRB5 ("KRB5", true),
K_KRB5_EXPORT("KRB5_EXPORT", true),
// renegotiation protection request signaling cipher suite
! K_SCSV ("SCSV", true);
// name of the key exchange algorithm, e.g. DHE_DSS
final String name;
final boolean allowed;
private final boolean alwaysAvailable;
--- 353,366 ----
// Kerberos cipher suites
K_KRB5 ("KRB5", true),
K_KRB5_EXPORT("KRB5_EXPORT", true),
// renegotiation protection request signaling cipher suite
! K_SCSV ("SCSV", true),
!
! // fallback signaling cipher suite
! K_FALLBACK_SCSV ("FALLBACK_SCSV", false);
// name of the key exchange algorithm, e.g. DHE_DSS
final String name;
final boolean allowed;
private final boolean alwaysAvailable;
*** 1120,1129 ****
--- 1123,1136 ----
// Renegotiation protection request Signalling Cipher Suite Value (SCSV)
add("TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
0x00ff, --p, K_SCSV, B_NULL, T);
+ // Fallback in progress Signalling Cipher Suite Value (SCSV)
+ add("TLS_FALLBACK_SCSV",
+ 0x5600, --p, K_FALLBACK_SCSV, B_NULL, F);
+
/*
* Definition of the CipherSuites that are supported but not enabled
* by default.
* They are listed in preference order, preferred first, using the
* following criteria:
*** 1400,1405 ****
--- 1407,1415 ----
// ciphersuite SSL_NULL_WITH_NULL_NULL
final static CipherSuite C_NULL = CipherSuite.valueOf(0, 0);
// ciphersuite TLS_EMPTY_RENEGOTIATION_INFO_SCSV
final static CipherSuite C_SCSV = CipherSuite.valueOf(0x00, 0xff);
+
+ // ciphersuite TLS_FALLBACK_SCSV
+ final static CipherSuite C_FALLBACK_SCSV = CipherSuite.valueOf(0x56, 0x00);
}