src/java.base/share/classes/sun/security/ssl/CipherSuite.java

rev 10851 : Implement TLS_FALLBACK_SCSV

@@ -353,11 +353,14 @@
         // Kerberos cipher suites
         K_KRB5       ("KRB5", true),
         K_KRB5_EXPORT("KRB5_EXPORT", true),
 
         // renegotiation protection request signaling cipher suite
-        K_SCSV       ("SCSV",        true);
+        K_SCSV       ("SCSV",        true),
+
+        // fallback signaling cipher suite
+        K_FALLBACK_SCSV ("FALLBACK_SCSV", false);
 
         // name of the key exchange algorithm, e.g. DHE_DSS
         final String name;
         final boolean allowed;
         private final boolean alwaysAvailable;

@@ -1120,10 +1123,14 @@
 
         // Renegotiation protection request Signalling Cipher Suite Value (SCSV)
         add("TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
             0x00ff, --p, K_SCSV,        B_NULL,    T);
 
+        // Fallback in progress Signalling Cipher Suite Value (SCSV)
+        add("TLS_FALLBACK_SCSV",
+            0x5600, --p, K_FALLBACK_SCSV, B_NULL, F);
+
         /*
          * Definition of the CipherSuites that are supported but not enabled
          * by default.
          * They are listed in preference order, preferred first, using the
          * following criteria:

@@ -1400,6 +1407,9 @@
     // ciphersuite SSL_NULL_WITH_NULL_NULL
     final static CipherSuite C_NULL = CipherSuite.valueOf(0, 0);
 
     // ciphersuite TLS_EMPTY_RENEGOTIATION_INFO_SCSV
     final static CipherSuite C_SCSV = CipherSuite.valueOf(0x00, 0xff);
+
+    // ciphersuite TLS_FALLBACK_SCSV
+    final static CipherSuite C_FALLBACK_SCSV = CipherSuite.valueOf(0x56, 0x00);
 }