jdk Sdiff src/java.base/share/classes/sun/security/ssl

src/java.base/share/classes/sun/security/ssl/ClientHandshaker.java

rev 10851 : Implement TLS_FALLBACK_SCSV

1303             }
1304         }
1305 
1306         if (session == null && !enableNewSession) {
1307             throw new SSLHandshakeException("No existing session to resume");
1308         }
1309 
1310         // exclude SCSV for secure renegotiation
1311         if (secureRenegotiation && cipherSuites.contains(CipherSuite.C_SCSV)) {
1312             Collection<CipherSuite> cipherList =
1313                         new ArrayList<>(cipherSuites.size() - 1);
1314             for (CipherSuite suite : cipherSuites.collection()) {
1315                 if (suite != CipherSuite.C_SCSV) {
1316                     cipherList.add(suite);
1317                 }
1318             }
1319 
1320             cipherSuites = new CipherSuiteList(cipherList);
1321         }
1322 









1323         // make sure there is a negotiable cipher suite.
1324         boolean negotiable = false;
1325         for (CipherSuite suite : cipherSuites.collection()) {
1326             if (isNegotiable(suite)) {
1327                 negotiable = true;
1328                 break;
1329             }
1330         }
1331 
1332         if (!negotiable) {
1333             throw new SSLHandshakeException("No negotiable cipher suite");
1334         }
1335 
1336         // Not a TLS1.2+ handshake
1337         // For SSLv2Hello, HandshakeHash.reset() will be called, so we
1338         // cannot call HandshakeHash.protocolDetermined() here. As it does
1339         // not follow the spec that HandshakeHash.reset() can be only be
1340         // called before protocolDetermined.
1341         // if (maxProtocolVersion.v < ProtocolVersion.TLS12.v) {
1342         //     handshakeHash.protocolDetermined(maxProtocolVersion);

1303             }
1304         }
1305 
1306         if (session == null && !enableNewSession) {
1307             throw new SSLHandshakeException("No existing session to resume");
1308         }
1309 
1310         // exclude SCSV for secure renegotiation
1311         if (secureRenegotiation && cipherSuites.contains(CipherSuite.C_SCSV)) {
1312             Collection<CipherSuite> cipherList =
1313                         new ArrayList<>(cipherSuites.size() - 1);
1314             for (CipherSuite suite : cipherSuites.collection()) {
1315                 if (suite != CipherSuite.C_SCSV) {
1316                     cipherList.add(suite);
1317                 }
1318             }
1319 
1320             cipherSuites = new CipherSuiteList(cipherList);
1321         }
1322 
1323         // include the fallback SCSV if requested
1324         if (sendFallbackSCSV) {
1325             Collection<CipherSuite> cipherList =
1326                         new ArrayList<>(cipherSuites.size() + 1);
1327             cipherList.addAll(cipherSuites.collection());
1328             cipherList.add(CipherSuite.C_FALLBACK_SCSV);
1329             cipherSuites = new CipherSuiteList(cipherList);
1330         }
1331 
1332         // make sure there is a negotiable cipher suite.
1333         boolean negotiable = false;
1334         for (CipherSuite suite : cipherSuites.collection()) {
1335             if (isNegotiable(suite)) {
1336                 negotiable = true;
1337                 break;
1338             }
1339         }
1340 
1341         if (!negotiable) {
1342             throw new SSLHandshakeException("No negotiable cipher suite");
1343         }
1344 
1345         // Not a TLS1.2+ handshake
1346         // For SSLv2Hello, HandshakeHash.reset() will be called, so we
1347         // cannot call HandshakeHash.protocolDetermined() here. As it does
1348         // not follow the spec that HandshakeHash.reset() can be only be
1349         // called before protocolDetermined.
1350         // if (maxProtocolVersion.v < ProtocolVersion.TLS12.v) {
1351         //     handshakeHash.protocolDetermined(maxProtocolVersion);