jdk Cdiff src/java.base/share/classes/sun/security/ssl/SSLSocketImpl.java

src/java.base/share/classes/sun/security/ssl/SSLSocketImpl.java

rev 10851 : Implement TLS_FALLBACK_SCSV


*** 301,310 ****
--- 301,313 ----
       */
      private boolean             secureRenegotiation;
      private byte[]              clientVerifyData;
      private byte[]              serverVerifyData;
  
+     // Whether to send TLS_FALLBACK_SCSV as part of the cipher suite list.
+     private boolean sendFallbackSCSV;
+ 
      /*
       * The authentication context holds all information used to establish
       * who this end of the connection is (certificate chains, private keys,
       * etc) and who is trusted (e.g. as CAs or websites).
       */
*** 1297,1306 ****
--- 1300,1310 ----
              handshaker = new ClientHandshaker(this, sslContext,
                      enabledProtocols,
                      protocolVersion, connectionState == cs_HANDSHAKE,
                      secureRenegotiation, clientVerifyData, serverVerifyData);
              handshaker.setSNIServerNames(serverNames);
+             handshaker.setSendFallbackSCSV(sendFallbackSCSV);
          }
          handshaker.setEnabledCipherSuites(enabledCipherSuites);
          handshaker.setEnableSessionCreation(enableSessionCreation);
      }
  
*** 2510,2519 ****
--- 2514,2524 ----
          params.setEndpointIdentificationAlgorithm(identificationProtocol);
          params.setAlgorithmConstraints(algorithmConstraints);
          params.setSNIMatchers(sniMatchers);
          params.setServerNames(serverNames);
          params.setUseCipherSuitesOrder(preferLocalCipherSuites);
+         params.setSendFallbackSCSV(sendFallbackSCSV);
  
          return params;
      }
  
      /**
*** 2525,2534 ****
--- 2530,2540 ----
  
          // the super implementation does not handle the following parameters
          identificationProtocol = params.getEndpointIdentificationAlgorithm();
          algorithmConstraints = params.getAlgorithmConstraints();
          preferLocalCipherSuites = params.getUseCipherSuitesOrder();
+         sendFallbackSCSV = params.getSendFallbackSCSV();
  
          List<SNIServerName> sniNames = params.getServerNames();
          if (sniNames != null) {
              serverNames = sniNames;
          }
*** 2544,2553 ****
--- 2550,2560 ----
              if (roleIsServer) {
                  handshaker.setSNIMatchers(sniMatchers);
                  handshaker.setUseCipherSuitesOrder(preferLocalCipherSuites);
              } else {
                  handshaker.setSNIServerNames(serverNames);
+                 handshaker.setSendFallbackSCSV(sendFallbackSCSV);
              }
          }
      }
  
      //