src/java.base/share/classes/sun/security/ssl/SSLSocketImpl.java
Print this page
rev 10851 : Implement TLS_FALLBACK_SCSV
@@ -301,10 +301,13 @@
*/
private boolean secureRenegotiation;
private byte[] clientVerifyData;
private byte[] serverVerifyData;
+ // Whether to send TLS_FALLBACK_SCSV as part of the cipher suite list.
+ private boolean sendFallbackSCSV;
+
/*
* The authentication context holds all information used to establish
* who this end of the connection is (certificate chains, private keys,
* etc) and who is trusted (e.g. as CAs or websites).
*/
@@ -1297,10 +1300,11 @@
handshaker = new ClientHandshaker(this, sslContext,
enabledProtocols,
protocolVersion, connectionState == cs_HANDSHAKE,
secureRenegotiation, clientVerifyData, serverVerifyData);
handshaker.setSNIServerNames(serverNames);
+ handshaker.setSendFallbackSCSV(sendFallbackSCSV);
}
handshaker.setEnabledCipherSuites(enabledCipherSuites);
handshaker.setEnableSessionCreation(enableSessionCreation);
}
@@ -2510,10 +2514,11 @@
params.setEndpointIdentificationAlgorithm(identificationProtocol);
params.setAlgorithmConstraints(algorithmConstraints);
params.setSNIMatchers(sniMatchers);
params.setServerNames(serverNames);
params.setUseCipherSuitesOrder(preferLocalCipherSuites);
+ params.setSendFallbackSCSV(sendFallbackSCSV);
return params;
}
/**
@@ -2525,10 +2530,11 @@
// the super implementation does not handle the following parameters
identificationProtocol = params.getEndpointIdentificationAlgorithm();
algorithmConstraints = params.getAlgorithmConstraints();
preferLocalCipherSuites = params.getUseCipherSuitesOrder();
+ sendFallbackSCSV = params.getSendFallbackSCSV();
List<SNIServerName> sniNames = params.getServerNames();
if (sniNames != null) {
serverNames = sniNames;
}
@@ -2544,10 +2550,11 @@
if (roleIsServer) {
handshaker.setSNIMatchers(sniMatchers);
handshaker.setUseCipherSuitesOrder(preferLocalCipherSuites);
} else {
handshaker.setSNIServerNames(serverNames);
+ handshaker.setSendFallbackSCSV(sendFallbackSCSV);
}
}
}
//