Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 1455410 Details for
Bug 1554056
JSS: Add support for TLS_*_SHA384 ciphers
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
This patch adds support to TLS_*_SHA384 ciphers
0001-Ticket-4-Add-support-for-TLS_-_SHA384-ciphers.patch (text/plain), 8.38 KB, created by
Christina Fu
on 2018-06-29 00:49:06 UTC
(
hide
)
Description:
This patch adds support to TLS_*_SHA384 ciphers
Filename:
MIME Type:
Creator:
Christina Fu
Created:
2018-06-29 00:49:06 UTC
Size:
8.38 KB
patch
obsolete
>From 82f4b9a032f942fdc005e12a408c8e87c9ea0f36 Mon Sep 17 00:00:00 2001 >From: Christina Fu <cfu@redhat.com> >Date: Thu, 28 Jun 2018 17:42:36 -0700 >Subject: [PATCH] Ticket #4 Add support for TLS_*_SHA384 ciphers > >This patch adds support for TLS_*_SHA384 ciphers. > >Fixes https://pagure.io/jss/issue/4 >--- > org/mozilla/jss/ssl/SSLCipher.java | 7 +++++ > org/mozilla/jss/ssl/SSLSocket.java | 7 +++++ > org/mozilla/jss/tests/Constants.java | 11 ++++++-- > org/mozilla/jss/tests/SSLClientAuth.java | 45 ++++++++++++++++++++++++++++++++ > 4 files changed, 68 insertions(+), 2 deletions(-) > >diff --git a/org/mozilla/jss/ssl/SSLCipher.java b/org/mozilla/jss/ssl/SSLCipher.java >index 30acdd79..278126bb 100644 >--- a/org/mozilla/jss/ssl/SSLCipher.java >+++ b/org/mozilla/jss/ssl/SSLCipher.java >@@ -258,8 +258,11 @@ public enum SSLCipher { > TLS_RSA_WITH_SEED_CBC_SHA (0x0096), > > TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009C), >+ TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009D), > TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x009E), >+ TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x009F), > TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 (0x00A2), >+ TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 (0x00A3), > > TLS_ECDH_ECDSA_WITH_NULL_SHA (0xc001, true), > TLS_ECDH_ECDSA_WITH_RC4_128_SHA (0xc002, true), >@@ -292,11 +295,15 @@ public enum SSLCipher { > TLS_ECDH_anon_WITH_AES_256_CBC_SHA (0xc019, true), > > TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023, true), >+ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xc024, true), > TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027, true), >+ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028, true), > > TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02B, true), >+ TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02C, true), > TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02D, true), > TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02F, true), >+ TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030, true), > TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 (0xc031, true); > > private int id; >diff --git a/org/mozilla/jss/ssl/SSLSocket.java b/org/mozilla/jss/ssl/SSLSocket.java >index 0dd39fd7..e104d3cd 100644 >--- a/org/mozilla/jss/ssl/SSLSocket.java >+++ b/org/mozilla/jss/ssl/SSLSocket.java >@@ -268,8 +268,11 @@ public class SSLSocket extends java.net.Socket { > public final static int TLS_RSA_WITH_SEED_CBC_SHA = 0x0096; > > public final static int TLS_RSA_WITH_AES_128_GCM_SHA256 = 0x009C; >+ public final static int TLS_RSA_WITH_AES_256_GCM_SHA384 = 0x009D; > public final static int TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = 0x009E; >+ public final static int TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = 0x009F; > public final static int TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 = 0x00A2; >+ public final static int TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 = 0x00A3; > > public final static int TLS_ECDH_ECDSA_WITH_NULL_SHA = 0xc001; > public final static int TLS_ECDH_ECDSA_WITH_RC4_128_SHA = 0xc002; >@@ -302,11 +305,15 @@ public class SSLSocket extends java.net.Socket { > public final static int TLS_ECDH_anon_WITH_AES_256_CBC_SHA = 0xc019; > > public final static int TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = 0xc023; >+ public final static int TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 = 0xc024; > public final static int TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = 0xc027; >+ public final static int TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 = 0xc028; > > public final static int TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 0xc02B; >+ public final static int TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = 0xc02C; > public final static int TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 = 0xc02D; > public final static int TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 0xc02F; >+ public final static int TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = 0xc030; > public final static int TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 = 0xc031; > > /* >diff --git a/org/mozilla/jss/tests/Constants.java b/org/mozilla/jss/tests/Constants.java >index e6130347..d79ad720 100755 >--- a/org/mozilla/jss/tests/Constants.java >+++ b/org/mozilla/jss/tests/Constants.java >@@ -142,8 +142,15 @@ public interface Constants { > /*77*/ new cipher(SSLSocket.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"), > /*78*/ new cipher(SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"), > /*79*/ new cipher(SSLSocket.TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256"), >-/*78*/ new cipher(SSLSocket.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"), >-/*80*/ new cipher(SSLSocket.TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256") >+/*80*/ new cipher(SSLSocket.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"), >+/*81*/ new cipher(SSLSocket.TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256"), >+/*82*/ new cipher(SSLSocket.TLS_RSA_WITH_AES_256_GCM_SHA384, "TLS_RSA_WITH_AES_256_GCM_SHA384"), >+/*83*/ new cipher(SSLSocket.TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384"), >+/*84*/ new cipher(SSLSocket.TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384"), >+/*85*/ new cipher(SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384"), >+/*86*/ new cipher(SSLSocket.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"), >+/*87*/ new cipher(SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"), >+/*88*/ new cipher(SSLSocket.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384") > }; > > /** Cipher supported by JSSE (JDK 1.5.x) */ >diff --git a/org/mozilla/jss/tests/SSLClientAuth.java b/org/mozilla/jss/tests/SSLClientAuth.java >index e1c6163e..b656b821 100644 >--- a/org/mozilla/jss/tests/SSLClientAuth.java >+++ b/org/mozilla/jss/tests/SSLClientAuth.java >@@ -148,6 +148,8 @@ public class SSLClientAuth implements Runnable { > > } > configureDefaultSSLoptions(); >+ >+ testSpecificCiphers(); > > useNickname = false; > testConnection(); >@@ -265,6 +267,49 @@ public class SSLClientAuth implements Runnable { > System.exit(1); > } > } >+ >+ // test one or more specific ciphers >+ // -- normally for newly added ciphers >+ private void testSpecificCiphers() { >+ try { >+ //Disable SSL2 and SSL3 ciphers >+ SSLSocket.enableSSL2Default(false); >+ SSLSocket.enableSSL3Default(false); >+ /* TLS is enabled by default */ >+ >+ /* Enable Session tickets by default */ >+ SSLSocket.enableSessionTicketsDefault(true); >+ >+ /* >+ * when testing specific ciphers: >+ * 1. flip this to true >+ * 2. change the ciphers comparison (the code below was from >+ * the latest test >+ */ >+ if (false) { >+ System.out.println("testing new TLS_*SHA384 ciphers"); >+ System.out.println("Enable ony two new ciphers."); >+ int ciphers[] = >+ org.mozilla.jss.ssl.SSLSocket.getImplementedCipherSuites(); >+ for (int i = 0; i < ciphers.length; ++i) { >+ if (ciphers[i] == 157 || ciphers[i] == 159) { >+ System.out.println("enabling cipher: " + ciphers[i]); >+ /* enable a couple SHA384 ciphers */ >+ SSLSocket.setCipherPreferenceDefault(ciphers[i], true); >+ } else { >+ System.out.println("disabling cipher: " + ciphers[i]); >+ /* disable the non SHA384 ciphers */ >+ SSLSocket.setCipherPreferenceDefault(ciphers[i], false); >+ } >+ } >+ } >+ >+ } catch (SocketException ex) { >+ System.out.println("Error configuring ciphers."); >+ ex.printStackTrace(); >+ System.exit(1); >+ } >+ } > > private void testConnection() throws Exception { > serverReady = false; >-- >2.14.3 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=1455410">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Flags:
jmagne
: review+
Actions:
View
|
Diff
Attachments on
bug 1554056
: 1455410