-
Type:
Bug
-
Resolution: Fixed
-
Priority:
P4
-
Affects Version/s: 9
-
Component/s: security-libs
-
b89
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-8142751 | emb-9 | Xuelei Fan | P4 | Resolved | Fixed | team |
In the following code of CipherSuite.java:
---------------------------------------------------------
/*
* Use this method when there is no lower protocol limit where this
* suite can be used, and the PRF is P_SHA256. That is, the
* existing ciphersuites. From RFC 5246:
*
* All cipher suites in this document use P_SHA256.
*/
private static void add(String name, int id, int priority,
KeyExchange keyExchange, BulkCipher cipher,
boolean allowed, int obsoleted) {
// If this is an obsoleted suite, then don't let the TLS 1.2
// protocol have a valid PRF value.
PRF prf = P_SHA256;
if (obsoleted < ProtocolVersion.TLS12.v) {
prf = P_NONE;
}
add(name, id, priority, keyExchange, cipher, allowed, obsoleted,
ProtocolVersion.LIMIT_MIN_VALUE, prf);
}
---------------------------------------------------------
it is commented that "don't let the TLS 1.2 protocol have a valid PRF value". However, the following code uses P_SHA256 as the PRF if the obsoleted version is TLS12.
---------------------------------------------------------
/*
* Use this method when there is no lower protocol limit where this
* suite can be used, and the PRF is P_SHA256. That is, the
* existing ciphersuites. From RFC 5246:
*
* All cipher suites in this document use P_SHA256.
*/
private static void add(String name, int id, int priority,
KeyExchange keyExchange, BulkCipher cipher,
boolean allowed, int obsoleted) {
// If this is an obsoleted suite, then don't let the TLS 1.2
// protocol have a valid PRF value.
PRF prf = P_SHA256;
if (obsoleted < ProtocolVersion.TLS12.v) {
prf = P_NONE;
}
add(name, id, priority, keyExchange, cipher, allowed, obsoleted,
ProtocolVersion.LIMIT_MIN_VALUE, prf);
}
---------------------------------------------------------
it is commented that "don't let the TLS 1.2 protocol have a valid PRF value". However, the following code uses P_SHA256 as the PRF if the obsoleted version is TLS12.
- backported by
-
JDK-8142751 mismatch comment and code in CipherSuite.java
-
- Resolved
-