Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8077806

mismatch comment and code in CipherSuite.java

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: P4 P4
    • 9
    • 9
    • security-libs

        In the following code of CipherSuite.java:
        ---------------------------------------------------------
            /*
             * Use this method when there is no lower protocol limit where this
             * suite can be used, and the PRF is P_SHA256. That is, the
             * existing ciphersuites. From RFC 5246:
             *
             * All cipher suites in this document use P_SHA256.
             */
            private static void add(String name, int id, int priority,
                    KeyExchange keyExchange, BulkCipher cipher,
                    boolean allowed, int obsoleted) {
                // If this is an obsoleted suite, then don't let the TLS 1.2
                // protocol have a valid PRF value.
                PRF prf = P_SHA256;
                if (obsoleted < ProtocolVersion.TLS12.v) {
                    prf = P_NONE;
                }

                add(name, id, priority, keyExchange, cipher, allowed, obsoleted,
                    ProtocolVersion.LIMIT_MIN_VALUE, prf);
            }
        ---------------------------------------------------------

        it is commented that "don't let the TLS 1.2 protocol have a valid PRF value". However, the following code uses P_SHA256 as the PRF if the obsoleted version is TLS12.

              tidu Tim Du (Inactive)
              xuelei Xuelei Fan
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: