Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8207237

SSLSocket#setEnabledCipherSuites is accepting empty string

    XMLWordPrintable

Details

    • b20
    • b25
    • Verified

    Backports

      Description

        Specification of SSLSocket#setEnabledCipherSuites says,
        “Throws: IllegalArgumentException - when one or more of the ciphers named by the parameter is not supported, or when the parameter is null.”

        However,

        with JDKb20, (refer [1] for code)
        SSLSocket#setEnabledCipherSuites (new String[] {“”} ) // empty string
        Is accepted and not throwing IllegalArgumentException

        With JDKb15 (refer to [2] for code)
        SSLSocket#setEnabledCipherSuites(new String[]{“”}) throws IllegalArgumentException

        [1]
        =========
        JDK-11\20\jdk-11\bin\jshell
        | Welcome to JShell -- Version 11-ea
        | For an introduction type: /help intro

        jshell> import javax.net.ssl.*

        jshell> SSLContext ctx = SSLContext.getInstance("TLS")
        ctx ==> javax.net.ssl.SSLContext@7113b13f

        jshell> ctx.init(null,null,null)

        jshell> SSLSocket sslSocket = (SSLSocket)ctx.getSocketFactory().createSocket()
        sslSocket ==> Socket[unconnected]

        jshell> sslSocket.setEnabledCipherSuites(new String[]{""})

        jshell>
        =========

        [2]
        =========
        JDK-11\15\jdk-11\bin\jshell
        | Welcome to JShell -- Version 11-ea
        | For an introduction type: /help intro

        jshell> import javax.net.ssl.*

        jshell> SSLContext ctx = SSLContext.getInstance("TLS")
        ctx ==> javax.net.ssl.SSLContext@587d1d39

        jshell> ctx.init(null,null,null)

        jshell> SSLSocket sslSocket = (SSLSocket) ctx.getSocketFactory().createSocket()
        sslSocket ==> 73d4cc9e[SSL_NULL_WITH_NULL_NULL: Socket[unconnected]]

        jshell> sslSocket.setEnabledCipherSuites(new String[] {""} )
        | Exception java.lang.IllegalArgumentException: Unsupported ciphersuite
        | at CipherSuite.valueOf (CipherSuite.java:283)
        | at CipherSuiteList.<init> (CipherSuiteList.java:82)
        | at SSLSocketImpl.setEnabledCipherSuites (SSLSocketImpl.java:2473)
        | at (#5:1)
        =========

        Attachments

          Issue Links

            backported by

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8208441 SSLSocket#setEnabledCipherSuites is accepting empty string

            • P2 - Crashes, loss of data, severe memory leak.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8209266 SSLSocket#setEnabledCipherSuites is accepting empty string

            • P2 - Crashes, loss of data, severe memory leak.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8247062 SSLSocket#setEnabledCipherSuites is accepting empty string

            • P2 - Crashes, loss of data, severe memory leak.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8243728 SSLSocket#setEnabledCipherSuites is accepting empty string

            • P2 - Crashes, loss of data, severe memory leak.
            • Closed

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8256876 SSLSocket#setEnabledCipherSuites is accepting empty string

            • P2 - Crashes, loss of data, severe memory leak.
            • Closed

            Activity

              People

                jnimeh Jamil Nimeh
                bnallakaluva Bharath Nallakaluva (Inactive)
                Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved: