diff -r 73a6534bce94 src/java.net.http/share/classes/jdk/internal/net/http/AbstractAsyncSSLConnection.java --- a/src/java.net.http/share/classes/jdk/internal/net/http/AbstractAsyncSSLConnection.java Tue Jun 19 09:13:58 2018 +0100 +++ b/src/java.net.http/share/classes/jdk/internal/net/http/AbstractAsyncSSLConnection.java Tue Jun 19 09:30:41 2018 +0100 @@ -27,6 +27,7 @@ import java.net.InetSocketAddress; import java.util.Arrays; +import java.util.LinkedList; import java.util.List; import java.util.concurrent.CompletableFuture; import javax.net.ssl.SNIHostName; @@ -89,11 +90,30 @@ final SSLEngine getEngine() { return engine; } + private static boolean contains(String[] rr, String target) { + for (String s : rr) + if (target.equalsIgnoreCase(s)) + return true; + return false; + } + private static SSLParameters createSSLParameters(HttpClientImpl client, ServerName serverName, String[] alpn) { SSLParameters sslp = client.sslParameters(); SSLParameters sslParameters = Utils.copySSLParameters(sslp); + // filter out unwanted protocols, if h2 only + if (alpn != null && alpn.length != 0 && !contains(alpn, "http/1.1")) { + LinkedList l = new LinkedList<>(); + for (String proto : sslParameters.getProtocols()) { + if (!proto.startsWith("SSL") && !proto.endsWith("v1.1") && !proto.endsWith("v1")) { + l.add(proto); + } + } + String[] a1 = l.toArray(new String[0]); + sslParameters.setProtocols(a1); + } + if (!disableHostnameVerification) sslParameters.setEndpointIdentificationAlgorithm("HTTPS"); if (alpn != null) { @@ -112,10 +132,12 @@ return sslParameters; } + private static SSLEngine createEngine(SSLContext context, String serverName, int port, SSLParameters sslParameters) { SSLEngine engine = context.createSSLEngine(serverName, port); engine.setUseClientMode(true); + engine.setSSLParameters(sslParameters); return engine; } diff -r 73a6534bce94 src/java.net.http/share/classes/jdk/internal/net/http/HttpClientImpl.java --- a/src/java.net.http/share/classes/jdk/internal/net/http/HttpClientImpl.java Tue Jun 19 09:13:58 2018 +0100 +++ b/src/java.net.http/share/classes/jdk/internal/net/http/HttpClientImpl.java Tue Jun 19 09:30:41 2018 +0100 @@ -329,7 +329,18 @@ private static SSLParameters getDefaultParams(SSLContext ctx) { SSLParameters params = ctx.getSupportedSSLParameters(); - params.setProtocols(new String[]{"TLSv1.2"}); + String[] protocols = params.getProtocols(); + boolean found13 = false; + for (String proto : protocols) { + if (proto.equals("TLSv1.3")) { + found13 = true; + break; + } + } + if (found13) + params.setProtocols(new String[] {"TLSv1.3", "TLSv1.2"}); + else + params.setProtocols(new String[] {"TLSv1.2"}); return params; } diff -r 73a6534bce94 test/jdk/java/net/httpclient/http2/FixedThreadPoolTest.java --- a/test/jdk/java/net/httpclient/http2/FixedThreadPoolTest.java Tue Jun 19 09:13:58 2018 +0100 +++ b/test/jdk/java/net/httpclient/http2/FixedThreadPoolTest.java Tue Jun 19 09:30:41 2018 +0100 @@ -177,13 +177,24 @@ System.err.println("DONE"); } + // expect highest supported version we know about + static String expectedTLSVersion(SSLContext ctx) { + SSLParameters params = ctx.getSupportedSSLParameters(); + String[] protocols = params.getProtocols(); + for (String prot : protocols) { + if (prot.equals("TLSv1.3")) + return "TLSv1.3"; + } + return "TLSv1.2"; + } + static void paramsTest() throws Exception { System.err.println("paramsTest"); Http2TestServer server = new Http2TestServer(true, 0, exec, sslContext); server.addHandler((t -> { SSLSession s = t.getSSLSession(); String prot = s.getProtocol(); - if (prot.equals("TLSv1.2")) { + if (prot.equals(expectedTLSVersion(sslContext))) { t.sendResponseHeaders(200, -1); } else { System.err.printf("Protocols =%s\n", prot); diff -r 73a6534bce94 test/jdk/java/net/httpclient/http2/TLSConnection.java --- a/test/jdk/java/net/httpclient/http2/TLSConnection.java Tue Jun 19 09:13:58 2018 +0100 +++ b/test/jdk/java/net/httpclient/http2/TLSConnection.java Tue Jun 19 09:30:41 2018 +0100 @@ -32,6 +32,7 @@ import java.net.http.HttpRequest; import java.net.http.HttpRequest.BodyPublishers; import java.net.http.HttpResponse.BodyHandlers; +import javax.net.ssl.SSLContext; import javax.net.ssl.SSLParameters; import javax.net.ssl.SSLSession; @@ -57,6 +58,19 @@ private static final SSLParameters USE_DEFAULT_SSL_PARAMETERS = new SSLParameters(); + // expect highest supported version we know about + static String expectedTLSVersion(SSLContext ctx) throws Exception { + if (ctx == null) + ctx = SSLContext.getDefault(); + SSLParameters params = ctx.getSupportedSSLParameters(); + String[] protocols = params.getProtocols(); + for (String prot : protocols) { + if (prot.equals("TLSv1.3")) + return "TLSv1.3"; + } + return "TLSv1.2"; + } + public static void main(String[] args) throws Exception { // re-enable 3DES Security.setProperty("jdk.tls.disabledAlgorithms", ""); @@ -92,7 +106,7 @@ "---\nTest #2: default SSL parameters, " + "expect successful connection", () -> connect(uriString, USE_DEFAULT_SSL_PARAMETERS)); - success &= checkProtocol(handler.getSSLSession(), "TLSv1.2"); + success &= checkProtocol(handler.getSSLSession(), expectedTLSVersion(null)); // set SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA cipher suite // which has less priority in default cipher suite list