diff options
| author | Alex Klyubin <klyubin@google.com> | 2013-12-11 15:04:25 -0800 |
|---|---|---|
| committer | Alex Klyubin <klyubin@google.com> | 2013-12-12 14:48:26 -0800 |
| commit | b4675a53abbbb55acad213485636cf6a0d8b5bf6 (patch) | |
| tree | 8ae9ae0197e79e5a60a95f05c04d6c5a4abcb6e6 | |
| parent | 5e528d9a535ca3bdf7aadd51889a6f467e731962 (diff) | |
| download | libcore-b4675a53abbbb55acad213485636cf6a0d8b5bf6.zip libcore-b4675a53abbbb55acad213485636cf6a0d8b5bf6.tar.gz libcore-b4675a53abbbb55acad213485636cf6a0d8b5bf6.tar.bz2 | |
Javadoc the default configuration of SSLEngine.
The Javadoc of javax.net.ssl.SSLEngine now lists the protocols and
cipher suites supported and enabled by default.
Bug: 11220570
Change-Id: I6e365d58bfe2ddf60bae9dc7ccd0a33249e9e125
| -rw-r--r-- | luni/src/main/java/javax/net/ssl/SSLEngine.java | 280 | ||||
| -rw-r--r-- | support/src/test/java/libcore/java/security/StandardNames.java | 6 |
2 files changed, 284 insertions, 2 deletions
diff --git a/luni/src/main/java/javax/net/ssl/SSLEngine.java b/luni/src/main/java/javax/net/ssl/SSLEngine.java index a6c9946..eff70e9 100644 --- a/luni/src/main/java/javax/net/ssl/SSLEngine.java +++ b/luni/src/main/java/javax/net/ssl/SSLEngine.java @@ -24,6 +24,286 @@ import java.nio.ByteBuffer; * protocols. It includes the setup, handshake, and encrypt/decrypt * functionality needed to create a secure connection. * + * <h3>Default configuration</h3> + * <p>{@code SSLEngine} instances obtained from default {@link SSLContext} are configured as + * follows: + * + * <h4>Protocols</h4> + * <table> + * <thead> + * <tr> + * <th>Protocol</th> + * <th>Supported (API Levels)</th> + * <th>Enabled by default (API Levels)</th> + * </tr> + * </thead> + * <tbody> + * <tr> + * <td>SSLv3</td> + * <td>1+</td> + * <td>1+</td> + * </tr> + * <tr> + * <td>TLSv1</td> + * <td>1+</td> + * <td>1+</td> + * </tr> + * </tbody> + * </table> + * + * <h4>Cipher suites</h4> + * <table> + * <thead> + * <tr> + * <th>Cipher suite</th> + * <th>Supported (API Levels)</th> + * <th>Enabled by default (API Levels)</th> + * </tr> + * </thead> + * <tbody> + * <tr> + * <td>SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA</td> + * <td>9+</td> + * <td></td> + * </tr> + * <tr> + * <td>SSL_DH_anon_EXPORT_WITH_RC4_40_MD5</td> + * <td>9+</td> + * <td></td> + * </tr> + * <tr> + * <td>SSL_DH_anon_WITH_3DES_EDE_CBC_SHA</td> + * <td>9+</td> + * <td></td> + * </tr> + * <tr> + * <td>SSL_DH_anon_WITH_DES_CBC_SHA</td> + * <td>9+</td> + * <td></td> + * </tr> + * <tr> + * <td>SSL_DH_anon_WITH_RC4_128_MD5</td> + * <td>9+</td> + * <td></td> + * </tr> + * <tr> + * <td>SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA</td> + * <td>9+</td> + * <td>9-19</td> + * </tr> + * <tr> + * <td>SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA</td> + * <td>9+</td> + * <td>9+</td> + * </tr> + * <tr> + * <td>SSL_DHE_DSS_WITH_DES_CBC_SHA</td> + * <td>9+</td> + * <td>9-19</td> + * </tr> + * <tr> + * <td>SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA</td> + * <td>9+</td> + * <td>9-19</td> + * </tr> + * <tr> + * <td>SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA</td> + * <td>9+</td> + * <td>9+</td> + * </tr> + * <tr> + * <td>SSL_DHE_RSA_WITH_DES_CBC_SHA</td> + * <td>9+</td> + * <td>9-19</td> + * </tr> + * <tr> + * <td>SSL_RSA_EXPORT_WITH_DES40_CBC_SHA</td> + * <td>9+</td> + * <td>9-19</td> + * </tr> + * <tr> + * <td>SSL_RSA_EXPORT_WITH_RC4_40_MD5</td> + * <td>9+</td> + * <td>9-19</td> + * </tr> + * <tr> + * <td>SSL_RSA_WITH_3DES_EDE_CBC_SHA</td> + * <td>9+</td> + * <td>9+</td> + * </tr> + * <tr> + * <td>SSL_RSA_WITH_DES_CBC_SHA</td> + * <td>9+</td> + * <td>9-19</td> + * </tr> + * <tr> + * <td>SSL_RSA_WITH_NULL_MD5</td> + * <td>9+</td> + * <td></td> + * </tr> + * <tr> + * <td>SSL_RSA_WITH_NULL_SHA</td> + * <td>9+</td> + * <td></td> + * </tr> + * <tr> + * <td>SSL_RSA_WITH_RC4_128_MD5</td> + * <td>9+</td> + * <td>9+</td> + * </tr> + * <tr> + * <td>SSL_RSA_WITH_RC4_128_SHA</td> + * <td>9+</td> + * <td>9+</td> + * </tr> + * <tr> + * <td>TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA</td> + * <td>1-8</td> + * <td></td> + * </tr> + * <tr> + * <td>TLS_DH_anon_WITH_3DES_EDE_CBC_SHA</td> + * <td>1-8</td> + * <td></td> + * </tr> + * <tr> + * <td>TLS_DH_anon_WITH_AES_128_CBC_SHA</td> + * <td>9+</td> + * <td></td> + * </tr> + * <tr> + * <td>TLS_DH_anon_WITH_AES_256_CBC_SHA</td> + * <td>9+</td> + * <td></td> + * </tr> + * <tr> + * <td>TLS_DH_anon_WITH_DES_CBC_SHA</td> + * <td>1-8</td> + * <td></td> + * </tr> + * <tr> + * <td>TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA</td> + * <td>1-8</td> + * <td></td> + * </tr> + * <tr> + * <td>TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA</td> + * <td>1-8</td> + * <td></td> + * </tr> + * <tr> + * <td>TLS_DH_DSS_WITH_DES_CBC_SHA</td> + * <td>1-8</td> + * <td></td> + * </tr> + * <tr> + * <td>TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA</td> + * <td>1-8</td> + * <td></td> + * </tr> + * <tr> + * <td>TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA</td> + * <td>1-8</td> + * <td></td> + * </tr> + * <tr> + * <td>TLS_DH_RSA_WITH_DES_CBC_SHA</td> + * <td>1-8</td> + * <td></td> + * </tr> + * <tr> + * <td>TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA</td> + * <td>1-8</td> + * <td>1-8</td> + * </tr> + * <tr> + * <td>TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA</td> + * <td>1-8</td> + * <td>1-8</td> + * </tr> + * <tr> + * <td>TLS_DHE_DSS_WITH_AES_128_CBC_SHA</td> + * <td>9+</td> + * <td>9+</td> + * </tr> + * <tr> + * <td>TLS_DHE_DSS_WITH_AES_256_CBC_SHA</td> + * <td>9+</td> + * <td>20+</td> + * </tr> + * <tr> + * <td>TLS_DHE_DSS_WITH_DES_CBC_SHA</td> + * <td>1-8</td> + * <td>1-8</td> + * </tr> + * <tr> + * <td>TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA</td> + * <td>1-8</td> + * <td>1-8</td> + * </tr> + * <tr> + * <td>TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA</td> + * <td>1-8</td> + * <td>1-8</td> + * </tr> + * <tr> + * <td>TLS_DHE_RSA_WITH_AES_128_CBC_SHA</td> + * <td>9+</td> + * <td>9+</td> + * </tr> + * <tr> + * <td>TLS_DHE_RSA_WITH_AES_256_CBC_SHA</td> + * <td>9+</td> + * <td>20+</td> + * </tr> + * <tr> + * <td>TLS_DHE_RSA_WITH_DES_CBC_SHA</td> + * <td>1-8</td> + * <td>1-8</td> + * </tr> + * <tr> + * <td>TLS_NULL_WITH_NULL_NULL</td> + * <td>1-8</td> + * <td></td> + * </tr> + * <tr> + * <td>TLS_RSA_EXPORT_WITH_DES40_CBC_SHA</td> + * <td>1-8</td> + * <td>1-8</td> + * </tr> + * <tr> + * <td>TLS_RSA_WITH_3DES_EDE_CBC_SHA</td> + * <td>1-8</td> + * <td>1-8</td> + * </tr> + * <tr> + * <td>TLS_RSA_WITH_AES_128_CBC_SHA</td> + * <td>9+</td> + * <td>9+</td> + * </tr> + * <tr> + * <td>TLS_RSA_WITH_AES_256_CBC_SHA</td> + * <td>9+</td> + * <td>20+</td> + * </tr> + * <tr> + * <td>TLS_RSA_WITH_DES_CBC_SHA</td> + * <td>1-8</td> + * <td>1-8</td> + * </tr> + * <tr> + * <td>TLS_RSA_WITH_NULL_MD5</td> + * <td>1-8</td> + * <td></td> + * </tr> + * <tr> + * <td>TLS_RSA_WITH_NULL_SHA</td> + * <td>1-8</td> + * <td></td> + * </tr> + * </tbody> + * </table> + * * @since 1.5 */ public abstract class SSLEngine { diff --git a/support/src/test/java/libcore/java/security/StandardNames.java b/support/src/test/java/libcore/java/security/StandardNames.java index f21ffa7..554b6e8 100644 --- a/support/src/test/java/libcore/java/security/StandardNames.java +++ b/support/src/test/java/libcore/java/security/StandardNames.java @@ -636,7 +636,8 @@ public final class StandardNames extends Assert { // Note these are added in priority order as defined by RI 7 documentation. // defaultCipherSuites. // - // NOTE: This list needs to be kept in sync with Javadoc of javax.net.ssl.SSLSocket. + // NOTE: This list needs to be kept in sync with Javadoc of javax.net.ssl.SSLSocket and + // javax.net.ssl.SSLEngine. addNeither("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384"); addNeither("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"); addNeither("TLS_RSA_WITH_AES_256_CBC_SHA256"); @@ -739,7 +740,8 @@ public final class StandardNames extends Assert { CIPHER_SUITES = (IS_RI) ? CIPHER_SUITES_RI : CIPHER_SUITES_OPENSSL; } - // NOTE: This list needs to be kept in sync with Javadoc of javax.net.ssl.SSLSocket. + // NOTE: This list needs to be kept in sync with Javadoc of javax.net.ssl.SSLSocket and + // javax.net.ssl.SSLEngine. public static final List<String> CIPHER_SUITES_DEFAULT = (IS_RI) ? Arrays.asList("TLS_DHE_RSA_WITH_AES_128_CBC_SHA", "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", |