From 8e810dd5a8e7f0ca6b293704b91911900df100a3 Mon Sep 17 00:00:00 2001
From: Kenny Root <kroot@google.com>
Date: Fri, 31 Oct 2014 14:12:32 -0700
Subject: SSLSocket: track update to TLS defaults

SSLv3 is no longer in the default list.

Bug: 17136008
Change-Id: I4092e17f79c29d10d11ffe01d130d0d03cd2215f
---
 .../src/test/java/libcore/java/security/StandardNames.java | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

(limited to 'support/src')

diff --git a/support/src/test/java/libcore/java/security/StandardNames.java b/support/src/test/java/libcore/java/security/StandardNames.java
index ff6128e..c28a841 100644
--- a/support/src/test/java/libcore/java/security/StandardNames.java
+++ b/support/src/test/java/libcore/java/security/StandardNames.java
@@ -559,10 +559,10 @@ public final class StandardNames extends Assert {
         } else {
             provideSslContextEnabledProtocols("SSL", TLSVersion.SSLv3, TLSVersion.TLSv12);
             provideSslContextEnabledProtocols("SSLv3", TLSVersion.SSLv3, TLSVersion.TLSv12);
-            provideSslContextEnabledProtocols("TLS", TLSVersion.SSLv3, TLSVersion.TLSv12);
-            provideSslContextEnabledProtocols("TLSv1", TLSVersion.SSLv3, TLSVersion.TLSv12);
-            provideSslContextEnabledProtocols("TLSv1.1", TLSVersion.SSLv3, TLSVersion.TLSv12);
-            provideSslContextEnabledProtocols("TLSv1.2", TLSVersion.SSLv3, TLSVersion.TLSv12);
+            provideSslContextEnabledProtocols("TLS", TLSVersion.TLSv1, TLSVersion.TLSv12);
+            provideSslContextEnabledProtocols("TLSv1", TLSVersion.TLSv1, TLSVersion.TLSv12);
+            provideSslContextEnabledProtocols("TLSv1.1", TLSVersion.TLSv1, TLSVersion.TLSv12);
+            provideSslContextEnabledProtocols("TLSv1.2", TLSVersion.TLSv1, TLSVersion.TLSv12);
         }
     }
 
@@ -602,13 +602,11 @@ public final class StandardNames extends Assert {
         "TLSv1.2"));
     public static final Set<String> SSL_SOCKET_PROTOCOLS_CLIENT_DEFAULT =
             new HashSet<String>(Arrays.asList(
-                "SSLv3",
                 "TLSv1",
                 "TLSv1.1",
                 "TLSv1.2"));
     public static final Set<String> SSL_SOCKET_PROTOCOLS_SERVER_DEFAULT =
             new HashSet<String>(Arrays.asList(
-                "SSLv3",
                 "TLSv1",
                 "TLSv1.1",
                 "TLSv1.2"));
@@ -621,6 +619,10 @@ public final class StandardNames extends Assert {
              * do to disable general use of SSLv2.
              */
             SSL_SOCKET_PROTOCOLS.add("SSLv2Hello");
+
+            /* The RI still has SSLv3 as a default protocol. */
+            SSL_SOCKET_PROTOCOLS_CLIENT_DEFAULT.add("SSLv3");
+            SSL_SOCKET_PROTOCOLS_SERVER_DEFAULT.add("SSLv3");
         }
     }
 
-- 
cgit v1.1