9e3a1ba4a2
Update tarball generation script in preparation for PR3681/RH1656677 SunEC changes. Use remove-intree-libraries.sh to remove the remaining SunEC code for now. Fix PR1983 SunEC patch so that ecc_impl.h is patched rather than added Add missing RH1022017 patch to reduce curves reported by SSL to those we support. Remove RH1648995; fixed upstream
67 lines
2.7 KiB
Diff
67 lines
2.7 KiB
Diff
diff --git openjdk.orig///src/java.base/share/classes/sun/security/ssl/SupportedGroupsExtension.java openjdk///src/java.base/share/classes/sun/security/ssl/SupportedGroupsExtension.java
|
|
--- openjdk.orig///src/java.base/share/classes/sun/security/ssl/SupportedGroupsExtension.java
|
|
+++ openjdk///src/java.base/share/classes/sun/security/ssl/SupportedGroupsExtension.java
|
|
@@ -515,50 +515,19 @@
|
|
}
|
|
} else { // default groups
|
|
NamedGroup[] groups;
|
|
- if (requireFips) {
|
|
- groups = new NamedGroup[] {
|
|
- // only NIST curves in FIPS mode
|
|
- NamedGroup.SECP256_R1,
|
|
- NamedGroup.SECP384_R1,
|
|
- NamedGroup.SECP521_R1,
|
|
- NamedGroup.SECT283_K1,
|
|
- NamedGroup.SECT283_R1,
|
|
- NamedGroup.SECT409_K1,
|
|
- NamedGroup.SECT409_R1,
|
|
- NamedGroup.SECT571_K1,
|
|
- NamedGroup.SECT571_R1,
|
|
+ groups = new NamedGroup[] {
|
|
+ // only NIST curves in FIPS mode
|
|
+ NamedGroup.SECP256_R1,
|
|
+ NamedGroup.SECP384_R1,
|
|
+ NamedGroup.SECP521_R1,
|
|
|
|
- // FFDHE 2048
|
|
- NamedGroup.FFDHE_2048,
|
|
- NamedGroup.FFDHE_3072,
|
|
- NamedGroup.FFDHE_4096,
|
|
- NamedGroup.FFDHE_6144,
|
|
- NamedGroup.FFDHE_8192,
|
|
- };
|
|
- } else {
|
|
- groups = new NamedGroup[] {
|
|
- // NIST curves first
|
|
- NamedGroup.SECP256_R1,
|
|
- NamedGroup.SECP384_R1,
|
|
- NamedGroup.SECP521_R1,
|
|
- NamedGroup.SECT283_K1,
|
|
- NamedGroup.SECT283_R1,
|
|
- NamedGroup.SECT409_K1,
|
|
- NamedGroup.SECT409_R1,
|
|
- NamedGroup.SECT571_K1,
|
|
- NamedGroup.SECT571_R1,
|
|
-
|
|
- // non-NIST curves
|
|
- NamedGroup.SECP256_K1,
|
|
-
|
|
- // FFDHE 2048
|
|
- NamedGroup.FFDHE_2048,
|
|
- NamedGroup.FFDHE_3072,
|
|
- NamedGroup.FFDHE_4096,
|
|
- NamedGroup.FFDHE_6144,
|
|
- NamedGroup.FFDHE_8192,
|
|
- };
|
|
- }
|
|
+ // FFDHE 2048
|
|
+ NamedGroup.FFDHE_2048,
|
|
+ NamedGroup.FFDHE_3072,
|
|
+ NamedGroup.FFDHE_4096,
|
|
+ NamedGroup.FFDHE_6144,
|
|
+ NamedGroup.FFDHE_8192,
|
|
+ };
|
|
|
|
groupList = new ArrayList<>(groups.length);
|
|
for (NamedGroup group : groups) {
|