Disable TLSv1.1 and TLSv1.2 by default
Bug: 6234791
Change-Id: I5d829211c9e1d5672fc96e42ef603c53d789e695
diff --git a/luni/src/main/java/org/apache/harmony/xnet/provider/jsse/NativeCrypto.java b/luni/src/main/java/org/apache/harmony/xnet/provider/jsse/NativeCrypto.java
index 324a134..fff46c9 100644
--- a/luni/src/main/java/org/apache/harmony/xnet/provider/jsse/NativeCrypto.java
+++ b/luni/src/main/java/org/apache/harmony/xnet/provider/jsse/NativeCrypto.java
@@ -434,6 +434,12 @@
public static native long SSL_clear_options(int ssl, long options);
+ public static String[] getDefaultProtocols() {
+ return new String[] { SUPPORTED_PROTOCOL_SSLV3,
+ SUPPORTED_PROTOCOL_TLSV1,
+ };
+ }
+
public static String[] getSupportedProtocols() {
return new String[] { SUPPORTED_PROTOCOL_SSLV3,
SUPPORTED_PROTOCOL_TLSV1,
diff --git a/luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java b/luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java
index 39fcb8f..83e86ba 100644
--- a/luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java
+++ b/luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java
@@ -168,7 +168,7 @@
*/
private void init(SSLParametersImpl sslParameters) throws IOException {
init(sslParameters,
- NativeCrypto.getSupportedProtocols(),
+ NativeCrypto.getDefaultProtocols(),
NativeCrypto.getDefaultCipherSuites(),
NativeCrypto.getDefaultCompressionMethods());
}
diff --git a/luni/src/test/java/libcore/java/net/URLConnectionTest.java b/luni/src/test/java/libcore/java/net/URLConnectionTest.java
index 04cd045..0c1719c 100644
--- a/luni/src/test/java/libcore/java/net/URLConnectionTest.java
+++ b/luni/src/test/java/libcore/java/net/URLConnectionTest.java
@@ -449,7 +449,7 @@
RecordedRequest request = server.takeRequest();
assertEquals("GET /foo HTTP/1.1", request.getRequestLine());
- assertEquals("TLSv1.2", request.getSslProtocol());
+ assertEquals("TLSv1", request.getSslProtocol());
}
public void testConnectViaHttpsReusingConnections() throws IOException, InterruptedException {
diff --git a/luni/src/test/java/org/apache/harmony/luni/tests/internal/net/www/protocol/https/HttpsURLConnectionTest.java b/luni/src/test/java/org/apache/harmony/luni/tests/internal/net/www/protocol/https/HttpsURLConnectionTest.java
index e18b328..c516f67 100644
--- a/luni/src/test/java/org/apache/harmony/luni/tests/internal/net/www/protocol/https/HttpsURLConnectionTest.java
+++ b/luni/src/test/java/org/apache/harmony/luni/tests/internal/net/www/protocol/https/HttpsURLConnectionTest.java
@@ -691,7 +691,7 @@
trustManagers = TestTrustManager.wrap(trustManagers);
}
- SSLContext ctx = SSLContext.getInstance("TLSv1.2");
+ SSLContext ctx = SSLContext.getInstance("TLSv1");
ctx.init(keyManagers, trustManagers, null);
return ctx;
}
diff --git a/luni/src/test/java/tests/api/javax/net/ssl/SSLSessionTest.java b/luni/src/test/java/tests/api/javax/net/ssl/SSLSessionTest.java
index 2b98182..ec23cae 100644
--- a/luni/src/test/java/tests/api/javax/net/ssl/SSLSessionTest.java
+++ b/luni/src/test/java/tests/api/javax/net/ssl/SSLSessionTest.java
@@ -179,7 +179,7 @@
* javax.net.ssl.SSLSession#getProtocol()
*/
public void test_getProtocol() {
- assertEquals("TLSv1.2", clientSession.getProtocol());
+ assertEquals("TLSv1", clientSession.getProtocol());
}
/**