java-1.8.0-openjdk/pr1834-rh1022017.patch

45 lines
1.6 KiB
Diff

diff -r a5c3d9643077 src/share/classes/sun/security/ssl/SupportedEllipticCurvesExtension.java
--- openjdk/jdk/src/share/classes/sun/security/ssl/SupportedEllipticCurvesExtension.java Tue Feb 10 16:24:28 2015 +0000
+++ openjdk/jdk/src/share/classes/sun/security/ssl/SupportedEllipticCurvesExtension.java Thu May 14 04:01:02 2015 +0100
@@ -37,25 +37,11 @@
// the extension value to send in the ClientHello message
static final SupportedEllipticCurvesExtension DEFAULT;
- private static final boolean fips;
-
static {
- int[] ids;
- fips = SunJSSE.isFIPS();
- if (fips == false) {
- ids = new int[] {
- // NIST curves first
- // prefer NIST P-256, rest in order of increasing key length
- 23, 1, 3, 19, 21, 6, 7, 9, 10, 24, 11, 12, 25, 13, 14,
- // non-NIST curves
- 15, 16, 17, 2, 18, 4, 5, 20, 8, 22,
- };
- } else {
- ids = new int[] {
- // same as above, but allow only NIST curves in FIPS mode
- 23, 1, 3, 19, 21, 6, 7, 9, 10, 24, 11, 12, 25, 13, 14,
- };
- }
+ int[] ids = new int[] {
+ // NSS currently only supports these three NIST curves
+ 23, 24, 25
+ };
DEFAULT = new SupportedEllipticCurvesExtension(ids);
}
@@ -150,10 +136,6 @@
if ((index <= 0) || (index >= NAMED_CURVE_OID_TABLE.length)) {
return false;
}
- if (fips == false) {
- // in non-FIPS mode, we support all valid indices
- return true;
- }
return DEFAULT.contains(index);
}