45 lines
1.6 KiB
Diff
45 lines
1.6 KiB
Diff
diff -r a5c3d9643077 src/share/classes/sun/security/ssl/SupportedEllipticCurvesExtension.java
|
|
--- openjdk/jdk/src/share/classes/sun/security/ssl/SupportedEllipticCurvesExtension.java Tue Feb 10 16:24:28 2015 +0000
|
|
+++ openjdk/jdk/src/share/classes/sun/security/ssl/SupportedEllipticCurvesExtension.java Thu May 14 04:01:02 2015 +0100
|
|
@@ -37,25 +37,11 @@
|
|
// the extension value to send in the ClientHello message
|
|
static final SupportedEllipticCurvesExtension DEFAULT;
|
|
|
|
- private static final boolean fips;
|
|
-
|
|
static {
|
|
- int[] ids;
|
|
- fips = SunJSSE.isFIPS();
|
|
- if (fips == false) {
|
|
- ids = new int[] {
|
|
- // NIST curves first
|
|
- // prefer NIST P-256, rest in order of increasing key length
|
|
- 23, 1, 3, 19, 21, 6, 7, 9, 10, 24, 11, 12, 25, 13, 14,
|
|
- // non-NIST curves
|
|
- 15, 16, 17, 2, 18, 4, 5, 20, 8, 22,
|
|
- };
|
|
- } else {
|
|
- ids = new int[] {
|
|
- // same as above, but allow only NIST curves in FIPS mode
|
|
- 23, 1, 3, 19, 21, 6, 7, 9, 10, 24, 11, 12, 25, 13, 14,
|
|
- };
|
|
- }
|
|
+ int[] ids = new int[] {
|
|
+ // NSS currently only supports these three NIST curves
|
|
+ 23, 24, 25
|
|
+ };
|
|
DEFAULT = new SupportedEllipticCurvesExtension(ids);
|
|
}
|
|
|
|
@@ -150,10 +136,6 @@
|
|
if ((index <= 0) || (index >= NAMED_CURVE_OID_TABLE.length)) {
|
|
return false;
|
|
}
|
|
- if (fips == false) {
|
|
- // in non-FIPS mode, we support all valid indices
|
|
- return true;
|
|
- }
|
|
return DEFAULT.contains(index);
|
|
}
|
|
|