Project

General

Profile

icedtea-jdk-tls-nist-curves.patch

Configure JVM w/ NSS-supported elliptic curves only - Shatil Rafiullah, 06/14/2017 11:52 PM

View differences:

openjdk/jdk/src/share/classes/sun/security/ssl/SupportedEllipticCurvesExtension.java 2017-06-14 13:37:00.000000000 -0700
168 168
                    "contains no supported elliptic curves");
169 169
            }
170 170
        } else {        // default curves
171
            int[] ids;
172
            if (requireFips) {
173
                ids = new int[] {
174
                    // only NIST curves in FIPS mode
175
                    23, 24, 25, 9, 10, 11, 12, 13, 14,
176
                };
177
            } else {
178
                ids = new int[] {
179
                    // NIST curves first
180
                    23, 24, 25, 9, 10, 11, 12, 13, 14,
181
                    // non-NIST curves
182
                    22,
183
                };
184
            }
185

  
171
            int[] ids = new int[] {
172
                // NSS currently only supports these three NIST curves
173
                23, 24, 25
174
            };
186 175
            idList = new ArrayList<>(ids.length);
187 176
            for (int curveId : ids) {
188 177
                if (isAvailableCurve(curveId)) {