commit-classpath
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[commit-cp] classpath ChangeLog gnu/javax/net/ssl/provider/...


From: Andrew John Hughes
Subject: [commit-cp] classpath ChangeLog gnu/javax/net/ssl/provider/...
Date: Wed, 21 Dec 2011 15:35:09 +0000

CVSROOT:        /sources/classpath
Module name:    classpath
Changes by:     Andrew John Hughes <gnu_andrew> 11/12/21 15:35:09

Modified files:
        .              : ChangeLog 
        gnu/javax/net/ssl/provider: CipherSuite.java 
                                    OutputSecurityParameters.java 
                                    SSLEngineImpl.java 

Log message:
        Fix block-wise chosen-plaintext against SSL/TLS (BEAST) (CVE-2011-3389)
        
        2011-12-01  Andrew John Hughes  <address@hidden>
        
                * gnu/javax/net/ssl/provider/CipherSuite.java:
                Pass CBC mode to the static CipherSuite instances.
                (isCBCMode): New variable.
                (CipherSuite(CipherAlgorithm, KeyExchangeAlgorithm,
                SignatureAlgorithm, MacAlgorithm, int, int, int, String, 
boolean)):
                Allow isCBCMode to be specified.
                (CipherSuite(CipherAlgorithm, KeyExchangeAlgorithm, boolean,
                SignatureAlgorithm, MacAlgorithm, int, int, int, String, 
boolean)):
                Likewise.
                (cipher()): Generalise setting of 'alg' to work with any suite
                that does not use CBC, not just "RC4".
                (isCBCMode()): New method.  Returns true if the CBC mode is 
used.
                * gnu/javax/net/ssl/provider/OutputSecurityParameters.java:
                (enableCBCProtection): Set to true by default of if 
jsse.enableCBCProtection
                is true.
                (needToSplitPayload()): Returns true if TLS < 1.1 is in use with
                a CBC mode cipher and CBC protection is enabled.
                * gnu/javax/net/ssl/provider/SSLEngineImpl.java:
                (wrap(ByteBuffer[], int, int, ByteBuffer)): Send application 
data
                as two packets (1 and n - 1) if CBC protection is enabled.

CVSWeb URLs:
http://cvs.savannah.gnu.org/viewcvs/classpath/ChangeLog?cvsroot=classpath&r1=1.9833&r2=1.9834
http://cvs.savannah.gnu.org/viewcvs/classpath/gnu/javax/net/ssl/provider/CipherSuite.java?cvsroot=classpath&r1=1.3&r2=1.4
http://cvs.savannah.gnu.org/viewcvs/classpath/gnu/javax/net/ssl/provider/OutputSecurityParameters.java?cvsroot=classpath&r1=1.4&r2=1.5
http://cvs.savannah.gnu.org/viewcvs/classpath/gnu/javax/net/ssl/provider/SSLEngineImpl.java?cvsroot=classpath&r1=1.4&r2=1.5



reply via email to

[Prev in Thread] Current Thread [Next in Thread]