diff --git a/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java b/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java
index cd74949cbb5..5e4f6f1e03d 100644
--- a/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java
+++ b/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java
@@ -909,9 +909,13 @@ private static final class DefaultManagersHolder {
Exception reserved = null;
TrustManager[] tmMediator = null;
try {
+ System.out.println("start getTrustManagers in DefaultManagersHolder.");
tmMediator = getTrustManagers();
} catch (Exception e) {
+ System.out.println("start getTrustManagers in DefaultManagersHolder but failed");
reserved = e;
+ System.out.println("Exception message is: ");
+ reserved.printStackTrace();
if (SSLLogger.isOn && SSLLogger.isOn("ssl,defaultctx")) {
SSLLogger.warning(
"Failed to load default trust managers", e);
@@ -920,6 +924,7 @@ private static final class DefaultManagersHolder {
KeyManager[] kmMediator = null;
if (reserved == null) {
+ System.out.println("reserved is null");
try {
kmMediator = getKeyManagers();
} catch (Exception e) {
@@ -932,6 +937,7 @@ private static final class DefaultManagersHolder {
}
if (reserved != null) {
+ System.out.println("reserved is not null");
trustManagers = new TrustManager[0];
keyManagers = new KeyManager[0];
@@ -951,14 +957,17 @@ private static final class DefaultManagersHolder {
private static TrustManager[] getTrustManagers() throws Exception {
TrustManagerFactory tmf = TrustManagerFactory.getInstance(
TrustManagerFactory.getDefaultAlgorithm());
+ System.out.println("The TrustManagerFactory provider is: " + tmf.getProvider().getName());
if ("SunJSSE".equals(tmf.getProvider().getName())) {
// The implementation will load the default KeyStore
// automatically. Cached trust materials may be used
// for performance improvement.
+ System.out.println("It's SunJSSE.");
tmf.init((KeyStore)null);
} else {
// Use the explicitly specified KeyStore for third party's
// TrustManagerFactory implementation.
+ System.out.println("It's not SunJSSE.");
KeyStore ks = TrustStoreManager.getTrustedKeyStore();
tmf.init(ks);
}
diff --git a/test/jdk/ProblemList-FIPS140_3_OpenJcePlus.txt b/test/jdk/ProblemList-FIPS140_3_OpenJcePlus.txt
index 716960491fa..46c9edc2653 100644
--- a/test/jdk/ProblemList-FIPS140_3_OpenJcePlus.txt
+++ b/test/jdk/ProblemList-FIPS140_3_OpenJcePlus.txt
@@ -16,917 +16,4 @@
#
# You should have received a copy of the GNU General Public License version
# 2 along with this work; if not, see .
-# ===========================================================================
-
-#
-# Exclude tests list from sanity.openjdk
-#
-com/sun/crypto/provider/CICO/CICODESFuncTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/CICO/CICOSkipTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/CICO/PBEFunc/CICOPBEFuncTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/AEAD/Encrypt.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/AEAD/GCMLargeDataKAT.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/AEAD/GCMParameterSpecTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/AEAD/KeyWrapper.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/AEAD/ReadWriteSkip.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/AEAD/SameBuffer.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/AEAD/SealedObjectTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/AEAD/WrongAAD.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/AES/CICO.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/AES/CTR.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/AES/Padding.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/AES/Test4511676.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/AES/Test4512524.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/AES/Test4512704.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/AES/Test4513830.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/AES/Test4517355.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/AES/Test4626070.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/AES/TestAESCipher.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/AES/TestAESCiphers/TestAESWithDefaultProvider.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/AES/TestAESCiphers/TestAESWithProviderChange.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/AES/TestAESCiphers/TestAESWithRemoveAddProvider.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/AES/TestCICOWithGCM.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/AES/TestCICOWithGCMAndAAD.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/AES/TestCopySafe.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/AES/TestGCMKeyAndIvCheck.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/AES/TestISO10126Padding.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/AES/TestKATForECB_IV.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/AES/TestKATForECB_VK.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/AES/TestKATForECB_VT.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/AES/TestKATForGCM.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/AES/TestNoPaddingModes.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/AES/TestNonexpanding.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/AES/TestSameBuffer.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/AES/TestShortBuffer.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/Blowfish/BlowfishTestVector.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/Blowfish/TestCipherBlowfish.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/CTR/CounterMode.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/CTS/CTSMode.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/ChaCha20/ChaCha20KAT.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/ChaCha20/ChaCha20KeyGeneratorTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/ChaCha20/ChaCha20NoReuse.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/ChaCha20/ChaCha20Poly1305ParamTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/ChaCha20/OutputSizeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/ChaCha20/unittest/ChaCha20CipherUnitTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/ChaCha20/unittest/ChaCha20Poly1305ParametersUnitTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/DES/DESKeyCleanupTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/DES/DESSecretKeySpec.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/DES/DesAPITest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/DES/DoFinalReturnLen.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/DES/FlushBug.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/DES/KeyWrapping.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/DES/PaddingTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/DES/Sealtest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/DES/TestCipherDES.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/DES/TestCipherDESede.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/DES/TextPKCS5PaddingTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/JCE/Bugs/4686632/Empty.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/KeyWrap/NISTWrapKAT.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/KeyWrap/TestCipherKeyWrapperTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/KeyWrap/TestGeneral.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/KeyWrap/TestKeySizeCheck.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/KeyWrap/XMLEncKAT.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/PBE/CheckPBEKeySize.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/PBE/DecryptWithoutParameters.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/PBE/NegativeLength.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/PBE/PBEInvalidParamsTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/PBE/PBEKeyCleanupTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/PBE/PBEKeyTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/PBE/PBEKeysAlgorithmNames.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/PBE/PBEParametersTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/PBE/PBES2Test.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/PBE/PBESameBuffer/PBESameBuffer.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/PBE/PBESealedObject.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/PBE/PBKDF2Translate.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/PBE/PBMacBuffer.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/PBE/PBMacDoFinalVsUpdate.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/PBE/PKCS12Cipher.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/PBE/PKCS12CipherKAT.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/PBE/PKCS12Oid.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/PBE/TestCipherKeyWrapperPBEKey.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/PBE/TestCipherPBE.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/PBE/TestCipherPBECons.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/RC2ArcFour/CipherKAT.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/RSA/TestOAEP.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/RSA/TestOAEPPadding.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/RSA/TestOAEPParameterSpec.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/RSA/TestOAEPWithParams.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/RSA/TestOAEP_KAT.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/RSA/TestRSA.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/TextLength/SameBufferOverwrite.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/TextLength/TestCipherTextLength.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/UTIL/StrongOrUnlimited.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/UTIL/SunJCEGetInstance.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/KeyAgreement/DHGenSharedSecret.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/KeyAgreement/DHKeyAgreement2.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/KeyAgreement/DHKeyAgreement3.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/KeyAgreement/DHKeyAgreementPadding.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/KeyAgreement/DHKeyFactory.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/KeyAgreement/DHKeyGenSpeed.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/KeyAgreement/SameDHKeyStressTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/KeyAgreement/SupportedDHKeys.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/KeyAgreement/SupportedDHParamGens.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/KeyAgreement/SupportedDHParamGensLongKey.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/KeyAgreement/TestExponentSize.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/KeyAgreement/UnsupportedDHKeys.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/KeyFactory/PBKDF2HmacSHA1FactoryTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/KeyFactory/TestProviderLeak.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/KeyGenerator/Test4628062.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/KeyGenerator/TestExplicitKeyLength.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Mac/DigestCloneabilityTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Mac/EmptyByteBufferTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Mac/HmacMD5.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Mac/HmacPBESHA1.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Mac/HmacSHA512.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Mac/HmacSaltLengths.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Mac/LargeByteBufferTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Mac/MacClone.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Mac/MacKAT.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Mac/MacSameTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Mac/NullByteBufferTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/NSASuiteB/TestAESOids.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/NSASuiteB/TestAESWrapOids.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/NSASuiteB/TestHmacSHAOids.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/TLS/TestKeyMaterial.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/TLS/TestLeadingZeroes.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/TLS/TestMasterSecret.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/TLS/TestPRF.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/TLS/TestPRF12.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/TLS/TestPremaster.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/org/apache/xml/internal/security/ShortECDSA.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/org/apache/xml/internal/security/SignatureKeyInfo.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/org/apache/xml/internal/security/TruncateHMAC.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/lang/Class/GetPackageBootLoaderChildLayer.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/lang/ClassLoader/forNameLeak/ClassForNameLeak.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/lang/SecurityManager/CheckSecurityProvider.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/lang/reflect/records/IsRecordTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/lang/reflect/records/RecordPermissionsTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/lang/reflect/records/RecordReflectionTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/lang/runtime/ObjectMethodsTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/math/BigInteger/ModPow65537.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/KeyAgreement/KeyAgreementTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/KeyAgreement/KeySizeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/KeyAgreement/KeySpecTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/KeyAgreement/MultiThreadTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/KeyAgreement/NegativeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/KeyFactory/Failover.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/KeyFactory/GenerateRSAPrivateCrtKey.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/KeyFactory/KeyFactoryGetKeySpecForInvalidSpec.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/KeyPairGenerator/Failover.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/KeyPairGenerator/GenerateKeypair.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/KeyPairGenerator/GenerateRSAKeyPair.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/KeyRep/Serial.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/KeyRep/SerialDSAPubKey.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/KeyRep/SerialOld.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/KeyStore/CheckInputStream.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/KeyStore/EntryMethods.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/KeyStore/KeyStoreBuilder.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/KeyStore/OneProbeOneNot.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/KeyStore/PBETest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/KeyStore/PKCS12/ConvertP12Test.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/KeyStore/PKCS12/EntryProtectionTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/KeyStore/PKCS12/MetadataEmptyTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/KeyStore/PKCS12/MetadataStoreLoadTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/KeyStore/PKCS12/ReadP12Test.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/KeyStore/PKCS12/StoreTrustedCertAPITest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/KeyStore/PKCS12/StoreTrustedCertKeytool.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/KeyStore/PKCS12/WriteP12Test.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/KeyStore/ProbeKeystores.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/KeyStore/TestKeyStoreBasic.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/KeyStore/TestKeyStoreEntry.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/MessageDigest/ByteBuffers.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/MessageDigest/TestCloneable.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/MessageDigest/TestDigestIOStream.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/Policy/GetInstance/GetInstance.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/Policy/SignedJar/SignedJarTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/Provider/ChangeProviders.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/Provider/DefaultProviderList.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/Provider/GetInstance.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/Provider/NewInstance.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/Provider/SecurityProviderModularTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/Provider/SupportsParameter.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/Provider/Turkish.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/SecureClassLoader/DefineClass.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/SecureRandom/ApiTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/SecureRandom/DefaultAlgo.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/SecureRandom/DefaultProvider.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/SecureRandom/EnoughSeedTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/SecureRandom/GetAlgorithm.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/SecureRandom/GetInstanceTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/SecureRandom/MultiThreadTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/SecureRandom/NoSync.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/SecureRandom/Serialize.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/SecureRandom/SerializedSeedTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/SecureRandom/ThreadSafe.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/Security/CaseInsensitiveAlgNames.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/Security/ClassLoaderDeadlock/Deadlock.sh https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/Security/removing/RemoveProviderByIdentity.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/Security/signedfirst/DynStatic.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/Signature/ByteBuffers.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/Signature/NONEwithRSA.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/Signature/Offsets.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/Signature/ResetAfterException.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/Signature/SignWithOutputBuffer.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/Signature/SignatureGetAlgorithm.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/Signature/SignatureGetInstance.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/Signature/SignatureLength.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/Signature/TestCloneable.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/Signature/TestInitSignWithMyOwnRandom.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/Signature/VerifyRangeCheckOverflow.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/SignedObject/Chain.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/SignedObject/Copy.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/SignedObject/Correctness.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/cert/CertPathBuilder/selfIssued/DisableRevocation.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/cert/CertPathBuilder/selfIssued/KeyUsageMatters.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/cert/CertPathBuilder/selfIssued/StatusLoopDependency.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/cert/CertPathBuilder/targetConstraints/BuildEEBasicConstraints.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/cert/CertPathBuilder/zeroLengthPath/ZeroLengthPath.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/cert/CertPathValidator/OCSP/AIACheck.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/cert/CertPathValidator/OCSP/FailoverToCRL.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/cert/CertPathValidator/OCSP/GetAndPostTests.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/cert/CertPathValidator/indirectCRL/CircularCRLOneLevel.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/cert/CertPathValidator/indirectCRL/CircularCRLOneLevelRevoked.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/cert/CertPathValidator/indirectCRL/CircularCRLTwoLevel.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/cert/CertPathValidator/indirectCRL/CircularCRLTwoLevelRevoked.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/cert/CertPathValidator/nameConstraintsRFC822/ValidateCertPath.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/cert/GetInstance.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/cert/PKIXRevocationChecker/OcspUnauthorized.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/cert/PKIXRevocationChecker/UnitTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/cert/PolicyNode/GetPolicyQualifiers.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/cert/X509CRL/VerifyDefault.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/cert/X509Certificate/GetSigAlgParams.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/cert/pkix/policyChanges/TestPolicy.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/misc/TestDefaultRandom.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/spec/PKCS8EncodedKeySpec/Algorithm.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/util/concurrent/tck/JSR166TestCase.java#others https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/util/jar/JarFile/ScanSignedJar.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/util/jar/JarFile/SignedJarFileGetInputStream.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/util/jar/JarFile/SignedJarPendingBlock.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/util/jar/JarFile/TurkCert.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/util/jar/JarFile/VerifySignedJar.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/util/jar/JarFile/mrjar/MultiReleaseJarAPI.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/util/jar/JarFile/mrjar/MultiReleaseJarSecurity.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/util/jar/JarInputStream/ExtraFileInMetaInf.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/util/jar/JarInputStream/ScanSignedJar.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/util/jar/JarInputStream/TestIndexedJarWithBadSignature.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/crypto/Cipher/ByteBuffers.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/crypto/Cipher/CipherInputStreamExceptions.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/crypto/Cipher/GetMaxAllowed.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/crypto/Cipher/InOutBuffers.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/crypto/Cipher/TestCipherMode.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/crypto/Cipher/TestGetInstance.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/crypto/Cipher/Turkish.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/crypto/CipherSpi/DirectBBRemaining.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/crypto/CryptoPermission/AllPermCheck.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/crypto/CryptoPermission/LowercasePermCheck.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/crypto/CryptoPermission/RC2PermCheck.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/crypto/CryptoPermission/RC4AliasPermCheck.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/crypto/CryptoPermission/RSANoLimit.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/crypto/EncryptedPrivateKeyInfo/GetAlgName.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/crypto/EncryptedPrivateKeyInfo/GetKeySpec.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/crypto/EncryptedPrivateKeyInfo/GetKeySpecException.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/crypto/EncryptedPrivateKeyInfo/GetKeySpecException2.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/crypto/EncryptedPrivateKeyInfo/GetKeySpecInvalidEncoding.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/crypto/JceSecurity/SunJCE_BC_LoadOrdering.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/crypto/JceSecurity/VerificationResults.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/crypto/KeyGenerator/CompareKeys.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/crypto/KeyGenerator/TestGetInstance.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/crypto/Mac/ByteBuffers.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/crypto/Mac/TestGetInstance.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/crypto/SealedObject/NullKeySealedObject.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/crypto/SecretKeyFactory/PBKDF2TranslateTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/crypto/SecretKeyFactory/SecKFTranslateTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/crypto/SecretKeyFactory/SecKeyFacSunJCEPrf.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/crypto/SecretKeyFactory/TestFailOver.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/crypto/spec/DESKeySpec/CheckParity.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/crypto/spec/RC2ParameterSpec/RC2AlgorithmParameters.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/security/auth/kerberos/StandardNames.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/xml/crypto/dsig/BadXPointer.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/xml/crypto/dsig/Basic.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/xml/crypto/dsig/ErrorHandlerPermissions.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/xml/crypto/dsig/FileSocketPermissions.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/xml/crypto/dsig/GenerationTests.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/xml/crypto/dsig/GetInstanceTests.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/xml/crypto/dsig/HereFunction.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/xml/crypto/dsig/PSSSpec.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/xml/crypto/dsig/SecureValidation.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/xml/crypto/dsig/SecurityManager/XMLDSigWithSecMgr.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/xml/crypto/dsig/TransformService/NullParent.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/xml/crypto/dsig/ValidationTests.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/xml/crypto/dsig/keyinfo/KeyInfo/Marshal.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/reflect/ReflectionFactory/ReflectionFactoryTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/jgss/GssMemoryIssues.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/jgss/spnego/MSOID.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/jgss/spnego/NotPreferredMech.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/KrbCredSubKey.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/RFC396xTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/ServiceCredsCombination.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/AcceptPermissions.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/AcceptorSubKey.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/Addresses.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/AddressesAndNameType.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/AlwaysEncPaReq.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/Basic.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/BasicKrb5Test.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/BasicProc.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/BogusKDC.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/CleanState.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/CrossRealm.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/DiffNameSameKey.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/DiffSaltParams.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/DupEtypes.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/DynamicKeytab.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/EmptyPassword.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/FileKeyTab.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/ForwardableCheck.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/Forwarded.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/GSS.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/GSSUnbound.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/HttpNegotiateServer.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/HttpsCB.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/IgnoreChannelBinding.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/KPEquals.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/KdcPolicy.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/KeyPermissions.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/KeyTabCompat.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/KrbTicket.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/KvnoNA.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/LifeTimeInSeconds.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/LoginModuleOptions.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/LoginNoPass.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/LongLife.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/MSOID2.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/ModuleName.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/MoreKvno.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/NewInquireTypes.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/NewSalt.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/NoAddresses.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/NoInitNoKeytab.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/NonAscii.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/NonMutualSpnego.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/NoneReplayCacheTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/NullRenewUntil.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/OkAsDelegate.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/OkAsDelegateXRealm.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/OnlyDesLogin.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/PrincipalNameEquals.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/RRC.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/ReferralsTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/RefreshKrb5Config.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/Renew.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/Renewal.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/ReplayCacheTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/ReplayCacheTestProc.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/ReplayCacheTestProcWithMD5.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/S4U2proxy.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/S4U2proxyGSS.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/S4U2self.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/S4U2selfAsServer.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/S4U2selfAsServerGSS.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/S4U2selfGSS.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/SPNEGO.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/SaslBasic.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/SaslMutual.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/SaslUnbound.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/SpnegoLifeTime.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/SpnegoReqFlags.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/Test5653.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/TicketSName.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/TwoOrThree.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/TwoPrinces.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/TwoTab.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/Unavailable.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/UnboundService.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/UseCacheAndStoreKey.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/W83.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/principalProperty/PrincipalSystemPropTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/etype/KerberosAesSha2.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/etype/WeakCrypto.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/ktab/BufferBoundary.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/ktab/FileKeyTab.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/ktab/KeyTabIndex.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/runNameEquals.sh https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/crypto/CipherSpi/ResetByteBuffer.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-s390x
-#
-# Extended.openjdk Failures Exclude List for FIPS Testing
-#
-com/sun/jndi/ldap/DeadSSLLdapTimeoutTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/jndi/ldap/LdapCBPropertiesTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/jndi/ldap/LdapSSLHandshakeFailureTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/security/auth/module/KeyStoreLoginModule/OptionTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/security/auth/module/KeyStoreLoginModule/ReadOnly.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/security/sasl/Cram.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/security/sasl/digest/AuthNoUtf8.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/security/sasl/digest/AuthOnly.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/security/sasl/digest/AuthRealmChoices.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/security/sasl/digest/AuthRealms.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/security/sasl/digest/CheckNegotiatedQOPs.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/security/sasl/digest/HasInitialResponse.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/security/sasl/digest/Integrity.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/security/sasl/digest/NoQuoteParams.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/security/sasl/digest/Privacy.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/security/sasl/digest/PrivacyRc4.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/security/sasl/digest/Unbound.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/security/sasl/ntlm/Conformance.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/security/sasl/ntlm/NTLMTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/io/File/createTempFile/SecurityTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/io/Serializable/records/AbsentStreamValuesTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/io/Serializable/records/BasicRecordSer.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/io/Serializable/records/ConstructorAccessTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/io/Serializable/records/ConstructorPermissionTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/io/Serializable/records/CycleTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/io/Serializable/records/DifferentStreamFieldsTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/io/Serializable/records/ReadResolveTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/io/Serializable/records/RecordClassTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/io/Serializable/records/SerialVersionUIDTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/io/Serializable/records/ThrowingConstructorTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/io/Serializable/records/WriteReplaceTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/io/Serializable/serialFilter/FilterWithSecurityManagerTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/io/Serializable/serialFilter/GlobalFilterTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/io/Serializable/serialFilter/SerialFilterFactoryTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/nio/channels/unixdomain/Security.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/nio/file/spi/SetDefaultProvider.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/rmi/dgc/VMID/CheckVMID.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/rmi/dgc/dgcImplInsulation/DGCImplInsulation.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/rmi/registry/altSecurityManager/AltSecurityManager.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/rmi/registry/classPathCodebase/ClassPathCodebase.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/rmi/registry/readTest/CodebaseTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/rmi/server/RMIClassLoader/downloadArrayClass/DownloadArrayClass.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/rmi/server/RMIClassLoader/loadProxyClasses/LoadProxyClasses.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/rmi/server/RMIClassLoader/useCodebaseOnly/UseCodebaseOnly.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/rmi/server/RMISocketFactory/useSocketFactory/registry/UseCustomSocketFactory.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/rmi/server/RMISocketFactory/useSocketFactory/unicast/UseCustomSocketFactory.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/rmi/server/clientStackTrace/ClientStackTrace.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/rmi/server/useCustomRef/UseCustomRef.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/rmi/transport/dgcDeadLock/DGCDeadLock.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/imageio/CachePremissionsTest/CachePermissionsTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/ALPN/SSLEngineAlpnTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/ALPN/SSLServerSocketAlpnTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/ALPN/SSLSocketAlpnTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/DTLS/CipherSuite.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/DTLS/ClientAuth.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/DTLS/DTLSBufferOverflowUnderflowTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/DTLS/DTLSDataExchangeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/DTLS/DTLSEnginesClosureTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/DTLS/DTLSHandshakeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/DTLS/DTLSHandshakeWithReplicatedPacketsTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/DTLS/DTLSIncorrectAppDataTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/DTLS/DTLSMFLNTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/DTLS/DTLSNotEnabledRC4Test.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/DTLS/DTLSOverDatagram.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/DTLS/DTLSRehandshakeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/DTLS/DTLSRehandshakeWithCipherChangeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/DTLS/DTLSRehandshakeWithDataExTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/DTLS/DTLSSequenceNumberTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/DTLS/DTLSUnsupportedCiphersTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/DTLS/DTLSWontNegotiateV10.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/DTLS/InvalidCookie.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/DTLS/InvalidRecords.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/DTLS/NoMacInitialClientHello.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/DTLS/PacketLossRetransmission.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/DTLS/Reordered.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/DTLS/RespondToRetransmit.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/DTLS/Retransmission.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/DTLS/WeakCipherSuite.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/DTLSv10/DTLSv10BufferOverflowUnderflowTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/DTLSv10/DTLSv10DataExchangeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/DTLSv10/DTLSv10EnginesClosureTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/DTLSv10/DTLSv10HandshakeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/DTLSv10/DTLSv10HandshakeWithReplicatedPacketsTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/DTLSv10/DTLSv10IncorrectAppDataTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/DTLSv10/DTLSv10MFLNTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/DTLSv10/DTLSv10NotEnabledRC4Test.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/DTLSv10/DTLSv10RehandshakeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/DTLSv10/DTLSv10RehandshakeWithCipherChangeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/DTLSv10/DTLSv10RehandshakeWithDataExTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/DTLSv10/DTLSv10SequenceNumberTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/DTLSv10/DTLSv10UnsupportedCiphersTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/FixingJavadocs/ImplicitHandshake.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/FixingJavadocs/KMTMGetNothing.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/FixingJavadocs/SSLSessionNulls.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/FixingJavadocs/SSLSocketInherit.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/HttpsURLConnection/CriticalSubjectAltName.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/HttpsURLConnection/DummyCacheResponse.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/HttpsURLConnection/Equals.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/HttpsURLConnection/GetResponseCode.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/HttpsURLConnection/HttpsSession.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/SSLEngine/AcceptLargeFragments.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/SSLEngine/ArgCheck.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/SSLEngine/Arrays.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/SSLEngine/Basics.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/SSLEngine/CheckTlsEngineResults.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/SSLEngine/ConnectionTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/SSLEngine/EngineCloseOnAlert.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/SSLEngine/ExtendedKeyEngine.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/SSLEngine/ExtendedKeySocket.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/SSLEngine/FinishedPresent.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/SSLEngine/HandshakeWithInvalidRecordVersion.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/SSLEngine/IllegalHandshakeMessage.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/SSLEngine/LargeBufs.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/SSLEngine/NoAuthClientAuth.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/SSLEngine/TestAllSuites.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/SSLParameters/UseCipherSuitesOrder.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/SSLSession/CheckSessionContext.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/SSLSession/HttpsURLConnectionLocalCertificateChain.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/SSLSession/JSSERenegotiate.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/SSLSession/RenegotiateTLS13.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/SSLSession/ResumeTLS13withSNI.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/SSLSession/SSLCtxAccessToSessCtx.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/SSLSession/SessionCacheSizeTests.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/SSLSession/SessionTimeOutTests.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/SSLSession/TestEnabledProtocols.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/SSLSocket/ClientExcOnAlert.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/SSLSocket/InputStreamClosure.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/SSLSocket/OutputStreamClosure.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/SSLSocket/Tls13PacketSize.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/ServerName/EndingDotHostname.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/ServerName/SSLEngineExplorer.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/ServerName/SSLEngineExplorerMatchedSNI.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/ServerName/SSLEngineExplorerUnmatchedSNI.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/ServerName/SSLSocketConsistentSNI.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/ServerName/SSLSocketExplorer.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/ServerName/SSLSocketExplorerFailure.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/ServerName/SSLSocketExplorerMatchedSNI.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/ServerName/SSLSocketExplorerUnmatchedSNI.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/ServerName/SSLSocketExplorerWithCliSNI.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/ServerName/SSLSocketExplorerWithSrvSNI.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/ServerName/SSLSocketInconsistentSNI.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/ServerName/SSLSocketSNISensitive.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/Stapling/HttpsUrlConnClient.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/Stapling/SSLEngineWithStapling.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/Stapling/SSLSocketWithStapling.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/Stapling/StapleEnableProps.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/TLS/TLSClientPropertyTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/TLS/TLSDataExchangeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/TLS/TLSEnginesClosureTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/TLS/TLSHandshakeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/TLS/TLSMFLNTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/TLS/TLSNotEnabledRC4Test.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/TLS/TLSRehandshakeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/TLS/TLSRehandshakeWithCipherChangeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/TLS/TLSRehandshakeWithDataExTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/TLS/TLSUnsupportedCiphersTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/TLS/TestJSSEClientDefaultProtocol.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/TLS/TestJSSEClientProtocol.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/TLS/TestJSSENoCommonProtocols.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/TLS/TestJSSEServerProtocol.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/TLSCommon/ConcurrentClientAccessTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/TLSCommon/TLSTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/TLSCommon/TLSWithEdDSA.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/TLSCommon/TestSessionLocalPrincipal.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/TLSv1/TLSDataExchangeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/TLSv1/TLSEnginesClosureTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/TLSv1/TLSHandshakeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/TLSv1/TLSMFLNTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/TLSv1/TLSNotEnabledRC4Test.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/TLSv1/TLSRehandshakeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/TLSv1/TLSRehandshakeWithCipherChangeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/TLSv1/TLSRehandshakeWithDataExTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/TLSv1/TLSUnsupportedCiphersTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/TLSv11/EmptyCertificateAuthorities.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/TLSv11/ExportableBlockCipher.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/TLSv11/ExportableStreamCipher.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/TLSv11/GenericBlockCipher.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/TLSv11/GenericStreamCipher.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/TLSv11/TLSDataExchangeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/TLSv11/TLSEnginesClosureTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x
-javax/net/ssl/TLSv11/TLSHandshakeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/TLSv11/TLSMFLNTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/TLSv11/TLSNotEnabledRC4Test.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/TLSv11/TLSRehandshakeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/TLSv11/TLSRehandshakeWithCipherChangeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/TLSv11/TLSRehandshakeWithDataExTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/TLSv11/TLSUnsupportedCiphersTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/TLSv12/DisabledShortDSAKeys.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/TLSv12/DisabledShortRSAKeys.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/TLSv12/ProtocolFilter.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/TLSv12/ShortRSAKey512.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/TLSv12/ShortRSAKeyGCM.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/TLSv12/SignatureAlgorithms.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/TLSv12/TLSEnginesClosureTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/TLSv13/ClientHelloKeyShares.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/TLSv13/EngineOutOfSeqCCS.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/TLSv13/HRRKeyShares.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/ciphersuites/DisabledAlgorithms.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/ciphersuites/ECCurvesconstraints.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/compatibility/ClientHelloProcessing.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/finalize/SSLSessionFinalizeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/interop/ClientHelloBufferUnderflowException.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/interop/ClientHelloChromeInterOp.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/sanity/CacertsExplorer.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/sanity/ciphersuites/CheckCipherSuites.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/sanity/ciphersuites/CipherSuitesInOrder.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/sanity/ciphersuites/SystemPropCipherSuitesOrder.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/sanity/ciphersuites/TLSCipherSuitesOrder.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/sanity/interop/ClientJSSEServerJSSE.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/sanity/pluggability/CheckSSLContextExport.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/templates/SSLEngineTemplate.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/templates/SSLSocketTemplate.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/rmi/ssl/SSLSocketParametersTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/rmi/ssl/SocketFactoryTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/security/auth/Destroyable/KeyDestructionTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/security/auth/PrivateCredentialPermission/MoreThenOnePrincipals.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/security/auth/login/Configuration/GetInstance.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/security/sasl/Sasl/ClientServerTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/security/sasl/Sasl/DisabledMechanisms.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/smartcardio/TerminalFactorySpiTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-jdk/dynalink/BeanLinkerTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-jdk/dynalink/TrustedDynamicLinkerFactoryTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-jdk/dynalink/UntrustedDynamicLinkerFactoryTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-jdk/nio/zipfs/DirectoryStreamTests.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-jdk/nio/zipfs/InvalidZipHeaderTests.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-jdk/nio/zipfs/NewFileSystemTests.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-jdk/nio/zipfs/PropertyPermissionTests.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-jdk/nio/zipfs/TestPosix.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-jdk/nio/zipfs/ZFSTests.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-jdk/nio/zipfs/ZipFSPermissionsTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-jdk/security/jarsigner/Function.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-jdk/security/jarsigner/JarWithOneNonDisabledDigestAlg.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-jdk/security/jarsigner/Properties.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-jdk/security/jarsigner/Spec.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-jdk/security/logging/TestSecurityPropertyModificationLog.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-jdk/security/logging/TestTLSHandshakeLog.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/rmi/server/MarshalOutputStream/marshalForeignStub/MarshalForeignStub.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/rmi/transport/tcp/disableMultiplexing/DisableMultiplexing.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ec/InvalidCurve.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ec/NSASuiteB/TestSHAwithECDSASignatureOids.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ec/SignatureDigestTruncate.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ec/SignatureKAT.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ec/SignedObjectChain.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ec/TestEC.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x
-sun/security/ec/ed/EdCRLSign.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ec/ed/EdDSAKeyCompatibility.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ec/ed/EdDSAKeySize.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ec/ed/EdDSANegativeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ec/ed/EdDSAParamSpec.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ec/ed/EdDSAReuseTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ec/ed/EdDSATest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ec/ed/EdECKeyFormat.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ec/ed/TestEdDSA.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ec/ed/TestEdOps.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ec/xec/TestXDH.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ec/xec/XECKeyFormat.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/jca/PreferredProviderNegativeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/jca/PreferredProviderTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/lib/CheckBlockedCerts.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/pkcs/pkcs10/PKCS10AttrEncoding.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/pkcs/pkcs7/PKCS7VerifyTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/pkcs/pkcs7/SignerOrder.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/pkcs/pkcs8/PKCS8Test.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/pkcs/pkcs8/TestLeadingZeros.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/pkcs11/KeyStore/ClientAuth.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/pkcs11/Provider/Absolute.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/pkcs12/Bug6415637.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/pkcs12/EmptyPassword.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/pkcs12/KeytoolOpensslInteropTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/pkcs12/P12SecretKey.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/pkcs12/PBES2Encoding.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/pkcs12/PKCS12SameKeyId.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/pkcs12/ProbeBER.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/pkcs12/ProbeLargeKeystore.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/pkcs12/SameDN.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/pkcs12/StorePasswordTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/pkcs12/StoreSecretKeyTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/pkcs12/StoreTrustedCertTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/pkcs12/WrongPBES2.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/provider/DSA/SupportedDSAParamGen.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/provider/DSA/SupportedDSAParamGenLongKey.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/provider/DSA/TestAlgParameterGenerator.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/provider/DSA/TestDSA.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/provider/DSA/TestDSA2.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/provider/DSA/TestKeyPairGenerator.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/provider/DSA/TestLegacyDSAKeyPairGenerator.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/provider/DSA/TestMaxLengthDER.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/provider/KeyStore/CaseSensitiveAliases.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/provider/KeyStore/TestJKSWithSecretKey.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/provider/KeyStore/WrongPassword.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/provider/KeyStore/WrongStoreType.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/provider/MessageDigest/DigestKAT.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/provider/MessageDigest/Offsets.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/provider/MessageDigest/TestSHAClone.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/provider/NSASuiteB/TestDSAGenParameterSpec.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/provider/NSASuiteB/TestDSAGenParameterSpecLongKey.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/provider/NSASuiteB/TestSHAOids.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/provider/NSASuiteB/TestSHAwithDSASignatureOids.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/provider/PolicyFile/Alias.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/provider/PolicyFile/AliasExpansion.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/provider/PolicyFile/TokenStore.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/provider/PolicyFile/TrustedCert.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/provider/SecureRandom/AbstractDrbg/SpecTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/provider/SecureRandom/AutoReseed.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/provider/SecureRandom/CommonSeeder.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/provider/SecureRandom/DRBGAlg.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/provider/SecureRandom/SHA1PRNGReseed.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/provider/SecureRandom/StrongSecureRandom.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/provider/SecureRandom/StrongSeedReader.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/provider/SeedGenerator/SeedGeneratorChoice.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/provider/X509Factory/BadPem.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/provider/X509Factory/BigCRL.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/provider/certpath/DisabledAlgorithms/CPBuilder.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/provider/certpath/DisabledAlgorithms/CPBuilderWithMD5.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/provider/certpath/DisabledAlgorithms/CPValidatorEndEntity.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/provider/certpath/DisabledAlgorithms/CPValidatorIntermediate.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/provider/certpath/DisabledAlgorithms/CPValidatorTrustAnchor.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/provider/certpath/OCSP/OCSPNoContentLength.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/rsa/BrokenRSAPrivateCrtKey.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/rsa/KeySizeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/rsa/PrivateKeyEqualityTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/rsa/SignatureTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/rsa/SignedObjectChain.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/rsa/SpecTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/rsa/TestCACerts.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/rsa/TestKeyFactory.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/rsa/TestKeyPairGenerator.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/rsa/TestKeyPairGeneratorExponent.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/rsa/TestKeyPairGeneratorInit.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/rsa/TestKeyPairGeneratorLength.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/rsa/TestRSAOidSupport.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/rsa/TestSigGen15.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/rsa/TestSignatures.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/rsa/WithoutNULL.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/rsa/pss/InitAgain.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/rsa/pss/PSSKeyCompatibility.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/rsa/pss/PSSParametersTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/rsa/pss/SerializedPSSKey.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/rsa/pss/SignatureTest2.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/rsa/pss/SignatureTestPSS.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/rsa/pss/TestPSSKeySupport.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/rsa/pss/TestSigGenPSS.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/ALPN/AlpnGreaseTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/AppInputStream/ReadBlocksClose.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/AppInputStream/ReadHandshake.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/AppInputStream/ReadZeroBytes.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/AppInputStream/RemoveMarkReset.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/AppOutputStream/NoExceptionOnClose.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/CertPathRestrictions/TLSRestrictions.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/CipherSuite/DisabledCurve.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x
-sun/security/ssl/CipherSuite/LegacyConstraints.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/CipherSuite/NamedGroupsWithCipherSuite.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x
-sun/security/ssl/CipherSuite/RestrictNamedGroup.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/CipherSuite/RestrictSignatureScheme.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/CipherSuite/SSL_NULL.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/CipherSuite/SupportedGroups.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x
-sun/security/ssl/ClientHandshaker/CipherSuiteOrder.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/ClientHandshaker/LengthCheckTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/ClientHandshaker/RSAExport.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/DHKeyExchange/DHEKeySizing.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/DHKeyExchange/LegacyDHEKeyExchange.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/DHKeyExchange/UseStrongDHSizes.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/EngineArgs/DebugReportsOneExtraByte.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/GenSSLConfigs/main.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/HandshakeHash/HandshakeHashCloneExhaustion.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/HandshakeOutStream/NullCerts.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/InputRecord/ClientHelloRead.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/InputRecord/SSLSocketTimeoutNulls.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/ProtocolVersion/HttpsProtocols.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLContextImpl/CustomizedCipherSuites.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLContextImpl/CustomizedDTLSDefaultProtocols.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLContextImpl/CustomizedDTLSServerDefaultProtocols.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLContextImpl/CustomizedDefaultProtocols.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLContextImpl/CustomizedServerDefaultProtocols.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLContextImpl/DefaultCipherSuitePreference.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLContextImpl/DefaultDTLSEnabledProtocols.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLContextImpl/DefaultEnabledProtocols.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLContextImpl/GoodProvider.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLContextImpl/IllegalProtocolProperty.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLContextImpl/MD2InTrustAnchor.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLContextImpl/MultipleChooseAlias.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLContextImpl/NoOldVersionContext.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLContextImpl/SSLContextDefault.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLContextImpl/SSLContextVersion.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLContextImpl/TrustTrustedCert.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLEngineImpl/CloseEngineException.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLEngineImpl/CloseStart.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLEngineImpl/DelegatedTaskWrongException.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLEngineImpl/EmptyExtensionData.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLEngineImpl/EngineEnforceUseClientMode.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLEngineImpl/RehandshakeFinished.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLEngineImpl/SSLEngineBadBufferArrayAccess.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLEngineImpl/SSLEngineDeadlock.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLEngineImpl/SSLEngineFailedALPN.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLEngineImpl/SSLEngineKeyLimit.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLEngineImpl/TLS13BeginHandshake.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLLogger/LoggingFormatConsistency.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLSessionContextImpl/DefautlCacheSize.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLSessionContextImpl/Timeout.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLSessionImpl/HashCodeMissing.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLSessionImpl/InvalidateSession.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLSessionImpl/NoInvalidateSocketException.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLSessionImpl/ResumeChecksClient.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLSessionImpl/ResumeChecksClientStateless.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLSessionImpl/ResumeChecksServer.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLSessionImpl/ResumeChecksServerStateless.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLSessionImpl/ResumptionUpdateBoundValues.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLSocketImpl/AsyncSSLSocketClose.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLSocketImpl/BlockedAsyncClose.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLSocketImpl/ClientModeClientAuth.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLSocketImpl/ClientSocketCloseHang.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLSocketImpl/ClientTimeout.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLSocketImpl/CloseSocket.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLSocketImpl/CloseSocketException.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLSocketImpl/DisableExtensions.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLSocketImpl/IgnorableExceptionMessages.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLSocketImpl/InvalidateServerSessionRenegotiate.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLSocketImpl/LargePacketAfterHandshakeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLSocketImpl/NewSocketMethods.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLSocketImpl/NoImpactServerRenego.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLSocketImpl/NotifyHandshakeTest.sh https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLSocketImpl/RejectClientRenego.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLSocketImpl/ReuseAddr.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLSocketImpl/ReverseNameLookup.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLSocketImpl/SSLSocketBruceForceClose.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLSocketImpl/SSLSocketBruteForceClose.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLSocketImpl/SSLSocketClose.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLSocketImpl/SSLSocketCloseHang.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLSocketImpl/SSLSocketImplThrowsWrongExceptions.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLSocketImpl/SSLSocketKeyLimit.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLSocketImpl/SSLSocketLeak.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLSocketImpl/SSLSocketReset.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLSocketImpl/SSLSocketSSLEngineCloseInbound.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLSocketImpl/SSLSocketShouldThrowSocketException.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLSocketImpl/ServerRenegoWithTwoVersions.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLSocketImpl/ServerTimeout.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLSocketImpl/SetSoTimeout.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLSocketImpl/SocketExceptionForSocketIssues.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLSocketImpl/UnconnectedSocketWrongExceptions.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/ServerHandshaker/AnonCipherWithWantClientAuth.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/ServerHandshaker/GetPeerHost.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/ServerHandshaker/HelloExtensionsTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SignatureScheme/CustomizedClientSchemes.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SignatureScheme/CustomizedServerSchemes.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SignatureScheme/SigAlgosExtTestWithTLS12.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SignatureScheme/SigAlgosExtTestWithTLS13.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SignatureScheme/SigSchemePropOrdering.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SignatureScheme/Tls13NamedGroups.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SocketCreation/SocketCreation.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/Stapling/StatusResponseManager.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/X509KeyManager/CertificateAuthorities.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/X509KeyManager/PreferredKey.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/X509KeyManager/SelectOneKeyOutOfMany.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/X509TrustManagerImpl/BasicConstraints.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/X509TrustManagerImpl/BasicConstraints12.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/X509TrustManagerImpl/CacertsLimit.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/X509TrustManagerImpl/CertRequestOverflow.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/X509TrustManagerImpl/CheckNullEntity.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/X509TrustManagerImpl/ComodoHacker.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/X509TrustManagerImpl/PKIXExtendedTM.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/X509TrustManagerImpl/SelfIssuedCert.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/X509TrustManagerImpl/SunX509ExtendedTM.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/X509TrustManagerImpl/TooManyCAs.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/X509TrustManagerImpl/X509ExtendedTMEnabled.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/internal/TestRun.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/spi/ProviderInit.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/tools/jarsigner/DefaultSigalg.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/tools/jarsigner/EntriesOrder.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/tools/jarsigner/JarSigningNonAscii.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/tools/jarsigner/LargeJarEntry.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/tools/jarsigner/LineBrokenMultiByteCharacter.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/tools/jarsigner/PreserveRawManifestEntryAndDigest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x
-sun/security/tools/jarsigner/Test4431684.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/tools/jarsigner/TimestampCheck.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/tools/jarsigner/TsacertOptionTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/tools/jarsigner/multiRelease/MVJarSigningTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/tools/jarsigner/warnings/NoTimestampTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/tools/keytool/CacertsOption.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/tools/keytool/CheckCertAKID.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/tools/keytool/CloneKeyAskPassword.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/tools/keytool/CloseFile.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/tools/keytool/DupImport.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/tools/keytool/GenKeyPairSigner.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/tools/keytool/GenerateAll.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/tools/keytool/GroupName.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/tools/keytool/HasSrcStoretypeOption.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/tools/keytool/ImportPrompt.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/tools/keytool/JKStoPKCS12.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/tools/keytool/KeyToolTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/tools/keytool/NewSize7.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/tools/keytool/PKCS12Passwd.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/tools/keytool/PrintSSL.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/tools/keytool/Serial64.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/tools/keytool/StartDateTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/tools/keytool/StorePasswords.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/tools/keytool/UnknownAndUnparseable.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/tools/keytool/WeakAlg.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/tools/keytool/fakecacerts/TrustedCRL.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/tools/keytool/fakecacerts/TrustedCert.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/tools/keytool/fakegen/DefaultSignatureAlgorithm.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/tools/keytool/fakegen/PSS.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/util/HostnameMatcher/NullHostnameCheck.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/validator/EndEntityExtensionCheck.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/validator/certreplace.sh https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/validator/samedn.sh https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/x509/AlgorithmId/ExtensibleAlgorithmId.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/x509/AlgorithmId/NonStandardNames.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/x509/AlgorithmId/OmitAlgIdParam.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/x509/URICertStore/CRLReadTimeout.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/x509/URICertStore/ExtensionsWithLDAP.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/x509/X509CRLImpl/OrderAndDup.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/x509/X509CRLImpl/Verify.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/x509/X509CertImpl/ECSigParamsVerifyWithCert.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/x509/X509CertImpl/V3Certificate.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/x509/X509CertImpl/Verify.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/ServerName/BestEffortOnLazyConnected.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-
-sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-s390x,aix-all
-javax/net/ssl/SSLEngine/LargePacket.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le
-jdk/nio/zipfs/ZipFSTester.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-ppc64le,linux-s390x,aix-all
+# ===========================================================================
\ No newline at end of file
diff --git a/test/jdk/javax/net/ssl/DTLS/CipherSuite.java b/test/jdk/javax/net/ssl/DTLS/CipherSuite.java
index 773fb08d317..4f76d8b0b75 100644
--- a/test/jdk/javax/net/ssl/DTLS/CipherSuite.java
+++ b/test/jdk/javax/net/ssl/DTLS/CipherSuite.java
@@ -52,6 +52,9 @@
import javax.net.ssl.SSLEngine;
import java.security.Security;
+import jdk.test.lib.Utils;
+import jdk.test.lib.security.SecurityUtils;
+
/**
* Test common DTLS cipher suites.
*/
@@ -61,14 +64,30 @@ public class CipherSuite extends DTLSOverDatagram {
volatile static String cipherSuite;
public static void main(String[] args) throws Exception {
- if (args.length > 1 && "re-enable".equals(args[1])) {
+ if (args.length > 1 && "re-enable".equals(args[1])
+ && !(Utils.isFIPS()
+ && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) {
Security.setProperty("jdk.tls.disabledAlgorithms", "");
}
cipherSuite = args[0];
CipherSuite testCase = new CipherSuite();
- testCase.runTest(testCase);
+ try {
+ testCase.runTest(testCase);
+ } catch (javax.net.ssl.SSLHandshakeException sslhe) {
+ if ((Utils.isFIPS()
+ && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))
+ && !SecurityUtils.TLS_CIPHERSUITES.containsKey(cipherSuite)) {
+ if ("No appropriate protocol (protocol is disabled or cipher suites are inappropriate)".equals(sslhe.getMessage())) {
+ System.out.println("Expected exception msg: is caught");
+ return;
+ }
+ }
+ } catch (Exception e) {
+ e.printStackTrace();
+ return;
+ }
}
@Override
@@ -81,4 +100,4 @@ SSLEngine createSSLEngine(boolean isClient) throws Exception {
return engine;
}
-}
+}
\ No newline at end of file
diff --git a/test/jdk/javax/net/ssl/DTLS/DTLSHandshakeWithReplicatedPacketsTest.java b/test/jdk/javax/net/ssl/DTLS/DTLSHandshakeWithReplicatedPacketsTest.java
index b18238f7217..6541c9b80f7 100644
--- a/test/jdk/javax/net/ssl/DTLS/DTLSHandshakeWithReplicatedPacketsTest.java
+++ b/test/jdk/javax/net/ssl/DTLS/DTLSHandshakeWithReplicatedPacketsTest.java
@@ -48,6 +48,9 @@
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
+import jdk.test.lib.Utils;
+import jdk.test.lib.security.SecurityUtils;
+
/**
* Testing DTLS engines handshake using each of the supported cipher suites with
* replicated packets check.
@@ -59,7 +62,9 @@ public class DTLSHandshakeWithReplicatedPacketsTest extends SSLEngineTestCase {
public static void main(String[] args) {
DTLSHandshakeWithReplicatedPacketsTest test
= new DTLSHandshakeWithReplicatedPacketsTest();
- setUpAndStartKDCIfNeeded();
+ if ((Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) {
+ setUpAndStartKDCIfNeeded();
+ }
test.runTests();
}
diff --git a/test/jdk/javax/net/ssl/DTLS/DTLSIncorrectAppDataTest.java b/test/jdk/javax/net/ssl/DTLS/DTLSIncorrectAppDataTest.java
index 2e59cb73857..03e42908546 100644
--- a/test/jdk/javax/net/ssl/DTLS/DTLSIncorrectAppDataTest.java
+++ b/test/jdk/javax/net/ssl/DTLS/DTLSIncorrectAppDataTest.java
@@ -53,6 +53,9 @@
import java.util.Random;
import jdk.test.lib.RandomFactory;
+import jdk.test.lib.Utils;
+import jdk.test.lib.security.SecurityUtils;
+
/**
* Testing DTLS incorrect app data packages unwrapping. Incorrect application
* data packages should be ignored by DTLS SSLEngine.
@@ -63,7 +66,9 @@ public class DTLSIncorrectAppDataTest extends SSLEngineTestCase {
public static void main(String[] s) {
DTLSIncorrectAppDataTest test = new DTLSIncorrectAppDataTest();
- setUpAndStartKDCIfNeeded();
+ if ((Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) {
+ setUpAndStartKDCIfNeeded();
+ }
test.runTests();
}
diff --git a/test/jdk/javax/net/ssl/DTLS/DTLSOverDatagram.java b/test/jdk/javax/net/ssl/DTLS/DTLSOverDatagram.java
index 1820dbe5423..24526f731a1 100644
--- a/test/jdk/javax/net/ssl/DTLS/DTLSOverDatagram.java
+++ b/test/jdk/javax/net/ssl/DTLS/DTLSOverDatagram.java
@@ -46,6 +46,7 @@
import java.util.concurrent.atomic.AtomicBoolean;
import jdk.test.lib.hexdump.HexPrinter;
+import jdk.test.lib.Utils;
/**
* An example to show the way to use SSLEngine in datagram connections.
@@ -63,10 +64,10 @@ public class DTLSOverDatagram {
private static final String KEY_STORE_FILE = "keystore";
private static final String TRUST_STORE_FILE = "truststore";
- private static final String KEY_FILENAME =
+ private static String KEY_FILENAME =
System.getProperty("test.src", ".") + "/" + PATH_TO_STORES +
"/" + KEY_STORE_FILE;
- private static final String TRUST_FILENAME =
+ private static String TRUST_FILENAME =
System.getProperty("test.src", ".") + "/" + PATH_TO_STORES +
"/" + TRUST_STORE_FILE;
@@ -505,11 +506,12 @@ boolean onReceiveTimeout(SSLEngine engine, SocketAddress socketAddr,
// get DTSL context
SSLContext getDTLSContext() throws Exception {
String passphrase = "passphrase";
+ String protocol = "DTLS";
return SSLContextBuilder.builder()
.trustStore(KeyStoreUtils.loadKeyStore(TRUST_FILENAME, passphrase))
.keyStore(KeyStoreUtils.loadKeyStore(KEY_FILENAME, passphrase))
.kmfPassphrase(passphrase)
- .protocol("DTLS")
+ .protocol(protocol)
.build();
}
diff --git a/test/jdk/javax/net/ssl/DTLS/DTLSSequenceNumberTest.java b/test/jdk/javax/net/ssl/DTLS/DTLSSequenceNumberTest.java
index 2eb792a2d37..a239513e649 100644
--- a/test/jdk/javax/net/ssl/DTLS/DTLSSequenceNumberTest.java
+++ b/test/jdk/javax/net/ssl/DTLS/DTLSSequenceNumberTest.java
@@ -55,6 +55,9 @@
import java.util.Random;
import jdk.test.lib.RandomFactory;
+import jdk.test.lib.Utils;
+import jdk.test.lib.security.SecurityUtils;
+
/**
* Testing DTLS records sequence number property support in application data
* exchange.
@@ -69,7 +72,9 @@ public class DTLSSequenceNumberTest extends SSLEngineTestCase {
public static void main(String[] args) {
DTLSSequenceNumberTest test = new DTLSSequenceNumberTest();
- setUpAndStartKDCIfNeeded();
+ if ((Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) {
+ setUpAndStartKDCIfNeeded();
+ }
test.runTests();
}
diff --git a/test/jdk/javax/net/ssl/DTLS/DTLSWontNegotiateV10.java b/test/jdk/javax/net/ssl/DTLS/DTLSWontNegotiateV10.java
index 2532f524371..4b5ca4ba143 100644
--- a/test/jdk/javax/net/ssl/DTLS/DTLSWontNegotiateV10.java
+++ b/test/jdk/javax/net/ssl/DTLS/DTLSWontNegotiateV10.java
@@ -21,6 +21,7 @@
* questions.
*/
+import jdk.test.lib.Utils;
import jdk.test.lib.security.SecurityUtils;
import javax.net.ssl.*;
@@ -49,7 +50,10 @@ public class DTLSWontNegotiateV10 {
private static final String DTLSV_1_2 = "DTLSv1.2";
public static void main(String[] args) throws Exception {
- if (args[0].equals(DTLSV_1_0)) {
+
+ if (args[0].equals(DTLSV_1_0)
+ && !(Utils.isFIPS()
+ && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) {
SecurityUtils.removeFromDisabledTlsAlgs(DTLSV_1_0);
}
@@ -77,6 +81,18 @@ public static void main(String[] args) throws Exception {
server.run();
p.destroy();
System.out.println("Success: DTLSv1.0 connection was not established.");
+ } catch (javax.net.ssl.SSLHandshakeException sslhe) {
+ if ((Utils.isFIPS()
+ && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))
+ && !SecurityUtils.TLS_PROTOCOLS.contains(args[0])) {
+ if ("No appropriate protocol (protocol is disabled or cipher suites are inappropriate)".equals(sslhe.getMessage())) {
+ System.out.println("Expected exception msg: is caught");
+ return;
+ }
+ }
+ } catch (Exception e) {
+ e.printStackTrace();
+ return;
}
}
}
diff --git a/test/jdk/javax/net/ssl/DTLS/WeakCipherSuite.java b/test/jdk/javax/net/ssl/DTLS/WeakCipherSuite.java
index d9bb38ec15a..df12a4a4824 100644
--- a/test/jdk/javax/net/ssl/DTLS/WeakCipherSuite.java
+++ b/test/jdk/javax/net/ssl/DTLS/WeakCipherSuite.java
@@ -41,6 +41,9 @@
import javax.net.ssl.SSLEngine;
import java.security.Security;
+import jdk.test.lib.Utils;
+import jdk.test.lib.security.SecurityUtils;
+
/**
* Test common DTLS weak cipher suites.
*/
@@ -52,13 +55,29 @@ public class WeakCipherSuite extends DTLSOverDatagram {
public static void main(String[] args) throws Exception {
// reset security properties to make sure that the algorithms
// and keys used in this test are not disabled.
- Security.setProperty("jdk.tls.disabledAlgorithms", "");
- Security.setProperty("jdk.certpath.disabledAlgorithms", "");
+ if (!(Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) {
+ Security.setProperty("jdk.tls.disabledAlgorithms", "");
+ Security.setProperty("jdk.certpath.disabledAlgorithms", "");
+ }
cipherSuite = args[0];
WeakCipherSuite testCase = new WeakCipherSuite();
- testCase.runTest(testCase);
+ try {
+ testCase.runTest(testCase);
+ } catch (javax.net.ssl.SSLHandshakeException sslhe) {
+ if ((Utils.isFIPS()
+ && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))
+ && !SecurityUtils.TLS_CIPHERSUITES.containsKey(cipherSuite)) {
+ if ("No appropriate protocol (protocol is disabled or cipher suites are inappropriate)".equals(sslhe.getMessage())) {
+ System.out.println("Expected exception msg: is caught");
+ return;
+ }
+ }
+ } catch (Exception e) {
+ e.printStackTrace();
+ return;
+ }
}
@Override
@@ -68,4 +87,4 @@ SSLEngine createSSLEngine(boolean isClient) throws Exception {
return engine;
}
-}
+}
\ No newline at end of file
diff --git a/test/jdk/javax/net/ssl/FixingJavadocs/ImplicitHandshake.java b/test/jdk/javax/net/ssl/FixingJavadocs/ImplicitHandshake.java
index b1ef64ef88a..18ed8883adb 100644
--- a/test/jdk/javax/net/ssl/FixingJavadocs/ImplicitHandshake.java
+++ b/test/jdk/javax/net/ssl/FixingJavadocs/ImplicitHandshake.java
@@ -26,6 +26,7 @@
* @bug 4387882
* @summary Need to revisit the javadocs for JSSE, especially the
* promoted classes.
+ * @library /test/lib
* @run main/othervm ImplicitHandshake
*
* SunJSSE does not support dynamic system properties, no way to re-use
@@ -37,6 +38,9 @@
import java.net.*;
import javax.net.ssl.*;
+import jdk.test.lib.Utils;
+import jdk.test.lib.security.SecurityUtils;
+
public class ImplicitHandshake {
/*
@@ -191,6 +195,10 @@ public static void main(String[] args) throws Exception {
System.getProperty("test.src", "./") + "/" + pathToStores +
"/" + trustStoreFile;
+ if ((Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) {
+ keyFilename = Utils.revertJKSToPKCS12(keyFilename, passwd);
+ trustFilename = Utils.revertJKSToPKCS12(trustFilename, passwd);
+ }
System.setProperty("javax.net.ssl.keyStore", keyFilename);
System.setProperty("javax.net.ssl.keyStorePassword", passwd);
System.setProperty("javax.net.ssl.trustStore", trustFilename);
diff --git a/test/jdk/javax/net/ssl/HttpsURLConnection/CriticalSubjectAltName.java b/test/jdk/javax/net/ssl/HttpsURLConnection/CriticalSubjectAltName.java
index d4eca8b5776..15e22f1f299 100644
--- a/test/jdk/javax/net/ssl/HttpsURLConnection/CriticalSubjectAltName.java
+++ b/test/jdk/javax/net/ssl/HttpsURLConnection/CriticalSubjectAltName.java
@@ -31,6 +31,7 @@
* @bug 6668231
* @summary Presence of a critical subjectAltName causes JSSE's SunX509 to
* fail trusted checks
+ * @library /test/lib
* @run main/othervm CriticalSubjectAltName
* @author Xuelei Fan
*/
@@ -53,6 +54,9 @@
import java.security.Security;
import java.security.cert.Certificate;
+import jdk.test.lib.Utils;
+import jdk.test.lib.security.SecurityUtils;
+
public class CriticalSubjectAltName implements HostnameVerifier {
/*
* =============================================================
@@ -159,10 +163,12 @@ void doClientSide() throws Exception {
public static void main(String[] args) throws Exception {
// MD5 is used in this test case, don't disable MD5 algorithm.
- Security.setProperty("jdk.certpath.disabledAlgorithms",
- "MD2, RSA keySize < 1024");
- Security.setProperty("jdk.tls.disabledAlgorithms",
- "SSLv3, RC4, DH keySize < 768");
+ if (!(Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS-HttpsURLConnection"))) {
+ Security.setProperty("jdk.certpath.disabledAlgorithms",
+ "MD2, RSA keySize < 1024");
+ Security.setProperty("jdk.tls.disabledAlgorithms",
+ "SSLv3, RC4, DH keySize < 768");
+ }
String keyFilename =
System.getProperty("test.src", "./") + "/" + pathToStores +
@@ -171,6 +177,11 @@ public static void main(String[] args) throws Exception {
System.getProperty("test.src", "./") + "/" + pathToStores +
"/" + trustStoreFile;
+ if ((Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS-HttpsURLConnection"))) {
+ keyFilename = Utils.revertJKSToPKCS12(keyFilename, passwd);
+ trustFilename = Utils.revertJKSToPKCS12(trustFilename, passwd);
+ }
+
System.setProperty("javax.net.ssl.keyStore", keyFilename);
System.setProperty("javax.net.ssl.keyStorePassword", passwd);
System.setProperty("javax.net.ssl.trustStore", trustFilename);
diff --git a/test/jdk/javax/net/ssl/HttpsURLConnection/GetResponseCode.java b/test/jdk/javax/net/ssl/HttpsURLConnection/GetResponseCode.java
index 87ffef9c0f8..6d3cdb8e6bb 100644
--- a/test/jdk/javax/net/ssl/HttpsURLConnection/GetResponseCode.java
+++ b/test/jdk/javax/net/ssl/HttpsURLConnection/GetResponseCode.java
@@ -25,6 +25,7 @@
* @test
* @bug 4482187
* @summary HttpsClient tests are failing for build 71
+ * @library /test/lib
* @run main/othervm GetResponseCode
*
* SunJSSE does not support dynamic system properties, no way to re-use
@@ -37,6 +38,9 @@
import javax.net.ssl.*;
import java.security.cert.Certificate;
+import jdk.test.lib.Utils;
+import jdk.test.lib.security.SecurityUtils;
+
public class GetResponseCode implements HostnameVerifier {
/*
* =============================================================
@@ -149,6 +153,11 @@ public static void main(String[] args) throws Exception {
System.getProperty("test.src", "./") + "/" + pathToStores +
"/" + trustStoreFile;
+ if ((Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) {
+ keyFilename = Utils.revertJKSToPKCS12(keyFilename, passwd);
+ trustFilename = Utils.revertJKSToPKCS12(trustFilename, passwd);
+ }
+
System.setProperty("javax.net.ssl.keyStore", keyFilename);
System.setProperty("javax.net.ssl.keyStorePassword", passwd);
System.setProperty("javax.net.ssl.trustStore", trustFilename);
diff --git a/test/jdk/javax/net/ssl/HttpsURLConnection/TLSTest_HttpsURLConnection_java.security b/test/jdk/javax/net/ssl/HttpsURLConnection/TLSTest_HttpsURLConnection_java.security
new file mode 100644
index 00000000000..86339bbd395
--- /dev/null
+++ b/test/jdk/javax/net/ssl/HttpsURLConnection/TLSTest_HttpsURLConnection_java.security
@@ -0,0 +1,29 @@
+# Test-TLS Restricted Security mode profile for FIPS 140-3. This profile is a test profile that extends
+# OpenJCEPlusFIPS.FIPS140-3. This profile also includes non-cryptographic algorithms and common configuration
+# options such as, PKCS12, JKS from SUN and PBE related services from SunJCE.
+#
+RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3-Test-TLS-HttpsURLConnection.desc.name = Test-TLS-HttpsURLConnection OpenJCEPlusFIPS Cryptographic Module FIPS 140-3
+RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3-Test-TLS-HttpsURLConnection.desc.default = false
+RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3-Test-TLS-HttpsURLConnection.extends = RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3
+
+RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3-Test-TLS-HttpsURLConnection.jce.provider.1 = com.ibm.crypto.plus.provider.OpenJCEPlusFIPS [+ \
+ {AlgorithmParameters, DiffieHellman, *}, \
+ {KeyAgreement, DiffieHellman, *}, \
+ {KeyPairGenerator, DiffieHellman, *}, \
+ {KeyFactory, DiffieHellman, *}, \
+ {MessageDigest, MD5, *}]
+
+RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3-Test-TLS-HttpsURLConnection.jce.provider.2 = sun.security.provider.Sun [+ \
+ {KeyStore, JKS, *}, \
+ {KeyStore, PKCS12, *}, \
+ {MessageDigest, SHA-1, *}]
+
+RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3-Test-TLS-HttpsURLConnection.jce.provider.4 = com.sun.crypto.provider.SunJCE [{AlgorithmParameters, PBES2, *}, \
+ {AlgorithmParameters, PBEWithHmacSHA256AndAES_256, *}, \
+ {AlgorithmParameters, PBEWithMD5AndDES, *}, \
+ {SecretKeyFactory, PBEWithMD5AndDES, *}, \
+ {Cipher, PBEWithHmacSHA256AndAES_256, *}, \
+ {Mac, HmacSHA1, *},\
+ {Mac, HmacPBESHA256, *}]
+
+RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3-Test-TLS-HttpsURLConnection.jce.provider.5 = sun.security.rsa.SunRsaSign [{Signature, MD5withRSA, *}]
\ No newline at end of file
diff --git a/test/jdk/javax/net/ssl/SSLEngine/ArgCheck.java b/test/jdk/javax/net/ssl/SSLEngine/ArgCheck.java
index 4781d15972b..b913f7c7e5d 100644
--- a/test/jdk/javax/net/ssl/SSLEngine/ArgCheck.java
+++ b/test/jdk/javax/net/ssl/SSLEngine/ArgCheck.java
@@ -27,7 +27,7 @@
* @summary Add scatter/gather APIs for SSLEngine
*
* Check to see if the args are being parsed properly.
- *
+ * @library /test/lib
*/
import javax.net.ssl.*;
@@ -36,6 +36,9 @@
import java.security.*;
import java.nio.*;
+import jdk.test.lib.Utils;
+import jdk.test.lib.security.SecurityUtils;
+
public class ArgCheck {
private static boolean debug = false;
@@ -258,6 +261,8 @@ static private SSLEngine createSSLEngine(String keyFile, String trustFile)
KeyStore ks = KeyStore.getInstance("JKS");
KeyStore ts = KeyStore.getInstance("JKS");
+ ks.load(null, null);
+
char[] passphrase = "passphrase".toCharArray();
ks.load(new FileInputStream(keyFile), passphrase);
diff --git a/test/jdk/javax/net/ssl/SSLEngine/Arrays.java b/test/jdk/javax/net/ssl/SSLEngine/Arrays.java
index 2ba56c85b34..11c043e1965 100644
--- a/test/jdk/javax/net/ssl/SSLEngine/Arrays.java
+++ b/test/jdk/javax/net/ssl/SSLEngine/Arrays.java
@@ -41,7 +41,9 @@
import java.io.*;
import java.security.*;
import java.nio.*;
+import java.util.*;
+import jdk.test.lib.Utils;
import jdk.test.lib.security.SecurityUtils;
public class Arrays {
@@ -187,14 +189,20 @@ public static void main(String args[]) throws Exception {
contextVersion = args[0];
// Re-enable context version if it is disabled.
// If context version is SSLv3, TLSv1 needs to be re-enabled.
- if (contextVersion.equals("SSLv3")) {
- SecurityUtils.removeFromDisabledTlsAlgs("TLSv1");
- } else if (contextVersion.equals("TLSv1") ||
- contextVersion.equals("TLSv1.1")) {
- SecurityUtils.removeFromDisabledTlsAlgs(contextVersion);
+ if (!(Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) {
+ if (contextVersion.equals("SSLv3")) {
+ SecurityUtils.removeFromDisabledTlsAlgs("TLSv1");
+ } else if (contextVersion.equals("TLSv1") ||
+ contextVersion.equals("TLSv1.1")) {
+ SecurityUtils.removeFromDisabledTlsAlgs(contextVersion);
+ }
+ } else {
+ if (!SecurityUtils.TLS_PROTOCOLS.contains(contextVersion)) {
+ return;
+ }
}
- Arrays test;
+ Arrays test = null;
test = new Arrays();
diff --git a/test/jdk/javax/net/ssl/SSLEngine/Basics.java b/test/jdk/javax/net/ssl/SSLEngine/Basics.java
index 3239bfd4ce9..e75908c0302 100644
--- a/test/jdk/javax/net/ssl/SSLEngine/Basics.java
+++ b/test/jdk/javax/net/ssl/SSLEngine/Basics.java
@@ -41,6 +41,7 @@
import javax.net.ssl.*;
import javax.net.ssl.SSLEngineResult.*;
+import jdk.test.lib.Utils;
import jdk.test.lib.security.SecurityUtils;
public class Basics {
@@ -57,11 +58,15 @@ public class Basics {
"/" + TRUSTSTORE_FILE;
public static void main(String[] args) throws Exception {
- SecurityUtils.removeFromDisabledTlsAlgs("TLSv1.1");
+ if (!(Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) {
+ SecurityUtils.removeFromDisabledTlsAlgs("TLSv1.1");
+ runTest("TLSv1.1", "TLS_DHE_DSS_WITH_AES_128_CBC_SHA");
+ }
runTest("TLSv1.3", "TLS_AES_256_GCM_SHA384");
- runTest("TLSv1.2", "TLS_RSA_WITH_AES_256_GCM_SHA384");
- runTest("TLSv1.1", "TLS_DHE_DSS_WITH_AES_128_CBC_SHA");
+ if (!(Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) {
+ runTest("TLSv1.2", "TLS_RSA_WITH_AES_256_GCM_SHA384");
+ }
}
private static void runTest(String protocol, String cipherSuite) throws Exception {
@@ -69,6 +74,7 @@ private static void runTest(String protocol, String cipherSuite) throws Exceptio
KeyStore ks = KeyStore.getInstance("JKS");
KeyStore ts = KeyStore.getInstance("JKS");
+
char[] passphrase = "passphrase".toCharArray();
ks.load(new FileInputStream(KEYSTORE_PATH), passphrase);
diff --git a/test/jdk/javax/net/ssl/SSLEngine/CheckTlsEngineResults.java b/test/jdk/javax/net/ssl/SSLEngine/CheckTlsEngineResults.java
index 7a7ecdffa5d..1aea6f4cdb5 100644
--- a/test/jdk/javax/net/ssl/SSLEngine/CheckTlsEngineResults.java
+++ b/test/jdk/javax/net/ssl/SSLEngine/CheckTlsEngineResults.java
@@ -25,9 +25,8 @@
* @test
* @bug 4948079
* @summary Verify return values from SSLEngine wrap/unwrap (TLSv1.2) operations
- *
+ * @library /test/lib
* @run main CheckTlsEngineResults
- *
* @author Brad Wetmore
*/
@@ -40,6 +39,13 @@
import java.io.*;
import java.security.*;
import java.nio.*;
+import java.util.concurrent.Callable;
+import java.util.concurrent.ExecutorService;
+import java.util.concurrent.Executors;
+import java.util.concurrent.Future;
+
+import jdk.test.lib.Utils;
+import jdk.test.lib.security.SecurityUtils;
public class CheckTlsEngineResults {
@@ -67,6 +73,8 @@ public class CheckTlsEngineResults {
private ByteBuffer clientToServer; // "reliable" transport clientEngine->serverEngine
private ByteBuffer serverToClient; // "reliable" transport serverEngine->clientEngine
+ private static Thread catchException;
+
/*
* Majority of the test case is here, setup is done below.
*/
@@ -126,8 +134,16 @@ private void test() throws Exception {
SSLEngineResult result1; // clientEngine's results from last operation
SSLEngineResult result2; // serverEngine's results from last operation
- String [] suite1 = new String [] {
- "TLS_DHE_RSA_WITH_AES_128_CBC_SHA" };
+ String[] suite1;
+ if (!(Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) {
+ suite1 = new String [] {
+ "TLS_DHE_RSA_WITH_AES_128_CBC_SHA" };
+ } else {
+ suite1 = new String [] {
+ // "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256" };
+ "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" };
+ }
+
String [] suite2 = new String [] {
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" };
@@ -154,6 +170,8 @@ private void test() throws Exception {
checkResult(clientToServer, serverIn, result2,
Status.OK, HandshakeStatus.NEED_TASK, result1.bytesProduced(), 0);
+
+
runDelegatedTasks(serverEngine);
clientToServer.compact();
@@ -189,6 +207,7 @@ private void test() throws Exception {
checkResult(clientToServer, serverIn, result2,
Status.OK, HandshakeStatus.NEED_TASK, result1.bytesProduced(), 0);
+
runDelegatedTasks(serverEngine);
clientToServer.compact();
@@ -694,7 +713,7 @@ private void createBuffers() {
log("");
}
- private static void runDelegatedTasks(SSLEngine engine) {
+ private static void runDelegatedTasks(SSLEngine engine) throws Exception {
Runnable runnable;
while ((runnable = engine.getDelegatedTask()) != null) {
@@ -702,6 +721,49 @@ private static void runDelegatedTasks(SSLEngine engine) {
runnable.run();
}
}
+ // private static void runDelegatedTasks(SSLEngine engine) throws Exception {
+ // ExecutorService executorService = Executors.newSingleThreadExecutor();
+
+ // // create Runnable
+ // Runnable myRunnable = () -> {
+ // System.out.println("Executing Runnable...");
+ // throw new RuntimeException("Simulated exception in Runnable");
+ // };
+
+ // RunnableCallable runnableCallable = new RunnableCallable(myRunnable);
+
+ // Future future = executorService.submit(runnableCallable);
+
+ // try {
+ // future.get();
+ // } catch (Exception e) {
+ // System.err.println("Exception caught: " + e.getMessage());
+ // e.printStackTrace();
+ // }
+
+ // executorService.shutdown();
+ // }
+
+ // static class RunnableCallable implements Callable {
+ // private Runnable runnable;
+
+ // public RunnableCallable(Runnable runnable) {
+ // this.runnable = runnable;
+ // }
+
+ // @Override
+ // public Void call() throws Exception {
+ // try {
+ // runnable.run();
+ // } catch (Exception e) {
+ // System.out.println("!!!");
+ // e.printStackTrace();
+ // throw new RuntimeException("Exception in Runnable", e);
+ // }
+ // return null;
+ // }
+ // }
+
private static void log(String str) {
System.out.println(str);
diff --git a/test/jdk/javax/net/ssl/SSLEngine/ConnectionTest.java b/test/jdk/javax/net/ssl/SSLEngine/ConnectionTest.java
index e1ed18e9fde..0dabeceb524 100644
--- a/test/jdk/javax/net/ssl/SSLEngine/ConnectionTest.java
+++ b/test/jdk/javax/net/ssl/SSLEngine/ConnectionTest.java
@@ -27,7 +27,7 @@
* @summary Add non-blocking SSL/TLS functionality, usable with any
* I/O abstraction
* @author Brad Wetmore
- *
+ * @library /test/lib
* @run main/othervm ConnectionTest TLSv1.2 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
* @run main/othervm ConnectionTest TLSv1.3 TLS_AES_256_GCM_SHA384
*/
@@ -44,6 +44,9 @@
import java.security.*;
import java.nio.*;
+import jdk.test.lib.Utils;
+import jdk.test.lib.security.SecurityUtils;
+
public class ConnectionTest {
private final SSLEngine clientEngine;
@@ -93,6 +96,7 @@ public ConnectionTest(String enabledProtocol, String enabledCipherSuite)
private SSLContext getSSLContext() throws Exception {
KeyStore ks = KeyStore.getInstance("JKS");
KeyStore ts = KeyStore.getInstance("JKS");
+
char[] passphrase = "passphrase".toCharArray();
ks.load(new FileInputStream(KEYSTORE_PATH), passphrase);
@@ -597,7 +601,9 @@ private static void log(Object msg) {
public static void main(String args[]) throws Exception {
// reset the security property to make sure that the algorithms
// and keys used in this test are not disabled.
- Security.setProperty("jdk.tls.disabledAlgorithms", "");
+ if (!(Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) {
+ Security.setProperty("jdk.tls.disabledAlgorithms", "");
+ }
log(String.format("Running with %s and %s%n", args[0], args[1]));
ConnectionTest ct = new ConnectionTest(args[0], args[1]);
diff --git a/test/jdk/javax/net/ssl/SSLEngine/EngineCloseOnAlert.java b/test/jdk/javax/net/ssl/SSLEngine/EngineCloseOnAlert.java
index 7a4f71d8171..285a0d64169 100644
--- a/test/jdk/javax/net/ssl/SSLEngine/EngineCloseOnAlert.java
+++ b/test/jdk/javax/net/ssl/SSLEngine/EngineCloseOnAlert.java
@@ -26,6 +26,7 @@
* @bug 8133632
* @summary javax.net.ssl.SSLEngine does not properly handle received
* SSL fatal alerts
+ * @library /test/lib
* @run main EngineCloseOnAlert
*/
@@ -37,6 +38,9 @@
import java.security.*;
import static javax.net.ssl.SSLEngineResult.HandshakeStatus.*;
+import jdk.test.lib.Utils;
+import jdk.test.lib.security.SecurityUtils;
+
public class EngineCloseOnAlert {
private static final String PATH_TO_STORES = "../etc";
@@ -53,8 +57,9 @@ public class EngineCloseOnAlert {
private static KeyManagerFactory KMF;
private static TrustManagerFactory TMF;
- private static final String[] ONECIPHER =
- { "TLS_RSA_WITH_AES_128_CBC_SHA" };
+ private static final String[] ONECIPHER = (Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS")) ?
+ new String[] { "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256" } : new String[] { "TLS_RSA_WITH_AES_128_CBC_SHA" };
+
public interface TestCase {
public void runTest() throws Exception;
diff --git a/test/jdk/javax/net/ssl/SSLEngine/ExtendedKeyEngine.java b/test/jdk/javax/net/ssl/SSLEngine/ExtendedKeyEngine.java
index 334091d7310..b70380312e1 100644
--- a/test/jdk/javax/net/ssl/SSLEngine/ExtendedKeyEngine.java
+++ b/test/jdk/javax/net/ssl/SSLEngine/ExtendedKeyEngine.java
@@ -26,7 +26,7 @@
* @bug 4981697
* @summary Rework the X509KeyManager to avoid incompatibility issues
* @author Brad R. Wetmore
- *
+ * @library /test/lib
* @run main/othervm -Djdk.tls.acknowledgeCloseNotify=true ExtendedKeyEngine
*/
@@ -36,6 +36,9 @@
import java.security.*;
import java.nio.*;
+import jdk.test.lib.Utils;
+import jdk.test.lib.security.SecurityUtils;
+
public class ExtendedKeyEngine {
private static boolean debug = false;
diff --git a/test/jdk/javax/net/ssl/SSLEngine/ExtendedKeySocket.java b/test/jdk/javax/net/ssl/SSLEngine/ExtendedKeySocket.java
index ef4eef3a330..ac52340eae8 100644
--- a/test/jdk/javax/net/ssl/SSLEngine/ExtendedKeySocket.java
+++ b/test/jdk/javax/net/ssl/SSLEngine/ExtendedKeySocket.java
@@ -25,6 +25,7 @@
* @test
* @bug 4981697
* @summary Rework the X509KeyManager to avoid incompatibility issues
+ * @library /test/lib
* @run main/othervm ExtendedKeySocket
*
* SunJSSE does not support dynamic system properties, no way to re-use
@@ -90,9 +91,9 @@ SSLContext getSSLContext(boolean abs) throws Exception {
SSLContext ctx = SSLContext.getInstance("TLS");
KeyStore keyKS = KeyStore.getInstance("JKS");
- keyKS.load(new FileInputStream(keyFilename), passwd);
-
KeyStore trustKS = KeyStore.getInstance("JKS");
+
+ keyKS.load(new FileInputStream(keyFilename), passwd);
trustKS.load(new FileInputStream(trustFilename), passwd);
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
diff --git a/test/jdk/javax/net/ssl/SSLEngine/FinishedPresent.java b/test/jdk/javax/net/ssl/SSLEngine/FinishedPresent.java
index eba6a6aa3de..45d95733d34 100644
--- a/test/jdk/javax/net/ssl/SSLEngine/FinishedPresent.java
+++ b/test/jdk/javax/net/ssl/SSLEngine/FinishedPresent.java
@@ -28,6 +28,7 @@
* @test
* @bug 8233619
* @summary SSLEngine has not yet caused Solaris kernel to panic
+ * @library /test/lib
* @run main/othervm FinishedPresent
*/
import javax.net.ssl.*;
diff --git a/test/jdk/javax/net/ssl/SSLEngine/HandshakeWithInvalidRecordVersion.java b/test/jdk/javax/net/ssl/SSLEngine/HandshakeWithInvalidRecordVersion.java
index 295ad66646c..d8f56cb9f91 100644
--- a/test/jdk/javax/net/ssl/SSLEngine/HandshakeWithInvalidRecordVersion.java
+++ b/test/jdk/javax/net/ssl/SSLEngine/HandshakeWithInvalidRecordVersion.java
@@ -24,6 +24,7 @@
/*
* @test
* @bug 8042449 8299870
+ * @library /test/lib
* @library /javax/net/ssl/templates
* @summary Verify successful handshake ignores invalid record version
*
diff --git a/test/jdk/javax/net/ssl/SSLEngine/IllegalHandshakeMessage.java b/test/jdk/javax/net/ssl/SSLEngine/IllegalHandshakeMessage.java
index 5dc19f1475e..bec04e37689 100644
--- a/test/jdk/javax/net/ssl/SSLEngine/IllegalHandshakeMessage.java
+++ b/test/jdk/javax/net/ssl/SSLEngine/IllegalHandshakeMessage.java
@@ -30,6 +30,7 @@
* @test
* @bug 8180643
* @summary Illegal handshake message
+ * @library /test/lib
* @run main/othervm IllegalHandshakeMessage
*/
diff --git a/test/jdk/javax/net/ssl/SSLEngine/LargeBufs.java b/test/jdk/javax/net/ssl/SSLEngine/LargeBufs.java
index 76c181ccff4..b62bfbcc906 100644
--- a/test/jdk/javax/net/ssl/SSLEngine/LargeBufs.java
+++ b/test/jdk/javax/net/ssl/SSLEngine/LargeBufs.java
@@ -29,7 +29,7 @@
*
* This is to test larger buffer arrays, and make sure the maximum
* is being passed.
- *
+ * @library /test/lib
* @run main/othervm -Djsse.enableCBCProtection=false LargeBufs
*
* @author Brad R. Wetmore
@@ -43,6 +43,9 @@
import java.nio.*;
import java.util.Random;
+import jdk.test.lib.Utils;
+import jdk.test.lib.security.SecurityUtils;
+
public class LargeBufs {
private static boolean debug = true;
@@ -183,15 +186,28 @@ private void runTest(String cipher) throws Exception {
public static void main(String args[]) throws Exception {
// reset the security property to make sure that the algorithms
// and keys used in this test are not disabled.
- Security.setProperty("jdk.tls.disabledAlgorithms", "");
+ if (!(Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) {
+ Security.setProperty("jdk.tls.disabledAlgorithms", "");
+ }
LargeBufs test;
- test = new LargeBufs();
- test.runTest("SSL_RSA_WITH_RC4_128_MD5");
+ if (!(Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) {
+ test = new LargeBufs();
+ test.runTest("SSL_RSA_WITH_RC4_128_MD5");
+ }
+
+ if (!(Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) {
+ test = new LargeBufs();
+ test.runTest("SSL_RSA_WITH_3DES_EDE_CBC_SHA");
+ }
- test = new LargeBufs();
- test.runTest("SSL_RSA_WITH_3DES_EDE_CBC_SHA");
+ if ((Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) {
+ test = new LargeBufs();
+ test.runTest("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256");
+ test = new LargeBufs();
+ test.runTest("TLS_AES_128_GCM_SHA256");
+ }
System.out.println("Test Passed.");
}
@@ -244,6 +260,7 @@ private void createBuffers() {
// that the ability to concume or produce applicaton data upto
// the size. 16384 is the default JSSE implementation maximum
// application size that could be consumed and produced.
+ // appBufferMax = 16384;
appBufferMax = 16384;
netBufferMax = session.getPacketBufferSize();
@@ -308,5 +325,5 @@ private static void log(String str) {
if (debug) {
System.out.println(str);
}
- }
+ }
}
diff --git a/test/jdk/javax/net/ssl/SSLEngine/LargePacket.java b/test/jdk/javax/net/ssl/SSLEngine/LargePacket.java
index c04eaf92cb0..27410985532 100644
--- a/test/jdk/javax/net/ssl/SSLEngine/LargePacket.java
+++ b/test/jdk/javax/net/ssl/SSLEngine/LargePacket.java
@@ -32,6 +32,7 @@
* @bug 6388456
* @summary Need adjustable TLS max record size for interoperability
* with non-compliant
+ * @library /test/lib
* @run main/othervm LargePacket
*
* @author Xuelei Fan
diff --git a/test/jdk/javax/net/ssl/SSLEngine/NoAuthClientAuth.java b/test/jdk/javax/net/ssl/SSLEngine/NoAuthClientAuth.java
index 208fb3935ae..1cbff6e4752 100644
--- a/test/jdk/javax/net/ssl/SSLEngine/NoAuthClientAuth.java
+++ b/test/jdk/javax/net/ssl/SSLEngine/NoAuthClientAuth.java
@@ -30,6 +30,7 @@
* @test
* @bug 4495742 8190492
* @summary Demonstrate SSLEngine switch from no client auth to client auth.
+ * @library /test/lib
* @run main/othervm NoAuthClientAuth SSLv3
* @run main/othervm NoAuthClientAuth TLSv1
* @run main/othervm NoAuthClientAuth TLSv1.1
@@ -82,6 +83,9 @@
import java.security.*;
import java.nio.*;
+import jdk.test.lib.Utils;
+import jdk.test.lib.security.SecurityUtils;
+
// Note that this test case depends on JSSE provider implementation details.
public class NoAuthClientAuth {
@@ -140,14 +144,22 @@ public class NoAuthClientAuth {
* Main entry point for this test.
*/
public static void main(String args[]) throws Exception {
- Security.setProperty("jdk.tls.disabledAlgorithms", "");
+ if (!(Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) {
+ Security.setProperty("jdk.tls.disabledAlgorithms", "");
+ tlsProtocol = args[0];
+ } else {
+ if (SecurityUtils.TLS_PROTOCOLS.contains(args[0])) {
+ tlsProtocol = args[0];
+ }
+ }
+ if (tlsProtocol == null) {
+ return;
+ }
if (debug) {
System.setProperty("javax.net.debug", "all");
}
- tlsProtocol = args[0];
-
NoAuthClientAuth test = new NoAuthClientAuth();
test.runTest();
diff --git a/test/jdk/javax/net/ssl/SSLEngine/SSLEngineResultArgs.java b/test/jdk/javax/net/ssl/SSLEngine/SSLEngineResultArgs.java
index 3685dca64df..95d64024cd7 100644
--- a/test/jdk/javax/net/ssl/SSLEngine/SSLEngineResultArgs.java
+++ b/test/jdk/javax/net/ssl/SSLEngine/SSLEngineResultArgs.java
@@ -25,7 +25,7 @@
* @test
* @bug 4965868
* @summary SSLEngineResult constructor needs null argument description
- *
+ * @library /test/lib
* @author Brad Wetmore
*/
diff --git a/test/jdk/javax/net/ssl/SSLEngine/SSLEngineService.java b/test/jdk/javax/net/ssl/SSLEngine/SSLEngineService.java
index 5b7d0c4e688..a1ddee74bb2 100644
--- a/test/jdk/javax/net/ssl/SSLEngine/SSLEngineService.java
+++ b/test/jdk/javax/net/ssl/SSLEngine/SSLEngineService.java
@@ -28,6 +28,7 @@
*
* Helper class of SSL/TLS client/server communication.
*
+ * @library /test/lib
* @author Xuelei Fan
*/
diff --git a/test/jdk/javax/net/ssl/SSLEngine/TestAllSuites.java b/test/jdk/javax/net/ssl/SSLEngine/TestAllSuites.java
index 67387bd1661..8b571110ad2 100644
--- a/test/jdk/javax/net/ssl/SSLEngine/TestAllSuites.java
+++ b/test/jdk/javax/net/ssl/SSLEngine/TestAllSuites.java
@@ -38,6 +38,7 @@
* @author Brad Wetmore
*/
+import jdk.test.lib.Utils;
import jdk.test.lib.security.SecurityUtils;
import javax.net.ssl.*;
@@ -89,7 +90,25 @@ private void createSSLEngines() {
}
private void test() throws Exception {
- String [] suites = clientEngine.getEnabledCipherSuites();
+ List tmpCipherSuites = new ArrayList<>();
+ String [] suites;
+ if (Utils.isFIPS()) {
+ for (String ciphersuite : clientEngine.getEnabledCipherSuites()) {
+ if (!SecurityUtils.TLS_CIPHERSUITES.containsKey(ciphersuite)) {
+ continue;
+ }
+ if (!SecurityUtils.TLS_CIPHERSUITES.get(ciphersuite).equals(PROTOCOL)) {
+ continue;
+ }
+ tmpCipherSuites.add(ciphersuite);
+ }
+ if (tmpCipherSuites.size() == 0) {
+ return;
+ }
+ suites = tmpCipherSuites.toArray(new String[0]);
+ } else {
+ suites = clientEngine.getEnabledCipherSuites();
+ }
System.out.println("Enabled cipher suites for protocol " + PROTOCOL +
": " + Arrays.toString(suites));
for (String suite: suites){
@@ -224,10 +243,15 @@ public static void main(String args[]) throws Exception {
if (args.length < 1) {
throw new RuntimeException("Missing TLS protocol parameter.");
}
-
- switch(args[0]) {
- case "TLSv1.1" -> SecurityUtils.removeFromDisabledTlsAlgs("TLSv1.1");
- case "TLSv1.3" -> SecurityUtils.addToDisabledTlsAlgs("TLSv1.2");
+ if (!(Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) {
+ switch(args[0]) {
+ case "TLSv1.1" -> SecurityUtils.removeFromDisabledTlsAlgs("TLSv1.1");
+ case "TLSv1.3" -> SecurityUtils.addToDisabledTlsAlgs("TLSv1.2");
+ }
+ } else {
+ if (!SecurityUtils.TLS_PROTOCOLS.contains(args[0])) {
+ return;
+ }
}
TestAllSuites testAllSuites = new TestAllSuites(args[0]);
diff --git a/test/jdk/javax/net/ssl/SSLParameters/UseCipherSuitesOrder.java b/test/jdk/javax/net/ssl/SSLParameters/UseCipherSuitesOrder.java
index 58e387bcdad..b454e7cc899 100644
--- a/test/jdk/javax/net/ssl/SSLParameters/UseCipherSuitesOrder.java
+++ b/test/jdk/javax/net/ssl/SSLParameters/UseCipherSuitesOrder.java
@@ -30,6 +30,7 @@
* @test
* @bug 7188657
* @summary There should be a way to reorder the JSSE ciphers
+ * @library /test/lib
* @run main/othervm UseCipherSuitesOrder
* TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA
*/
@@ -39,6 +40,9 @@
import javax.net.ssl.*;
import java.util.Arrays;
+import jdk.test.lib.Utils;
+import jdk.test.lib.security.SecurityUtils;
+
public class UseCipherSuitesOrder {
/*
@@ -174,6 +178,10 @@ private static void parseArguments(String[] args) throws Exception {
throw new Exception("Need to enable at least two cipher suites");
}
+ if ((Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) {
+ cliEnabledCipherSuites = new String[] { "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"};
+ }
+
// Only need to use 2 cipher suites in server side.
srvEnabledCipherSuites = Arrays.copyOf(
cliEnabledCipherSuites, 2);
@@ -197,7 +205,9 @@ private static void parseArguments(String[] args) throws Exception {
public static void main(String[] args) throws Exception {
// reset the security property to make sure that the algorithms
// and keys used in this test are not disabled.
- Security.setProperty("jdk.tls.disabledAlgorithms", "");
+ if (!(Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) {
+ Security.setProperty("jdk.tls.disabledAlgorithms", "");
+ }
// parse the arguments
parseArguments(args);
@@ -209,6 +219,11 @@ public static void main(String[] args) throws Exception {
System.getProperty("test.src", ".") + "/" + pathToStores +
"/" + trustStoreFile;
+ if ((Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) {
+ keyFilename = Utils.revertJKSToPKCS12(keyFilename, passwd);
+ trustFilename = Utils.revertJKSToPKCS12(trustFilename, passwd);
+ }
+
System.setProperty("javax.net.ssl.keyStore", keyFilename);
System.setProperty("javax.net.ssl.keyStorePassword", passwd);
System.setProperty("javax.net.ssl.trustStore", trustFilename);
diff --git a/test/jdk/javax/net/ssl/SSLSession/CheckSessionContext.java b/test/jdk/javax/net/ssl/SSLSession/CheckSessionContext.java
index 98c7afb2738..71c991227a8 100644
--- a/test/jdk/javax/net/ssl/SSLSession/CheckSessionContext.java
+++ b/test/jdk/javax/net/ssl/SSLSession/CheckSessionContext.java
@@ -70,7 +70,7 @@ public static void main(String[] args) throws Exception {
server.close(client1);
client1.close();
- // Resume the client session
+ // Resume the client session
TLSBase.Client client2 = new TLSBase.Client();
if (server.getSession(client2).getSessionContext() == null) {
throw new Exception("Context was null on resumption");
diff --git a/test/jdk/javax/net/ssl/SSLSession/HttpsURLConnectionLocalCertificateChain.java b/test/jdk/javax/net/ssl/SSLSession/HttpsURLConnectionLocalCertificateChain.java
index c6e9753a2c1..84d277fa563 100644
--- a/test/jdk/javax/net/ssl/SSLSession/HttpsURLConnectionLocalCertificateChain.java
+++ b/test/jdk/javax/net/ssl/SSLSession/HttpsURLConnectionLocalCertificateChain.java
@@ -24,6 +24,7 @@
/*
* @test
* @bug 4395238 4354003 4387961 4395266
+ * @library /test/lib
* @summary A test of many of the new functionality to go into JSSE 1.1
* Fixed 4395238: The new certificate chains APIs should really be
* returning certs, not x509 certs
@@ -42,6 +43,9 @@
import javax.net.ssl.*;
import java.security.cert.*;
+import jdk.test.lib.Utils;
+import jdk.test.lib.security.SecurityUtils;
+
public class HttpsURLConnectionLocalCertificateChain
implements HandshakeCompletedListener,
HostnameVerifier {
@@ -211,7 +215,6 @@ void doClientSide() throws Exception {
myURLc = (HttpsURLConnection) myURL.openConnection();
myURLc.setHostnameVerifier(this);
myURLc.connect();
-
InputStream sslIS = myURLc.getInputStream();
System.out.println("Client reading...");
@@ -245,6 +248,11 @@ public static void main(String[] args) throws Exception {
System.getProperty("test.src", "./") + "/" + pathToStores +
"/" + trustStoreFile;
+ if ((Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) {
+ keyFilename = Utils.revertJKSToPKCS12(keyFilename, passwd);
+ trustFilename = Utils.revertJKSToPKCS12(trustFilename, passwd);
+ }
+
System.setProperty("javax.net.ssl.keyStore", keyFilename);
System.setProperty("javax.net.ssl.keyStorePassword", passwd);
System.setProperty("javax.net.ssl.trustStore", trustFilename);
diff --git a/test/jdk/javax/net/ssl/SSLSession/JSSERenegotiate.java b/test/jdk/javax/net/ssl/SSLSession/JSSERenegotiate.java
index 435dd2345d6..b65c8206edd 100644
--- a/test/jdk/javax/net/ssl/SSLSession/JSSERenegotiate.java
+++ b/test/jdk/javax/net/ssl/SSLSession/JSSERenegotiate.java
@@ -24,6 +24,7 @@
/*
* @test
* @bug 4280338
+ * @library /test/lib
* @summary "Unsupported SSL message version" SSLProtocolException
* w/SSL_RSA_WITH_NULL_MD5
* @run main/othervm JSSERenegotiate
@@ -40,10 +41,13 @@
import java.security.Security;
import javax.net.ssl.*;
+import jdk.test.lib.Utils;
+import jdk.test.lib.security.SecurityUtils;
+
public class JSSERenegotiate {
- static final String suite1 = "SSL_RSA_WITH_NULL_MD5";
- static final String suite2 = "SSL_RSA_WITH_NULL_SHA";
+ static String suite1;
+ static String suite2;
static final String dataString = "This is a test";
@@ -193,7 +197,9 @@ void doClientSide() throws Exception {
public static void main(String[] args) throws Exception {
// reset the security property to make sure that the cipher suites
// used in this test are not disabled
- Security.setProperty("jdk.tls.disabledAlgorithms", "");
+ if (!(Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) {
+ Security.setProperty("jdk.tls.disabledAlgorithms", "");
+ }
String keyFilename =
System.getProperty("test.src", "./") + "/" + pathToStores +
@@ -202,6 +208,16 @@ public static void main(String[] args) throws Exception {
System.getProperty("test.src", "./") + "/" + pathToStores +
"/" + trustStoreFile;
+ if ((Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) {
+ keyFilename = Utils.revertJKSToPKCS12(keyFilename, passwd);
+ trustFilename = Utils.revertJKSToPKCS12(trustFilename, passwd);
+ suite1 = "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256";
+ suite2 = "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384";
+ } else {
+ suite1 = "SSL_RSA_WITH_NULL_MD5";
+ suite2 = "SSL_RSA_WITH_NULL_SHA";
+ }
+
System.setProperty("javax.net.ssl.keyStore", keyFilename);
System.setProperty("javax.net.ssl.keyStorePassword", passwd);
System.setProperty("javax.net.ssl.trustStore", trustFilename);
diff --git a/test/jdk/javax/net/ssl/SSLSession/RenegotiateTLS13.java b/test/jdk/javax/net/ssl/SSLSession/RenegotiateTLS13.java
index 9495ee2d28a..48d8e448524 100644
--- a/test/jdk/javax/net/ssl/SSLSession/RenegotiateTLS13.java
+++ b/test/jdk/javax/net/ssl/SSLSession/RenegotiateTLS13.java
@@ -23,6 +23,7 @@
/*
* @test
+ * @library /test/lib
* @run main/othervm -Djavax.net.debug=ssl RenegotiateTLS13
*/
@@ -40,6 +41,9 @@
import java.security.KeyStore;
import java.security.SecureRandom;
+import jdk.test.lib.Utils;
+import jdk.test.lib.security.SecurityUtils;
+
public class RenegotiateTLS13 {
static final String dataString = "This is a test";
@@ -139,6 +143,11 @@ public static void main(String[] args) throws Exception {
System.getProperty("test.src", "./") + "/" + pathToStores +
"/" + trustStoreFile;
+ if ((Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) {
+ keyFilename = Utils.revertJKSToPKCS12(keyFilename, passwd);
+ trustFilename = Utils.revertJKSToPKCS12(trustFilename, passwd);
+ }
+
System.setProperty("javax.net.ssl.keyStore", keyFilename);
System.setProperty("javax.net.ssl.keyStorePassword", passwd);
System.setProperty("javax.net.ssl.trustStore", trustFilename);
diff --git a/test/jdk/javax/net/ssl/SSLSession/ResumeTLS13withSNI.java b/test/jdk/javax/net/ssl/SSLSession/ResumeTLS13withSNI.java
index 3e70af733fb..6bef0440702 100644
--- a/test/jdk/javax/net/ssl/SSLSession/ResumeTLS13withSNI.java
+++ b/test/jdk/javax/net/ssl/SSLSession/ResumeTLS13withSNI.java
@@ -27,6 +27,7 @@
/*
* @test
* @bug 8211806 8277881 8277307
+ * @library /test/lib
* @summary TLS 1.3 handshake server name indication is missing on a session resume
* @run main/othervm ResumeTLS13withSNI
*/
@@ -38,6 +39,9 @@
import java.nio.*;
import java.util.List;
+import jdk.test.lib.Utils;
+import jdk.test.lib.security.SecurityUtils;
+
public class ResumeTLS13withSNI {
/*
@@ -69,10 +73,10 @@ public class ResumeTLS13withSNI {
private static final String trustStoreFile = "truststore";
private static final char[] passphrase = "passphrase".toCharArray();
- private static final String keyFilename =
+ private static String keyFilename =
System.getProperty("test.src", ".") + "/" + pathToStores +
"/" + keyStoreFile;
- private static final String trustFilename =
+ private static String trustFilename =
System.getProperty("test.src", ".") + "/" + pathToStores +
"/" + trustStoreFile;
@@ -89,6 +93,11 @@ public static void main(String args[]) throws Exception {
System.setProperty("javax.net.debug", "ssl:handshake");
}
+ if ((Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) {
+ keyFilename = Utils.revertJKSToPKCS12(keyFilename, "passphrase");
+ trustFilename = Utils.revertJKSToPKCS12(trustFilename, "passphrase");
+ }
+
KeyManagerFactory kmf = makeKeyManagerFactory(keyFilename,
passphrase);
TrustManagerFactory tmf = makeTrustManagerFactory(trustFilename,
@@ -464,7 +473,7 @@ private static KeyManagerFactory makeKeyManagerFactory(String ksPath,
char[] pass) throws GeneralSecurityException, IOException {
KeyManagerFactory kmf;
KeyStore ks = KeyStore.getInstance("JKS");
-
+
try (FileInputStream fsIn = new FileInputStream(ksPath)) {
ks.load(fsIn, pass);
kmf = KeyManagerFactory.getInstance("SunX509");
diff --git a/test/jdk/javax/net/ssl/SSLSession/SSLCtxAccessToSessCtx.java b/test/jdk/javax/net/ssl/SSLSession/SSLCtxAccessToSessCtx.java
index 4e3b8e0b076..03d212b61f9 100644
--- a/test/jdk/javax/net/ssl/SSLSession/SSLCtxAccessToSessCtx.java
+++ b/test/jdk/javax/net/ssl/SSLSession/SSLCtxAccessToSessCtx.java
@@ -24,6 +24,7 @@
/*
* @test
* @bug 4473210
+ * @library /test/lib
* @summary SSLSessionContext should be accessible from SSLContext
* @run main/othervm -Djdk.tls.server.enableSessionTicketExtension=false
* SSLCtxAccessToSessCtx
@@ -40,6 +41,9 @@
import java.util.concurrent.atomic.AtomicInteger;
import java.security.KeyStore;
+import jdk.test.lib.Utils;
+import jdk.test.lib.security.SecurityUtils;
+
public class SSLCtxAccessToSessCtx {
/*
@@ -172,6 +176,11 @@ public static void main(String[] args) throws Exception {
System.getProperty("test.src", "./") + "/" + pathToStores +
"/" + trustStoreFile;
+ if ((Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) {
+ keyFilename = Utils.revertJKSToPKCS12(keyFilename, passwd);
+ trustFilename = Utils.revertJKSToPKCS12(trustFilename, passwd);
+ }
+
System.setProperty("javax.net.ssl.keyStore", keyFilename);
System.setProperty("javax.net.ssl.keyStorePassword", passwd);
System.setProperty("javax.net.ssl.trustStore", trustFilename);
@@ -180,6 +189,7 @@ public static void main(String[] args) throws Exception {
sslctx = SSLContext.getInstance("TLS");
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
KeyStore ks = KeyStore.getInstance("JKS");
+
ks.load(new FileInputStream(keyFilename), passwd.toCharArray());
kmf.init(ks, passwd.toCharArray());
sslctx.init(kmf.getKeyManagers(), null, null);
diff --git a/test/jdk/javax/net/ssl/SSLSession/SessionCacheSizeTests.java b/test/jdk/javax/net/ssl/SSLSession/SessionCacheSizeTests.java
index bb61abb35d5..82d209cea7f 100644
--- a/test/jdk/javax/net/ssl/SSLSession/SessionCacheSizeTests.java
+++ b/test/jdk/javax/net/ssl/SSLSession/SessionCacheSizeTests.java
@@ -29,6 +29,7 @@
/*
* @test
* @bug 4366807
+ * @library /test/lib
* @summary Need new APIs to get/set session timeout and session cache size.
* @run main/othervm SessionCacheSizeTests
*/
@@ -39,6 +40,9 @@
import java.util.*;
import java.security.*;
+import jdk.test.lib.Utils;
+import jdk.test.lib.security.SecurityUtils;
+
/**
* Session cache size tests cover the following cases:
* 1. Effect of system property javax.net.ssl.SessionCacheSize (this
@@ -305,6 +309,11 @@ public static void main(String[] args) throws Exception {
System.getProperty("test.src", "./") + "/" + pathToStores +
"/" + trustStoreFile;
+ if ((Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) {
+ keyFilename = Utils.revertJKSToPKCS12(keyFilename, passwd);
+ trustFilename = Utils.revertJKSToPKCS12(trustFilename, passwd);
+ }
+
System.setProperty("javax.net.ssl.keyStore", keyFilename);
System.setProperty("javax.net.ssl.keyStorePassword", passwd);
System.setProperty("javax.net.ssl.trustStore", trustFilename);
diff --git a/test/jdk/javax/net/ssl/SSLSession/SessionTimeOutTests.java b/test/jdk/javax/net/ssl/SSLSession/SessionTimeOutTests.java
index c44c12f6c59..d147ed158a6 100644
--- a/test/jdk/javax/net/ssl/SSLSession/SessionTimeOutTests.java
+++ b/test/jdk/javax/net/ssl/SSLSession/SessionTimeOutTests.java
@@ -27,6 +27,7 @@
/*
* @test
* @bug 4366807
+ * @library /test/lib
* @summary Need new APIs to get/set session timeout and session cache size.
* @run main/othervm SessionTimeOutTests
*/
@@ -41,6 +42,9 @@
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.TimeUnit;
+import jdk.test.lib.Utils;
+import jdk.test.lib.security.SecurityUtils;
+
/**
* Session reuse time-out tests cover the cases below:
* 1. general test, i.e timeout is set to x and session invalidates when
@@ -332,6 +336,11 @@ public static void main(String[] args) throws Exception {
System.getProperty("test.src", "./") + "/" + pathToStores +
"/" + trustStoreFile;
+ if ((Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) {
+ keyFilename = Utils.revertJKSToPKCS12(keyFilename, passwd);
+ trustFilename = Utils.revertJKSToPKCS12(trustFilename, passwd);
+ }
+
System.setProperty("javax.net.ssl.keyStore", keyFilename);
System.setProperty("javax.net.ssl.keyStorePassword", passwd);
System.setProperty("javax.net.ssl.trustStore", trustFilename);
diff --git a/test/jdk/javax/net/ssl/SSLSession/TestEnabledProtocols.java b/test/jdk/javax/net/ssl/SSLSession/TestEnabledProtocols.java
index 4e56a9a655b..80f98781a95 100644
--- a/test/jdk/javax/net/ssl/SSLSession/TestEnabledProtocols.java
+++ b/test/jdk/javax/net/ssl/SSLSession/TestEnabledProtocols.java
@@ -34,6 +34,7 @@
* 4701722 protocol mismatch exceptions should be consistent between
* SSLv3 and TLSv1
* @library /javax/net/ssl/templates
+ * @library /test/lib
* @run main/othervm TestEnabledProtocols
* @author Ram Marti
*/
@@ -52,6 +53,9 @@
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLSocket;
+import jdk.test.lib.Utils;
+import jdk.test.lib.security.SecurityUtils;
+
public class TestEnabledProtocols extends SSLSocketTemplate {
private final String[] serverProtocols;
@@ -165,121 +169,236 @@ private void failTest(Exception e, String message) {
}
public static void main(String[] args) throws Exception {
- Security.setProperty("jdk.tls.disabledAlgorithms", "");
-
- runCase(new String[] { "TLSv1" },
- new String[] { "TLSv1" },
- false, "TLSv1");
- runCase(new String[] { "TLSv1" },
- new String[] { "TLSv1", "SSLv2Hello" },
- true, null);
- runCase(new String[] { "TLSv1" },
- new String[] { "TLSv1", "SSLv3" },
- false, "TLSv1");
- runCase(new String[] { "TLSv1" },
- new String[] { "SSLv3", "SSLv2Hello" },
- true, null);
- runCase(new String[] { "TLSv1" },
- new String[] { "SSLv3" },
- true, null);
- runCase(new String[] { "TLSv1" },
- new String[] { "TLSv1", "SSLv3", "SSLv2Hello" },
- true, null);
-
- runCase(new String[] { "TLSv1", "SSLv2Hello" },
- new String[] { "TLSv1" },
- false, "TLSv1");
- runCase(new String[] { "TLSv1", "SSLv2Hello" },
- new String[] { "TLSv1", "SSLv2Hello" },
- false, "TLSv1");
- runCase(new String[] { "TLSv1", "SSLv2Hello" },
- new String[] { "TLSv1", "SSLv3" },
- false, "TLSv1");
- runCase(new String[] { "TLSv1", "SSLv2Hello" },
- new String[] { "SSLv3", "SSLv2Hello" },
- true, null);
- runCase(new String[] { "TLSv1", "SSLv2Hello" },
- new String[] { "SSLv3" },
- true, null);
- runCase(new String[] { "TLSv1", "SSLv2Hello" },
- new String[] { "TLSv1", "SSLv3", "SSLv2Hello" },
- false, "TLSv1");
-
- runCase(new String[] { "TLSv1", "SSLv3" },
- new String[] { "TLSv1" },
- false, "TLSv1");
- runCase(new String[] { "TLSv1", "SSLv3" },
- new String[] { "TLSv1", "SSLv2Hello" },
- true, null);
- runCase(new String[] { "TLSv1", "SSLv3" },
- new String[] { "TLSv1", "SSLv3" },
- false, "TLSv1");
- runCase(new String[] { "TLSv1", "SSLv3" },
- new String[] { "SSLv3", "SSLv2Hello" },
- true, null);
- runCase(new String[] { "TLSv1", "SSLv3" },
- new String[] { "SSLv3" },
- false, "SSLv3");
- runCase(new String[] { "TLSv1", "SSLv3" },
- new String[] { "TLSv1", "SSLv3", "SSLv2Hello" },
- true, null);
-
- runCase(new String[] { "SSLv3", "SSLv2Hello" },
- new String[] { "TLSv1" },
- true, null);
- runCase(new String[] { "SSLv3", "SSLv2Hello" },
- new String[] { "TLSv1", "SSLv2Hello" },
- true, null);
- runCase(new String[] { "SSLv3", "SSLv2Hello" },
- new String[] { "TLSv1", "SSLv3" },
- false, "SSLv3");
- runCase(new String[] { "SSLv3", "SSLv2Hello" },
- new String[] { "SSLv3", "SSLv2Hello" },
- false, "SSLv3");
- runCase(new String[] { "SSLv3", "SSLv2Hello" },
- new String[] { "SSLv3" },
- false, "SSLv3");
- runCase(new String[] { "SSLv3", "SSLv2Hello" },
- new String[] { "TLSv1", "SSLv3", "SSLv2Hello" },
- false, "SSLv3");
-
- runCase(new String[] { "SSLv3" },
- new String[] { "TLSv1" },
- true, null);
- runCase(new String[] { "SSLv3" },
- new String[] { "TLSv1", "SSLv2Hello" },
- true, null);
- runCase(new String[] { "SSLv3" },
- new String[] { "TLSv1", "SSLv3" },
- false, "SSLv3");
- runCase(new String[] { "SSLv3" },
- new String[] { "SSLv3", "SSLv2Hello" },
- true, null);
- runCase(new String[] { "SSLv3" },
- new String[] { "SSLv3" },
- false, "SSLv3");
- runCase(new String[] { "SSLv3" },
- new String[] { "TLSv1", "SSLv3", "SSLv2Hello" },
- true, null);
-
- runCase(new String[] { "TLSv1", "SSLv3", "SSLv2Hello" },
- new String[] { "TLSv1" },
- false, "TLSv1");
- runCase(new String[] { "TLSv1", "SSLv3", "SSLv2Hello" },
- new String[] { "TLSv1", "SSLv2Hello" },
- false, "TLSv1");
- runCase(new String[] { "TLSv1", "SSLv3", "SSLv2Hello" },
- new String[] { "TLSv1", "SSLv3" },
- false, "TLSv1");
- runCase(new String[] { "TLSv1", "SSLv3", "SSLv2Hello" },
- new String[] { "SSLv3", "SSLv2Hello" },
- false, "SSLv3");
- runCase(new String[] { "TLSv1", "SSLv3", "SSLv2Hello" },
- new String[] { "SSLv3" },
- false, "SSLv3");
- runCase(new String[] { "TLSv1", "SSLv3", "SSLv2Hello" },
- new String[] { "TLSv1", "SSLv3", "SSLv2Hello" },
- false, "TLSv1");
+ if (!(Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) {
+ Security.setProperty("jdk.tls.disabledAlgorithms", "");
+ runCase(new String[] { "TLSv1" },
+ new String[] { "TLSv1" },
+ false, "TLSv1");
+ runCase(new String[] { "TLSv1" },
+ new String[] { "TLSv1", "SSLv2Hello" },
+ true, null);
+ runCase(new String[] { "TLSv1" },
+ new String[] { "TLSv1", "SSLv3" },
+ false, "TLSv1");
+ runCase(new String[] { "TLSv1" },
+ new String[] { "SSLv3", "SSLv2Hello" },
+ true, null);
+ runCase(new String[] { "TLSv1" },
+ new String[] { "SSLv3" },
+ true, null);
+ runCase(new String[] { "TLSv1" },
+ new String[] { "TLSv1", "SSLv3", "SSLv2Hello" },
+ true, null);
+
+ runCase(new String[] { "TLSv1", "SSLv2Hello" },
+ new String[] { "TLSv1" },
+ false, "TLSv1");
+ runCase(new String[] { "TLSv1", "SSLv2Hello" },
+ new String[] { "TLSv1", "SSLv2Hello" },
+ false, "TLSv1");
+ runCase(new String[] { "TLSv1", "SSLv2Hello" },
+ new String[] { "TLSv1", "SSLv3" },
+ false, "TLSv1");
+ runCase(new String[] { "TLSv1", "SSLv2Hello" },
+ new String[] { "SSLv3", "SSLv2Hello" },
+ true, null);
+ runCase(new String[] { "TLSv1", "SSLv2Hello" },
+ new String[] { "SSLv3" },
+ true, null);
+ runCase(new String[] { "TLSv1", "SSLv2Hello" },
+ new String[] { "TLSv1", "SSLv3", "SSLv2Hello" },
+ false, "TLSv1");
+
+ runCase(new String[] { "TLSv1", "SSLv3" },
+ new String[] { "TLSv1" },
+ false, "TLSv1");
+ runCase(new String[] { "TLSv1", "SSLv3" },
+ new String[] { "TLSv1", "SSLv2Hello" },
+ true, null);
+ runCase(new String[] { "TLSv1", "SSLv3" },
+ new String[] { "TLSv1", "SSLv3" },
+ false, "TLSv1");
+ runCase(new String[] { "TLSv1", "SSLv3" },
+ new String[] { "SSLv3", "SSLv2Hello" },
+ true, null);
+ runCase(new String[] { "TLSv1", "SSLv3" },
+ new String[] { "SSLv3" },
+ false, "SSLv3");
+ runCase(new String[] { "TLSv1", "SSLv3" },
+ new String[] { "TLSv1", "SSLv3", "SSLv2Hello" },
+ true, null);
+
+ runCase(new String[] { "SSLv3", "SSLv2Hello" },
+ new String[] { "TLSv1" },
+ true, null);
+ runCase(new String[] { "SSLv3", "SSLv2Hello" },
+ new String[] { "TLSv1", "SSLv2Hello" },
+ true, null);
+ runCase(new String[] { "SSLv3", "SSLv2Hello" },
+ new String[] { "TLSv1", "SSLv3" },
+ false, "SSLv3");
+ runCase(new String[] { "SSLv3", "SSLv2Hello" },
+ new String[] { "SSLv3", "SSLv2Hello" },
+ false, "SSLv3");
+ runCase(new String[] { "SSLv3", "SSLv2Hello" },
+ new String[] { "SSLv3" },
+ false, "SSLv3");
+ runCase(new String[] { "SSLv3", "SSLv2Hello" },
+ new String[] { "TLSv1", "SSLv3", "SSLv2Hello" },
+ false, "SSLv3");
+
+ runCase(new String[] { "SSLv3" },
+ new String[] { "TLSv1" },
+ true, null);
+ runCase(new String[] { "SSLv3" },
+ new String[] { "TLSv1", "SSLv2Hello" },
+ true, null);
+ runCase(new String[] { "SSLv3" },
+ new String[] { "TLSv1", "SSLv3" },
+ false, "SSLv3");
+ runCase(new String[] { "SSLv3" },
+ new String[] { "SSLv3", "SSLv2Hello" },
+ true, null);
+ runCase(new String[] { "SSLv3" },
+ new String[] { "SSLv3" },
+ false, "SSLv3");
+ runCase(new String[] { "SSLv3" },
+ new String[] { "TLSv1", "SSLv3", "SSLv2Hello" },
+ true, null);
+
+ runCase(new String[] { "TLSv1", "SSLv3", "SSLv2Hello" },
+ new String[] { "TLSv1" },
+ false, "TLSv1");
+ runCase(new String[] { "TLSv1", "SSLv3", "SSLv2Hello" },
+ new String[] { "TLSv1", "SSLv2Hello" },
+ false, "TLSv1");
+ runCase(new String[] { "TLSv1", "SSLv3", "SSLv2Hello" },
+ new String[] { "TLSv1", "SSLv3" },
+ false, "TLSv1");
+ runCase(new String[] { "TLSv1", "SSLv3", "SSLv2Hello" },
+ new String[] { "SSLv3", "SSLv2Hello" },
+ false, "SSLv3");
+ runCase(new String[] { "TLSv1", "SSLv3", "SSLv2Hello" },
+ new String[] { "SSLv3" },
+ false, "SSLv3");
+ runCase(new String[] { "TLSv1", "SSLv3", "SSLv2Hello" },
+ new String[] { "TLSv1", "SSLv3", "SSLv2Hello" },
+ false, "TLSv1");
+ } else {
+ runCase(new String[] { "TLSv1" },
+ new String[] { "TLSv1" },
+ true, "TLSv1");
+ runCase(new String[] { "TLSv1" },
+ new String[] { "TLSv1", "SSLv2Hello" },
+ true, null);
+ runCase(new String[] { "TLSv1" },
+ new String[] { "TLSv1", "SSLv3" },
+ true, "TLSv1");
+ runCase(new String[] { "TLSv1" },
+ new String[] { "SSLv3", "SSLv2Hello" },
+ true, null);
+ runCase(new String[] { "TLSv1" },
+ new String[] { "SSLv3" },
+ true, null);
+ runCase(new String[] { "TLSv1" },
+ new String[] { "TLSv1", "SSLv3", "SSLv2Hello" },
+ true, null);
+
+ runCase(new String[] { "TLSv1", "SSLv2Hello" },
+ new String[] { "TLSv1" },
+ true, "TLSv1");
+ runCase(new String[] { "TLSv1", "SSLv2Hello" },
+ new String[] { "TLSv1", "SSLv2Hello" },
+ true, "TLSv1");
+ runCase(new String[] { "TLSv1", "SSLv2Hello" },
+ new String[] { "TLSv1", "SSLv3" },
+ true, "TLSv1");
+ runCase(new String[] { "TLSv1", "SSLv2Hello" },
+ new String[] { "SSLv3", "SSLv2Hello" },
+ true, null);
+ runCase(new String[] { "TLSv1", "SSLv2Hello" },
+ new String[] { "SSLv3" },
+ true, null);
+ runCase(new String[] { "TLSv1", "SSLv2Hello" },
+ new String[] { "TLSv1", "SSLv3", "SSLv2Hello" },
+ true, "TLSv1");
+
+ runCase(new String[] { "TLSv1", "SSLv3" },
+ new String[] { "TLSv1" },
+ true, "TLSv1");
+ runCase(new String[] { "TLSv1", "SSLv3" },
+ new String[] { "TLSv1", "SSLv2Hello" },
+ true, null);
+ runCase(new String[] { "TLSv1", "SSLv3" },
+ new String[] { "TLSv1", "SSLv3" },
+ true, "TLSv1");
+ runCase(new String[] { "TLSv1", "SSLv3" },
+ new String[] { "SSLv3", "SSLv2Hello" },
+ true, null);
+ runCase(new String[] { "TLSv1", "SSLv3" },
+ new String[] { "SSLv3" },
+ true, "SSLv3");
+ runCase(new String[] { "TLSv1", "SSLv3" },
+ new String[] { "TLSv1", "SSLv3", "SSLv2Hello" },
+ true, null);
+
+ runCase(new String[] { "SSLv3", "SSLv2Hello" },
+ new String[] { "TLSv1" },
+ true, null);
+ runCase(new String[] { "SSLv3", "SSLv2Hello" },
+ new String[] { "TLSv1", "SSLv2Hello" },
+ true, null);
+ runCase(new String[] { "SSLv3", "SSLv2Hello" },
+ new String[] { "TLSv1", "SSLv3" },
+ true, "SSLv3");
+ runCase(new String[] { "SSLv3", "SSLv2Hello" },
+ new String[] { "SSLv3", "SSLv2Hello" },
+ true, "SSLv3");
+ runCase(new String[] { "SSLv3", "SSLv2Hello" },
+ new String[] { "SSLv3" },
+ true, "SSLv3");
+ runCase(new String[] { "SSLv3", "SSLv2Hello" },
+ new String[] { "TLSv1", "SSLv3", "SSLv2Hello" },
+ true, "SSLv3");
+
+ runCase(new String[] { "SSLv3" },
+ new String[] { "TLSv1" },
+ true, null);
+ runCase(new String[] { "SSLv3" },
+ new String[] { "TLSv1", "SSLv2Hello" },
+ true, null);
+ runCase(new String[] { "SSLv3" },
+ new String[] { "TLSv1", "SSLv3" },
+ true, "SSLv3");
+ runCase(new String[] { "SSLv3" },
+ new String[] { "SSLv3", "SSLv2Hello" },
+ true, null);
+ runCase(new String[] { "SSLv3" },
+ new String[] { "SSLv3" },
+ true, "SSLv3");
+ runCase(new String[] { "SSLv3" },
+ new String[] { "TLSv1", "SSLv3", "SSLv2Hello" },
+ true, null);
+
+ runCase(new String[] { "TLSv1", "SSLv3", "SSLv2Hello" },
+ new String[] { "TLSv1" },
+ true, "TLSv1");
+ runCase(new String[] { "TLSv1", "SSLv3", "SSLv2Hello" },
+ new String[] { "TLSv1", "SSLv2Hello" },
+ true, "TLSv1");
+ runCase(new String[] { "TLSv1", "SSLv3", "SSLv2Hello" },
+ new String[] { "TLSv1", "SSLv3" },
+ true, "TLSv1");
+ runCase(new String[] { "TLSv1", "SSLv3", "SSLv2Hello" },
+ new String[] { "SSLv3", "SSLv2Hello" },
+ true, "SSLv3");
+ runCase(new String[] { "TLSv1", "SSLv3", "SSLv2Hello" },
+ new String[] { "SSLv3" },
+ true, "SSLv3");
+ runCase(new String[] { "TLSv1", "SSLv3", "SSLv2Hello" },
+ new String[] { "TLSv1", "SSLv3", "SSLv2Hello" },
+ true, "TLSv1");
+ }
}
private static void runCase(
diff --git a/test/jdk/javax/net/ssl/SSLSocket/ClientExcOnAlert.java b/test/jdk/javax/net/ssl/SSLSocket/ClientExcOnAlert.java
index 063befba3b7..fcf6f1aff80 100644
--- a/test/jdk/javax/net/ssl/SSLSocket/ClientExcOnAlert.java
+++ b/test/jdk/javax/net/ssl/SSLSocket/ClientExcOnAlert.java
@@ -55,6 +55,9 @@
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+
public class ClientExcOnAlert {
// This is a PKCS#12 keystore created with the following command:
// keytool -genkeypair -alias testcert -keyalg rsa -keysize 2048
@@ -124,6 +127,7 @@ public class ClientExcOnAlert {
static final Condition serverReady = lock.newCondition();
public static void main(String[] args) throws Exception {
+ printPEM(KEYSTORE_PEM);
Thread serverThread = new Thread(() -> {
try {
doServerSide();
@@ -134,7 +138,6 @@ public static void main(String[] args) throws Exception {
}
);
serverThread.start();
-
try {
doClientSide((args == null || args.length < 1) ? null : args[0]);
throw new RuntimeException("Expected SSLException did not occur!");
@@ -150,20 +153,27 @@ static void doServerSide() throws Exception {
Thread.currentThread().setName("ServerThread");
SSLContext sslc = SSLContext.getInstance("TLS");
log("doServerSide start");
+ System.out.println("<1>");
KeyManagerFactory kmf = createKeyManagerFactory(KEYSTORE_PEM,
KEYSTORE_PASS);
+ System.out.println("<2>");
sslc.init(kmf.getKeyManagers(), null, null);
+ System.out.println("<3>");
SSLServerSocketFactory ssf =
(SSLServerSocketFactory)sslc.getServerSocketFactory();
-
+ System.out.println("<4>");
try (SSLServerSocket sslServerSocket =
(SSLServerSocket)ssf.createServerSocket(0)) {
+ System.out.println("<5>");
sslServerSocket.setReuseAddress(true);
// Set the server port and wake up the client thread who is waiting
// for the port to be set.
+ System.out.println("<6>");
lock.lock();
+ System.out.println("<7>");
try {
serverPort = sslServerSocket.getLocalPort();
+ System.out.println("<8>");
log("Server listening on port %d", serverPort);
serverReady.signalAll();
log("Server ready");
@@ -173,6 +183,7 @@ static void doServerSide() throws Exception {
// Go into the accept wait state until the client initiates the
// TLS handshake.
+ System.out.println("<9>");
try (SSLSocket sslSocket = (SSLSocket)sslServerSocket.accept();
PrintWriter pw =
new PrintWriter(sslSocket.getOutputStream());
@@ -192,15 +203,23 @@ private static KeyManagerFactory createKeyManagerFactory(
String ksPem, String ksAuth) throws IOException,
GeneralSecurityException {
KeyManagerFactory kmf = null;
+ System.out.println("<1-1>");
if (ksPem != null && ksAuth != null) {
+ System.out.println("<1-2>");
Base64.Decoder b64dec = Base64.getMimeDecoder();
+ System.out.println("<1-3>");
ByteArrayInputStream bais =
new ByteArrayInputStream(b64dec.decode(ksPem));
+ System.out.println("<1-4>");
KeyStore ks = KeyStore.getInstance("PKCS12");
+ System.out.println("<1-5>");
char[] ksPass = ksAuth.toCharArray();
+ System.out.println("<1-6>");
ks.load(bais, ksPass);
+ System.out.println("<1-7>");
kmf = KeyManagerFactory.getInstance("PKIX");
+ System.out.println("<1-8>");
kmf.init(ks, ksAuth.toCharArray());
}
@@ -247,4 +266,24 @@ private static void log(String msgFmt, Object ... args) {
sb.append(String.format(msgFmt, args));
System.out.println(sb.toString());
}
-}
+
+ private static void printPEM(String KEYSTORE_PEM) {
+ Base64.Decoder b64dec = Base64.getMimeDecoder();
+ byte[] pemBytes = b64dec.decode(KEYSTORE_PEM);
+
+ try {
+ CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
+ X509Certificate cert = (X509Certificate) certFactory.generateCertificate(new ByteArrayInputStream(pemBytes));
+
+ System.out.println("Certificate:");
+ System.out.println(" Subject: " + cert.getSubjectX500Principal().getName());
+ System.out.println(" Issuer: " + cert.getIssuerX500Principal().getName());
+ System.out.println(" Serial Number: " + cert.getSerialNumber());
+ System.out.println(" Valid from: " + cert.getNotBefore());
+ System.out.println(" Valid until: " + cert.getNotAfter());
+ System.out.println(" Public Key Algorithm: " + cert.getPublicKey().getAlgorithm());
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+}
\ No newline at end of file
diff --git a/test/jdk/javax/net/ssl/ServerName/BestEffortOnLazyConnected.java b/test/jdk/javax/net/ssl/ServerName/BestEffortOnLazyConnected.java
index bda0710f61e..50013f56c8b 100644
--- a/test/jdk/javax/net/ssl/ServerName/BestEffortOnLazyConnected.java
+++ b/test/jdk/javax/net/ssl/ServerName/BestEffortOnLazyConnected.java
@@ -30,6 +30,7 @@
* @test
* @bug 8144566
* @summary Custom HostnameVerifier disables SNI extension
+ * @library /test/lib
* @run main/othervm BestEffortOnLazyConnected
*/
@@ -37,6 +38,9 @@
import java.net.*;
import javax.net.ssl.*;
+import jdk.test.lib.Utils;
+import jdk.test.lib.security.SecurityUtils;
+
public class BestEffortOnLazyConnected {
/*
@@ -171,6 +175,11 @@ public static void main(String[] args) throws Exception {
System.getProperty("test.src", ".") + "/" + pathToStores +
"/" + trustStoreFile;
+ if ((Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) {
+ keyFilename = Utils.revertJKSToPKCS12(keyFilename, passwd);
+ trustFilename = Utils.revertJKSToPKCS12(trustFilename, passwd);
+ }
+
System.setProperty("javax.net.ssl.keyStore", keyFilename);
System.setProperty("javax.net.ssl.keyStorePassword", passwd);
System.setProperty("javax.net.ssl.trustStore", trustFilename);
diff --git a/test/jdk/javax/net/ssl/ServerName/SSLEngineExplorer.java b/test/jdk/javax/net/ssl/ServerName/SSLEngineExplorer.java
index 64a62158eee..8ef17483cec 100644
--- a/test/jdk/javax/net/ssl/ServerName/SSLEngineExplorer.java
+++ b/test/jdk/javax/net/ssl/ServerName/SSLEngineExplorer.java
@@ -31,6 +31,7 @@
* @bug 7068321 8190492
* @summary Support TLS Server Name Indication (SNI) Extension in JSSE Server
* @library ../SSLEngine ../templates
+ * @library /test/lib
* @build SSLEngineService SSLCapabilities SSLExplorer
* @run main/othervm SSLEngineExplorer SSLv2Hello,SSLv3
* @run main/othervm SSLEngineExplorer SSLv3
@@ -46,6 +47,9 @@
import java.nio.channels.*;
import java.security.Security;
+import jdk.test.lib.Utils;
+import jdk.test.lib.security.SecurityUtils;
+
public class SSLEngineExplorer extends SSLEngineService {
/*
@@ -220,7 +224,19 @@ void checkCapabilities(SSLCapabilities capabilities,
private static String[] supportedProtocols; // supported protocols
private static void parseArguments(String[] args) {
- supportedProtocols = args[0].split(",");
+ List supportProtocols = new ArrayList<>();
+ for (String supportProtocol : args[0].split(",")) {
+ System.out.println("the args[0] is: " + supportProtocol);
+ if (!SecurityUtils.TLS_PROTOCOLS.contains(supportProtocol)) {
+ continue;
+ }
+ System.out.println("SupportProtocol is: " + supportProtocol);
+ supportProtocols.add(supportProtocol);
+ }
+ supportedProtocols = supportProtocols.toArray(new String[0]);
+ for (String s : supportedProtocols) {
+ System.out.println("SupportedProtocols is: " + s);
+ }
}
@@ -237,7 +253,9 @@ private static void parseArguments(String[] args) {
public static void main(String args[]) throws Exception {
// reset the security property to make sure that the algorithms
// and keys used in this test are not disabled.
- Security.setProperty("jdk.tls.disabledAlgorithms", "");
+ if (!(Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) {
+ Security.setProperty("jdk.tls.disabledAlgorithms", "");
+ }
if (debug)
System.setProperty("javax.net.debug", "all");
@@ -245,8 +263,11 @@ public static void main(String args[]) throws Exception {
/*
* Get the customized arguments.
*/
+ System.out.println("args is: " + args);
parseArguments(args);
-
+ if (supportedProtocols == null || supportedProtocols.length == 0) {
+ return;
+ }
new SSLEngineExplorer();
}
diff --git a/test/jdk/javax/net/ssl/ServerName/SSLSocketConsistentSNI.java b/test/jdk/javax/net/ssl/ServerName/SSLSocketConsistentSNI.java
index 38d999aa3ef..4d4da348acb 100644
--- a/test/jdk/javax/net/ssl/ServerName/SSLSocketConsistentSNI.java
+++ b/test/jdk/javax/net/ssl/ServerName/SSLSocketConsistentSNI.java
@@ -30,6 +30,7 @@
* @test
* @bug 7068321
* @summary Support TLS Server Name Indication (SNI) Extension in JSSE Server
+ * @library /test/lib
* @run main/othervm SSLSocketConsistentSNI
*/
@@ -40,6 +41,9 @@
import java.net.*;
import javax.net.ssl.*;
+import jdk.test.lib.Utils;
+import jdk.test.lib.security.SecurityUtils;
+
public class SSLSocketConsistentSNI {
/*
@@ -218,6 +222,11 @@ public static void main(String[] args) throws Exception {
System.getProperty("test.src", ".") + "/" + pathToStores +
"/" + trustStoreFile;
+ if ((Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) {
+ keyFilename = Utils.revertJKSToPKCS12(keyFilename, passwd);
+ trustFilename = Utils.revertJKSToPKCS12(trustFilename, passwd);
+ }
+
System.setProperty("javax.net.ssl.keyStore", keyFilename);
System.setProperty("javax.net.ssl.keyStorePassword", passwd);
System.setProperty("javax.net.ssl.trustStore", trustFilename);
diff --git a/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorer.java b/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorer.java
index 4992553eba9..619148fcaaa 100644
--- a/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorer.java
+++ b/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorer.java
@@ -31,6 +31,7 @@
* @bug 7068321 8190492
* @summary Support TLS Server Name Indication (SNI) Extension in JSSE Server
* @library ../templates
+ * @library /test/lib
* @build SSLCapabilities SSLExplorer
* @run main/othervm SSLSocketExplorer SSLv2Hello,SSLv3
* @run main/othervm SSLSocketExplorer SSLv3
@@ -47,6 +48,9 @@
import javax.net.ssl.*;
import java.security.Security;
+import jdk.test.lib.Utils;
+import jdk.test.lib.security.SecurityUtils;
+
public class SSLSocketExplorer {
/*
@@ -212,7 +216,14 @@ void checkCapabilities(SSLCapabilities capabilities,
private static String[] supportedProtocols; // supported protocols
private static void parseArguments(String[] args) {
- supportedProtocols = args[0].split(",");
+ List supportProtocols = new ArrayList<>();
+ for (String supportProtocol : args[0].split(",")) {
+ if (!SecurityUtils.TLS_PROTOCOLS.contains(supportProtocol)) {
+ continue;
+ }
+ supportProtocols.add(supportProtocol);
+ }
+ supportedProtocols = supportProtocols.toArray(new String[0]);
}
@@ -230,7 +241,9 @@ private static void parseArguments(String[] args) {
public static void main(String[] args) throws Exception {
// reset the security property to make sure that the algorithms
// and keys used in this test are not disabled.
- Security.setProperty("jdk.tls.disabledAlgorithms", "");
+ if (!(Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) {
+ Security.setProperty("jdk.tls.disabledAlgorithms", "");
+ }
String keyFilename =
System.getProperty("test.src", ".") + "/" + pathToStores +
@@ -239,6 +252,11 @@ public static void main(String[] args) throws Exception {
System.getProperty("test.src", ".") + "/" + pathToStores +
"/" + trustStoreFile;
+ if ((Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) {
+ keyFilename = Utils.revertJKSToPKCS12(keyFilename, passwd);
+ trustFilename = Utils.revertJKSToPKCS12(trustFilename, passwd);
+ }
+
System.setProperty("javax.net.ssl.keyStore", keyFilename);
System.setProperty("javax.net.ssl.keyStorePassword", passwd);
System.setProperty("javax.net.ssl.trustStore", trustFilename);
@@ -252,6 +270,9 @@ public static void main(String[] args) throws Exception {
*/
parseArguments(args);
+ if (supportedProtocols == null || supportedProtocols.length == 0) {
+ return;
+ }
/*
* Start the tests.
*/
diff --git a/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorerFailure.java b/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorerFailure.java
index 00d00001d87..154b22095ba 100644
--- a/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorerFailure.java
+++ b/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorerFailure.java
@@ -31,6 +31,7 @@
* @bug 7068321
* @summary Support TLS Server Name Indication (SNI) Extension in JSSE Server
* @library ../templates
+ * @library /test/lib
* @build SSLCapabilities SSLExplorer
* @run main/othervm SSLSocketExplorerFailure SSLv2Hello,SSLv3
* @run main/othervm SSLSocketExplorerFailure SSLv3
@@ -47,6 +48,9 @@
import javax.net.ssl.*;
import java.security.Security;
+import jdk.test.lib.Utils;
+import jdk.test.lib.security.SecurityUtils;
+
public class SSLSocketExplorerFailure {
/*
@@ -233,9 +237,11 @@ private static void parseArguments(String[] args) {
volatile Exception clientException = null;
public static void main(String[] args) throws Exception {
- Security.setProperty("jdk.tls.disabledAlgorithms", "");
- Security.setProperty("jdk.certpath.disabledAlgorithms", "");
-
+ if (!(Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) {
+ Security.setProperty("jdk.tls.disabledAlgorithms", "");
+ Security.setProperty("jdk.certpath.disabledAlgorithms", "");
+ }
+
String keyFilename =
System.getProperty("test.src", ".") + "/" + pathToStores +
"/" + keyStoreFile;
diff --git a/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorerMatchedSNI.java b/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorerMatchedSNI.java
index 724a37e1a80..01f733efb45 100644
--- a/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorerMatchedSNI.java
+++ b/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorerMatchedSNI.java
@@ -31,6 +31,7 @@
* @bug 7068321
* @summary Support TLS Server Name Indication (SNI) Extension in JSSE Server
* @library ../templates
+ * @library /test/lib
* @build SSLCapabilities SSLExplorer
* @run main/othervm SSLSocketExplorerMatchedSNI www.example.com
* www\.example\.com
@@ -51,6 +52,9 @@
import java.net.*;
import javax.net.ssl.*;
+import jdk.test.lib.Utils;
+import jdk.test.lib.security.SecurityUtils;
+
public class SSLSocketExplorerMatchedSNI {
/*
@@ -291,6 +295,11 @@ public static void main(String[] args) throws Exception {
System.getProperty("test.src", ".") + "/" + pathToStores +
"/" + trustStoreFile;
+ if ((Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) {
+ keyFilename = Utils.revertJKSToPKCS12(keyFilename, passwd);
+ trustFilename = Utils.revertJKSToPKCS12(trustFilename, passwd);
+ }
+
System.setProperty("javax.net.ssl.keyStore", keyFilename);
System.setProperty("javax.net.ssl.keyStorePassword", passwd);
System.setProperty("javax.net.ssl.trustStore", trustFilename);
diff --git a/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorerWithCliSNI.java b/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorerWithCliSNI.java
index 8f2b7816864..56eb284c88e 100644
--- a/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorerWithCliSNI.java
+++ b/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorerWithCliSNI.java
@@ -31,6 +31,7 @@
* @bug 7068321
* @summary Support TLS Server Name Indication (SNI) Extension in JSSE Server
* @library ../templates
+ * @library /test/lib
* @build SSLCapabilities SSLExplorer
* @run main/othervm SSLSocketExplorerWithCliSNI
*/
@@ -42,6 +43,9 @@
import java.net.*;
import javax.net.ssl.*;
+import jdk.test.lib.Utils;
+import jdk.test.lib.security.SecurityUtils;
+
public class SSLSocketExplorerWithCliSNI {
/*
@@ -268,6 +272,11 @@ public static void main(String[] args) throws Exception {
System.getProperty("test.src", ".") + "/" + pathToStores +
"/" + trustStoreFile;
+ if ((Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) {
+ keyFilename = Utils.revertJKSToPKCS12(keyFilename, passwd);
+ trustFilename = Utils.revertJKSToPKCS12(trustFilename, passwd);
+ }
+
System.setProperty("javax.net.ssl.keyStore", keyFilename);
System.setProperty("javax.net.ssl.keyStorePassword", passwd);
System.setProperty("javax.net.ssl.trustStore", trustFilename);
diff --git a/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorerWithSrvSNI.java b/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorerWithSrvSNI.java
index f026f32e781..1584c8caa88 100644
--- a/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorerWithSrvSNI.java
+++ b/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorerWithSrvSNI.java
@@ -31,6 +31,7 @@
* @bug 7068321
* @summary Support TLS Server Name Indication (SNI) Extension in JSSE Server
* @library ../templates
+ * @library /test/lib
* @build SSLCapabilities SSLExplorer
* @run main/othervm SSLSocketExplorerWithSrvSNI
*/
@@ -42,6 +43,9 @@
import java.net.*;
import javax.net.ssl.*;
+import jdk.test.lib.Utils;
+import jdk.test.lib.security.SecurityUtils;
+
public class SSLSocketExplorerWithSrvSNI {
/*
@@ -251,6 +255,11 @@ public static void main(String[] args) throws Exception {
System.getProperty("test.src", ".") + "/" + pathToStores +
"/" + trustStoreFile;
+ if ((Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) {
+ keyFilename = Utils.revertJKSToPKCS12(keyFilename, passwd);
+ trustFilename = Utils.revertJKSToPKCS12(trustFilename, passwd);
+ }
+
System.setProperty("javax.net.ssl.keyStore", keyFilename);
System.setProperty("javax.net.ssl.keyStorePassword", passwd);
System.setProperty("javax.net.ssl.trustStore", trustFilename);
diff --git a/test/jdk/javax/net/ssl/ServerName/SSLSocketSNISensitive.java b/test/jdk/javax/net/ssl/ServerName/SSLSocketSNISensitive.java
index da2f422149d..568d241bcc9 100644
--- a/test/jdk/javax/net/ssl/ServerName/SSLSocketSNISensitive.java
+++ b/test/jdk/javax/net/ssl/ServerName/SSLSocketSNISensitive.java
@@ -54,6 +54,8 @@
import java.security.interfaces.*;
import java.util.Base64;
+import java.io.ByteArrayInputStream;
+
// Note: this test case works only on TLS 1.2 and prior versions because of
// the use of MD5withRSA signed certificate.
public class SSLSocketSNISensitive {
@@ -361,6 +363,36 @@ private static void parseArguments(String[] args) {
clientRequestedHostname = args[1];
}
+ private static void printCert(String trustedCertStr) {
+ try {
+ // Remove the "BEGIN CERTIFICATE" and "END CERTIFICATE" lines and any whitespace
+ String cleanedCert = trustedCertStr.replace("-----BEGIN CERTIFICATE-----", "")
+ .replace("-----END CERTIFICATE-----", "")
+ .replaceAll("\\s", "");
+
+ // Decode the base64 string to get the certificate bytes
+ byte[] certBytes = Base64.getDecoder().decode(cleanedCert);
+
+ // Create a CertificateFactory for X.509 certificates
+ CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
+
+ // Generate the X509Certificate object
+ X509Certificate cert = (X509Certificate) certFactory.generateCertificate(new ByteArrayInputStream(certBytes));
+
+ // Print the certificate details
+ System.out.println("Issuer: " + cert.getIssuerDN());
+ System.out.println("Subject: " + cert.getSubjectDN());
+ System.out.println("Serial Number: " + cert.getSerialNumber());
+ System.out.println("Not Before: " + cert.getNotBefore());
+ System.out.println("Not After: " + cert.getNotAfter());
+ System.out.println("Signature Algorithm: " + cert.getSigAlgName());
+ System.out.println("Version: " + cert.getVersion());
+
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+
private static SSLContext generateSSLContext(boolean isClient)
throws Exception {
@@ -369,6 +401,7 @@ private static SSLContext generateSSLContext(boolean isClient)
// create a key store
KeyStore ks = KeyStore.getInstance("JKS");
+
ks.load(null, null);
// import the trused cert
@@ -434,10 +467,12 @@ private static SSLContext generateSSLContext(boolean isClient)
public static void main(String[] args) throws Exception {
// MD5 is used in this test case, don't disable MD5 algorithm.
- Security.setProperty("jdk.certpath.disabledAlgorithms",
- "MD2, RSA keySize < 1024");
- Security.setProperty("jdk.tls.disabledAlgorithms",
- "SSLv3, RC4, DH keySize < 768");
+ if (!(Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS-HttpsURLConnection"))) {
+ Security.setProperty("jdk.certpath.disabledAlgorithms",
+ "MD2, RSA keySize < 1024");
+ Security.setProperty("jdk.tls.disabledAlgorithms",
+ "SSLv3, RC4, DH keySize < 768");
+ }
if (debug)
System.setProperty("javax.net.debug", "all");
@@ -447,6 +482,16 @@ public static void main(String[] args) throws Exception {
*/
parseArguments(args);
+ System.out.println("Now printing trustedCertStr==================");
+ printCert(trustedCertStr);
+ System.out.println("Now printing targetCertStr_A==================");
+ printCert(targetCertStr_A);
+ System.out.println("Now printing targetCertStr_B==================");
+ printCert(targetCertStr_B);
+ System.out.println("Now printing targetCertStr_C==================");
+ printCert(targetCertStr_C);
+ System.out.println("Now printing targetCertStr_D==================");
+ printCert(targetCertStr_D);
/*
* Start the tests.
*/
diff --git a/test/jdk/javax/net/ssl/ServerName/TLSTest_ServerName_java.security b/test/jdk/javax/net/ssl/ServerName/TLSTest_ServerName_java.security
new file mode 100644
index 00000000000..8ae3187b347
--- /dev/null
+++ b/test/jdk/javax/net/ssl/ServerName/TLSTest_ServerName_java.security
@@ -0,0 +1,29 @@
+# Test-TLS Restricted Security mode profile for FIPS 140-3. This profile is a test profile that extends
+# OpenJCEPlusFIPS.FIPS140-3. This profile also includes non-cryptographic algorithms and common configuration
+# options such as, PKCS12, JKS from SUN and PBE related services from SunJCE.
+#
+RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3-Test-TLS-ServerName.desc.name = Test-TLS-ServerName OpenJCEPlusFIPS Cryptographic Module FIPS 140-3
+RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3-Test-TLS-ServerName.desc.default = false
+RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3-Test-TLS-ServerName.extends = RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3
+
+RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3-Test-TLS-ServerName.jce.provider.1 = com.ibm.crypto.plus.provider.OpenJCEPlusFIPS [+ \
+ {AlgorithmParameters, DiffieHellman, *}, \
+ {KeyAgreement, DiffieHellman, *}, \
+ {KeyPairGenerator, DiffieHellman, *}, \
+ {KeyFactory, DiffieHellman, *}, \
+ {MessageDigest, MD5, *}]
+
+RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3-Test-TLS-ServerName.jce.provider.2 = sun.security.provider.Sun [+ \
+ {KeyStore, JKS, *}, \
+ {KeyStore, PKCS12, *}, \
+ {MessageDigest, SHA-1, *}]
+
+RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3-Test-TLS-ServerName.jce.provider.4 = com.sun.crypto.provider.SunJCE [{AlgorithmParameters, PBES2, *}, \
+ {AlgorithmParameters, PBEWithHmacSHA256AndAES_256, *}, \
+ {AlgorithmParameters, PBEWithMD5AndDES, *}, \
+ {SecretKeyFactory, PBEWithMD5AndDES, *}, \
+ {Cipher, PBEWithHmacSHA256AndAES_256, *}, \
+ {Mac, HmacSHA1, *},\
+ {Mac, HmacPBESHA256, *}]
+
+RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3-Test-TLS-ServerName.jce.provider.5 = sun.security.rsa.SunRsaSign [{Signature, MD5withRSA, *}]
\ No newline at end of file
diff --git a/test/jdk/javax/net/ssl/TLS/CipherTestUtils.java b/test/jdk/javax/net/ssl/TLS/CipherTestUtils.java
index 38b0d871c1c..8fffada9093 100644
--- a/test/jdk/javax/net/ssl/TLS/CipherTestUtils.java
+++ b/test/jdk/javax/net/ssl/TLS/CipherTestUtils.java
@@ -50,6 +50,8 @@
import java.util.Base64;
import java.util.Collections;
import java.util.List;
+import java.util.Map;
+import java.util.HashMap;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLServerSocket;
@@ -187,6 +189,11 @@ public class CipherTestUtils {
+ "fpqmCkpTanyYW9U=\n"
+ "-----END PRIVATE KEY-----";
+ public static final boolean ISFIPS = Boolean.parseBoolean(System.getProperty("semeru.fips"));
+ public static final String PROFILE = System.getProperty("semeru.customprofile");
+ public static final List TLS_PROTOCOLS = new ArrayList<>();
+ public static final Map TLS_CIPHERSUITES = new HashMap<>();
+
private final SSLSocketFactory factory;
private final X509ExtendedKeyManager clientKeyManager;
private final X509ExtendedKeyManager serverKeyManager;
@@ -306,6 +313,24 @@ public static void addFailure(Exception e) {
}
private CipherTestUtils() throws Exception {
+ TLS_PROTOCOLS.add("TLSv1.2");
+ TLS_PROTOCOLS.add("TLSv1.3");
+
+ TLS_CIPHERSUITES.put("TLS_AES_128_GCM_SHA256", "TLSv1.3");
+ TLS_CIPHERSUITES.put("TLS_AES_256_GCM_SHA384", "TLSv1.3");
+ TLS_CIPHERSUITES.put("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLSv1.2");
+ TLS_CIPHERSUITES.put("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLSv1.2");
+ TLS_CIPHERSUITES.put("TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLSv1.2");
+ TLS_CIPHERSUITES.put("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLSv1.2");
+ TLS_CIPHERSUITES.put("TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", "TLSv1.2");
+ TLS_CIPHERSUITES.put("TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", "TLSv1.2");
+ TLS_CIPHERSUITES.put("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", "TLSv1.2");
+ TLS_CIPHERSUITES.put("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", "TLSv1.2");
+ TLS_CIPHERSUITES.put("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", "TLSv1.2");
+ TLS_CIPHERSUITES.put("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "TLSv1.2");
+ TLS_CIPHERSUITES.put("TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", "TLSv1.2");
+ TLS_CIPHERSUITES.put("TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", "TLSv1.2");
+
factory = (SSLSocketFactory) SSLSocketFactory.getDefault();
KeyStore serverKeyStore = createServerKeyStore(SERVER_PUBLIC_KEY,
SERVER_PRIVATE_KEY);
@@ -474,6 +499,36 @@ public static void printInfo(SSLSocket socket) {
System.out.println("-----------------------");
}
+ public static void printCert(String trustedCertStr) {
+ try {
+ // Remove the "BEGIN CERTIFICATE" and "END CERTIFICATE" lines and any whitespace
+ String cleanedCert = trustedCertStr.replace("-----BEGIN CERTIFICATE-----", "")
+ .replace("-----END CERTIFICATE-----", "")
+ .replaceAll("\\s", "");
+
+ // Decode the base64 string to get the certificate bytes
+ byte[] certBytes = Base64.getDecoder().decode(cleanedCert);
+
+ // Create a CertificateFactory for X.509 certificates
+ CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
+
+ // Generate the X509Certificate object
+ X509Certificate cert = (X509Certificate) certFactory.generateCertificate(new ByteArrayInputStream(certBytes));
+
+ // Print the certificate details
+ System.out.println("Issuer: " + cert.getIssuerDN());
+ System.out.println("Subject: " + cert.getSubjectDN());
+ System.out.println("Serial Number: " + cert.getSerialNumber());
+ System.out.println("Not Before: " + cert.getNotBefore());
+ System.out.println("Not After: " + cert.getNotAfter());
+ System.out.println("Signature Algorithm: " + cert.getSigAlgName());
+ System.out.println("Version: " + cert.getVersion());
+
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+
private static KeyStore createServerKeyStore(String publicKey,
String keySpecStr) throws KeyStoreException, IOException,
NoSuchAlgorithmException, CertificateException,
diff --git a/test/jdk/javax/net/ssl/TLS/JSSEClient.java b/test/jdk/javax/net/ssl/TLS/JSSEClient.java
index 0f510856380..00a8ad0671c 100644
--- a/test/jdk/javax/net/ssl/TLS/JSSEClient.java
+++ b/test/jdk/javax/net/ssl/TLS/JSSEClient.java
@@ -111,4 +111,4 @@ void runTest(CipherTestUtils.TestParameters params) throws Exception {
}
}
}
-}
+}
\ No newline at end of file
diff --git a/test/jdk/javax/net/ssl/TLS/JSSEServer.java b/test/jdk/javax/net/ssl/TLS/JSSEServer.java
index 9bd4fd0bfa0..faf00ae9e2c 100644
--- a/test/jdk/javax/net/ssl/TLS/JSSEServer.java
+++ b/test/jdk/javax/net/ssl/TLS/JSSEServer.java
@@ -88,4 +88,4 @@ public void close() throws IOException {
serverSocket.close();
}
}
-}
+}
\ No newline at end of file
diff --git a/test/jdk/javax/net/ssl/TLS/TestJSSE.java b/test/jdk/javax/net/ssl/TLS/TestJSSE.java
index 29631064011..092246a628d 100644
--- a/test/jdk/javax/net/ssl/TLS/TestJSSE.java
+++ b/test/jdk/javax/net/ssl/TLS/TestJSSE.java
@@ -21,6 +21,10 @@
* questions.
*/
+import java.util.List;
+import java.util.ArrayList;
+import java.util.Arrays;
+
import java.net.InetAddress;
import java.security.Provider;
import java.security.Security;
@@ -28,11 +32,36 @@
public class TestJSSE {
private static final String LOCAL_IP = InetAddress.getLoopbackAddress().getHostAddress();
+ private static boolean isFIPS = Boolean.parseBoolean(System.getProperty("semeru.fips"));
+ private static String customProfile = System.getProperty("semeru.customprofile");
+ private static final Map TLS_CIPHERSUITES = new HashMap<>();
+
+ private String checkIfProtocolIsUsedInCommonFIPS(String srvProtocol, String clnProtocol) {
+ String protocolUsedInHandShake;
+ List srvProtocols = Arrays.asList(srvProtocol.split(","));
+ List clnProtocols;
+ if (clnProtocol.equals("DEFAULT")) {
+ if (srvProtocols.contains("TLSv1.3")) {
+ protocolUsedInHandShake = "TLSv1.3";
+ } else if (srvProtocols.contains("TLSv1.2")) {
+ protocolUsedInHandShake = "TLSv1.2";
+ } else {
+ protocolUsedInHandShake = null;
+ }
+ } else {
+ clnProtocols = Arrays.asList(clnProtocol.split(","));
+ if (srvProtocols.contains("TLSv1.3") && clnProtocols.contains("TLSv1.3")) {
+ protocolUsedInHandShake = "TLSv1.3";
+ } else if (srvProtocols.contains("TLSv1.2") && clnProtocols.contains("TLSv1.2")) {
+ protocolUsedInHandShake = "TLSv1.2";
+ } else {
+ protocolUsedInHandShake = null;
+ }
+ }
+ return protocolUsedInHandShake;
+ }
public static void main(String... args) throws Exception {
- // reset the security property to make sure that the algorithms
- // and keys used in this test are not disabled.
- Security.setProperty("jdk.tls.disabledAlgorithms", "");
// enable debug output
System.setProperty("javax.net.debug", "ssl,record");
@@ -43,13 +72,57 @@ public static void main(String... args) throws Exception {
if (srvProtocol == null || clnProtocol == null || cipher == null) {
throw new IllegalArgumentException("Incorrect parameters");
}
+ String contextProtocol = null;
+ if (System.getProperty("jdk.tls.client.protocols") != null) {
+ System.setProperty("jdk.tls.client.protocols", contextProtocol);
+ clnProtocol = contextProtocol;
+ }
System.out.println("ServerProtocol = " + srvProtocol);
System.out.println("ClientProtocol = " + clnProtocol);
System.out.println("Cipher = " + cipher);
+ // reset the security property to make sure that the algorithms
+ // and keys used in this test are not disabled.
+ String protocolUsedInHandShake;
+ if (!(isFIPS && customProfile.equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) {
+ Security.setProperty("jdk.tls.disabledAlgorithms", "");
+ } else {
+ TLS_CIPHERSUITES.put("TLS_AES_128_GCM_SHA256", "TLSv1.3");
+ TLS_CIPHERSUITES.put("TLS_AES_256_GCM_SHA384", "TLSv1.3");
+ TLS_CIPHERSUITES.put("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLSv1.2");
+ TLS_CIPHERSUITES.put("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLSv1.2");
+ TLS_CIPHERSUITES.put("TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLSv1.2");
+ TLS_CIPHERSUITES.put("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLSv1.2");
+ TLS_CIPHERSUITES.put("TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", "TLSv1.2");
+ TLS_CIPHERSUITES.put("TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", "TLSv1.2");
+ TLS_CIPHERSUITES.put("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", "TLSv1.2");
+ TLS_CIPHERSUITES.put("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", "TLSv1.2");
+ TLS_CIPHERSUITES.put("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", "TLSv1.2");
+ TLS_CIPHERSUITES.put("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "TLSv1.2");
+ TLS_CIPHERSUITES.put("TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", "TLSv1.2");
+ TLS_CIPHERSUITES.put("TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", "TLSv1.2");
+ protocolUsedInHandShake = checkIfProtocolIsUsedInCommonFIPS(srvProtocol, clnProtocol);
+ }
+
try (CipherTestUtils.Server srv = server(srvProtocol, cipher, args)) {
client(srv.getPort(), clnProtocol, cipher, args);
+ } catch (Exception e) {
+ if (isFIPS && customProfile.equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS")) {
+ if ((protocolUsedInHandShake == null
+ || !TLS_CIPHERSUITES.containsKey(cipher)
+ || !TLS_CIPHERSUITES.get(cipher).equals(protocolUsedInHandShake))
+ && e instanceof javax.net.ssl.SSLHandshakeException
+ && "No appropriate protocol (protocol is disabled or cipher suites are inappropriate)".equals(e.getMessage())) {
+ if (args.length >= 1 && args[0].equals("javax.net.ssl.SSLHandshakeException")) {
+ System.out.println("Expected exception msg: is caught");
+ return;
+ } else {
+ System.out.println("Expected exception msg: is caught");
+ return;
+ }
+ }
+ }
}
}
diff --git a/test/jdk/javax/net/ssl/TLSCommon/ConcurrentClientAccessTest.java b/test/jdk/javax/net/ssl/TLSCommon/ConcurrentClientAccessTest.java
index b26c82c8cfb..8fffd1b6ffa 100644
--- a/test/jdk/javax/net/ssl/TLSCommon/ConcurrentClientAccessTest.java
+++ b/test/jdk/javax/net/ssl/TLSCommon/ConcurrentClientAccessTest.java
@@ -47,9 +47,13 @@
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManagerFactory;
+import jdk.test.lib.Utils;
+import jdk.test.lib.security.SecurityUtils;
+
/*
* @test
* @bug 8208496
+ * @library /test/lib
* @summary Test to verify concurrent behavior of TLS.
* @run main/othervm ConcurrentClientAccessTest
*/
@@ -58,10 +62,13 @@ public class ConcurrentClientAccessTest {
private static final int THREADS = 50;
public static void main(String[] args) throws Exception {
-
- Security.setProperty("jdk.tls.disabledAlgorithms", "");
- for (String tlsProtocol : new String[]{"TLSv1.3", "TLSv1.2",
- "TLSv1.1", "TLSv1"}) {
+ String[] protocols = new String[]{"TLSv1.3", "TLSv1.2", "TLSv1.1", "TLSv1"};
+ if (!(Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) {
+ Security.setProperty("jdk.tls.disabledAlgorithms", "");
+ } else {
+ protocols = new String[]{"TLSv1.3", "TLSv1.2"};
+ }
+ for (String tlsProtocol : protocols) {
System.out.printf("Protocol: %s%n", tlsProtocol);
CountDownLatch tillServerReady = new CountDownLatch(1);
Server server = new Server(tlsProtocol, tillServerReady);
diff --git a/test/jdk/javax/net/ssl/TLSCommon/NetSslUtils.java b/test/jdk/javax/net/ssl/TLSCommon/NetSslUtils.java
new file mode 100644
index 00000000000..bf5a429ddf5
--- /dev/null
+++ b/test/jdk/javax/net/ssl/TLSCommon/NetSslUtils.java
@@ -0,0 +1,108 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import java.security.Security;
+import java.security.Provider;
+import java.util.List;
+import java.util.ArrayList;
+import java.util.Map;
+import java.util.HashMap;
+
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.security.KeyStore;
+import java.security.Key;
+import java.security.cert.Certificate;
+import java.util.Enumeration;
+
+public class NetSslUtils {
+ public static final List TLS_PROTOCOLS = new ArrayList<>();
+ public static final Map TLS_CIPHERSUITES = new HashMap<>();
+
+ public static final String isFIPS = System.getProperty("semeru.fips");
+ public static boolean isFIPS() {
+ System.out.println("semeru.fips is: " + System.getProperty("semeru.fips"));
+ return Boolean.parseBoolean(isFIPS);
+ }
+
+ public static final String FIPS_PROFILE = System.getProperty("semeru.customprofile");
+ public static String getFipsProfile() {
+ System.out.println("semeru.customprofile is: " + System.getProperty("semeru.customprofile"));
+ return FIPS_PROFILE;
+ }
+
+ public static String revertJKSToPKCS12(String keyFilename, String passwd) {
+ String p12keyFilename = keyFilename + ".p12";
+ try {
+ KeyStore jksKeystore = KeyStore.getInstance("JKS");
+ try (FileInputStream fis = new FileInputStream(keyFilename)) {
+ jksKeystore.load(fis, passwd.toCharArray());
+ }
+
+ KeyStore pkcs12Keystore = KeyStore.getInstance("PKCS12");
+ pkcs12Keystore.load(null, null);
+
+ Enumeration aliasesKey = jksKeystore.aliases();
+ while (aliasesKey.hasMoreElements()) {
+ String alias = aliasesKey.nextElement();
+ if (jksKeystore.isKeyEntry(alias)) {
+ char[] keyPassword = passwd.toCharArray();
+ Key key = jksKeystore.getKey(alias, keyPassword);
+ Certificate[] chain = jksKeystore.getCertificateChain(alias);
+ pkcs12Keystore.setKeyEntry(alias, key, passwd.toCharArray(), chain);
+ } else if (jksKeystore.isCertificateEntry(alias)) {
+ Certificate cert = jksKeystore.getCertificate(alias);
+ pkcs12Keystore.setCertificateEntry(alias, cert);
+ }
+ }
+
+ try (FileOutputStream fos = new FileOutputStream(p12keyFilename)) {
+ pkcs12Keystore.store(fos, passwd.toCharArray());
+ }
+ System.out.println("JKS keystore converted to PKCS12 successfully.");
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ return p12keyFilename;
+ }
+
+ static {
+ TLS_PROTOCOLS.add("TLSv1.2");
+ TLS_PROTOCOLS.add("TLSv1.3");
+
+ TLS_CIPHERSUITES.put("TLS_AES_128_GCM_SHA256", "TLSv1.3");
+ TLS_CIPHERSUITES.put("TLS_AES_256_GCM_SHA384", "TLSv1.3");
+ TLS_CIPHERSUITES.put("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLSv1.2");
+ TLS_CIPHERSUITES.put("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLSv1.2");
+ TLS_CIPHERSUITES.put("TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLSv1.2");
+ TLS_CIPHERSUITES.put("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLSv1.2");
+ TLS_CIPHERSUITES.put("TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", "TLSv1.2");
+ TLS_CIPHERSUITES.put("TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", "TLSv1.2");
+ TLS_CIPHERSUITES.put("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", "TLSv1.2");
+ TLS_CIPHERSUITES.put("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", "TLSv1.2");
+ TLS_CIPHERSUITES.put("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", "TLSv1.2");
+ TLS_CIPHERSUITES.put("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "TLSv1.2");
+ TLS_CIPHERSUITES.put("TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", "TLSv1.2");
+ TLS_CIPHERSUITES.put("TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", "TLSv1.2");
+ }
+}
\ No newline at end of file
diff --git a/test/jdk/javax/net/ssl/TLSCommon/SSLEngineTestCase.java b/test/jdk/javax/net/ssl/TLSCommon/SSLEngineTestCase.java
index dce28edadf2..52c514af6c4 100644
--- a/test/jdk/javax/net/ssl/TLSCommon/SSLEngineTestCase.java
+++ b/test/jdk/javax/net/ssl/TLSCommon/SSLEngineTestCase.java
@@ -180,7 +180,7 @@ public enum HandshakeMode {
private static final String SERVER_NAME = "service.localhost";
private static final String SNI_PATTERN = ".*";
- private static final String[] TLS13_CIPHERS = {
+ private static String[] TLS13_CIPHERS = {
"TLS_AES_256_GCM_SHA384",
"TLS_AES_128_GCM_SHA256",
"TLS_CHACHA20_POLY1305_SHA256"
@@ -189,6 +189,12 @@ public enum HandshakeMode {
private static final String[] SUPPORTED_NON_KRB_CIPHERS;
static {
+ if (NetSslUtils.isFIPS() && NetSslUtils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS")) {
+ TLS13_CIPHERS = new String[] {
+ "TLS_AES_256_GCM_SHA384",
+ "TLS_AES_128_GCM_SHA256"
+ };
+ }
try {
String[] allSupportedCiphers = getContext()
.createSSLEngine().getSupportedCipherSuites();
@@ -796,10 +802,12 @@ public static void checkResult(SSLEngineResult r,
*/
public static SSLContext getContext() {
try {
- java.security.Security.setProperty(
- "jdk.tls.disabledAlgorithms", "");
- java.security.Security.setProperty(
- "jdk.certpath.disabledAlgorithms", "");
+ if(!(NetSslUtils.isFIPS() && NetSslUtils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) {
+ java.security.Security.setProperty(
+ "jdk.tls.disabledAlgorithms", "");
+ java.security.Security.setProperty(
+ "jdk.certpath.disabledAlgorithms", "");
+ }
KeyStore ks = KeyStore.getInstance("JKS");
KeyStore ts = KeyStore.getInstance("JKS");
char[] passphrase = PASSWD.toCharArray();
@@ -848,7 +856,8 @@ public static void setUpAndStartKDC() {
* SSLEngineTestCase.TEST_MODE is "krb".
*/
public static void setUpAndStartKDCIfNeeded() {
- if (TEST_MODE.equals("krb")) {
+ if (TEST_MODE.equals("krb") &&
+ (!(NetSslUtils.isFIPS() && NetSslUtils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS")))) {
setUpAndStartKDC();
}
}
@@ -1177,4 +1186,4 @@ private static void startKDC(String realm, Map principals,
throw new RuntimeException("KDC: unexpected exception", e);
}
}
-}
+}
\ No newline at end of file
diff --git a/test/jdk/javax/net/ssl/TLSCommon/TLSTest.java b/test/jdk/javax/net/ssl/TLSCommon/TLSTest.java
index d1322715749..e4ee8f212e8 100644
--- a/test/jdk/javax/net/ssl/TLSCommon/TLSTest.java
+++ b/test/jdk/javax/net/ssl/TLSCommon/TLSTest.java
@@ -31,9 +31,11 @@
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Security;
+import java.security.Provider;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.spec.PKCS8EncodedKeySpec;
+import java.util.Arrays;
import java.util.Base64;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.ExecutorService;
@@ -48,9 +50,13 @@
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManagerFactory;
+import jdk.test.lib.Utils;
+import jdk.test.lib.security.SecurityUtils;
+
/*
* @test
* @bug 8205111
+ * @library /test/lib
* @summary Test TLS with different types of supported keys.
* @run main/othervm TLSTest TLSv1.3 rsa_pkcs1_sha1 TLS_AES_128_GCM_SHA256
* @run main/othervm TLSTest TLSv1.3 rsa_pkcs1_sha256 TLS_AES_128_GCM_SHA256
@@ -145,10 +151,25 @@ public class TLSTest {
public static void main(String[] args) throws Exception {
- final String tlsProtocol = args[0];
+ String tlsProtocol = args[0];
final KeyType keyType = KeyType.valueOf(args[1]);
- final String cipher = args[2];
- Security.setProperty("jdk.tls.disabledAlgorithms", "");
+ String cipher = args[2];
+ if (!(Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) {
+ Security.setProperty("jdk.tls.disabledAlgorithms", "");
+ } else {
+ if (!SecurityUtils.TLS_PROTOCOLS.contains(tlsProtocol)) {
+ System.out.println(tlsProtocol + " is not available.");
+ return;
+ }
+ if (!SecurityUtils.TLS_CIPHERSUITES.containsKey(cipher)) {
+ System.out.println(cipher + " is not available.");
+ return;
+ }
+ if (!SecurityUtils.TLS_CIPHERSUITES.get(cipher).equals(tlsProtocol)) {
+ System.out.println(cipher + " does not match " + tlsProtocol);
+ return;
+ }
+ }
CountDownLatch serverReady = new CountDownLatch(1);
Server server = new Server(tlsProtocol, keyType, cipher, serverReady);
server.start();
diff --git a/test/jdk/javax/net/ssl/TLSCommon/TLSWithEdDSA.java b/test/jdk/javax/net/ssl/TLSCommon/TLSWithEdDSA.java
index 3fabc5bd73c..51315b8a842 100644
--- a/test/jdk/javax/net/ssl/TLSCommon/TLSWithEdDSA.java
+++ b/test/jdk/javax/net/ssl/TLSCommon/TLSWithEdDSA.java
@@ -71,6 +71,7 @@
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509KeyManager;
+import jdk.test.lib.Utils;
import jdk.test.lib.security.SecurityUtils;
public class TLSWithEdDSA extends SSLSocketTemplate {
@@ -81,7 +82,7 @@ public class TLSWithEdDSA extends SSLSocketTemplate {
private static final String DEF_ALL_EE = "EE_ECDSA_SECP256R1:" +
"EE_ECDSA_SECP384R1:EE_ECDSA_SECP521R1:EE_RSA_2048:" +
"EE_EC_RSA_SECP256R1:EE_DSA_2048:EE_DSA_1024:EE_ED25519:EE_ED448";
- private static final List TEST_PROTOS = List.of(
+ private static List TEST_PROTOS = List.of(
"TLSv1.3", "TLSv1.2", "TLSv1.1", "TLSv1");
private static CertificateFactory certFac;
@@ -556,13 +557,15 @@ protected void runClientApplication(SSLSocket socket) throws Exception {
}
public static void main(String[] args) throws Exception {
- SecurityUtils.removeFromDisabledTlsAlgs("TLSv1.1", "TLSv1");
+ if (!(Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) {
+ SecurityUtils.removeFromDisabledTlsAlgs("TLSv1.1", "TLSv1");
+ }
certFac = CertificateFactory.getInstance("X.509");
String testFormat;
System.out.println("===== Test KeyManager alias retrieval =====");
testKeyManager(DEF_ALL_EE, "EdDSA",
- new String[] {"ee_ed25519", "ee_ed448"});
+ new String[] {"ee_ed25519", "ee_ed448"});
testFormat =
"===== Basic Ed25519 Server-side Authentication: %s =====\n";
@@ -626,6 +629,10 @@ private static void testKeyManager(String keyStoreSpec, String keyType,
private static void runtest(String testNameFmt, SessionChecker cliChk,
Class extends Throwable> cliExpExc, SessionChecker servChk,
Class extends Throwable> servExpExc) {
+ if (!(Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) {
+ TEST_PROTOS = List.of(
+ "TLSv1.3", "TLSv1.2");
+ }
TEST_PROTOS.forEach(protocol -> {
clientParameters.put(ParamType.PROTOS, protocol);
TLSWithEdDSA testObj = new TLSWithEdDSA(cliChk, cliExpExc, servChk,
diff --git a/test/jdk/javax/net/ssl/TLSCommon/TestSessionLocalPrincipal.java b/test/jdk/javax/net/ssl/TLSCommon/TestSessionLocalPrincipal.java
index 092a6e4aee8..bee914b82f5 100644
--- a/test/jdk/javax/net/ssl/TLSCommon/TestSessionLocalPrincipal.java
+++ b/test/jdk/javax/net/ssl/TLSCommon/TestSessionLocalPrincipal.java
@@ -46,19 +46,26 @@
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManagerFactory;
+import jdk.test.lib.Utils;
+import jdk.test.lib.security.SecurityUtils;
+
/*
* @test
* @bug 8206355 8225438
+ * @library /test/lib
* @summary Test principal that was sent to the peer during handshake.
* @run main/othervm TestSessionLocalPrincipal
*/
public class TestSessionLocalPrincipal {
public static void main(String[] args) throws Exception {
-
- Security.setProperty("jdk.tls.disabledAlgorithms", "");
- for (String tlsProtocol : new String[]{
- "TLSv1.3", "TLSv1.2", "TLSv1.1", "TLSv1"}) {
+ String[] protocols = new String[]{"TLSv1.3", "TLSv1.2", "TLSv1.1", "TLSv1"};
+ if (!(Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) {
+ Security.setProperty("jdk.tls.disabledAlgorithms", "");
+ } else {
+ protocols = new String[]{"TLSv1.3", "TLSv1.2"};
+ }
+ for (String tlsProtocol : protocols) {
for (boolean clientAuth : new boolean[]{true, false}) {
System.out.printf("Protocol %s: Client side auth enabled: %s%n",
tlsProtocol, clientAuth);
diff --git a/test/jdk/javax/net/ssl/TLSTest_java.security b/test/jdk/javax/net/ssl/TLSTest_java.security
new file mode 100644
index 00000000000..1e552f93eaa
--- /dev/null
+++ b/test/jdk/javax/net/ssl/TLSTest_java.security
@@ -0,0 +1,34 @@
+# Test-TLS Restricted Security mode profile for FIPS 140-3. This profile is a test profile that extends
+# OpenJCEPlusFIPS.FIPS140-3. This profile also includes non-cryptographic algorithms and common configuration
+# options such as, PKCS12, JKS from SUN and PBE related services from SunJCE.
+#
+RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3-Test-TLS.desc.name = Test-TLS OpenJCEPlusFIPS Cryptographic Module FIPS 140-3
+RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3-Test-TLS.desc.default = false
+RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3-Test-TLS.extends = RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3
+
+RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3-Test-TLS.jce.provider.1 = com.ibm.crypto.plus.provider.OpenJCEPlusFIPS [+ \
+ {AlgorithmParameters, DiffieHellman, *}, \
+ {KeyAgreement, DiffieHellman, *}, \
+ {KeyPairGenerator, DiffieHellman, *}, \
+ {KeyFactory, DiffieHellman, *}, \
+ {Signature, RSAPSS, *}, \
+ {Signature, SHA1withRSA, *}]
+
+RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3-Test-TLS.jce.provider.2 = sun.security.provider.Sun [+ \
+ {KeyStore, JKS, *}, \
+ {KeyStore, PKCS12, *}, \
+ {MessageDigest, SHA-1, *}]
+
+RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3-Test-TLS.jce.provider.4 = com.sun.crypto.provider.SunJCE [{AlgorithmParameters, PBES2, *}, \
+ {AlgorithmParameters, PBEWithHmacSHA256AndAES_256, *}, \
+ {AlgorithmParameters, PBEWithMD5AndDES, *}, \
+ {SecretKeyFactory, PBEWithMD5AndDES, *}, \
+ {Cipher, PBEWithHmacSHA256AndAES_256, *}, \
+ {Mac, HmacSHA1, *},\
+ {Mac, HmacPBESHA256, *}]
+
+RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3-Test-TLS.jce.provider.5 = sun.security.rsa.SunRsaSign [{Signature, MD5withRSA, *}]
+RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3-Test-TLS.jce.provider.6 = sun.security.ec.SunEC [{KeyFactory, EdDSA, *}, \
+ {KeyFactory, Ed25519, *}, \
+ {KeyFactory, Ed448, *}, \
+ {Signature, SHA1withECDSA, *}]
\ No newline at end of file
diff --git a/test/jdk/javax/net/ssl/TLSv11/EmptyCertificateAuthorities.java b/test/jdk/javax/net/ssl/TLSv11/EmptyCertificateAuthorities.java
index 7469333e2e0..f0f78945f99 100644
--- a/test/jdk/javax/net/ssl/TLSv11/EmptyCertificateAuthorities.java
+++ b/test/jdk/javax/net/ssl/TLSv11/EmptyCertificateAuthorities.java
@@ -32,6 +32,7 @@
* @test
* @bug 4873188
* @summary Support TLS 1.1
+ * @library /test/lib
* @run main/othervm EmptyCertificateAuthorities
* @modules java.security.jgss
* java.security.jgss/sun.security.jgss.krb5
@@ -62,6 +63,9 @@
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
+import jdk.test.lib.Utils;
+import jdk.test.lib.security.SecurityUtils;
+
public class EmptyCertificateAuthorities {
/*
@@ -250,10 +254,12 @@ private void initialize() throws CertificateException {
public static void main(String[] args) throws Exception {
// MD5 is used in this test case, don't disable MD5 algorithm.
- Security.setProperty("jdk.certpath.disabledAlgorithms",
- "MD2, RSA keySize < 1024");
- Security.setProperty("jdk.tls.disabledAlgorithms",
- "SSLv3, RC4, DH keySize < 768");
+ if (!(Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) {
+ Security.setProperty("jdk.certpath.disabledAlgorithms",
+ "MD2, RSA keySize < 1024");
+ Security.setProperty("jdk.tls.disabledAlgorithms",
+ "SSLv3, RC4, DH keySize < 768");
+ }
String keyFilename =
System.getProperty("test.src", ".") + "/" + pathToStores +
@@ -273,7 +279,19 @@ public static void main(String[] args) throws Exception {
/*
* Start the tests.
*/
- new EmptyCertificateAuthorities();
+ try {
+ new EmptyCertificateAuthorities();
+ } catch (javax.net.ssl.SSLHandshakeException sslhe) {
+ if (Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS")) {
+ if ("No appropriate protocol (protocol is disabled or cipher suites are inappropriate)".equals(sslhe.getMessage())) {
+ System.out.println("Expected exception msg: is caught");
+ return;
+ }
+ }
+ } catch (Exception e) {
+ e.printStackTrace();
+ return;
+ }
}
Thread clientThread = null;
diff --git a/test/jdk/javax/net/ssl/TLSv11/GenericBlockCipher.java b/test/jdk/javax/net/ssl/TLSv11/GenericBlockCipher.java
index 24933838e05..c289491d2cf 100644
--- a/test/jdk/javax/net/ssl/TLSv11/GenericBlockCipher.java
+++ b/test/jdk/javax/net/ssl/TLSv11/GenericBlockCipher.java
@@ -51,6 +51,7 @@
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
+import jdk.test.lib.Utils;
import jdk.test.lib.security.SecurityUtils;
public class GenericBlockCipher {
@@ -150,7 +151,7 @@ void doClientSide() throws Exception {
// enable a block cipher
sslSocket.setEnabledCipherSuites(
- new String[] {"TLS_RSA_WITH_AES_128_CBC_SHA"});
+ new String[] {"TLS_RSA_WITH_AES_128_CBC_SHA"});
InputStream sslIS = sslSocket.getInputStream();
OutputStream sslOS = sslSocket.getOutputStream();
@@ -175,7 +176,9 @@ void doClientSide() throws Exception {
public static void main(String[] args) throws Exception {
// Re-enable TLSv1.1 since test depends on it.
- SecurityUtils.removeFromDisabledTlsAlgs("TLSv1.1");
+ if (!(Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) {
+ SecurityUtils.removeFromDisabledTlsAlgs("TLSv1.1");
+ }
String keyFilename =
System.getProperty("test.src", ".") + "/" + pathToStores +
@@ -195,7 +198,19 @@ public static void main(String[] args) throws Exception {
/*
* Start the tests.
*/
- new GenericBlockCipher();
+ try {
+ new GenericBlockCipher();
+ } catch (javax.net.ssl.SSLHandshakeException sslhe) {
+ if (Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS")) {
+ if ("No appropriate protocol (protocol is disabled or cipher suites are inappropriate)".equals(sslhe.getMessage())) {
+ System.out.println("Expected exception msg: is caught");
+ return;
+ }
+ }
+ } catch (Exception e) {
+ e.printStackTrace();
+ return;
+ }
}
Thread clientThread = null;
diff --git a/test/jdk/javax/net/ssl/TLSv11/GenericStreamCipher.java b/test/jdk/javax/net/ssl/TLSv11/GenericStreamCipher.java
index 99a6599c129..a80d7cbd63c 100644
--- a/test/jdk/javax/net/ssl/TLSv11/GenericStreamCipher.java
+++ b/test/jdk/javax/net/ssl/TLSv11/GenericStreamCipher.java
@@ -27,6 +27,7 @@
* @test
* @bug 4873188
* @summary Support TLS 1.1
+ * @library /test/lib
* @modules java.security.jgss
* java.security.jgss/sun.security.jgss.krb5
* java.security.jgss/sun.security.krb5:+open
@@ -51,6 +52,9 @@
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
+import jdk.test.lib.Utils;
+import jdk.test.lib.security.SecurityUtils;
+
public class GenericStreamCipher {
/*
@@ -107,7 +111,7 @@ void doServerSide() throws Exception {
// enable a stream cipher
sslServerSocket.setEnabledCipherSuites(
- new String[] {"SSL_RSA_WITH_RC4_128_MD5"});
+ new String[] {"SSL_RSA_WITH_RC4_128_MD5"});
serverPort = sslServerSocket.getLocalPort();
@@ -152,7 +156,7 @@ void doClientSide() throws Exception {
// enable a stream cipher
sslSocket.setEnabledCipherSuites(
- new String[] {"SSL_RSA_WITH_RC4_128_MD5"});
+ new String[] {"SSL_RSA_WITH_RC4_128_MD5"});
InputStream sslIS = sslSocket.getInputStream();
OutputStream sslOS = sslSocket.getOutputStream();
@@ -178,7 +182,9 @@ void doClientSide() throws Exception {
public static void main(String[] args) throws Exception {
// reset the security property to make sure that the algorithms
// and keys used in this test are not disabled.
- Security.setProperty("jdk.tls.disabledAlgorithms", "");
+ if (!(Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) {
+ Security.setProperty("jdk.tls.disabledAlgorithms", "");
+ }
String keyFilename =
System.getProperty("test.src", ".") + "/" + pathToStores +
@@ -198,7 +204,19 @@ public static void main(String[] args) throws Exception {
/*
* Start the tests.
*/
- new GenericStreamCipher();
+ try {
+ new GenericStreamCipher();
+ } catch (javax.net.ssl.SSLHandshakeException sslhe) {
+ if (Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS")) {
+ if ("No appropriate protocol (protocol is disabled or cipher suites are inappropriate)".equals(sslhe.getMessage())) {
+ System.out.println("Expected exception msg: is caught");
+ return;
+ }
+ }
+ } catch (Exception e) {
+ e.printStackTrace();
+ return;
+ }
}
Thread clientThread = null;
diff --git a/test/jdk/javax/net/ssl/TLSv12/DisabledShortDSAKeys.java b/test/jdk/javax/net/ssl/TLSv12/DisabledShortDSAKeys.java
index 39937f8b743..2da55279adc 100644
--- a/test/jdk/javax/net/ssl/TLSv12/DisabledShortDSAKeys.java
+++ b/test/jdk/javax/net/ssl/TLSv12/DisabledShortDSAKeys.java
@@ -31,6 +31,7 @@
* @bug 8139565
* @summary Restrict certificates with DSA keys less than 1024 bits
* @library /javax/net/ssl/templates
+ * @library /test/lib
* @run main/othervm DisabledShortDSAKeys PKIX TLSv1.2
* @run main/othervm DisabledShortDSAKeys SunX509 TLSv1.2
* @run main/othervm DisabledShortDSAKeys PKIX TLSv1.1
@@ -54,6 +55,8 @@
import java.security.interfaces.*;
import java.util.Base64;
+import jdk.test.lib.Utils;
+import jdk.test.lib.security.SecurityUtils;
public class DisabledShortDSAKeys extends SSLContextTemplate {
@@ -175,11 +178,12 @@ protected ContextParameters getClientContextParameters() {
volatile Exception clientException = null;
public static void main(String[] args) throws Exception {
- Security.setProperty("jdk.certpath.disabledAlgorithms",
- "DSA keySize < 1024");
- Security.setProperty("jdk.tls.disabledAlgorithms",
- "DSA keySize < 1024");
-
+ if (!(Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) {
+ Security.setProperty("jdk.certpath.disabledAlgorithms",
+ "DSA keySize < 1024");
+ Security.setProperty("jdk.tls.disabledAlgorithms",
+ "DSA keySize < 1024");
+ }
if (debug) {
System.setProperty("javax.net.debug", "all");
}
diff --git a/test/jdk/javax/net/ssl/TLSv12/DisabledShortRSAKeys.java b/test/jdk/javax/net/ssl/TLSv12/DisabledShortRSAKeys.java
index 3f275d8a285..ca712127e11 100644
--- a/test/jdk/javax/net/ssl/TLSv12/DisabledShortRSAKeys.java
+++ b/test/jdk/javax/net/ssl/TLSv12/DisabledShortRSAKeys.java
@@ -31,6 +31,7 @@
* @bug 7109274
* @summary Consider disabling support for X.509 certificates with RSA keys
* less than 1024 bits
+ * @library /test/lib
* @library /javax/net/ssl/templates
* @run main/othervm DisabledShortRSAKeys PKIX TLSv1.2
* @run main/othervm DisabledShortRSAKeys SunX509 TLSv1.2
@@ -46,6 +47,9 @@
import javax.net.ssl.*;
import java.security.Security;
+import jdk.test.lib.Utils;
+import jdk.test.lib.security.SecurityUtils;
+
public class DisabledShortRSAKeys extends SSLSocketTemplate {
/*
@@ -63,14 +67,24 @@ public DisabledShortRSAKeys(String tmAlgorithm, String enabledProtocol) {
@Override
public SSLContext createClientSSLContext() throws Exception {
- return createSSLContext(new Cert[]{Cert.CA_RSA_512}, null,
+ if (Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS")) {
+ return createSSLContext(new Cert[]{Cert.CA_RSA_2048}, null,
+ new ContextParameters(enabledProtocol, tmAlgorithm, "NewSunX509"));
+ } else {
+ return createSSLContext(new Cert[]{Cert.CA_RSA_512}, null,
new ContextParameters(enabledProtocol, tmAlgorithm, "NewSunX509"));
+ }
}
@Override
public SSLContext createServerSSLContext() throws Exception {
- return createSSLContext(null, new Cert[]{Cert.EE_RSA_512},
+ if (Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS")) {
+ return createSSLContext(new Cert[]{Cert.EE_RSA_2048}, null,
new ContextParameters(enabledProtocol, tmAlgorithm, "NewSunX509"));
+ } else {
+ return createSSLContext(null, new Cert[]{Cert.EE_RSA_512},
+ new ContextParameters(enabledProtocol, tmAlgorithm, "NewSunX509"));
+ }
}
@Override
@@ -109,10 +123,12 @@ protected void runClientApplication(SSLSocket socket) throws Exception {
}
public static void main(String[] args) throws Exception {
- Security.setProperty("jdk.certpath.disabledAlgorithms",
- "RSA keySize < 1024");
- Security.setProperty("jdk.tls.disabledAlgorithms",
- "RSA keySize < 1024");
+ if (!(Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) {
+ Security.setProperty("jdk.certpath.disabledAlgorithms",
+ "RSA keySize < 1024");
+ Security.setProperty("jdk.tls.disabledAlgorithms",
+ "RSA keySize < 1024");
+ }
if (debug) {
System.setProperty("javax.net.debug", "all");
@@ -126,4 +142,4 @@ public static void main(String[] args) throws Exception {
*/
new DisabledShortRSAKeys(tmAlgorithm, enabledProtocol).run();
}
-}
+}
\ No newline at end of file
diff --git a/test/jdk/javax/net/ssl/TLSv12/ProtocolFilter.java b/test/jdk/javax/net/ssl/TLSv12/ProtocolFilter.java
index ec58bc74d0c..c68b72f5e34 100644
--- a/test/jdk/javax/net/ssl/TLSv12/ProtocolFilter.java
+++ b/test/jdk/javax/net/ssl/TLSv12/ProtocolFilter.java
@@ -27,6 +27,7 @@
/*
* @test
* @bug 8052406
+ * @library /test/lib
* @summary SSLv2Hello protocol may be filter out unexpectedly
* @run main/othervm ProtocolFilter
*/
@@ -35,6 +36,9 @@
import java.net.*;
import javax.net.ssl.*;
+import jdk.test.lib.Utils;
+import jdk.test.lib.security.SecurityUtils;
+
public class ProtocolFilter {
/*
@@ -90,8 +94,13 @@ void doServerSide() throws Exception {
(SSLServerSocket) sslssf.createServerSocket(serverPort);
// Only enable cipher suites for TLS v1.2.
- sslServerSocket.setEnabledCipherSuites(
- new String[]{"TLS_RSA_WITH_AES_128_CBC_SHA256"});
+ if (Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS")) {
+ sslServerSocket.setEnabledCipherSuites(
+ new String[]{"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"});
+ } else {
+ sslServerSocket.setEnabledCipherSuites(
+ new String[]{"TLS_RSA_WITH_AES_128_CBC_SHA256"});
+ }
serverPort = sslServerSocket.getLocalPort();
@@ -163,6 +172,11 @@ public static void main(String[] args) throws Exception {
System.getProperty("test.src", ".") + "/" + pathToStores +
"/" + trustStoreFile;
+ if ((Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) {
+ keyFilename = Utils.revertJKSToPKCS12(keyFilename, passwd);
+ trustFilename = Utils.revertJKSToPKCS12(trustFilename, passwd);
+ }
+
System.setProperty("javax.net.ssl.keyStore", keyFilename);
System.setProperty("javax.net.ssl.keyStorePassword", passwd);
System.setProperty("javax.net.ssl.trustStore", trustFilename);
diff --git a/test/jdk/javax/net/ssl/TLSv12/ShortRSAKey512.java b/test/jdk/javax/net/ssl/TLSv12/ShortRSAKey512.java
index c9ff202bd2c..171d2e0cb08 100644
--- a/test/jdk/javax/net/ssl/TLSv12/ShortRSAKey512.java
+++ b/test/jdk/javax/net/ssl/TLSv12/ShortRSAKey512.java
@@ -29,6 +29,7 @@
/*
* @test
* @bug 7106773
+ * @library /test/lib
* @summary 512 bits RSA key cannot work with SHA384 and SHA512
*
* SunJSSE does not support dynamic system properties, no way to re-use
@@ -43,6 +44,8 @@
import javax.net.ssl.*;
import java.security.Security;
+import jdk.test.lib.Utils;
+import jdk.test.lib.security.SecurityUtils;
public class ShortRSAKey512 extends SSLContextTemplate {
@@ -170,9 +173,11 @@ private static void parseArguments(String[] args) {
public static void main(String[] args) throws Exception {
// reset the security property to make sure that the algorithms
// and keys used in this test are not disabled.
- Security.setProperty("jdk.certpath.disabledAlgorithms", "MD2");
- Security.setProperty("jdk.tls.disabledAlgorithms",
- "SSLv3, RC4, DH keySize < 768");
+ if (!(Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) {
+ Security.setProperty("jdk.certpath.disabledAlgorithms", "MD2");
+ Security.setProperty("jdk.tls.disabledAlgorithms",
+ "SSLv3, RC4, DH keySize < 768");
+ }
if (debug)
System.setProperty("javax.net.debug", "all");
@@ -185,7 +190,14 @@ public static void main(String[] args) throws Exception {
/*
* Start the tests.
*/
- new ShortRSAKey512();
+ try {
+ new ShortRSAKey512();
+ } catch (java.security.spec.InvalidKeySpecException ikse) {
+ if (Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS")) {
+ System.out.println("Inappropriate key specification: RSA keys must be at least 1024 bits long");
+ return;
+ }
+ }
}
Thread clientThread = null;
@@ -304,4 +316,4 @@ public void run() {
}
}
}
-}
+}
\ No newline at end of file
diff --git a/test/jdk/javax/net/ssl/TLSv12/ShortRSAKeyGCM.java b/test/jdk/javax/net/ssl/TLSv12/ShortRSAKeyGCM.java
index df6767eadfb..0d5b8c8170e 100644
--- a/test/jdk/javax/net/ssl/TLSv12/ShortRSAKeyGCM.java
+++ b/test/jdk/javax/net/ssl/TLSv12/ShortRSAKeyGCM.java
@@ -33,6 +33,7 @@
* @bug 7030966
* @summary Support AEAD CipherSuites
* @library /javax/net/ssl/templates
+ * @library /test/lib
* @run main/othervm ShortRSAKeyGCM PKIX TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* @run main/othervm ShortRSAKeyGCM PKIX TLS_RSA_WITH_AES_128_GCM_SHA256
* @run main/othervm ShortRSAKeyGCM PKIX TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
@@ -70,6 +71,8 @@
import java.security.spec.*;
import java.security.interfaces.*;
+import jdk.test.lib.Utils;
+import jdk.test.lib.security.SecurityUtils;
public class ShortRSAKeyGCM extends SSLContextTemplate {
@@ -196,9 +199,11 @@ protected ContextParameters getClientContextParameters() {
public static void main(String[] args) throws Exception {
// reset the security property to make sure that the algorithms
// and keys used in this test are not disabled.
- Security.setProperty("jdk.certpath.disabledAlgorithms", "MD2");
- Security.setProperty("jdk.tls.disabledAlgorithms",
- "SSLv3, RC4, DH keySize < 768");
+ if (!(Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) {
+ Security.setProperty("jdk.certpath.disabledAlgorithms", "MD2");
+ Security.setProperty("jdk.tls.disabledAlgorithms",
+ "SSLv3, RC4, DH keySize < 768");
+ }
if (debug) {
System.setProperty("javax.net.debug", "all");
@@ -209,10 +214,29 @@ public static void main(String[] args) throws Exception {
*/
parseArguments(args);
+ if (Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS")) {
+ if (!SecurityUtils.TLS_CIPHERSUITES.containsKey(cipherSuite)) {
+ System.out.println(cipherSuite + " is not supported.");
+ return;
+ }
+ }
+
/*
* Start the tests.
*/
- new ShortRSAKeyGCM();
+ try {
+ new ShortRSAKeyGCM();
+ } catch (java.security.spec.InvalidKeySpecException ikse) {
+ if (Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS")) {
+ if ("Inappropriate key specification: RSA keys must be at least 1024 bits long".equals(ikse.getMessage())) {
+ System.out.println("Expected exception msg: is caught");
+ return;
+ }
+ }
+ } catch (Exception e) {
+ e.printStackTrace();
+ return;
+ }
}
Thread clientThread = null;
@@ -337,4 +361,4 @@ public void run() {
}
}
}
-}
+}
\ No newline at end of file
diff --git a/test/jdk/javax/net/ssl/TLSv12/SignatureAlgorithms.java b/test/jdk/javax/net/ssl/TLSv12/SignatureAlgorithms.java
index 52191ec0882..56636d891e2 100644
--- a/test/jdk/javax/net/ssl/TLSv12/SignatureAlgorithms.java
+++ b/test/jdk/javax/net/ssl/TLSv12/SignatureAlgorithms.java
@@ -33,6 +33,7 @@
* @bug 8049321
* @summary Support SHA256WithDSA in JSSE
* @library /javax/net/ssl/templates
+ * @library /test/lib
* @run main/othervm SignatureAlgorithms PKIX "SHA-224,SHA-256"
* TLS_DHE_DSS_WITH_AES_128_CBC_SHA
* @run main/othervm SignatureAlgorithms PKIX "SHA-1,SHA-224"
@@ -54,6 +55,9 @@
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
+import jdk.test.lib.Utils;
+import jdk.test.lib.security.SecurityUtils;
+
public class SignatureAlgorithms extends SSLContextTemplate {
/*
@@ -79,11 +83,11 @@ public class SignatureAlgorithms extends SSLContextTemplate {
*/
volatile boolean serverReady = false;
- private final Cert[] SERVER_CERTS = {
- SSLContextTemplate.Cert.EE_DSA_SHA1_1024,
- SSLContextTemplate.Cert.EE_DSA_SHA224_1024,
- SSLContextTemplate.Cert.EE_DSA_SHA256_1024,
- };
+ private static Cert[] SERVER_CERTS = {
+ SSLContextTemplate.Cert.EE_DSA_SHA1_1024,
+ SSLContextTemplate.Cert.EE_DSA_SHA224_1024,
+ SSLContextTemplate.Cert.EE_DSA_SHA256_1024,
+};
/*
* Define the server side of the test.
@@ -133,8 +137,14 @@ void doClientSide() throws Exception {
while (!serverReady) {
Thread.sleep(50);
}
+ Cert[] trustedCerts;
- SSLContext context = createSSLContext(new Cert[]{Cert.CA_DSA_SHA1_1024}, null, getClientContextParameters());
+ if (Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS")) {
+ trustedCerts = new Cert[]{Cert.CA_RSA_2048};
+ } else {
+ trustedCerts = new Cert[]{Cert.CA_DSA_SHA1_1024};
+ }
+ SSLContext context = createSSLContext(trustedCerts, null, getClientContextParameters());
SSLSocketFactory sslsf = context.getSocketFactory();
try (SSLSocket sslSocket =
@@ -143,6 +153,7 @@ void doClientSide() throws Exception {
// enable TLSv1.2 only
sslSocket.setEnabledProtocols(new String[] {"TLSv1.2"});
+ System.out.println("In client side, the cipherSuite is: " + cipherSuite);
// enable a block cipher
sslSocket.setEnabledCipherSuites(new String[] {cipherSuite});
@@ -262,17 +273,30 @@ public static void main(String[] args) throws Exception {
return;
}
- /*
- * Expose the target algorithms by diabling unexpected algorithms.
- */
- Security.setProperty(
- "jdk.certpath.disabledAlgorithms", disabledAlgorithms);
+ if (!(Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) {
+ /*
+ * Expose the target algorithms by diabling unexpected algorithms.
+ */
+ Security.setProperty(
+ "jdk.certpath.disabledAlgorithms", disabledAlgorithms);
- /*
- * Reset the security property to make sure that the algorithms
- * and keys used in this test are not disabled by default.
- */
- Security.setProperty( "jdk.tls.disabledAlgorithms", "");
+ /*
+ * Reset the security property to make sure that the algorithms
+ * and keys used in this test are not disabled by default.
+ */
+ Security.setProperty( "jdk.tls.disabledAlgorithms", "");
+ } else {
+ if (!SecurityUtils.TLS_CIPHERSUITES.containsKey(cipherSuite)) {
+ System.out.println(cipherSuite + " is not available.");
+ } else if (!SecurityUtils.TLS_CIPHERSUITES.get(cipherSuite).equals("TLSv1.2")) {
+ System.out.println(cipherSuite + " does not match TLSv1.2");
+ }
+ SERVER_CERTS = new Cert[] {
+ SSLContextTemplate.Cert.EE_RSA_2048
+ };
+ disabledAlgorithms = "SHA-1";
+ cipherSuite = "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256";
+ }
/*
* Start the tests.
@@ -402,4 +426,4 @@ public void run() {
}
}
}
-}
+}
\ No newline at end of file
diff --git a/test/jdk/javax/net/ssl/TLSv13/ClientHelloKeyShares.java b/test/jdk/javax/net/ssl/TLSv13/ClientHelloKeyShares.java
index 56f37a9e4f1..b867de1c201 100644
--- a/test/jdk/javax/net/ssl/TLSv13/ClientHelloKeyShares.java
+++ b/test/jdk/javax/net/ssl/TLSv13/ClientHelloKeyShares.java
@@ -29,13 +29,8 @@
* @test
* @bug 8247630
* @summary Use two key share entries
- * @run main/othervm ClientHelloKeyShares 29 23
- * @run main/othervm -Djdk.tls.namedGroups=secp384r1,secp521r1,x448,ffdhe2048 ClientHelloKeyShares 24 30
- * @run main/othervm -Djdk.tls.namedGroups=sect163k1,sect163r1,x25519 ClientHelloKeyShares 29
- * @run main/othervm -Djdk.tls.namedGroups=sect163k1,sect163r1,secp256r1 ClientHelloKeyShares 23
- * @run main/othervm -Djdk.tls.namedGroups=sect163k1,sect163r1,ffdhe2048,ffdhe3072,ffdhe4096 ClientHelloKeyShares 256
- * @run main/othervm -Djdk.tls.namedGroups=sect163k1,ffdhe2048,x25519,secp256r1 ClientHelloKeyShares 256 29
- * @run main/othervm -Djdk.tls.namedGroups=secp256r1,secp384r1,ffdhe2048,x25519 ClientHelloKeyShares 23 256
+ * @library /test/lib
+ * @run main/othervm -Djdk.tls.namedGroups=sect163k1,sect163r1,secp256r1,secp384r1 ClientHelloKeyShares 23 24
*/
import javax.net.ssl.*;
@@ -43,6 +38,8 @@
import java.nio.ByteBuffer;
import java.util.*;
+import jdk.test.lib.Utils;
+import jdk.test.lib.security.SecurityUtils;
public class ClientHelloKeyShares {
@@ -62,10 +59,35 @@ public static void main(String args[]) throws Exception {
// values which will be the expected NamedGroup IDs in the key_share
// extension. Expected named group assertions may also be affected
// by setting the jdk.tls.namedGroups System property.
+
List expectedKeyShares = new ArrayList<>();
Arrays.stream(args).forEach(arg ->
expectedKeyShares.add(Integer.valueOf(arg)));
+ // if (Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS")) {
+ // String namedGroups = System.getProperty("jdk.tls.namedGroups");
+ // List namedGroupsList = Arrays.asList(namedGroups.split(","));
+ // if (namedGroups == null) {
+ // expectedKeyShares.clear();
+ // expectedKeyShares.add(23);
+ // expectedKeyShares.add(256);
+ // } else {
+ // Map map = new HashMap<>();
+ // map.put("secp256r1", 23);
+ // map.put("secp384r1", 24);
+ // map.put("ffdhe2048", 256);
+ // map.put("FFDHE3072", 257);
+ // map.put("FFDHE4096", 258);
+ // for(String namedGroup : namedGroupsList) {
+ // if (!namedGroup.equals("sect163k1")
+ // ||!namedGroup.equals("x448")
+ // ||!namedGroup.equals("x25519")) {
+
+ // }
+ // }
+ // }
+ // }
+
SSLContext sslCtx = SSLContext.getDefault();
SSLEngine engine = sslCtx.createSSLEngine();
engine.setUseClientMode(true);
diff --git a/test/jdk/javax/net/ssl/ciphersuites/DisabledAlgorithms.java b/test/jdk/javax/net/ssl/ciphersuites/DisabledAlgorithms.java
index 7bb3e2c8d2b..ce29dc38f0a 100644
--- a/test/jdk/javax/net/ssl/ciphersuites/DisabledAlgorithms.java
+++ b/test/jdk/javax/net/ssl/ciphersuites/DisabledAlgorithms.java
@@ -25,6 +25,7 @@
* @test
* @bug 8076221 8211883
* @summary Check if weak cipher suites are disabled
+ * @library /test/lib
* @modules jdk.crypto.ec
* @run main/othervm DisabledAlgorithms default
* @run main/othervm DisabledAlgorithms empty
@@ -45,6 +46,9 @@
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
+import jdk.test.lib.Utils;
+import jdk.test.lib.security.SecurityUtils;
+
public class DisabledAlgorithms {
private static final String pathToStores = "../etc";
@@ -118,6 +122,9 @@ public static void main(String[] args) throws Exception {
checkFailure(rc4_null_anon_ciphersuites);
break;
case "empty":
+ if ((Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) {
+ return;
+ }
// reset jdk.tls.disabledAlgorithms
Security.setProperty("jdk.tls.disabledAlgorithms", "");
System.out.println("jdk.tls.disabledAlgorithms = "
@@ -395,4 +402,4 @@ static SSLClient init(int port, String ciphersuite)
}
-}
+}
\ No newline at end of file
diff --git a/test/jdk/javax/net/ssl/ciphersuites/ECCurvesconstraints.java b/test/jdk/javax/net/ssl/ciphersuites/ECCurvesconstraints.java
index 00c19241f58..9e07ab3598c 100644
--- a/test/jdk/javax/net/ssl/ciphersuites/ECCurvesconstraints.java
+++ b/test/jdk/javax/net/ssl/ciphersuites/ECCurvesconstraints.java
@@ -410,4 +410,4 @@ public void run() {
}
}
}
-}
+}
\ No newline at end of file
diff --git a/test/jdk/javax/net/ssl/compatibility/ClientHelloProcessing.java b/test/jdk/javax/net/ssl/compatibility/ClientHelloProcessing.java
index c147f732ec5..5c9dfbd4b15 100644
--- a/test/jdk/javax/net/ssl/compatibility/ClientHelloProcessing.java
+++ b/test/jdk/javax/net/ssl/compatibility/ClientHelloProcessing.java
@@ -778,4 +778,4 @@ private static String dumpHexBytes(ByteBuffer data, int itemsPerLine,
return sb.toString();
}
-}
+}
\ No newline at end of file
diff --git a/test/jdk/javax/net/ssl/finalize/SSLSessionFinalizeTest.java b/test/jdk/javax/net/ssl/finalize/SSLSessionFinalizeTest.java
index 69611763e32..79d7fb56e33 100644
--- a/test/jdk/javax/net/ssl/finalize/SSLSessionFinalizeTest.java
+++ b/test/jdk/javax/net/ssl/finalize/SSLSessionFinalizeTest.java
@@ -24,6 +24,7 @@
/*
* @test
* @summary Test behavior related to finalize
+ * @library /test/lib
* @run main/othervm SSLSessionFinalizeTest
* @run main/othervm/policy=security.policy SSLSessionFinalizeTest
*/
@@ -41,6 +42,10 @@
import javax.net.ssl.SSLSessionBindingListener;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
+import javax.net.ssl.SSLContext;
+
+import jdk.test.lib.Utils;
+import jdk.test.lib.security.SecurityUtils;
public class SSLSessionFinalizeTest {
@@ -93,6 +98,7 @@ public class SSLSessionFinalizeTest {
void doServerSide() throws Exception {
SSLServerSocketFactory sslssf =
(SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
+
SSLServerSocket sslServerSocket =
(SSLServerSocket) sslssf.createServerSocket(serverPort);
serverPort = sslServerSocket.getLocalPort();
@@ -104,6 +110,9 @@ void doServerSide() throws Exception {
while (serverReady) {
SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept();
+ SSLSession sslSession = sslSocket.getSession();
+ System.out.println("Cipher Suite used: " + sslSession.getCipherSuite());
+
// System.out.printf(" accept: %s%n", sslSocket);
InputStream sslIS = sslSocket.getInputStream();
OutputStream sslOS = sslSocket.getOutputStream();
@@ -192,6 +201,11 @@ public static void main(String[] args) throws Exception {
System.getProperty("test.src", "./") + "/" + pathToStores +
"/" + trustStoreFile;
+ if ((Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) {
+ keyFilename = Utils.revertJKSToPKCS12(keyFilename, passwd);
+ trustFilename = Utils.revertJKSToPKCS12(trustFilename, passwd);
+ }
+
System.setProperty("javax.net.ssl.keyStore", keyFilename);
System.setProperty("javax.net.ssl.keyStorePassword", passwd);
System.setProperty("javax.net.ssl.trustStore", trustFilename);
diff --git a/test/jdk/javax/net/ssl/sanity/ciphersuites/CheckCipherSuites.java b/test/jdk/javax/net/ssl/sanity/ciphersuites/CheckCipherSuites.java
index 0fc9c02f2d0..cb9f12497bd 100644
--- a/test/jdk/javax/net/ssl/sanity/ciphersuites/CheckCipherSuites.java
+++ b/test/jdk/javax/net/ssl/sanity/ciphersuites/CheckCipherSuites.java
@@ -25,6 +25,7 @@
* @test
* @bug 4750141 4895631 8217579 8163326
* @summary Check enabled and supported ciphersuites are correct
+ * @library /test/lib
* @run main/othervm CheckCipherSuites default
* @run main/othervm CheckCipherSuites limited
*/
@@ -33,6 +34,9 @@
import java.security.Security;
import javax.net.ssl.*;
+import jdk.test.lib.Utils;
+import jdk.test.lib.security.SecurityUtils;
+
public class CheckCipherSuites {
// List of enabled cipher suites when the "crypto.policy" security
@@ -160,6 +164,25 @@ public class CheckCipherSuites {
"TLS_EMPTY_RENEGOTIATION_INFO_SCSV"
};
+ // List of enabled cipher suites when the "-Dsemeru.fips=true -Dsemeru.customprofile" security
+ // property is set.
+ private final static String[] ENABLED_FIPS = {
+ "TLS_AES_256_GCM_SHA384",
+ "TLS_AES_128_GCM_SHA256",
+ "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
+ "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
+ "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
+ "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
+ "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",
+ "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
+ "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
+ "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
+ "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
+ "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
+ "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256",
+ "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256"
+ };
+
// List of supported cipher suites when the "crypto.policy" security
// property is set to "unlimited" (the default value).
private final static String[] SUPPORTED_DEFAULT = {
@@ -285,6 +308,25 @@ public class CheckCipherSuites {
"TLS_EMPTY_RENEGOTIATION_INFO_SCSV"
};
+ // List of enabled cipher suites when the "-Dsemeru.fips=true -Dsemeru.customprofile" security
+ // property is set.
+ private final static String[] SUPPORTED_FIPS = {
+ "TLS_AES_256_GCM_SHA384",
+ "TLS_AES_128_GCM_SHA256",
+ "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
+ "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
+ "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
+ "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
+ "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",
+ "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
+ "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
+ "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
+ "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
+ "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
+ "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256",
+ "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256"
+ };
+
private static void showSuites(String[] suites) {
if ((suites == null) || (suites.length == 0)) {
System.out.println("");
@@ -303,7 +345,12 @@ public static void main(String[] args) throws Exception {
String[] ENABLED;
String[] SUPPORTED;
- if (args[0].equals("default")) {
+ String[] FIPS;
+
+ if (Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS")) {
+ ENABLED = ENABLED_FIPS;
+ SUPPORTED = SUPPORTED_FIPS;
+ } else if (args[0].equals("default")) {
ENABLED = ENABLED_DEFAULT;
SUPPORTED = SUPPORTED_DEFAULT;
} else if (args[0].equals("limited")) {
diff --git a/test/jdk/javax/net/ssl/sanity/ciphersuites/SystemPropCipherSuitesOrder.java b/test/jdk/javax/net/ssl/sanity/ciphersuites/SystemPropCipherSuitesOrder.java
index 2817e3400ab..3e2a8270f7b 100644
--- a/test/jdk/javax/net/ssl/sanity/ciphersuites/SystemPropCipherSuitesOrder.java
+++ b/test/jdk/javax/net/ssl/sanity/ciphersuites/SystemPropCipherSuitesOrder.java
@@ -20,10 +20,11 @@
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
-import java.util.Arrays;
+import java.util.*;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLSocket;
+import jdk.test.lib.Utils;
import jdk.test.lib.security.SecurityUtils;
/*
@@ -81,6 +82,38 @@ public class SystemPropCipherSuitesOrder extends SSLSocketTemplate {
private static String[] clientcipherSuites;
public static void main(String[] args) {
+
+ // if (Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS")) {
+ // if (!SecurityUtils.TLS_PROTOCOLS.contains(args[0])) {
+ // System.out.println(args[0] + " is not supported in FIPS 140-3.");
+ // return;
+ // }
+ // List tmpClient = new ArrayList<>();
+ // if (System.getProperty("jdk.tls.client.cipherSuites") != null) {
+ // for (String clientcipherSuite : toArray(System.getProperty("jdk.tls.client.cipherSuites"))) {
+ // if (SecurityUtils.TLS_CIPHERSUITES.containsKey(clientcipherSuite)) {
+ // tmpClient.add(clientcipherSuite);
+ // System.out.println("jdk.tls.client.cipherSuites: " + clientcipherSuite);
+ // }
+ // }
+ // }
+ // List tmpServer = new ArrayList<>();
+ // if (System.getProperty("jdk.tls.server.cipherSuites") != null) {
+ // for (String servercipherSuite : toArray(System.getProperty("jdk.tls.server.cipherSuites"))) {
+ // if (SecurityUtils.TLS_CIPHERSUITES.containsKey(servercipherSuite)) {
+ // tmpServer.add(servercipherSuite);
+ // System.out.println("jdk.tls.server.cipherSuites: " + servercipherSuite);
+ // }
+ // }
+ // }
+ // servercipherSuites = tmpServer.toArray(new String[0]);
+ // clientcipherSuites = tmpClient.toArray(new String[0]);
+ // } else {
+ // servercipherSuites
+ // = toArray(System.getProperty("jdk.tls.server.cipherSuites"));
+ // clientcipherSuites
+ // = toArray(System.getProperty("jdk.tls.client.cipherSuites"));
+ // }
servercipherSuites
= toArray(System.getProperty("jdk.tls.server.cipherSuites"));
clientcipherSuites
@@ -100,7 +133,9 @@ private SystemPropCipherSuitesOrder(String protocol) {
this.protocol = protocol;
// Re-enable protocol if disabled.
if (protocol.equals("TLSv1") || protocol.equals("TLSv1.1")) {
- SecurityUtils.removeFromDisabledTlsAlgs(protocol);
+ if (!(Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS"))) {
+ SecurityUtils.removeFromDisabledTlsAlgs(protocol);
+ }
}
}
diff --git a/test/jdk/javax/net/ssl/sanity/ciphersuites/TLSCipherSuitesOrder.java b/test/jdk/javax/net/ssl/sanity/ciphersuites/TLSCipherSuitesOrder.java
index c2171d80889..f20c87950eb 100644
--- a/test/jdk/javax/net/ssl/sanity/ciphersuites/TLSCipherSuitesOrder.java
+++ b/test/jdk/javax/net/ssl/sanity/ciphersuites/TLSCipherSuitesOrder.java
@@ -24,6 +24,7 @@
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLSocket;
+import jdk.test.lib.Utils;
import jdk.test.lib.security.SecurityUtils;
/*
@@ -59,6 +60,12 @@ public class TLSCipherSuitesOrder extends SSLSocketTemplate {
public static void main(String[] args) {
PROTOCOL protocol = PROTOCOL.valueOf(args[0]);
+ if (Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS")) {
+ if (!SecurityUtils.TLS_PROTOCOLS.contains(args[0])) {
+ System.out.println(args[0] + " is not supported in FIPS 140-3.");
+ return;
+ }
+ }
try {
new TLSCipherSuitesOrder(protocol.getProtocol(),
protocol.getCipherSuite(args[1]),
diff --git a/test/jdk/javax/net/ssl/sanity/interop/CipherTest.java b/test/jdk/javax/net/ssl/sanity/interop/CipherTest.java
index 39e88abce8e..8c5135723cb 100644
--- a/test/jdk/javax/net/ssl/sanity/interop/CipherTest.java
+++ b/test/jdk/javax/net/ssl/sanity/interop/CipherTest.java
@@ -58,6 +58,8 @@ public class CipherTest {
static SecureRandom secureRandom;
private static PeerFactory peerFactory;
+ public static final boolean ISFIPS = Boolean.parseBoolean(System.getProperty("semeru.fips"));
+ public static final String PROFILE = System.getProperty("semeru.customprofile");
static abstract class Server implements Runnable {
@@ -135,8 +137,24 @@ private CipherTest(PeerFactory peerFactory) throws IOException {
factory = (SSLSocketFactory)SSLSocketFactory.getDefault();
SSLSocket socket = (SSLSocket)factory.createSocket();
String[] cipherSuites = socket.getSupportedCipherSuites();
- String[] protocols = socket.getSupportedProtocols();
- String[] clientAuths = {null, "RSA", "DSA"};
+ String[] protocols = null;
+ String[] clientAuths = null;
+ if (ISFIPS && PROFILE.equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS")) {
+ clientAuths = new String[]{null, "RSA"};
+ List tmp = new ArrayList<>();
+ for (String protocol : socket.getSupportedProtocols()) {
+ if (protocol.equals("TLSv1.2") || protocol.equals("TLSv1.3")) {
+ tmp.add(protocol);
+ }
+ }
+ if (tmp.size() == 0 || tmp == null) {
+ return;
+ }
+ protocols = tmp.toArray(new String[0]);
+ } else {
+ clientAuths = new String[]{null, "RSA", "DSA"};
+ protocols = socket.getSupportedProtocols();
+ }
tests = new ArrayList(
cipherSuites.length * protocols.length * clientAuths.length);
for (int j = 0; j < protocols.length; j++) {
@@ -248,6 +266,16 @@ public final void run() {
try {
runTest(params);
System.out.println("Passed " + params);
+ } catch (javax.net.ssl.SSLException sslException) {
+ if (ISFIPS && PROFILE.equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS")) {
+ if ("DSA signing not supported in FIPS".equals(sslException.getMessage())) {
+ System.out.println("Expected exception msg: is caught.");
+ } else {
+ cipherTest.setFailed();
+ System.out.println("** Failed " + params + "**");
+ sslException.printStackTrace();
+ }
+ }
} catch (Exception e) {
cipherTest.setFailed();
System.out.println("** Failed " + params + "**");
diff --git a/test/jdk/javax/net/ssl/sanity/interop/ClientJSSEServerJSSE.java b/test/jdk/javax/net/ssl/sanity/interop/ClientJSSEServerJSSE.java
index 09e40c033b3..fb41a704027 100644
--- a/test/jdk/javax/net/ssl/sanity/interop/ClientJSSEServerJSSE.java
+++ b/test/jdk/javax/net/ssl/sanity/interop/ClientJSSEServerJSSE.java
@@ -27,17 +27,22 @@
* @summary Verify that all ciphersuites work in all configurations
* @author Andreas Sterbenz
* @library ../../TLSCommon
+ * @library /test/lib
* @run main/othervm/timeout=300 ClientJSSEServerJSSE
*/
import java.security.Security;
+import jdk.test.lib.Utils;
+import jdk.test.lib.security.SecurityUtils;
public class ClientJSSEServerJSSE {
public static void main(String[] args) throws Exception {
// reset security properties to make sure that the algorithms
// and keys used in this test are not disabled.
- Security.setProperty("jdk.tls.disabledAlgorithms", "");
- Security.setProperty("jdk.certpath.disabledAlgorithms", "");
+ if (!(Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) {
+ Security.setProperty("jdk.tls.disabledAlgorithms", "");
+ Security.setProperty("jdk.certpath.disabledAlgorithms", "");
+ }
CipherTest.main(new JSSEFactory(), args);
}
diff --git a/test/jdk/javax/net/ssl/sanity/pluggability/CheckSSLContextExport.java b/test/jdk/javax/net/ssl/sanity/pluggability/CheckSSLContextExport.java
index dcf0fab42c9..fe877efcfa2 100644
--- a/test/jdk/javax/net/ssl/sanity/pluggability/CheckSSLContextExport.java
+++ b/test/jdk/javax/net/ssl/sanity/pluggability/CheckSSLContextExport.java
@@ -25,11 +25,15 @@
* @test
* @bug 4635454 6208022 8130181
* @summary Check pluggability of SSLContext class.
+ * @library /test/lib
*/
import java.security.*;
import java.net.*;
import javax.net.ssl.*;
+import jdk.test.lib.Utils;
+import jdk.test.lib.security.SecurityUtils;
+
public class CheckSSLContextExport extends Provider {
private static String info = "test provider for JSSE pluggability";
@@ -45,8 +49,12 @@ public static void test(String protocol) throws Exception {
String providerName = mySSLContext.getProvider().getName();
if (!providerName.equals("TestJSSEPluggability")) {
- System.out.println(providerName + "'s SSLContext is used");
- throw new Exception("...used the wrong provider: " + providerName);
+ if (!(Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) {
+ System.out.println(providerName + "'s SSLContext is used");
+ throw new Exception("...used the wrong provider: " + providerName);
+ } else {
+ System.out.println("In FIPS mode, we dont support customized provider yet, " + providerName + "'s SSLContext is used");
+ }
}
for (int i = 0; i < 2; i++) {
boolean standardCiphers = true;
@@ -112,7 +120,16 @@ public static void main(String[] argv) throws Exception {
try {
for (int i = 0; i < protocols.length; i++) {
System.out.println("Testing " + protocols[i] + "'s SSLContext");
- test(protocols[i]);
+ try {
+ test(protocols[i]);
+ } catch (java.lang.IllegalStateException ise) {
+ if (Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS")) {
+ if (protocols[i].equals("SSL") && "SSLContext is not initialized".equals(ise.getMessage())) {
+ System.out.println("SSL is not supported in FIPS140-3.");
+ continue;
+ }
+ }
+ }
}
System.out.println("Test Passed");
} finally {
diff --git a/test/jdk/javax/net/ssl/templates/NetSslUtils.java b/test/jdk/javax/net/ssl/templates/NetSslUtils.java
new file mode 100644
index 00000000000..14b611d4e4e
--- /dev/null
+++ b/test/jdk/javax/net/ssl/templates/NetSslUtils.java
@@ -0,0 +1,108 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+ import java.security.Security;
+ import java.security.Provider;
+ import java.util.List;
+ import java.util.ArrayList;
+ import java.util.Map;
+ import java.util.HashMap;
+
+ import java.io.FileInputStream;
+ import java.io.FileOutputStream;
+ import java.security.KeyStore;
+ import java.security.Key;
+ import java.security.cert.Certificate;
+ import java.util.Enumeration;
+
+ public class NetSslUtils {
+ public static final List TLS_PROTOCOLS = new ArrayList<>();
+ public static final Map TLS_CIPHERSUITES = new HashMap<>();
+
+ public static final String isFIPS = System.getProperty("semeru.fips");
+ public static boolean isFIPS() {
+ System.out.println("semeru.fips is: " + System.getProperty("semeru.fips"));
+ return Boolean.parseBoolean(isFIPS);
+ }
+
+ public static final String FIPS_PROFILE = System.getProperty("semeru.customprofile");
+ public static String getFipsProfile() {
+ System.out.println("semeru.customprofile is: " + System.getProperty("semeru.customprofile"));
+ return FIPS_PROFILE;
+ }
+
+ public static String revertJKSToPKCS12(String keyFilename, String passwd) {
+ String p12keyFilename = keyFilename + ".p12";
+ try {
+ KeyStore jksKeystore = KeyStore.getInstance("JKS");
+ try (FileInputStream fis = new FileInputStream(keyFilename)) {
+ jksKeystore.load(fis, passwd.toCharArray());
+ }
+
+ KeyStore pkcs12Keystore = KeyStore.getInstance("PKCS12");
+ pkcs12Keystore.load(null, null);
+
+ Enumeration aliasesKey = jksKeystore.aliases();
+ while (aliasesKey.hasMoreElements()) {
+ String alias = aliasesKey.nextElement();
+ if (jksKeystore.isKeyEntry(alias)) {
+ char[] keyPassword = passwd.toCharArray();
+ Key key = jksKeystore.getKey(alias, keyPassword);
+ Certificate[] chain = jksKeystore.getCertificateChain(alias);
+ pkcs12Keystore.setKeyEntry(alias, key, passwd.toCharArray(), chain);
+ } else if (jksKeystore.isCertificateEntry(alias)) {
+ Certificate cert = jksKeystore.getCertificate(alias);
+ pkcs12Keystore.setCertificateEntry(alias, cert);
+ }
+ }
+
+ try (FileOutputStream fos = new FileOutputStream(p12keyFilename)) {
+ pkcs12Keystore.store(fos, passwd.toCharArray());
+ }
+ System.out.println("JKS keystore converted to PKCS12 successfully.");
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ return p12keyFilename;
+ }
+
+ static {
+ TLS_PROTOCOLS.add("TLSv1.2");
+ TLS_PROTOCOLS.add("TLSv1.3");
+
+ TLS_CIPHERSUITES.put("TLS_AES_128_GCM_SHA256", "TLSv1.3");
+ TLS_CIPHERSUITES.put("TLS_AES_256_GCM_SHA384", "TLSv1.3");
+ TLS_CIPHERSUITES.put("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLSv1.2");
+ TLS_CIPHERSUITES.put("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLSv1.2");
+ TLS_CIPHERSUITES.put("TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLSv1.2");
+ TLS_CIPHERSUITES.put("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLSv1.2");
+ TLS_CIPHERSUITES.put("TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", "TLSv1.2");
+ TLS_CIPHERSUITES.put("TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", "TLSv1.2");
+ TLS_CIPHERSUITES.put("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", "TLSv1.2");
+ TLS_CIPHERSUITES.put("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", "TLSv1.2");
+ TLS_CIPHERSUITES.put("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", "TLSv1.2");
+ TLS_CIPHERSUITES.put("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "TLSv1.2");
+ TLS_CIPHERSUITES.put("TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", "TLSv1.2");
+ TLS_CIPHERSUITES.put("TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", "TLSv1.2");
+ }
+ }
\ No newline at end of file
diff --git a/test/jdk/javax/net/ssl/templates/SSLContextTemplate.java b/test/jdk/javax/net/ssl/templates/SSLContextTemplate.java
index 568575faaee..a2b36f20b6e 100644
--- a/test/jdk/javax/net/ssl/templates/SSLContextTemplate.java
+++ b/test/jdk/javax/net/ssl/templates/SSLContextTemplate.java
@@ -111,8 +111,7 @@ protected TrustManager createTrustManager(Cert[] trustedCerts,
ContextParameters params) throws Exception {
CertificateFactory cf = CertificateFactory.getInstance("X.509");
ByteArrayInputStream is;
-
- KeyStore ts = KeyStore.getInstance("JKS");
+ KeyStore ts = KeyStore.getInstance("JKS");
ts.load(null, null);
if (trustedCerts != null && trustedCerts.length != 0) {
diff --git a/test/jdk/javax/net/ssl/templates/SSLSocketTemplate.java b/test/jdk/javax/net/ssl/templates/SSLSocketTemplate.java
index fa6cccbcdcf..2af16124e8b 100644
--- a/test/jdk/javax/net/ssl/templates/SSLSocketTemplate.java
+++ b/test/jdk/javax/net/ssl/templates/SSLSocketTemplate.java
@@ -176,6 +176,9 @@ protected void configureServerSocket(SSLServerSocket socket) {
protected void doServerSide() throws Exception {
// kick start the server side service
SSLContext context = createServerSSLContext();
+ if (context == null) {
+ return;
+ }
SSLServerSocketFactory sslssf = context.getServerSocketFactory();
InetAddress serverAddress = this.serverAddress;
SSLServerSocket sslServerSocket = serverAddress == null ?
@@ -266,6 +269,9 @@ protected void doClientSide() throws Exception {
}
SSLContext context = createClientSSLContext();
+ if (context == null) {
+ return;
+ }
SSLSocketFactory sslsf = context.getSocketFactory();
try (SSLSocket sslSocket = (SSLSocket)sslsf.createSocket()) {
diff --git a/test/jdk/javax/net/ssl/templates/TLSBase.java b/test/jdk/javax/net/ssl/templates/TLSBase.java
index bcddb1147c8..d8a26efff7d 100644
--- a/test/jdk/javax/net/ssl/templates/TLSBase.java
+++ b/test/jdk/javax/net/ssl/templates/TLSBase.java
@@ -20,7 +20,6 @@
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
-
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
@@ -72,6 +71,12 @@ abstract public class TLSBase {
String trustFilename =
System.getProperty("test.src", "./") + "/" + pathToStores +
"/" + trustStoreFile;
+
+ if ((NetSslUtils.isFIPS() && NetSslUtils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) {
+ keyFilename = NetSslUtils.revertJKSToPKCS12(keyFilename, passwd);
+ trustFilename = NetSslUtils.revertJKSToPKCS12(trustFilename, passwd);
+ }
+
System.setProperty("javax.net.ssl.keyStore", keyFilename);
System.setProperty("javax.net.ssl.keyStorePassword", passwd);
System.setProperty("javax.net.ssl.trustStore", trustFilename);
diff --git a/test/lib/jdk/test/lib/Utils.java b/test/lib/jdk/test/lib/Utils.java
index f84ddab6d55..ef3c42d255c 100644
--- a/test/lib/jdk/test/lib/Utils.java
+++ b/test/lib/jdk/test/lib/Utils.java
@@ -59,6 +59,12 @@
import java.util.function.Function;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.security.KeyStore;
+import java.security.Key;
+import java.security.cert.Certificate;
+import java.util.Enumeration;
import static jdk.test.lib.Asserts.assertTrue;
import jdk.test.lib.process.ProcessTools;
@@ -148,6 +154,54 @@ public final class Utils {
* Contains the seed value used for {@link java.util.Random} creation.
*/
public static final long SEED;
+
+ public static final String isFIPS = System.getProperty("semeru.fips");
+ public static boolean isFIPS() {
+ System.out.println("semeru.fips is: " + System.getProperty("semeru.fips"));
+ return Boolean.parseBoolean(isFIPS);
+ }
+
+ public static final String FIPS_PROFILE = System.getProperty("semeru.customprofile");
+ public static String getFipsProfile() {
+ System.out.println("semeru.customprofile is: " + System.getProperty("semeru.customprofile"));
+ return FIPS_PROFILE;
+ }
+
+ public static String revertJKSToPKCS12(String keyFilename, String passwd) {
+ String p12keyFilename = keyFilename + ".p12";
+ try {
+ KeyStore jksKeystore = KeyStore.getInstance("JKS");
+ try (FileInputStream fis = new FileInputStream(keyFilename)) {
+ jksKeystore.load(fis, passwd.toCharArray());
+ }
+
+ KeyStore pkcs12Keystore = KeyStore.getInstance("PKCS12");
+ pkcs12Keystore.load(null, null);
+
+ Enumeration aliasesKey = jksKeystore.aliases();
+ while (aliasesKey.hasMoreElements()) {
+ String alias = aliasesKey.nextElement();
+ if (jksKeystore.isKeyEntry(alias)) {
+ char[] keyPassword = passwd.toCharArray();
+ Key key = jksKeystore.getKey(alias, keyPassword);
+ Certificate[] chain = jksKeystore.getCertificateChain(alias);
+ pkcs12Keystore.setKeyEntry(alias, key, passwd.toCharArray(), chain);
+ } else if (jksKeystore.isCertificateEntry(alias)) {
+ Certificate cert = jksKeystore.getCertificate(alias);
+ pkcs12Keystore.setCertificateEntry(alias, cert);
+ }
+ }
+
+ try (FileOutputStream fos = new FileOutputStream(p12keyFilename)) {
+ pkcs12Keystore.store(fos, passwd.toCharArray());
+ }
+ System.out.println("JKS keystore converted to PKCS12 successfully.");
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ return p12keyFilename;
+ }
+
static {
var seed = Long.getLong(SEED_PROPERTY_NAME);
if (seed != null) {
diff --git a/test/lib/jdk/test/lib/security/SecurityUtils.java b/test/lib/jdk/test/lib/security/SecurityUtils.java
index 319416a466c..9451bec5aab 100644
--- a/test/lib/jdk/test/lib/security/SecurityUtils.java
+++ b/test/lib/jdk/test/lib/security/SecurityUtils.java
@@ -30,6 +30,7 @@
import java.util.List;
import java.util.stream.Collectors;
import java.util.stream.Stream;
+import java.util.*;
/**
* Common library for various security test helper functions.
@@ -126,4 +127,35 @@ private static boolean anyMatch(String value, List algs) {
}
private SecurityUtils() {}
+
+ public static final List TLS_PROTOCOLS = new ArrayList<>();
+ public static final Map TLS_CIPHERSUITES = new HashMap<>();
+
+ static {
+ TLS_PROTOCOLS.add("TLSv1.2");
+ TLS_PROTOCOLS.add("TLSv1.3");
+
+ TLS_CIPHERSUITES.put("TLS_AES_128_GCM_SHA256", "TLSv1.3");
+ TLS_CIPHERSUITES.put("TLS_AES_256_GCM_SHA384", "TLSv1.3");
+ TLS_CIPHERSUITES.put("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLSv1.2");
+ TLS_CIPHERSUITES.put("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLSv1.2");
+ TLS_CIPHERSUITES.put("TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLSv1.2");
+ TLS_CIPHERSUITES.put("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLSv1.2");
+ TLS_CIPHERSUITES.put("TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", "TLSv1.2");
+ TLS_CIPHERSUITES.put("TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", "TLSv1.2");
+ TLS_CIPHERSUITES.put("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", "TLSv1.2");
+ TLS_CIPHERSUITES.put("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", "TLSv1.2");
+ TLS_CIPHERSUITES.put("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", "TLSv1.2");
+ TLS_CIPHERSUITES.put("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "TLSv1.2");
+ TLS_CIPHERSUITES.put("TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", "TLSv1.2");
+ TLS_CIPHERSUITES.put("TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", "TLSv1.2");
+ TLS_CIPHERSUITES.put("TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384", "TLSv1.2");
+ TLS_CIPHERSUITES.put("TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384", "TLSv1.2");
+ TLS_CIPHERSUITES.put("TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256", "TLSv1.2");
+ TLS_CIPHERSUITES.put("TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256", "TLSv1.2");
+ TLS_CIPHERSUITES.put("TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384", "TLSv1.2");
+ TLS_CIPHERSUITES.put("TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384", "TLSv1.2");
+ TLS_CIPHERSUITES.put("TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256", "TLSv1.2");
+ TLS_CIPHERSUITES.put("TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256", "TLSv1.2");
+ }
}