openjdk · mpdonova · Oct 24, 2025
diff --git a/test/jdk/sun/security/ssl/CipherSuite/DisabledCipherSuitesNotNegotiated.java b/test/jdk/sun/security/ssl/CipherSuite/DisabledCipherSuitesNotNegotiated.java
@@ -0,0 +1,150 @@
+/*
+ * Copyright (c) 2025, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @library /test/lib
+ * @run main/othervm DisabledCipherSuitesNotNegotiated client
+ * @run main/othervm DisabledCipherSuitesNotNegotiated server
+ */
+
+import java.net.InetAddress;
+import java.nio.charset.StandardCharsets;
+import java.util.concurrent.CountDownLatch;
+import java.util.concurrent.ExecutorService;
+import java.util.concurrent.Executors;
+import java.util.concurrent.TimeUnit;
+
+import jdk.test.lib.security.SecurityUtils;
+import jdk.test.lib.process.ProcessTools;
+import jdk.test.lib.process.OutputAnalyzer;
+
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLServerSocket;
+import javax.net.ssl.SSLServerSocketFactory;
+import javax.net.ssl.SSLSocket;
+import javax.net.ssl.SSLSocketFactory;
+import javax.net.ssl.SSLHandshakeException;
+
+public class DisabledCipherSuitesNotNegotiated {
+    private static volatile int serverPort = 0;
+    private static volatile Exception serverException = null;
+
+    private static final CountDownLatch waitForServer = new CountDownLatch(1);
+    private static final int WAIT_FOR_SERVER_SECS = 5;
+
+    private static final String DISABLED_CIPHERSUITE = "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384";
+    private static final String DISABLED_CIPHER_WILDCARD = "TLS_ECDH*WITH_AES_256_GCM_*";
+
+    private static void runServer(boolean disabledInClient) throws Exception {
+        SSLContext ctx = SSLContext.getInstance("TLSv1.2");
+        ctx.init(null, null, null);
+        SSLServerSocketFactory factory = ctx.getServerSocketFactory();
+        try(SSLServerSocket serverSocket = (SSLServerSocket)factory
+                .createServerSocket(0, -1, InetAddress.getLoopbackAddress())) {
+            serverPort = serverSocket.getLocalPort();
+            waitForServer.countDown();
+
+            if (disabledInClient) {
+                // set cipher suite to disabled ciphersuite
+                serverSocket.setEnabledCipherSuites(new String[]{DISABLED_CIPHERSUITE});
+            }
+
+            try(SSLSocket clientSocket = (SSLSocket) serverSocket.accept()) {
+                try {
+                    clientSocket.getInputStream().readAllBytes();
+                    throw new Exception("The expected handshake exception was not thrown.");
+                } catch (SSLHandshakeException exc) {
+                    System.out.println("Server caught excepted SSLHandshakeException");
+                    exc.printStackTrace(System.out);
+                }
+            }
+        }
+    }
+
+    private static void runClient(boolean disableInClient, int portNumber) throws Exception {
+        SSLContext ctx = SSLContext.getInstance("TLSv1.2");
+        ctx.init(null, null, null);
+        SSLSocketFactory factory = ctx.getSocketFactory();
+        try(SSLSocket socket = (SSLSocket)factory.createSocket("localhost", portNumber)) {
+            if (!disableInClient) {
+                socket.setEnabledCipherSuites(new String[]{DISABLED_CIPHERSUITE});
+            }
+
+            try {
+                socket.getOutputStream().write("hello".getBytes(StandardCharsets.UTF_8));
+                throw new Exception("The expected handshake exception was not thrown.");
+            } catch (SSLHandshakeException exc) {
+                System.out.println("Client caught excepted SSLHandshakeException");
+            }
+        }
+    }
+
+    public static void main(String [] args) throws Exception {
+        if (args.length == 1) {
+            final boolean disabledInClient = args[0].equals("client");
+            if (!disabledInClient) {
+                SecurityUtils.addToDisabledTlsAlgs(DISABLED_CIPHER_WILDCARD);
+            }
+            try(ExecutorService executorService = Executors.newSingleThreadExecutor()) {
+                executorService.submit(() -> {
+                    try {
+                        runServer(disabledInClient);
+                    } catch (Exception exc) {
+                        System.out.println("Server Exception:");
+                        exc.printStackTrace(System.out);
+                        serverException = exc;
+                        throw new RuntimeException(exc);
+                    }
+                });
+
+                if (!waitForServer.await(WAIT_FOR_SERVER_SECS, TimeUnit.SECONDS)) {
+                    throw new Exception("Server did not start within " +
+                            WAIT_FOR_SERVER_SECS + " seconds.");
+                }
+
+                System.out.printf("Server listening on port %d.%nStarting client process...",
+                        serverPort);
+
+                OutputAnalyzer oa = ProcessTools.executeProcess(
+                        ProcessTools.createTestJavaProcessBuilder("DisabledCipherSuitesNotNegotiated",
+                                "" + disabledInClient, "" + serverPort));
+                oa.shouldHaveExitValue(0);
+                System.out.println("Client output:");
+                System.out.println(oa.getOutput());
+                if (serverException != null) {
+                    throw new Exception ("Server-side threw an unexpected exception: "
+                            + serverException);
+                }
+            }
+
+        } else {
+            boolean disabledInClient = Boolean.parseBoolean(args[0]);
+            if (disabledInClient) {
+                SecurityUtils.addToDisabledTlsAlgs(DISABLED_CIPHER_WILDCARD);
+            }
+            runClient(Boolean.parseBoolean(args[0]), Integer.parseInt(args[1]));
+        }
+    }
+
+}