File tree Expand file tree Collapse file tree 1 file changed +5
-3
lines changed
Expand file tree Collapse file tree 1 file changed +5
-3
lines changed Original file line number Diff line number Diff line change @@ -127,12 +127,12 @@ def test_context_ciphers
127127 shared_ciphers = [
128128 jce_installed && "ECDHE-ECDSA-AES256-SHA" ,
129129 jce_installed && "ECDHE-RSA-AES256-SHA" ,
130- jce_installed && "AES256-SHA" ,
130+ jce_installed && "AES256-SHA" && nil , # TLS_RSA_WITH_AES_256_CBC_SHA disabled/dropped in newer Java
131131 jce_installed && "DHE-RSA-AES256-SHA" ,
132132 jce_installed && "DHE-DSS-AES256-SHA" ,
133133 "ECDHE-ECDSA-AES128-SHA" ,
134134 "ECDHE-RSA-AES128-SHA" ,
135- "AES128-SHA" ,
135+ "AES128-SHA" && nil , # TLS_RSA_WITH_AES_128_CBC_SHA disabled/dropped in newer Java
136136 "DHE-RSA-AES128-SHA" ,
137137 "DHE-DSS-AES128-SHA" ,
138138 "AECDH-AES128-SHA" && nil , # dropped in Java 11
@@ -178,7 +178,9 @@ def test_set_ciphers_by_group_name
178178 actual = context . ciphers . map { |cipher | cipher [ 0 ] }
179179 assert actual . include? ( "ECDHE-RSA-AES128-SHA" )
180180 assert actual . include? ( "ECDHE-ECDSA-AES128-SHA" )
181- assert actual . include? ( "AES128-SHA" )
181+ # AES128-SHA (TLS_RSA_WITH_AES_128_CBC_SHA) uses RSA key exchange (no forward secrecy)
182+ # and may be disabled/removed from getSupportedCipherSuites() in newer Java security configurations
183+ assert actual . include? ( "AES128-SHA" ) unless jruby? && self . class . java_version . last . to_i >= 11
182184 end
183185
184186 def test_set_ciphers_by_cipher_name
You can’t perform that action at this time.
0 commit comments