phial3
diff --git a/Collapse file
‎docs/releasenotes.html‎
Copy file name to clipboardExpand all lines: docs/releasenotes.html
+2Lines changed: 2 additions & 0 deletions b/Collapse file
‎docs/releasenotes.html‎
Copy file name to clipboardExpand all lines: docs/releasenotes.html
+2Lines changed: 2 additions & 0 deletions
diff --git a/Collapse file
‎tls/src/main/java/org/bouncycastle/jsse/provider/ProvSSLContextSpi.java‎
Copy file name to clipboardExpand all lines: tls/src/main/java/org/bouncycastle/jsse/provider/ProvSSLContextSpi.java
+1-2Lines changed: 1 addition & 2 deletions b/Collapse file
‎tls/src/main/java/org/bouncycastle/jsse/provider/ProvSSLContextSpi.java‎
Copy file name to clipboardExpand all lines: tls/src/main/java/org/bouncycastle/jsse/provider/ProvSSLContextSpi.java
+1-2Lines changed: 1 addition & 2 deletions
diff --git a/Collapse file
‎tls/src/main/java/org/bouncycastle/tls/AbstractTlsPeer.java‎
Copy file name to clipboardExpand all lines: tls/src/main/java/org/bouncycastle/tls/AbstractTlsPeer.java
+1-2Lines changed: 1 addition & 2 deletions b/Collapse file
‎tls/src/main/java/org/bouncycastle/tls/AbstractTlsPeer.java‎
Copy file name to clipboardExpand all lines: tls/src/main/java/org/bouncycastle/tls/AbstractTlsPeer.java
+1-2Lines changed: 1 addition & 2 deletions
diff --git a/Collapse file
‎tls/src/main/java/org/bouncycastle/tls/DefaultTlsClient.java‎
Copy file name to clipboardExpand all lines: tls/src/main/java/org/bouncycastle/tls/DefaultTlsClient.java
+5-6Lines changed: 5 additions & 6 deletions b/Collapse file
‎tls/src/main/java/org/bouncycastle/tls/DefaultTlsClient.java‎
Copy file name to clipboardExpand all lines: tls/src/main/java/org/bouncycastle/tls/DefaultTlsClient.java
+5-6Lines changed: 5 additions & 6 deletions
diff --git a/Collapse file
‎tls/src/main/java/org/bouncycastle/tls/DefaultTlsServer.java‎
Copy file name to clipboardExpand all lines: tls/src/main/java/org/bouncycastle/tls/DefaultTlsServer.java
+12-9Lines changed: 12 additions & 9 deletions b/Collapse file
‎tls/src/main/java/org/bouncycastle/tls/DefaultTlsServer.java‎
Copy file name to clipboardExpand all lines: tls/src/main/java/org/bouncycastle/tls/DefaultTlsServer.java
+12-9Lines changed: 12 additions & 9 deletions
diff --git a/Collapse file
‎tls/src/main/java/org/bouncycastle/tls/PSKTlsClient.java‎
Copy file name to clipboardExpand all lines: tls/src/main/java/org/bouncycastle/tls/PSKTlsClient.java
+1-1Lines changed: 1 addition & 1 deletion b/Collapse file
‎tls/src/main/java/org/bouncycastle/tls/PSKTlsClient.java‎
Copy file name to clipboardExpand all lines: tls/src/main/java/org/bouncycastle/tls/PSKTlsClient.java
+1-1Lines changed: 1 addition & 1 deletion
diff --git a/Collapse file
‎tls/src/main/java/org/bouncycastle/tls/PSKTlsServer.java‎
Copy file name to clipboardExpand all lines: tls/src/main/java/org/bouncycastle/tls/PSKTlsServer.java
+1-7Lines changed: 1 addition & 7 deletions b/Collapse file
‎tls/src/main/java/org/bouncycastle/tls/PSKTlsServer.java‎
Copy file name to clipboardExpand all lines: tls/src/main/java/org/bouncycastle/tls/PSKTlsServer.java
+1-7Lines changed: 1 addition & 7 deletions
diff --git a/Collapse file
‎tls/src/main/java/org/bouncycastle/tls/SRPTlsClient.java‎
Copy file name to clipboardExpand all lines: tls/src/main/java/org/bouncycastle/tls/SRPTlsClient.java
+1-7Lines changed: 1 addition & 7 deletions b/Collapse file
‎tls/src/main/java/org/bouncycastle/tls/SRPTlsClient.java‎
Copy file name to clipboardExpand all lines: tls/src/main/java/org/bouncycastle/tls/SRPTlsClient.java
+1-7Lines changed: 1 addition & 7 deletions
diff --git a/Collapse file
‎tls/src/main/java/org/bouncycastle/tls/SRPTlsServer.java‎
Copy file name to clipboardExpand all lines: tls/src/main/java/org/bouncycastle/tls/SRPTlsServer.java
+1-7Lines changed: 1 addition & 7 deletions b/Collapse file
‎tls/src/main/java/org/bouncycastle/tls/SRPTlsServer.java‎
Copy file name to clipboardExpand all lines: tls/src/main/java/org/bouncycastle/tls/SRPTlsServer.java
+1-7Lines changed: 1 addition & 7 deletions
diff --git a/Collapse file
‎tls/src/test/java/org/bouncycastle/jsse/provider/test/KeyManagerFactoryTest.java‎
Copy file name to clipboardExpand all lines: tls/src/test/java/org/bouncycastle/jsse/provider/test/KeyManagerFactoryTest.java
+3-3Lines changed: 3 additions & 3 deletions b/Collapse file
‎tls/src/test/java/org/bouncycastle/jsse/provider/test/KeyManagerFactoryTest.java‎
Copy file name to clipboardExpand all lines: tls/src/test/java/org/bouncycastle/jsse/provider/test/KeyManagerFactoryTest.java
+3-3Lines changed: 3 additions & 3 deletions
@@ -30,6 +30,8 @@ <h3>2.1.2 Defects Fixed</h3>
 </ul>
 <h3>2.1.3 Additional Features and Functionality</h3>
 <ul>
+<li>BCJSSE: TLS 1.3 is now enabled by default where no explicit protocols are supplied (e.g. "TLS" or "Default" SSLContext algorithms, or SSLContext.getDefault() method).</li>
+<li>(D)TLS (low-level API): By default, only (D)TLS 1.2 and TLS 1.3 are offered now. Earlier versions are still supported if explicitly enabled. Users may need to check they are offering suitable cipher suites for TLS 1.3.</li>
 <li>The NIST PQC Alternate Candidate, Picnic, has been added to the low level API and the BCPQC provider.</li>
 </ul>
 
 
@@ -161,8 +161,7 @@ private static List<String> createDefaultProtocolList(Set<String> supportedProto
     {
         ArrayList<String> ps = new ArrayList<String>();
 
-        // TODO[tls13] Enable TLSv1.3 by default in due course
-//        ps.add("TLSv1.3");
+        ps.add("TLSv1.3");
         ps.add("TLSv1.2");
         ps.add("TLSv1.1");
         ps.add("TLSv1");
 
@@ -29,8 +29,7 @@ protected AbstractTlsPeer(TlsCrypto crypto)
      */
     protected ProtocolVersion[] getSupportedVersions()
     {
-        // TODO[tls13] Enable TLSv13 by default in due course
-        return ProtocolVersion.TLSv12.downTo(ProtocolVersion.TLSv10);
+        return ProtocolVersion.TLSv13.downTo(ProtocolVersion.TLSv12);
     }
 
     protected abstract int[] getSupportedCipherSuites();
 
@@ -7,12 +7,11 @@ public abstract class DefaultTlsClient
 {
     private static final int[] DEFAULT_CIPHER_SUITES = new int[]
     {
-        // TODO[tls13]
-//        /*
-//         * TLS 1.3
-//         */
-//        CipherSuite.TLS_CHACHA20_POLY1305_SHA256,
-//        CipherSuite.TLS_AES_128_GCM_SHA256,
+        /*
+         * TLS 1.3
+         */
+        CipherSuite.TLS_CHACHA20_POLY1305_SHA256,
+        CipherSuite.TLS_AES_128_GCM_SHA256,
 
         /*
          * pre-TLS 1.3
 
@@ -9,13 +9,12 @@ public abstract class DefaultTlsServer
 {
     private static final int[] DEFAULT_CIPHER_SUITES = new int[]
     {
-        // TODO[tls13]
-//        /*
-//         * TLS 1.3
-//         */
-//        CipherSuite.TLS_CHACHA20_POLY1305_SHA256,
-//        CipherSuite.TLS_AES_256_GCM_SHA384,
-//        CipherSuite.TLS_AES_128_GCM_SHA256,
+        /*
+         * TLS 1.3
+         */
+        CipherSuite.TLS_CHACHA20_POLY1305_SHA256,
+        CipherSuite.TLS_AES_256_GCM_SHA384,
+        CipherSuite.TLS_AES_128_GCM_SHA256,
 
         /*
          * pre-TLS 1.3
@@ -79,9 +78,9 @@ protected int[] getSupportedCipherSuites()
     public TlsCredentials getCredentials()
         throws IOException
     {
-        int keyExchangeAlgorithm = context.getSecurityParametersHandshake().getKeyExchangeAlgorithm();
+        SecurityParameters securityParameters = context.getSecurityParametersHandshake();
 
-        switch (keyExchangeAlgorithm)
+        switch (securityParameters.getKeyExchangeAlgorithm())
         {
         case KeyExchangeAlgorithm.DHE_DSS:
             return getDSASignerCredentials();
@@ -97,6 +96,10 @@ public TlsCredentials getCredentials()
         case KeyExchangeAlgorithm.ECDHE_RSA:
             return getRSASignerCredentials();
 
+        case KeyExchangeAlgorithm.NULL:
+            throw new TlsFatalAlert(AlertDescription.internal_error,
+                securityParameters.getNegotiatedVersion() + " credentials unhandled");
+
         case KeyExchangeAlgorithm.RSA:
             return getRSAEncryptionCredentials();
 
 
@@ -34,7 +34,7 @@ public PSKTlsClient(TlsCrypto crypto, TlsPSKIdentity pskIdentity)
 
     protected ProtocolVersion[] getSupportedVersions()
     {
-        return ProtocolVersion.TLSv12.downTo(ProtocolVersion.TLSv10);
+        return ProtocolVersion.TLSv12.only();
     }
 
     protected int[] getSupportedCipherSuites()
 
@@ -39,20 +39,14 @@ protected TlsCredentialedDecryptor getRSAEncryptionCredentials() throws IOExcept
 
     protected ProtocolVersion[] getSupportedVersions()
     {
-        return ProtocolVersion.TLSv12.downTo(ProtocolVersion.TLSv10);
+        return ProtocolVersion.TLSv12.only();
     }
 
     protected int[] getSupportedCipherSuites()
     {
         return TlsUtils.getSupportedCipherSuites(getCrypto(), DEFAULT_CIPHER_SUITES);
     }
 
-    /** @deprecated Unused; will be removed */
-    public ProtocolVersion getMaximumVersion()
-    {
-        return ProtocolVersion.TLSv12;
-    }
-
     public TlsCredentials getCredentials() throws IOException
     {
         int keyExchangeAlgorithm = context.getSecurityParametersHandshake().getKeyExchangeAlgorithm();
 
@@ -34,7 +34,7 @@ protected int[] getSupportedCipherSuites()
 
     protected ProtocolVersion[] getSupportedVersions()
     {
-        return ProtocolVersion.TLSv12.downTo(ProtocolVersion.TLSv10);
+        return ProtocolVersion.TLSv12.only();
     }
 
     protected boolean requireSRPServerExtension()
@@ -43,12 +43,6 @@ protected boolean requireSRPServerExtension()
         return false;
     }
 
-    /** @deprecated Unused; will be removed */
-    public ProtocolVersion getClientVersion()
-    {
-        return ProtocolVersion.TLSv12;
-    }
-
     public Hashtable getClientExtensions()
         throws IOException
     {
 
@@ -44,20 +44,14 @@ protected TlsCredentialedSigner getRSASignerCredentials()
 
     protected ProtocolVersion[] getSupportedVersions()
     {
-        return ProtocolVersion.TLSv12.downTo(ProtocolVersion.TLSv10);
+        return ProtocolVersion.TLSv12.only();
     }
 
     protected int[] getSupportedCipherSuites()
     {
         return TlsUtils.getSupportedCipherSuites(getCrypto(), DEFAULT_CIPHER_SUITES);
     }
 
-    /** @deprecated Unused; will be removed */
-    public ProtocolVersion getMaximumVersion()
-    {
-        return ProtocolVersion.TLSv12;
-    }
-
     public void processClientExtensions(Hashtable clientExtensions) throws IOException
     {
         super.processClientExtensions(clientExtensions);
 
@@ -73,7 +73,7 @@ public void testRSAServer()
 
         trustManagerFactory.init(trustStore);
 
-        SSLContext context = SSLContext.getInstance("TLS", ProviderUtils.PROVIDER_NAME_BCJSSE);
+        SSLContext context = SSLContext.getInstance("TLSv1.2", ProviderUtils.PROVIDER_NAME_BCJSSE);
 
         context.init(null, trustManagerFactory.getTrustManagers(), null);
 
@@ -119,7 +119,7 @@ public void testRSAServerTrustEE()
             ProviderUtils.PROVIDER_NAME_BCJSSE);
         trustManagerFactory.init(trustStore);
 
-        SSLContext context = SSLContext.getInstance("TLS", ProviderUtils.PROVIDER_NAME_BCJSSE);
+        SSLContext context = SSLContext.getInstance("TLSv1.2", ProviderUtils.PROVIDER_NAME_BCJSSE);
 
         context.init(null, trustManagerFactory.getTrustManagers(), null);
 
@@ -158,7 +158,7 @@ public void testRSAServerWithClientAuth()
             ProviderUtils.PROVIDER_NAME_BCJSSE);
         trustManagerFactory.init(clientTS);
 
-        SSLContext context = SSLContext.getInstance("TLS", ProviderUtils.PROVIDER_NAME_BCJSSE);
+        SSLContext context = SSLContext.getInstance("TLSv1.2", ProviderUtils.PROVIDER_NAME_BCJSSE);
 
         context.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);
Original file line number	Diff line number	Diff line change
`@@ -29,8 +29,7 @@ protected AbstractTlsPeer(TlsCrypto crypto)`
`29`	`29`	`*/`
`30`	`30`	`protected ProtocolVersion[] getSupportedVersions()`
`31`	`31`	`{`
`32`		`- // TODO[tls13] Enable TLSv13 by default in due course`
`33`		`- return ProtocolVersion.TLSv12.downTo(ProtocolVersion.TLSv10);`
	`32`	`+ return ProtocolVersion.TLSv13.downTo(ProtocolVersion.TLSv12);`
`34`	`33`	`}`
`35`	`34`
`36`	`35`	`protected abstract int[] getSupportedCipherSuites();`
Original file line number	Diff line number	Diff line change
`@@ -34,7 +34,7 @@ public PSKTlsClient(TlsCrypto crypto, TlsPSKIdentity pskIdentity)`
`34`	`34`
`35`	`35`	`protected ProtocolVersion[] getSupportedVersions()`
`36`	`36`	`{`
`37`		`- return ProtocolVersion.TLSv12.downTo(ProtocolVersion.TLSv10);`
	`37`	`+ return ProtocolVersion.TLSv12.only();`
`38`	`38`	`}`
`39`	`39`
`40`	`40`	`protected int[] getSupportedCipherSuites()`
Original file line number	Diff line number	Diff line change
`@@ -39,20 +39,14 @@ protected TlsCredentialedDecryptor getRSAEncryptionCredentials() throws IOExcept`
`39`	`39`
`40`	`40`	`protected ProtocolVersion[] getSupportedVersions()`
`41`	`41`	`{`
`42`		`- return ProtocolVersion.TLSv12.downTo(ProtocolVersion.TLSv10);`
	`42`	`+ return ProtocolVersion.TLSv12.only();`
`43`	`43`	`}`
`44`	`44`
`45`	`45`	`protected int[] getSupportedCipherSuites()`
`46`	`46`	`{`
`47`	`47`	`return TlsUtils.getSupportedCipherSuites(getCrypto(), DEFAULT_CIPHER_SUITES);`
`48`	`48`	`}`
`49`	`49`
`50`		`- /** @deprecated Unused; will be removed */`
`51`		`- public ProtocolVersion getMaximumVersion()`
`52`		`- {`
`53`		`- return ProtocolVersion.TLSv12;`
`54`		`- }`
`55`		`-`
`56`	`50`	`public TlsCredentials getCredentials() throws IOException`
`57`	`51`	`{`
`58`	`52`	`int keyExchangeAlgorithm = context.getSecurityParametersHandshake().getKeyExchangeAlgorithm();`
Original file line number	Diff line number	Diff line change
`@@ -34,7 +34,7 @@ protected int[] getSupportedCipherSuites()`
`34`	`34`
`35`	`35`	`protected ProtocolVersion[] getSupportedVersions()`
`36`	`36`	`{`
`37`		`- return ProtocolVersion.TLSv12.downTo(ProtocolVersion.TLSv10);`
	`37`	`+ return ProtocolVersion.TLSv12.only();`
`38`	`38`	`}`
`39`	`39`
`40`	`40`	`protected boolean requireSRPServerExtension()`
`@@ -43,12 +43,6 @@ protected boolean requireSRPServerExtension()`
`43`	`43`	`return false;`
`44`	`44`	`}`
`45`	`45`
`46`		`- /** @deprecated Unused; will be removed */`
`47`		`- public ProtocolVersion getClientVersion()`
`48`		`- {`
`49`		`- return ProtocolVersion.TLSv12;`
`50`		`- }`
`51`		`-`
`52`	`46`	`public Hashtable getClientExtensions()`
`53`	`47`	`throws IOException`
`54`	`48`	`{`
Original file line number	Diff line number	Diff line change
`@@ -44,20 +44,14 @@ protected TlsCredentialedSigner getRSASignerCredentials()`
`44`	`44`
`45`	`45`	`protected ProtocolVersion[] getSupportedVersions()`
`46`	`46`	`{`
`47`		`- return ProtocolVersion.TLSv12.downTo(ProtocolVersion.TLSv10);`
	`47`	`+ return ProtocolVersion.TLSv12.only();`
`48`	`48`	`}`
`49`	`49`
`50`	`50`	`protected int[] getSupportedCipherSuites()`
`51`	`51`	`{`
`52`	`52`	`return TlsUtils.getSupportedCipherSuites(getCrypto(), DEFAULT_CIPHER_SUITES);`
`53`	`53`	`}`
`54`	`54`
`55`		`- /** @deprecated Unused; will be removed */`
`56`		`- public ProtocolVersion getMaximumVersion()`
`57`		`- {`
`58`		`- return ProtocolVersion.TLSv12;`
`59`		`- }`
`60`		`-`
`61`	`55`	`public void processClientExtensions(Hashtable clientExtensions) throws IOException`
`62`	`56`	`{`
`63`	`57`	`super.processClientExtensions(clientExtensions);`