openjdk · vieiro · Jan 5, 2026
diff --git a/test/jdk/javax/net/ssl/ciphersuites/DisabledAlgorithms.java b/test/jdk/javax/net/ssl/ciphersuites/DisabledAlgorithms.java
@@ -25,7 +25,6 @@
  * @test
  * @bug 8076221 8211883 8279164 8245545
  * @summary Check if weak cipher suites are disabled
- * @library /javax/net/ssl/templates
  * @modules jdk.crypto.ec
  * @run main/othervm DisabledAlgorithms default
  * @run main/othervm DisabledAlgorithms empty
@@ -36,6 +35,7 @@
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.OutputStream;
+import java.security.NoSuchAlgorithmException;
 import java.security.Security;
 import java.util.concurrent.TimeUnit;
 import javax.net.ssl.SSLContext;
@@ -45,24 +45,20 @@
 import javax.net.ssl.SSLSocket;
 import javax.net.ssl.SSLSocketFactory;
 
-/*
- * This test verifies that setEnabledProtocols() does not override the
- * jdk.tls.disabledAlgorithms property. Both the client and server throw
- * an exception when creating a handshake context.
- *
- * In the TLSWontNegotiateDisabledCipherAlgoos test, one side of the connection
- * disables the cipher suites and the other side enables them and verifies
- * that the handshake cannot complete successfully.
- */
 public class DisabledAlgorithms {
 
-    public static final SSLContextTemplate.Cert[] CERTIFICATES = {
-            SSLContextTemplate.Cert.EE_DSA_SHA1_1024,
-            SSLContextTemplate.Cert.EE_DSA_SHA224_1024,
-            SSLContextTemplate.Cert.EE_DSA_SHA256_1024,
-            SSLContextTemplate.Cert.CA_ECDSA_SECP256R1,
-            SSLContextTemplate.Cert.CA_RSA_2048
-    };
+    private static final String pathToStores = "../etc";
+    private static final String keyStoreFile = "keystore";
+    private static final String trustStoreFile = "truststore";
+    private static final String passwd = "passphrase";
+
+    private static final String keyFilename =
+            System.getProperty("test.src", "./") + "/" + pathToStores +
+                "/" + keyStoreFile;
+
+    private static final String trustFilename =
+            System.getProperty("test.src", "./") + "/" + pathToStores +
+                "/" + trustStoreFile;
 
     // disabled RC4, NULL, anon, and ECDH cipher suites
     private static final String[] disabled_ciphersuites
@@ -124,14 +120,19 @@ public static void main(String[] args) throws Exception {
             throw new RuntimeException("No parameters specified");
         }
 
+        System.setProperty("javax.net.ssl.keyStore", keyFilename);
+        System.setProperty("javax.net.ssl.keyStorePassword", passwd);
+        System.setProperty("javax.net.ssl.trustStore", trustFilename);
+        System.setProperty("javax.net.ssl.trustStorePassword", passwd);
+
         switch (args[0]) {
             case "default":
                 // use default jdk.tls.disabledAlgorithms
                 System.out.println("jdk.tls.disabledAlgorithms = "
                         + Security.getProperty("jdk.tls.disabledAlgorithms"));
 
                 // check that disabled cipher suites can't be used by default
-                checkFailure(DISABLED_CIPHERSUITES);
+                checkFailure(disabled_ciphersuites);
                 break;
             case "empty":
                 // reset jdk.tls.disabledAlgorithms
@@ -141,7 +142,7 @@ public static void main(String[] args) throws Exception {
 
                 // check that disabled cipher suites can be used if
                 // jdk.{tls,certpath}.disabledAlgorithms is empty
-                checkSuccess(DISABLED_CIPHERSUITES);
+                checkSuccess(disabled_ciphersuites);
                 break;
             default:
                 throw new RuntimeException("Wrong parameter: " + args[0]);
@@ -154,15 +155,15 @@ public static void main(String[] args) throws Exception {
      * Checks if that specified cipher suites cannot be used.
      */
     private static void checkFailure(String[] ciphersuites) throws Exception {
-        try (SSLServer server = new SSLServer(ciphersuites)) {
+        try (SSLServer server = SSLServer.init(ciphersuites)) {
             startNewThread(server);
             while (!server.isRunning()) {
                 sleep();
             }
 
             int port = server.getPort();
             for (String ciphersuite : ciphersuites) {
-                try (SSLClient client = new SSLClient(port, ciphersuite)) {
+                try (SSLClient client = SSLClient.init(port, ciphersuite)) {
                     client.connect();
                     throw new RuntimeException("Expected SSLHandshakeException "
                             + "not thrown");
@@ -189,15 +190,15 @@ private static void checkFailure(String[] ciphersuites) throws Exception {
      * Checks if specified cipher suites can be used.
      */
     private static void checkSuccess(String[] ciphersuites) throws Exception {
-        try (SSLServer server = new SSLServer(ciphersuites)) {
+        try (SSLServer server = SSLServer.init(ciphersuites)) {
             startNewThread(server);
             while (!server.isRunning()) {
                 sleep();
             }
 
             int port = server.getPort();
             for (String ciphersuite : ciphersuites) {
-                try (SSLClient client = new SSLClient(port, ciphersuite)) {
+                try (SSLClient client = SSLClient.init(port, ciphersuite)) {
                     client.connect();
                     String negotiated = client.getNegotiatedCipherSuite();
                     System.out.println("Negotiated cipher suite: "
@@ -236,28 +237,15 @@ private static void sleep() {
         }
     }
 
-    static class SSLServer extends SSLContextTemplate implements Runnable, AutoCloseable {
-
+    static class SSLServer implements Runnable, AutoCloseable {
 
         private final SSLServerSocket ssocket;
         private volatile boolean stopped = false;
         private volatile boolean running = false;
         private volatile boolean sslError = false;
         private volatile boolean otherError = false;
 
-        private SSLServer(String[] ciphersuites) throws Exception {
-            SSLContext context = createSSLContext(null,
-                    DisabledAlgorithms.CERTIFICATES, getServerContextParameters());
-            SSLServerSocketFactory ssf = context.getServerSocketFactory();
-            SSLServerSocket ssocket = (SSLServerSocket)
-                    ssf.createServerSocket(0);
-
-            if (ciphersuites != null) {
-                System.out.println("Server: enable cipher suites: "
-                        + java.util.Arrays.toString(ciphersuites));
-                ssocket.setEnabledCipherSuites(ciphersuites);
-            }
-
+        private SSLServer(SSLServerSocket ssocket) {
             this.ssocket = ssocket;
         }
 
@@ -291,8 +279,8 @@ public void run() {
                     } else {
                         System.out.println("Server: run: " + e);
                         System.out.println("The exception above occurred "
-                                + "because socket was closed, "
-                                + "please ignore it");
+                                    + "because socket was closed, "
+                                    + "please ignore it");
                     }
                 }
             }
@@ -337,23 +325,29 @@ void stop() {
         public void close() {
             stop();
         }
+
+        static SSLServer init(String[] ciphersuites)
+                throws IOException {
+            SSLServerSocketFactory ssf = (SSLServerSocketFactory)
+                    SSLServerSocketFactory.getDefault();
+            SSLServerSocket ssocket = (SSLServerSocket)
+                    ssf.createServerSocket(0);
+
+            if (ciphersuites != null) {
+                System.out.println("Server: enable cipher suites: "
+                        + java.util.Arrays.toString(ciphersuites));
+                ssocket.setEnabledCipherSuites(ciphersuites);
+            }
+
+            return new SSLServer(ssocket);
+        }
     }
 
-    static class SSLClient extends SSLContextTemplate implements AutoCloseable {
+    static class SSLClient implements AutoCloseable {
 
         private final SSLSocket socket;
 
-        private SSLClient(int port, String ciphersuite) throws Exception {
-            SSLContext context = createSSLContext(DisabledAlgorithms.CERTIFICATES,
-                    null, getClientContextParameters());
-            SSLSocketFactory ssf = context.getSocketFactory();
-            SSLSocket socket = (SSLSocket) ssf.createSocket("localhost", port);
-
-            if (ciphersuite != null) {
-                System.out.println("Client: enable cipher suite: "
-                        + ciphersuite);
-                socket.setEnabledCipherSuites(new String[]{ciphersuite});
-            }
+        private SSLClient(SSLSocket socket) {
             this.socket = socket;
         }
 
@@ -393,5 +387,29 @@ public void close() throws Exception {
                 }
             }
         }
+
+        static SSLClient init(int port)
+                throws NoSuchAlgorithmException, IOException {
+            return init(port, null);
+        }
+
+        static SSLClient init(int port, String ciphersuite)
+                throws NoSuchAlgorithmException, IOException {
+            SSLContext context = SSLContext.getDefault();
+            SSLSocketFactory ssf = (SSLSocketFactory)
+                    context.getSocketFactory();
+            SSLSocket socket = (SSLSocket) ssf.createSocket("localhost", port);
+
+            if (ciphersuite != null) {
+                System.out.println("Client: enable cipher suite: "
+                        + ciphersuite);
+                socket.setEnabledCipherSuites(new String[] { ciphersuite });
+            }
+
+            return new SSLClient(socket);
+        }
+
     }
+
+
 }
diff --git a/test/jdk/javax/net/ssl/ciphersuites/TLSWontNegotiateDisabledCipherAlgos.java b/test/jdk/javax/net/ssl/ciphersuites/TLSWontNegotiateDisabledCipherAlgos.java