You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2018/03/16 10:40:37 UTC
svn commit: r1826958 - in /tomcat/trunk/java/org/apache/tomcat/util/net:
Constants.java openssl/ciphers/Authentication.java
openssl/ciphers/Cipher.java openssl/ciphers/KeyExchange.java
openssl/ciphers/Protocol.java
Author: markt
Date: Fri Mar 16 10:40:37 2018
New Revision: 1826958
URL: http://svn.apache.org/viewvc?rev=1826958&view=rev
Log:
Add draft 1.3 cipher definitions as OpenSSL master is starting to advertise them
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/Constants.java
tomcat/trunk/java/org/apache/tomcat/util/net/openssl/ciphers/Authentication.java
tomcat/trunk/java/org/apache/tomcat/util/net/openssl/ciphers/Cipher.java
tomcat/trunk/java/org/apache/tomcat/util/net/openssl/ciphers/KeyExchange.java
tomcat/trunk/java/org/apache/tomcat/util/net/openssl/ciphers/Protocol.java
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/Constants.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/Constants.java?rev=1826958&r1=1826957&r2=1826958&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/Constants.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/Constants.java Fri Mar 16 10:40:37 2018
@@ -29,6 +29,7 @@ public class Constants {
*/
public static final String SSL_PROTO_ALL = "all";
public static final String SSL_PROTO_TLS = "TLS";
+ public static final String SSL_PROTO_TLSv1_3 = "TLSv1.3";
public static final String SSL_PROTO_TLSv1_2 = "TLSv1.2";
public static final String SSL_PROTO_TLSv1_1 = "TLSv1.1";
// Two different forms for TLS 1.0
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/openssl/ciphers/Authentication.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/openssl/ciphers/Authentication.java?rev=1826958&r1=1826957&r2=1826958&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/openssl/ciphers/Authentication.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/openssl/ciphers/Authentication.java Fri Mar 16 10:40:37 2018
@@ -18,16 +18,17 @@
package org.apache.tomcat.util.net.openssl.ciphers;
public enum Authentication {
- RSA /* RSA auth */,
- DSS /* DSS auth */,
- aNULL /* no auth (i.e. use ADH or AECDH) */,
- DH /* Fixed DH auth (kDHd or kDHr) */,
- ECDH /* Fixed ECDH auth (kECDHe or kECDHr) */,
- KRB5 /* KRB5 auth */,
- ECDSA/* ECDSA auth*/,
- PSK /* PSK auth */,
+ RSA /* RSA auth */,
+ DSS /* DSS auth */,
+ aNULL /* no auth (i.e. use ADH or AECDH) */,
+ DH /* Fixed DH auth (kDHd or kDHr) */,
+ ECDH /* Fixed ECDH auth (kECDHe or kECDHr) */,
+ KRB5 /* KRB5 auth */,
+ ECDSA /* ECDSA auth*/,
+ PSK /* PSK auth */,
GOST94 /* GOST R 34.10-94 signature auth */,
GOST01 /* GOST R 34.10-2001 */,
- FZA /* Fortezza */,
- SRP
+ FZA /* Fortezza */,
+ SRP,
+ ANY /* TLS 1.3 */
}
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/openssl/ciphers/Cipher.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/openssl/ciphers/Cipher.java?rev=1826958&r1=1826957&r2=1826958&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/openssl/ciphers/Cipher.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/openssl/ciphers/Cipher.java Fri Mar 16 10:40:37 2018
@@ -2695,7 +2695,96 @@ public enum Cipher {
null
),
- /* Cipher 0x00FF TLS_EMPTY_RENEGOTIATION_INFO_SCSV
+ // Cipher 0x00FF TLS_EMPTY_RENEGOTIATION_INFO_SCSV
+
+ // TLS 1.3 ciphers (draft - v26)
+ // Cipher 1301
+ TLS_AES_128_GCM_SHA256(
+ 0x1301,
+ "TLS_AES_128_GCM_SHA256",
+ KeyExchange.ANY,
+ Authentication.ANY,
+ Encryption.AES128GCM,
+ MessageDigest.AEAD,
+ Protocol.TLSv1_3,
+ false,
+ EncryptionLevel.HIGH,
+ true,
+ 128,
+ 128,
+ null,
+ null
+ ),
+ // Cipher 1302
+ TLS_AES_256_GCM_SHA384(
+ 0x1302,
+ "TLS_AES_256_GCM_SHA384",
+ KeyExchange.ANY,
+ Authentication.ANY,
+ Encryption.AES256GCM,
+ MessageDigest.AEAD,
+ Protocol.TLSv1_3,
+ false,
+ EncryptionLevel.HIGH,
+ true,
+ 256,
+ 256,
+ null,
+ null
+ ),
+ // Cipher 1303
+ TLS_CHACHA20_POLY1305_SHA256(
+ 0x1303,
+ "TLS_CHACHA20_POLY1305_SHA256",
+ KeyExchange.ANY,
+ Authentication.ANY,
+ Encryption.CHACHA20POLY1305,
+ MessageDigest.AEAD,
+ Protocol.TLSv1_3,
+ false,
+ EncryptionLevel.HIGH,
+ true,
+ 256,
+ 256,
+ null,
+ null
+ ),
+ // Cipher 1304
+ TLS_AES_128_CCM_SHA256(
+ 0x1304,
+ "TLS_AES_128_CCM_SHA256",
+ KeyExchange.ANY,
+ Authentication.ANY,
+ Encryption.AES128CCM,
+ MessageDigest.AEAD,
+ Protocol.TLSv1_3,
+ false,
+ EncryptionLevel.HIGH,
+ true,
+ 128,
+ 128,
+ null,
+ null
+ ),
+ // Cipher 1305
+ TLS_AES_128_CCM_8_SHA256(
+ 0x1305,
+ "TLS_AES_128_CCM_8_SHA256",
+ KeyExchange.ANY,
+ Authentication.ANY,
+ Encryption.AES128CCM8,
+ MessageDigest.AEAD,
+ Protocol.TLSv1_3,
+ false,
+ EncryptionLevel.HIGH,
+ true,
+ 128,
+ 128,
+ null,
+ null
+ ),
+
+ /*
* Cipher 0x5600 TLS_FALLBACK_SCSV
*
* No other ciphers defined until 0xC001 below
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/openssl/ciphers/KeyExchange.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/openssl/ciphers/KeyExchange.java?rev=1826958&r1=1826957&r2=1826958&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/openssl/ciphers/KeyExchange.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/openssl/ciphers/KeyExchange.java Fri Mar 16 10:40:37 2018
@@ -32,5 +32,6 @@ enum KeyExchange {
SRP /* SSL_kSRP - SRP */,
RSAPSK,
ECDHEPSK,
- DHEPSK
+ DHEPSK,
+ ANY /* TLS 1.3 */
}
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/openssl/ciphers/Protocol.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/openssl/ciphers/Protocol.java?rev=1826958&r1=1826957&r2=1826958&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/openssl/ciphers/Protocol.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/openssl/ciphers/Protocol.java Fri Mar 16 10:40:37 2018
@@ -24,7 +24,8 @@ enum Protocol {
SSLv3(Constants.SSL_PROTO_SSLv3),
SSLv2(Constants.SSL_PROTO_SSLv2),
TLSv1(Constants.SSL_PROTO_TLSv1),
- TLSv1_2(Constants.SSL_PROTO_TLSv1_2);
+ TLSv1_2(Constants.SSL_PROTO_TLSv1_2),
+ TLSv1_3(Constants.SSL_PROTO_TLSv1_3);
private final String openSSLName;
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: svn commit: r1826958 - in
/tomcat/trunk/java/org/apache/tomcat/util/net: Constants.java
openssl/ciphers/Authentication.java openssl/ciphers/Cipher.java
openssl/ciphers/KeyExchange.java openssl/ciphers/Protocol.java
Posted by Christopher Schultz <ch...@christopherschultz.net>.
Mark,
On 3/16/18 6:40 AM, markt@apache.org wrote:
> Author: markt
> Date: Fri Mar 16 10:40:37 2018
> New Revision: 1826958
>
> URL: http://svn.apache.org/viewvc?rev=1826958&view=rev
> Log:
> Add draft 1.3 cipher definitions as OpenSSL master is starting to advertise them
Awesome. Looks like TLS 1.3 support in Java is going to be a long time
coming.
-chris