You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2016/03/02 23:03:18 UTC
svn commit: r1733377 -
/tomcat/tc8.0.x/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TesterOpenSSL.java
Author: markt
Date: Wed Mar 2 22:03:18 2016
New Revision: 1733377
URL: http://svn.apache.org/viewvc?rev=1733377&view=rev
Log:
Update tests:
- 0.9.8 and 1.0.0 are no longer supported
- Support for LOW and EXPORT ciphers has been removed from all supported versions
Modified:
tomcat/tc8.0.x/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TesterOpenSSL.java
Modified: tomcat/tc8.0.x/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TesterOpenSSL.java
URL: http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TesterOpenSSL.java?rev=1733377&r1=1733376&r2=1733377&view=diff
==============================================================================
--- tomcat/tc8.0.x/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TesterOpenSSL.java (original)
+++ tomcat/tc8.0.x/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TesterOpenSSL.java Wed Mar 2 22:03:18 2016
@@ -50,10 +50,8 @@ public class TesterOpenSSL {
VERSION = 10002;
} else if (versionString.startsWith("OpenSSL 1.0.1")) {
VERSION = 10001;
- } else if (versionString.startsWith("OpenSSL 1.0.0")) {
- VERSION = 10000;
- } else if (versionString.startsWith("OpenSSL 0.9.8")) {
- VERSION = 908;
+ // Note: Release branches 1.0.0 and earlier are no longer supported by
+ // the OpenSSL team so these tests don't support them either.
} else {
VERSION = -1;
}
@@ -74,93 +72,26 @@ public class TesterOpenSSL {
unimplemented.add(Cipher.TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256);
unimplemented.add(Cipher.TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256);
unimplemented.add(Cipher.TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256);
-
- if (VERSION < 10000) {
- // These were implemented in 1.0.0 so won't be available in any
- // earlier version
- unimplemented.add(Cipher.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA);
- unimplemented.add(Cipher.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA);
- unimplemented.add(Cipher.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA);
- unimplemented.add(Cipher.TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA);
- unimplemented.add(Cipher.TLS_ECDHE_ECDSA_WITH_NULL_SHA);
- unimplemented.add(Cipher.TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA);
- unimplemented.add(Cipher.TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA);
- unimplemented.add(Cipher.TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA);
- unimplemented.add(Cipher.TLS_RSA_WITH_CAMELLIA_256_CBC_SHA);
- unimplemented.add(Cipher.TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA);
- unimplemented.add(Cipher.TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA);
- unimplemented.add(Cipher.TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA);
- unimplemented.add(Cipher.TLS_RSA_WITH_CAMELLIA_128_CBC_SHA);
- unimplemented.add(Cipher.TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA);
- unimplemented.add(Cipher.TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA);
- unimplemented.add(Cipher.TLS_PSK_WITH_AES_128_CBC_SHA);
- unimplemented.add(Cipher.TLS_PSK_WITH_AES_256_CBC_SHA);
- unimplemented.add(Cipher.TLS_DHE_RSA_WITH_SEED_CBC_SHA);
- unimplemented.add(Cipher.TLS_DHE_DSS_WITH_SEED_CBC_SHA);
- unimplemented.add(Cipher.TLS_DH_anon_WITH_SEED_CBC_SHA);
- unimplemented.add(Cipher.TLS_RSA_WITH_SEED_CBC_SHA);
- unimplemented.add(Cipher.TLS_ECDH_ECDSA_WITH_RC4_128_SHA);
- unimplemented.add(Cipher.TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA);
- unimplemented.add(Cipher.TLS_ECDH_ECDSA_WITH_NULL_SHA);
- unimplemented.add(Cipher.TLS_PSK_WITH_RC4_128_SHA);
- unimplemented.add(Cipher.TLS_PSK_WITH_3DES_EDE_CBC_SHA);
- } else {
- // These were removed in 1.0.0 so won't be available from that
- // version onwards.
- // None at present.
- }
-
-
- if (VERSION < 10001) {
- // These were added in 1.0.1 so won't be available in any earlier
- // version
- unimplemented.add(Cipher.TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA);
- unimplemented.add(Cipher.TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA);
- unimplemented.add(Cipher.TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA);
- unimplemented.add(Cipher.TLS_SRP_SHA_WITH_AES_128_CBC_SHA);
- unimplemented.add(Cipher.TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA);
- unimplemented.add(Cipher.TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA);
- unimplemented.add(Cipher.TLS_SRP_SHA_WITH_AES_256_CBC_SHA);
- unimplemented.add(Cipher.TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA);
- unimplemented.add(Cipher.TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA);
- unimplemented.add(Cipher.TLS_RSA_WITH_AES_256_GCM_SHA384);
- unimplemented.add(Cipher.TLS_DHE_DSS_WITH_AES_128_CBC_SHA256);
- unimplemented.add(Cipher.TLS_DHE_DSS_WITH_AES_256_CBC_SHA256);
- unimplemented.add(Cipher.TLS_DHE_RSA_WITH_AES_128_CBC_SHA256);
- unimplemented.add(Cipher.TLS_DHE_RSA_WITH_AES_256_CBC_SHA256);
- unimplemented.add(Cipher.TLS_DH_anon_WITH_AES_128_CBC_SHA256);
- unimplemented.add(Cipher.TLS_DH_anon_WITH_AES_256_CBC_SHA256);
- unimplemented.add(Cipher.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384);
- unimplemented.add(Cipher.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384);
- unimplemented.add(Cipher.TLS_DHE_DSS_WITH_AES_256_GCM_SHA384);
- unimplemented.add(Cipher.TLS_DHE_RSA_WITH_AES_256_GCM_SHA384);
- unimplemented.add(Cipher.TLS_DH_anon_WITH_AES_256_GCM_SHA384);
- unimplemented.add(Cipher.TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384);
- unimplemented.add(Cipher.TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384);
- unimplemented.add(Cipher.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256);
- unimplemented.add(Cipher.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256);
- unimplemented.add(Cipher.TLS_DHE_DSS_WITH_AES_128_GCM_SHA256);
- unimplemented.add(Cipher.TLS_DHE_RSA_WITH_AES_128_GCM_SHA256);
- unimplemented.add(Cipher.TLS_DH_anon_WITH_AES_128_GCM_SHA256);
- unimplemented.add(Cipher.TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256);
- unimplemented.add(Cipher.TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256);
- unimplemented.add(Cipher.TLS_RSA_WITH_AES_128_GCM_SHA256);
- unimplemented.add(Cipher.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384);
- unimplemented.add(Cipher.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384);
- unimplemented.add(Cipher.TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384);
- unimplemented.add(Cipher.TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384);
- unimplemented.add(Cipher.TLS_RSA_WITH_AES_256_CBC_SHA256);
- unimplemented.add(Cipher.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256);
- unimplemented.add(Cipher.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256);
- unimplemented.add(Cipher.TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256);
- unimplemented.add(Cipher.TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256);
- unimplemented.add(Cipher.TLS_RSA_WITH_AES_128_CBC_SHA256);
- unimplemented.add(Cipher.TLS_RSA_WITH_NULL_SHA256);
- } else {
- // These were removed in 1.0.1 so won't be available from that
- // version onwards.
- // None at present.
- }
+ unimplemented.add(Cipher.TLS_DH_anon_WITH_DES_CBC_SHA);
+ unimplemented.add(Cipher.TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA);
+ unimplemented.add(Cipher.TLS_DH_anon_EXPORT_WITH_RC4_40_MD5);
+ unimplemented.add(Cipher.TLS_DHE_RSA_WITH_DES_CBC_SHA);
+ unimplemented.add(Cipher.TLS_DHE_DSS_WITH_DES_CBC_SHA);
+ unimplemented.add(Cipher.TLS_DH_RSA_WITH_DES_CBC_SHA);
+ unimplemented.add(Cipher.TLS_DH_DSS_WITH_DES_CBC_SHA);
+ unimplemented.add(Cipher.TLS_RSA_WITH_DES_CBC_SHA);
+ unimplemented.add(Cipher.SSL2_DES_64_CBC_WITH_MD5);
+ unimplemented.add(Cipher.TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA);
+ unimplemented.add(Cipher.TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA);
+ unimplemented.add(Cipher.TLS_RSA_EXPORT_WITH_DES40_CBC_SHA);
+ unimplemented.add(Cipher.TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5);
+ unimplemented.add(Cipher.TLS_RSA_EXPORT_WITH_RC4_40_MD5);
+ unimplemented.add(Cipher.SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5);
+ unimplemented.add(Cipher.SSL_CK_RC2_128_CBC_WITH_MD5);
+ unimplemented.add(Cipher.SSL_CK_RC4_128_WITH_MD5);
+ unimplemented.add(Cipher.SSL2_RC4_128_EXPORT40_WITH_MD5);
+ unimplemented.add(Cipher.SSL2_IDEA_128_CBC_WITH_MD5);
+ unimplemented.add(Cipher.SSL2_DES_192_EDE3_CBC_WITH_MD5);
if (VERSION < 10002) {
// These were implemented in 1.0.2 so won't be available in any
@@ -291,26 +222,6 @@ public class TesterOpenSSL {
} else {
// These were removed in 1.1.0 so won't be available from that
// version onwards.
- unimplemented.add(Cipher.SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5);
- unimplemented.add(Cipher.SSL_CK_RC4_128_WITH_MD5);
- unimplemented.add(Cipher.SSL2_DES_192_EDE3_CBC_WITH_MD5);
- unimplemented.add(Cipher.SSL2_DES_64_CBC_WITH_MD5);
- unimplemented.add(Cipher.SSL2_IDEA_128_CBC_WITH_MD5);
- unimplemented.add(Cipher.SSL2_RC4_128_EXPORT40_WITH_MD5);
- unimplemented.add(Cipher.SSL_CK_RC2_128_CBC_WITH_MD5);
- unimplemented.add(Cipher.TLS_DH_anon_WITH_DES_CBC_SHA);
- unimplemented.add(Cipher.TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA);
- unimplemented.add(Cipher.TLS_DH_anon_EXPORT_WITH_RC4_40_MD5);
- unimplemented.add(Cipher.TLS_DHE_RSA_WITH_DES_CBC_SHA);
- unimplemented.add(Cipher.TLS_DHE_DSS_WITH_DES_CBC_SHA);
- unimplemented.add(Cipher.TLS_DH_RSA_WITH_DES_CBC_SHA);
- unimplemented.add(Cipher.TLS_DH_DSS_WITH_DES_CBC_SHA);
- unimplemented.add(Cipher.TLS_RSA_WITH_DES_CBC_SHA);
- unimplemented.add(Cipher.TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA);
- unimplemented.add(Cipher.TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA);
- unimplemented.add(Cipher.TLS_RSA_EXPORT_WITH_DES40_CBC_SHA);
- unimplemented.add(Cipher.TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5);
- unimplemented.add(Cipher.TLS_RSA_EXPORT_WITH_RC4_40_MD5);
unimplemented.add(Cipher.TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA);
unimplemented.add(Cipher.TLS_DH_DSS_WITH_AES_128_CBC_SHA);
unimplemented.add(Cipher.TLS_DH_DSS_WITH_AES_128_CBC_SHA256);
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org