You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2016/04/04 23:07:01 UTC
svn commit: r1737745 - in
/tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net:
AbstractJsseEndpoint.java LocalStrings.properties SSLHostConfig.java
Author: markt
Date: Mon Apr 4 21:07:01 2016
New Revision: 1737745
URL: http://svn.apache.org/viewvc?rev=1737745&view=rev
Log:
Use newly added JreCompat to handle setting of honorCipherOrder
Modified:
tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/LocalStrings.properties
tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java
Modified: tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
URL: http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java?rev=1737745&r1=1737744&r2=1737745&view=diff
==============================================================================
--- tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java (original)
+++ tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java Mon Apr 4 21:07:01 2016
@@ -16,8 +16,6 @@
*/
package org.apache.tomcat.util.net;
-import java.lang.reflect.InvocationTargetException;
-import java.lang.reflect.Method;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.LinkedHashSet;
@@ -25,9 +23,9 @@ import java.util.List;
import java.util.Set;
import javax.net.ssl.SSLEngine;
-import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLSessionContext;
+import org.apache.tomcat.util.compat.JreCompat;
import org.apache.tomcat.util.net.SSLHostConfig.Type;
import org.apache.tomcat.util.net.openssl.OpenSSLImplementation;
import org.apache.tomcat.util.net.openssl.ciphers.Cipher;
@@ -147,23 +145,8 @@ public abstract class AbstractJsseEndpoi
engine.setEnabledCipherSuites(sslHostConfig.getEnabledCiphers());
engine.setEnabledProtocols(sslHostConfig.getEnabledProtocols());
- SSLParameters sslParameters = engine.getSSLParameters();
- if (sslHostConfig.getHonorCipherOrder()) {
- // SSLParameters#setUseCipherSuiteOrder is java 8 and upwards
- try {
- Method m = SSLParameters.class.getMethod(
- "setUseCipherSuitesOrder", Boolean.TYPE);
- m.invoke(sslParameters, Boolean.TRUE);
- } catch (NoSuchMethodException | SecurityException
- | IllegalAccessException | IllegalArgumentException
- | InvocationTargetException e) {
- throw new UnsupportedOperationException(
- sm.getString("endpoint.jsse.cannotHonorServerCipherOrder"),
- e);
- }
- }
- // In case the getter returns a defensive copy
- engine.setSSLParameters(sslParameters);
+ JreCompat.getInstance().setUseServerCipherSuitesOrder(engine,
+ sslHostConfig.getHonorCipherOrder());
return engine;
}
Modified: tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/LocalStrings.properties
URL: http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/LocalStrings.properties?rev=1737745&r1=1737744&r2=1737745&view=diff
==============================================================================
--- tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/LocalStrings.properties (original)
+++ tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/LocalStrings.properties Mon Apr 4 21:07:01 2016
@@ -77,7 +77,6 @@ endpoint.apr.pollUnknownEvent=A socket w
endpoint.apr.tooManyCertFiles=More certificate files were configured than the AprEndpoint can handle
endpoint.apr.remoteport=APR socket [{0}] opened with remote port [{1}]
endpoint.jsse.noSslContext=No SSLContext could be found for the host name [{0}]
-endpoint.jsse.cannotHonorServerCipherOrder=Java Runtime does not support "useServerCipherSuitesOrder". You must use Java 8 or later to use this feature.
endpoint.nio.selectorCloseFail=Failed to close selector when closing the poller
endpoint.nio.timeoutCme=Exception during processing of timeouts. The code has been checked repeatedly and no concurrent modification has been found. If you are able to repeat this error please open a Tomcat bug and provide the steps to reproduce.
endpoint.nio2.exclusiveExecutor=The NIO2 connector requires an exclusive executor to operate properly on shutdown
Modified: tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java
URL: http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java?rev=1737745&r1=1737744&r2=1737745&view=diff
==============================================================================
--- tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java (original)
+++ tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java Mon Apr 4 21:07:01 2016
@@ -25,7 +25,6 @@ import java.util.Map;
import java.util.Set;
import javax.net.ssl.KeyManagerFactory;
-import javax.net.ssl.SSLParameters;
import javax.net.ssl.TrustManagerFactory;
import org.apache.juli.logging.Log;
@@ -359,11 +358,6 @@ public class SSLHostConfig {
public void setHonorCipherOrder(boolean honorCipherOrder) {
- try {
- SSLParameters.class.getMethod("setUseCipherSuitesOrder", Boolean.TYPE);
- } catch (NoSuchMethodException | SecurityException e) {
- throw new UnsupportedOperationException(sm.getString("endpoint.jsse.cannotHonorServerCipherOrder"), e);
- }
this.honorCipherOrder = honorCipherOrder;
}
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org