You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2006/03/11 21:45:12 UTC
svn commit: r385160 - in /tomcat:
connectors/trunk/util/java/org/apache/tomcat/util/net/jsse/JSSE13SocketFactory.java
connectors/trunk/util/java/org/apache/tomcat/util/net/jsse/JSSE14SocketFactory.java
container/tc5.5.x/webapps/docs/changelog.xml
Author: markt
Date: Sat Mar 11 12:45:10 2006
New Revision: 385160
URL: http://svn.apache.org/viewcvs?rev=385160&view=rev
Log:
Change default cipher suites to remove insecure ones.
Modified:
tomcat/connectors/trunk/util/java/org/apache/tomcat/util/net/jsse/JSSE13SocketFactory.java
tomcat/connectors/trunk/util/java/org/apache/tomcat/util/net/jsse/JSSE14SocketFactory.java
tomcat/container/tc5.5.x/webapps/docs/changelog.xml
Modified: tomcat/connectors/trunk/util/java/org/apache/tomcat/util/net/jsse/JSSE13SocketFactory.java
URL: http://svn.apache.org/viewcvs/tomcat/connectors/trunk/util/java/org/apache/tomcat/util/net/jsse/JSSE13SocketFactory.java?rev=385160&r1=385159&r2=385160&view=diff
==============================================================================
--- tomcat/connectors/trunk/util/java/org/apache/tomcat/util/net/jsse/JSSE13SocketFactory.java (original)
+++ tomcat/connectors/trunk/util/java/org/apache/tomcat/util/net/jsse/JSSE13SocketFactory.java Sat Mar 11 12:45:10 2006
@@ -126,7 +126,7 @@
// Determine which cipher suites to enable
String requestedCiphers = (String)attributes.get("ciphers");
enabledCiphers = getEnabledCiphers(requestedCiphers,
- sslProxy.getSupportedCipherSuites());
+ sslProxy.getDefaultCipherSuites());
} catch(Exception e) {
if( e instanceof IOException )
Modified: tomcat/connectors/trunk/util/java/org/apache/tomcat/util/net/jsse/JSSE14SocketFactory.java
URL: http://svn.apache.org/viewcvs/tomcat/connectors/trunk/util/java/org/apache/tomcat/util/net/jsse/JSSE14SocketFactory.java?rev=385160&r1=385159&r2=385160&view=diff
==============================================================================
--- tomcat/connectors/trunk/util/java/org/apache/tomcat/util/net/jsse/JSSE14SocketFactory.java (original)
+++ tomcat/connectors/trunk/util/java/org/apache/tomcat/util/net/jsse/JSSE14SocketFactory.java Sat Mar 11 12:45:10 2006
@@ -117,7 +117,7 @@
// Determine which cipher suites to enable
String requestedCiphers = (String)attributes.get("ciphers");
enabledCiphers = getEnabledCiphers(requestedCiphers,
- sslProxy.getSupportedCipherSuites());
+ sslProxy.getDefaultCipherSuites());
} catch(Exception e) {
if( e instanceof IOException )
Modified: tomcat/container/tc5.5.x/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewcvs/tomcat/container/tc5.5.x/webapps/docs/changelog.xml?rev=385160&r1=385159&r2=385160&view=diff
==============================================================================
--- tomcat/container/tc5.5.x/webapps/docs/changelog.xml (original)
+++ tomcat/container/tc5.5.x/webapps/docs/changelog.xml Sat Mar 11 12:45:10 2006
@@ -28,6 +28,16 @@
</fix>
</changelog>
</subsection>
+ <subsection name="Coyote">
+ <changelog>
+ <fix>
+ Make the default cipher suites available for SSL the same as the set of cipher
+ suites enabled by default rather than the set of all cipher suites. This prevents
+ ciphers suites that do not provide confidentiality protection and/or server
+ authentication being used by default. (markt)
+ </fix>
+ </changelog>
+ </subsection>
<subsection name="Webapps">
<changelog>
<fix>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: svn commit: r385160 - in /tomcat: connectors/trunk/util/java/org/apache/tomcat/util/net/jsse/JSSE13SocketFactory.java connectors/trunk/util/java/org/apache/tomcat/util/net/jsse/JSSE14SocketFactory.java container/tc5.5.x/webapps/docs/changelog.xml
Posted by Bill Barker <wb...@wilshire.com>.
<ma...@apache.org> wrote in message
news:20060311204513.4044.qmail@minotaur.apache.org...
> Author: markt
> Date: Sat Mar 11 12:45:10 2006
> New Revision: 385160
>
> URL: http://svn.apache.org/viewcvs?rev=385160&view=rev
> Log:
> Change default cipher suites to remove insecure ones.
>
Actually, it removes the really high-grade ones as well. But it's probably
better to make those people that want the really high-grade ones configure
it themselves then to allow the low-grade ones in the default.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org