You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by ma...@apache.org on 2006/03/11 21:45:12 UTC

svn commit: r385160 - in /tomcat: connectors/trunk/util/java/org/apache/tomcat/util/net/jsse/JSSE13SocketFactory.java connectors/trunk/util/java/org/apache/tomcat/util/net/jsse/JSSE14SocketFactory.java container/tc5.5.x/webapps/docs/changelog.xml

Author: markt
Date: Sat Mar 11 12:45:10 2006
New Revision: 385160

URL: http://svn.apache.org/viewcvs?rev=385160&view=rev
Log:
Change default cipher suites to remove insecure ones.

Modified:
    tomcat/connectors/trunk/util/java/org/apache/tomcat/util/net/jsse/JSSE13SocketFactory.java
    tomcat/connectors/trunk/util/java/org/apache/tomcat/util/net/jsse/JSSE14SocketFactory.java
    tomcat/container/tc5.5.x/webapps/docs/changelog.xml

Modified: tomcat/connectors/trunk/util/java/org/apache/tomcat/util/net/jsse/JSSE13SocketFactory.java
URL: http://svn.apache.org/viewcvs/tomcat/connectors/trunk/util/java/org/apache/tomcat/util/net/jsse/JSSE13SocketFactory.java?rev=385160&r1=385159&r2=385160&view=diff
==============================================================================
--- tomcat/connectors/trunk/util/java/org/apache/tomcat/util/net/jsse/JSSE13SocketFactory.java (original)
+++ tomcat/connectors/trunk/util/java/org/apache/tomcat/util/net/jsse/JSSE13SocketFactory.java Sat Mar 11 12:45:10 2006
@@ -126,7 +126,7 @@
             // Determine which cipher suites to enable
             String requestedCiphers = (String)attributes.get("ciphers");
             enabledCiphers = getEnabledCiphers(requestedCiphers,
-                     sslProxy.getSupportedCipherSuites());
+                     sslProxy.getDefaultCipherSuites());
 
         } catch(Exception e) {
             if( e instanceof IOException )

Modified: tomcat/connectors/trunk/util/java/org/apache/tomcat/util/net/jsse/JSSE14SocketFactory.java
URL: http://svn.apache.org/viewcvs/tomcat/connectors/trunk/util/java/org/apache/tomcat/util/net/jsse/JSSE14SocketFactory.java?rev=385160&r1=385159&r2=385160&view=diff
==============================================================================
--- tomcat/connectors/trunk/util/java/org/apache/tomcat/util/net/jsse/JSSE14SocketFactory.java (original)
+++ tomcat/connectors/trunk/util/java/org/apache/tomcat/util/net/jsse/JSSE14SocketFactory.java Sat Mar 11 12:45:10 2006
@@ -117,7 +117,7 @@
             // Determine which cipher suites to enable
             String requestedCiphers = (String)attributes.get("ciphers");
             enabledCiphers = getEnabledCiphers(requestedCiphers,
-                                               sslProxy.getSupportedCipherSuites());
+                                               sslProxy.getDefaultCipherSuites());
 
         } catch(Exception e) {
             if( e instanceof IOException )

Modified: tomcat/container/tc5.5.x/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewcvs/tomcat/container/tc5.5.x/webapps/docs/changelog.xml?rev=385160&r1=385159&r2=385160&view=diff
==============================================================================
--- tomcat/container/tc5.5.x/webapps/docs/changelog.xml (original)
+++ tomcat/container/tc5.5.x/webapps/docs/changelog.xml Sat Mar 11 12:45:10 2006
@@ -28,6 +28,16 @@
       </fix>
     </changelog>
   </subsection>
+  <subsection name="Coyote">
+    <changelog>
+      <fix>
+        Make the default cipher suites available for SSL the same as the set of cipher
+        suites enabled by default rather than the set of all cipher suites. This prevents
+        ciphers suites that do not provide confidentiality protection and/or server
+        authentication being used by default. (markt)
+      </fix>
+    </changelog>
+  </subsection>
   <subsection name="Webapps">
     <changelog>
       <fix>



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

Re: svn commit: r385160 - in /tomcat: connectors/trunk/util/java/org/apache/tomcat/util/net/jsse/JSSE13SocketFactory.java connectors/trunk/util/java/org/apache/tomcat/util/net/jsse/JSSE14SocketFactory.java container/tc5.5.x/webapps/docs/changelog.xml

Posted by Bill Barker <wb...@wilshire.com>.

<ma...@apache.org> wrote in message 
news:20060311204513.4044.qmail@minotaur.apache.org...
> Author: markt
> Date: Sat Mar 11 12:45:10 2006
> New Revision: 385160
>
> URL: http://svn.apache.org/viewcvs?rev=385160&view=rev
> Log:
> Change default cipher suites to remove insecure ones.
>

Actually, it removes the really high-grade ones as well.  But it's probably 
better to make those people that want the really high-grade ones configure 
it themselves then to allow the low-grade ones in the default.




---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org