You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2018/03/16 11:59:53 UTC

svn commit: r1826977 - in /tomcat/trunk/test/org/apache/tomcat/util/net/openssl/ciphers: TestCipher.java TesterOpenSSL.java

Author: markt
Date: Fri Mar 16 11:59:53 2018
New Revision: 1826977

URL: http://svn.apache.org/viewvc?rev=1826977&view=rev
Log:
There is an option to remove TLSv1.3 ciphers so use it.

Modified:
    tomcat/trunk/test/org/apache/tomcat/util/net/openssl/ciphers/TestCipher.java
    tomcat/trunk/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java

Modified: tomcat/trunk/test/org/apache/tomcat/util/net/openssl/ciphers/TestCipher.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/net/openssl/ciphers/TestCipher.java?rev=1826977&r1=1826976&r2=1826977&view=diff
==============================================================================
--- tomcat/trunk/test/org/apache/tomcat/util/net/openssl/ciphers/TestCipher.java (original)
+++ tomcat/trunk/test/org/apache/tomcat/util/net/openssl/ciphers/TestCipher.java Fri Mar 16 11:59:53 2018
@@ -80,14 +80,6 @@ public class TestCipher {
         // TLS 1.3 is still i
         Set<String> availableCipherSuites =
                 TesterOpenSSL.getOpenSSLCiphersAsSet("ALL:eNULL:aRSA");
-        // TODO
-        // Temporary removal of the TLS1.3 ciphers until the spec is final or an
-        // appropriate option is added to the ciphers command
-        availableCipherSuites.remove("TLS13-AES-128-GCM-SHA256+TLSv1.3");
-        availableCipherSuites.remove("TLS13-AES-128-CCM-8-SHA256+TLSv1.3");
-        availableCipherSuites.remove("TLS13-AES-128-CCM-SHA256+TLSv1.3");
-        availableCipherSuites.remove("TLS13-CHACHA20-POLY1305-SHA256+TLSv1.3");
-        availableCipherSuites.remove("TLS13-AES-256-GCM-SHA384+TLSv1.3");
 
         Set<String> expectedCipherSuites = new HashSet<>();
         for (Cipher cipher : Cipher.values()) {

Modified: tomcat/trunk/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java?rev=1826977&r1=1826976&r2=1826977&view=diff
==============================================================================
--- tomcat/trunk/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java (original)
+++ tomcat/trunk/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java Fri Mar 16 11:59:53 2018
@@ -362,13 +362,23 @@ public class TesterOpenSSL {
 
 
     public static String getOpenSSLCiphersAsExpression(String specification) throws Exception {
-        String stdout;
+
+        List<String> args = new ArrayList<>();
+        // Standard command to list the ciphers
+        args.add("ciphers");
+        args.add("-v");
+        if (VERSION == 10101) {
+            // Need to exclude the TLSv1.3 ciphers
+            args.add("-ciphersuites");
+            args.add("\"\"");
+        }
+        // Include the specification if provided
         if (specification == null) {
-            stdout = executeOpenSSLCommand("ciphers", "-v");
-        } else {
-            stdout = executeOpenSSLCommand("ciphers", "-v", specification);
+            args.add(specification);
         }
 
+        String stdout = executeOpenSSLCommand(args.toArray(new String[args.size()]));
+
         if (stdout.length() == 0) {
             return stdout;
         }



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org