You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2014/08/22 16:38:23 UTC
svn commit: r1619820 - in /tomcat/trunk: java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java test/org/apache/tomcat/util/net/jsse/openssl/TestOpenSSLCipherConfigurationParser.java webapps/docs/changelog.xml

Author: markt
Date: Fri Aug 22 14:38:23 2014
New Revision: 1619820

URL: http://svn.apache.org/r1619820
Log:
Add support for the EECDH alias when using the OpenSSL cipher syntax to define JSSE ciphers.

Modified:
    tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java
    tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestOpenSSLCipherConfigurationParser.java
    tomcat/trunk/webapps/docs/changelog.xml

Modified: tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java?rev=1619820&r1=1619819&r2=1619820&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java Fri Aug 22 14:38:23 2014
@@ -164,6 +164,11 @@ public class OpenSSLCipherConfigurationP
      */
     private static final String kEECDH = "kEECDH";
     /**
+     * Cipher suites using ephemeral ECDH key agreement, excluding anonymous cipher suites.
+     * Same as "kEECDH:-AECDH"
+     */
+    private static final String EECDH = "EECDH";
+    /**
      * Cipher suitesusing ECDH key exchange, including anonymous, ephemeral and fixed ECDH.
      */
     private static final String ECDH = "ECDH";
@@ -407,6 +412,9 @@ public class OpenSSLCipherConfigurationP
         aliases.put(ECDHE, aliases.get(kECDHE));
         addListAlias(kEECDH, filterByKeyExchange(allCiphers, Collections.singleton(KeyExchange.EECDH)));
         aliases.put(EECDHE, aliases.get(kEECDH));
+        Set<Cipher> eecdh = filterByKeyExchange(allCiphers, Collections.singleton(KeyExchange.EECDH));
+        eecdh.removeAll(filterByAuthentication(allCiphers, Collections.singleton(Authentication.aNULL)));
+        addListAlias(EECDH, eecdh);
         addListAlias(aDSS, filterByAuthentication(allCiphers, Collections.singleton(Authentication.DSS)));
         aliases.put("DSS", aliases.get(aDSS));
         addListAlias(aDH, filterByAuthentication(allCiphers, Collections.singleton(Authentication.DH)));

Modified: tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestOpenSSLCipherConfigurationParser.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestOpenSSLCipherConfigurationParser.java?rev=1619820&r1=1619819&r2=1619820&view=diff
==============================================================================
--- tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestOpenSSLCipherConfigurationParser.java (original)
+++ tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestOpenSSLCipherConfigurationParser.java Fri Aug 22 14:38:23 2014
@@ -482,7 +482,6 @@ public class TestOpenSSLCipherConfigurat
 
 
     @Test
-    @Ignore("TODO: Figure out why this fails")
     public void testSpecification03() throws Exception {
         // Reported as failing during 8.0.11 release vote by Ognjen Blagojevic
         testSpecification("EECDH+aRSA+SHA384:EECDH:EDH+aRSA:RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS");

Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1619820&r1=1619819&r2=1619820&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Fri Aug 22 14:38:23 2014
@@ -52,6 +52,10 @@
         ignore unknown criteria rather than throwing a
         <code>NullPointerException</code>. (markt)
       </fix>
+      <add>
+        Add support for the EECDH alias when using the OpenSSL cipher syntax to
+        define JSSE ciphers. (markt)
+      </add>
     </changelog>
   </subsection>
   <subsection name="Jasper">



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org