You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2021/07/28 12:25:26 UTC
[tomcat] branch main updated: ALPN support will always be available
with TLS on Java 11+
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new e5f3408 ALPN support will always be available with TLS on Java 11+
e5f3408 is described below
commit e5f340843f746443f4b9b299822101c632473aab
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Wed Jul 28 13:25:13 2021 +0100
ALPN support will always be available with TLS on Java 11+
---
.../apache/coyote/http11/AbstractHttp11Protocol.java | 3 ++-
.../org/apache/tomcat/util/net/AbstractEndpoint.java | 10 ----------
.../apache/tomcat/util/net/AbstractJsseEndpoint.java | 20 --------------------
java/org/apache/tomcat/util/net/AprEndpoint.java | 10 ----------
.../apache/tomcat/util/net/SSLImplementation.java | 2 --
.../tomcat/util/net/jsse/JSSEImplementation.java | 6 ------
.../util/net/openssl/OpenSSLImplementation.java | 6 ------
7 files changed, 2 insertions(+), 55 deletions(-)
diff --git a/java/org/apache/coyote/http11/AbstractHttp11Protocol.java b/java/org/apache/coyote/http11/AbstractHttp11Protocol.java
index abcec73..1051266 100644
--- a/java/org/apache/coyote/http11/AbstractHttp11Protocol.java
+++ b/java/org/apache/coyote/http11/AbstractHttp11Protocol.java
@@ -518,7 +518,8 @@ public abstract class AbstractHttp11Protocol<S> extends AbstractProtocol<S> {
// ALPN
String alpnName = upgradeProtocol.getAlpnName();
if (alpnName != null && alpnName.length() > 0) {
- if (getEndpoint().isAlpnSupported()) {
+ // ALPN is only available with TLS
+ if (getEndpoint().isSSLEnabled()) {
negotiatedProtocols.put(alpnName, upgradeProtocol);
getEndpoint().addNegotiatedProtocol(alpnName);
getLog().info(sm.getString("abstractHttp11Protocol.alpnConfigured",
diff --git a/java/org/apache/tomcat/util/net/AbstractEndpoint.java b/java/org/apache/tomcat/util/net/AbstractEndpoint.java
index 437e1da..2938135 100644
--- a/java/org/apache/tomcat/util/net/AbstractEndpoint.java
+++ b/java/org/apache/tomcat/util/net/AbstractEndpoint.java
@@ -678,16 +678,6 @@ public abstract class AbstractEndpoint<S,U> {
public boolean isSSLEnabled() { return SSLEnabled; }
public void setSSLEnabled(boolean SSLEnabled) { this.SSLEnabled = SSLEnabled; }
- /**
- * Identifies if the endpoint supports ALPN. Note that a return value of
- * <code>true</code> implies that {@link #isSSLEnabled()} will also return
- * <code>true</code>.
- *
- * @return <code>true</code> if the endpoint supports ALPN in its current
- * configuration, otherwise <code>false</code>.
- */
- public abstract boolean isAlpnSupported();
-
private int minSpareThreads = 10;
public void setMinSpareThreads(int minSpareThreads) {
this.minSpareThreads = minSpareThreads;
diff --git a/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java b/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
index 620c279..b28f1e2 100644
--- a/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
+++ b/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
@@ -190,26 +190,6 @@ public abstract class AbstractJsseEndpoint<S,U> extends AbstractEndpoint<S,U> {
@Override
- public boolean isAlpnSupported() {
- // ALPN requires TLS so if TLS is not enabled, ALPN cannot be supported
- if (!isSSLEnabled()) {
- return false;
- }
-
- // Depends on the SSLImplementation.
- SSLImplementation sslImplementation;
- try {
- sslImplementation = SSLImplementation.getInstance(getSslImplementationName());
- } catch (ClassNotFoundException e) {
- // Ignore the exception. It will be logged when trying to start the
- // end point.
- return false;
- }
- return sslImplementation.isAlpnSupported();
- }
-
-
- @Override
public void unbind() throws Exception {
for (SSLHostConfig sslHostConfig : sslHostConfigs.values()) {
for (SSLHostConfigCertificate certificate : sslHostConfig.getCertificates()) {
diff --git a/java/org/apache/tomcat/util/net/AprEndpoint.java b/java/org/apache/tomcat/util/net/AprEndpoint.java
index 3682e55..bf24e6b 100644
--- a/java/org/apache/tomcat/util/net/AprEndpoint.java
+++ b/java/org/apache/tomcat/util/net/AprEndpoint.java
@@ -493,16 +493,6 @@ public class AprEndpoint extends AbstractEndpoint<Long,Long> implements SNICallB
}
-
- @Override
- public boolean isAlpnSupported() {
- // The APR/native connector always supports ALPN if TLS is in use
- // because OpenSSL supports ALPN. Therefore, this is equivalent to
- // testing of SSL is enabled.
- return isSSLEnabled();
- }
-
-
/**
* Start the APR endpoint, creating acceptor, poller and sendfile threads.
*/
diff --git a/java/org/apache/tomcat/util/net/SSLImplementation.java b/java/org/apache/tomcat/util/net/SSLImplementation.java
index c1a769f..8f9dfd0 100644
--- a/java/org/apache/tomcat/util/net/SSLImplementation.java
+++ b/java/org/apache/tomcat/util/net/SSLImplementation.java
@@ -79,6 +79,4 @@ public abstract class SSLImplementation {
public abstract SSLSupport getSSLSupport(SSLSession session, Map<String,List<String>> additionalAttributes);
public abstract SSLUtil getSSLUtil(SSLHostConfigCertificate certificate);
-
- public abstract boolean isAlpnSupported();
}
diff --git a/java/org/apache/tomcat/util/net/jsse/JSSEImplementation.java b/java/org/apache/tomcat/util/net/jsse/JSSEImplementation.java
index be5422b..2004dda 100644
--- a/java/org/apache/tomcat/util/net/jsse/JSSEImplementation.java
+++ b/java/org/apache/tomcat/util/net/jsse/JSSEImplementation.java
@@ -21,7 +21,6 @@ import java.util.Map;
import javax.net.ssl.SSLSession;
-import org.apache.tomcat.util.compat.JreCompat;
import org.apache.tomcat.util.net.SSLHostConfigCertificate;
import org.apache.tomcat.util.net.SSLImplementation;
import org.apache.tomcat.util.net.SSLSupport;
@@ -52,9 +51,4 @@ public class JSSEImplementation extends SSLImplementation {
public SSLUtil getSSLUtil(SSLHostConfigCertificate certificate) {
return new JSSEUtil(certificate);
}
-
- @Override
- public boolean isAlpnSupported() {
- return JreCompat.isAlpnSupported();
- }
}
diff --git a/java/org/apache/tomcat/util/net/openssl/OpenSSLImplementation.java b/java/org/apache/tomcat/util/net/openssl/OpenSSLImplementation.java
index b32b86c..d496e7d 100644
--- a/java/org/apache/tomcat/util/net/openssl/OpenSSLImplementation.java
+++ b/java/org/apache/tomcat/util/net/openssl/OpenSSLImplementation.java
@@ -38,10 +38,4 @@ public class OpenSSLImplementation extends SSLImplementation {
public SSLUtil getSSLUtil(SSLHostConfigCertificate certificate) {
return new OpenSSLUtil(certificate);
}
-
- @Override
- public boolean isAlpnSupported() {
- // OpenSSL supported ALPN
- return true;
- }
}
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org