You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2021/09/27 08:20:39 UTC

[tomcat] 03/04: Remove handling for old, unsupported OpenSSL versions

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 529acb8237c3381ff02127496312fc852f84e4b7
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Mon Sep 27 09:18:22 2021 +0100

    Remove handling for old, unsupported OpenSSL versions
---
 .../TestOpenSSLCipherConfigurationParser.java      | 42 +++++-----------------
 .../util/net/openssl/ciphers/TesterOpenSSL.java    | 16 ++-------
 2 files changed, 12 insertions(+), 46 deletions(-)

diff --git a/test/org/apache/tomcat/util/net/openssl/ciphers/TestOpenSSLCipherConfigurationParser.java b/test/org/apache/tomcat/util/net/openssl/ciphers/TestOpenSSLCipherConfigurationParser.java
index 8fa66df..0400f1d 100644
--- a/test/org/apache/tomcat/util/net/openssl/ciphers/TestOpenSSLCipherConfigurationParser.java
+++ b/test/org/apache/tomcat/util/net/openssl/ciphers/TestOpenSSLCipherConfigurationParser.java
@@ -27,23 +27,13 @@ public class TestOpenSSLCipherConfigurationParser {
 
     @Test
     public void testDEFAULT() throws Exception {
-        if (TesterOpenSSL.VERSION < 10100) {
-            // Account for classes of ciphers removed from DEFAULT in 1.1.0
-            testSpecification("DEFAULT:!RC4:!DSS:!SEED:!IDEA:!CAMELLIA:!AESCCM:!3DES");
-        } else {
-            testSpecification("DEFAULT");
-        }
+        testSpecification("DEFAULT");
     }
 
 
     @Test
     public void testCOMPLEMENTOFDEFAULT() throws Exception {
-        if (TesterOpenSSL.VERSION < 10100) {
-            // Account for classes of ciphers removed from DEFAULT in 1.1.0
-            testSpecification("COMPLEMENTOFDEFAULT:RC4:DSS:SEED:IDEA:CAMELLIA:AESCCM:aNULL:3DES");
-        } else {
-            testSpecification("COMPLEMENTOFDEFAULT");
-        }
+        testSpecification("COMPLEMENTOFDEFAULT");
     }
 
 
@@ -137,10 +127,7 @@ public class TestOpenSSLCipherConfigurationParser {
 
     @Test
     public void testkDHE() throws Exception {
-        // This alias was introduced in 1.0.2
-        if (TesterOpenSSL.VERSION >= 10002) {
-            testSpecification("kDHE");
-        }
+        testSpecification("kDHE");
     }
 
 
@@ -152,10 +139,7 @@ public class TestOpenSSLCipherConfigurationParser {
 
     @Test
     public void testDHE() throws Exception {
-        // This alias was introduced in 1.0.2
-        if (TesterOpenSSL.VERSION >= 10002) {
-            testSpecification("DHE");
-        }
+        testSpecification("DHE");
     }
 
 
@@ -300,27 +284,19 @@ public class TestOpenSSLCipherConfigurationParser {
 
     @Test
     public void testTLSv1() throws Exception {
-        // In OpenSSL 1.1.0-dev, TLSv1 refers to those ciphers that require
-        // TLSv1 rather than being an alias for SSLv3
-        if (TesterOpenSSL.VERSION >= 10100) {
-            testSpecification("TLSv1");
-        }
+        testSpecification("TLSv1");
     }
 
 
     @Test
-    public void testSSLv2() throws Exception {
-        testSpecification("SSLv2");
+    public void testSSLv3() throws Exception {
+        testSpecification("SSLv3");
     }
 
 
     @Test
-    public void testSSLv3() throws Exception {
-        // In OpenSSL 1.1.0-dev, TLSv1 refers to those ciphers that require
-        // TLSv1 rather than being an alias for SSLv3
-        if (TesterOpenSSL.VERSION < 10100) {
-            testSpecification("SSLv3:TLSv1");
-        }
+    public void testSSLv2() throws Exception {
+        testSpecification("SSLv2");
     }
 
 
diff --git a/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java b/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java
index fe30d7f..946302a 100644
--- a/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java
+++ b/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java
@@ -253,19 +253,9 @@ public class TesterOpenSSL {
         // Standard command to list the ciphers
         args.add("ciphers");
         args.add("-v");
-        if (VERSION < 10100) {
-            // Need to exclude the GOST ciphers
-            if (specification == null) {
-                specification = "DEFAULT:!aGOST";
-            } else {
-                specification = "!aGOST:" + specification;
-            }
-        }
-        if (VERSION >= 10101) {
-            // Need to exclude the TLSv1.3 ciphers
-            args.add("-ciphersuites");
-            args.add("");
-        }
+        // Need to exclude the TLSv1.3 ciphers
+        args.add("-ciphersuites");
+        args.add("");
         // Include the specification if provided
         if (specification != null) {
             args.add(specification);

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org