You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2021/09/27 08:20:39 UTC
[tomcat] 03/04: Remove handling for old,
unsupported OpenSSL versions
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 529acb8237c3381ff02127496312fc852f84e4b7
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Mon Sep 27 09:18:22 2021 +0100
Remove handling for old, unsupported OpenSSL versions
---
.../TestOpenSSLCipherConfigurationParser.java | 42 +++++-----------------
.../util/net/openssl/ciphers/TesterOpenSSL.java | 16 ++-------
2 files changed, 12 insertions(+), 46 deletions(-)
diff --git a/test/org/apache/tomcat/util/net/openssl/ciphers/TestOpenSSLCipherConfigurationParser.java b/test/org/apache/tomcat/util/net/openssl/ciphers/TestOpenSSLCipherConfigurationParser.java
index 8fa66df..0400f1d 100644
--- a/test/org/apache/tomcat/util/net/openssl/ciphers/TestOpenSSLCipherConfigurationParser.java
+++ b/test/org/apache/tomcat/util/net/openssl/ciphers/TestOpenSSLCipherConfigurationParser.java
@@ -27,23 +27,13 @@ public class TestOpenSSLCipherConfigurationParser {
@Test
public void testDEFAULT() throws Exception {
- if (TesterOpenSSL.VERSION < 10100) {
- // Account for classes of ciphers removed from DEFAULT in 1.1.0
- testSpecification("DEFAULT:!RC4:!DSS:!SEED:!IDEA:!CAMELLIA:!AESCCM:!3DES");
- } else {
- testSpecification("DEFAULT");
- }
+ testSpecification("DEFAULT");
}
@Test
public void testCOMPLEMENTOFDEFAULT() throws Exception {
- if (TesterOpenSSL.VERSION < 10100) {
- // Account for classes of ciphers removed from DEFAULT in 1.1.0
- testSpecification("COMPLEMENTOFDEFAULT:RC4:DSS:SEED:IDEA:CAMELLIA:AESCCM:aNULL:3DES");
- } else {
- testSpecification("COMPLEMENTOFDEFAULT");
- }
+ testSpecification("COMPLEMENTOFDEFAULT");
}
@@ -137,10 +127,7 @@ public class TestOpenSSLCipherConfigurationParser {
@Test
public void testkDHE() throws Exception {
- // This alias was introduced in 1.0.2
- if (TesterOpenSSL.VERSION >= 10002) {
- testSpecification("kDHE");
- }
+ testSpecification("kDHE");
}
@@ -152,10 +139,7 @@ public class TestOpenSSLCipherConfigurationParser {
@Test
public void testDHE() throws Exception {
- // This alias was introduced in 1.0.2
- if (TesterOpenSSL.VERSION >= 10002) {
- testSpecification("DHE");
- }
+ testSpecification("DHE");
}
@@ -300,27 +284,19 @@ public class TestOpenSSLCipherConfigurationParser {
@Test
public void testTLSv1() throws Exception {
- // In OpenSSL 1.1.0-dev, TLSv1 refers to those ciphers that require
- // TLSv1 rather than being an alias for SSLv3
- if (TesterOpenSSL.VERSION >= 10100) {
- testSpecification("TLSv1");
- }
+ testSpecification("TLSv1");
}
@Test
- public void testSSLv2() throws Exception {
- testSpecification("SSLv2");
+ public void testSSLv3() throws Exception {
+ testSpecification("SSLv3");
}
@Test
- public void testSSLv3() throws Exception {
- // In OpenSSL 1.1.0-dev, TLSv1 refers to those ciphers that require
- // TLSv1 rather than being an alias for SSLv3
- if (TesterOpenSSL.VERSION < 10100) {
- testSpecification("SSLv3:TLSv1");
- }
+ public void testSSLv2() throws Exception {
+ testSpecification("SSLv2");
}
diff --git a/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java b/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java
index fe30d7f..946302a 100644
--- a/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java
+++ b/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java
@@ -253,19 +253,9 @@ public class TesterOpenSSL {
// Standard command to list the ciphers
args.add("ciphers");
args.add("-v");
- if (VERSION < 10100) {
- // Need to exclude the GOST ciphers
- if (specification == null) {
- specification = "DEFAULT:!aGOST";
- } else {
- specification = "!aGOST:" + specification;
- }
- }
- if (VERSION >= 10101) {
- // Need to exclude the TLSv1.3 ciphers
- args.add("-ciphersuites");
- args.add("");
- }
+ // Need to exclude the TLSv1.3 ciphers
+ args.add("-ciphersuites");
+ args.add("");
// Include the specification if provided
if (specification != null) {
args.add(specification);
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org