You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2016/08/27 21:39:18 UTC
svn commit: r1758076 - in /tomcat/tc8.5.x/trunk: ./
java/org/apache/tomcat/util/net/openssl/ciphers/
test/org/apache/tomcat/util/net/openssl/ciphers/ webapps/docs/
Author: markt
Date: Sat Aug 27 21:39:18 2016
New Revision: 1758076
URL: http://svn.apache.org/viewvc?rev=1758076&view=rev
Log:
Furthwe fixes for Gump failures after OpenSSL updates
Modified:
tomcat/tc8.5.x/trunk/ (props changed)
tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/openssl/ciphers/OpenSSLCipherConfigurationParser.java
tomcat/tc8.5.x/trunk/test/org/apache/tomcat/util/net/openssl/ciphers/TestCipher.java
tomcat/tc8.5.x/trunk/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java
tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml
Propchange: tomcat/tc8.5.x/trunk/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Sat Aug 27 21:39:18 2016
@@ -1 +1 @@
-/tomcat/trunk:1734785,1734799,1734845,1734928,1735041,1735044,1735480,1735577,1735597,1735599-1735600,1735615,1736145,1736162,1736209,1736280,1736297,1736299,1736489,1736646,1736703,1736836,1736849,1737104-1737105,1737112,1737117,1737119-1737120,1737155,1737157,1737192,1737280,1737339,1737632,1737664,1737715,1737748,1737785,1737834,1737860,1737903,1737959,1738005,1738007,1738014-1738015,1738018,1738022,1738039,1738043,1738059-1738060,1738147,1738149,1738174-1738175,1738261,1738589,1738623-1738625,1738643,1738816,1738850,1738855,1738946-1738948,1738953-1738954,1738979,1738982,1739079-1739081,1739087,1739113,1739153,1739172,1739176,1739191,1739474,1739726,1739762,1739775,1739814,1739817-1739818,1739975,1740131,1740324,1740465,1740495,1740508-1740509,1740520,1740535,1740707,1740803,1740810,1740969,1740980,1740991,1740997,1741015,1741033,1741036,1741058,1741060,1741080,1741147,1741159,1741164,1741173,1741181,1741190,1741197,1741202,1741208,1741213,1741221,1741225,1741232,1741409,1741501
,1741677,1741892,1741896,1741984,1742023,1742042,1742071,1742090,1742093,1742101,1742105,1742111,1742139,1742146,1742148,1742166,1742181,1742184,1742187,1742246,1742248-1742251,1742263-1742264,1742268,1742276,1742369,1742387,1742448,1742509-1742512,1742917,1742919,1742933,1742975-1742976,1742984,1742986,1743019,1743115,1743117,1743124-1743125,1743134,1743425,1743554,1743679,1743696-1743698,1743700-1743701,1744058,1744064-1744065,1744125,1744194,1744229,1744270,1744323,1744432,1744684,1744697,1744705,1744713,1744760,1744786,1745083,1745142-1745143,1745145,1745177,1745179-1745180,1745227,1745248,1745254,1745337,1745467,1745473,1745576,1745735,1745744,1746304,1746306-1746307,1746319,1746327,1746338,1746340-1746341,1746344,1746427,1746441,1746473,1746490,1746492,1746495-1746496,1746499-1746501,1746503-1746507,1746509,1746549,1746551,1746554,1746556,1746558,1746584,1746620,1746649,1746724,1746939,1746989,1747014,1747028,1747035,1747210,1747225,1747234,1747253,1747404,1747506,1747536,1747
924,1747980,1747993,1748001,1748253,1748452,1748547,1748629,1748676,1748715,1749287,1749296,1749328,1749373,1749465,1749506,1749508,1749665-1749666,1749763,1749865-1749866,1749898,1749978,1749980,1750011,1750015,1750056,1750480,1750617,1750634,1750692,1750697,1750700,1750703,1750707,1750714,1750718,1750723,1750774,1750899,1750975,1750995,1751061,1751097,1751173,1751438,1751447,1751463,1751702,1752212,1752737,1752745,1753078,1753080,1753358,1753363,1754111,1754140-1754141,1754281,1754310,1754445,1754467,1754494,1754496,1754528,1754532-1754533,1754613,1754714,1754874,1754941,1754944,1754950-1754951,1755005,1755007,1755009,1755132,1755180-1755181,1755185,1755190,1755204-1755206,1755208,1755214,1755224,1755227,1755230,1755629,1755646-1755647,1755650,1755653,1755675,1755680,1755683,1755693,1755717,1755731-1755737,1755812,1755828,1755884,1755890,1755918-1755919,1755942,1755958,1755960,1755970,1755993,1756013,1756019,1756039,1756056,1756083-1756114,1756175,1756288-1756289,1756408-1756410,1
756778,1756798,1756878,1756898,1756939,1757123-1757124,1757126,1757128,1757132-1757133,1757136,1757145,1757167-1757168,1757175,1757180,1757182,1757195,1757271,1757278,1757347,1757353-1757354,1757363,1757374,1757399,1757406,1757408,1757485,1757495,1757499,1757527,1757684,1757722,1757727,1757853,1757903,1757997
+/tomcat/trunk:1734785,1734799,1734845,1734928,1735041,1735044,1735480,1735577,1735597,1735599-1735600,1735615,1736145,1736162,1736209,1736280,1736297,1736299,1736489,1736646,1736703,1736836,1736849,1737104-1737105,1737112,1737117,1737119-1737120,1737155,1737157,1737192,1737280,1737339,1737632,1737664,1737715,1737748,1737785,1737834,1737860,1737903,1737959,1738005,1738007,1738014-1738015,1738018,1738022,1738039,1738043,1738059-1738060,1738147,1738149,1738174-1738175,1738261,1738589,1738623-1738625,1738643,1738816,1738850,1738855,1738946-1738948,1738953-1738954,1738979,1738982,1739079-1739081,1739087,1739113,1739153,1739172,1739176,1739191,1739474,1739726,1739762,1739775,1739814,1739817-1739818,1739975,1740131,1740324,1740465,1740495,1740508-1740509,1740520,1740535,1740707,1740803,1740810,1740969,1740980,1740991,1740997,1741015,1741033,1741036,1741058,1741060,1741080,1741147,1741159,1741164,1741173,1741181,1741190,1741197,1741202,1741208,1741213,1741221,1741225,1741232,1741409,1741501
,1741677,1741892,1741896,1741984,1742023,1742042,1742071,1742090,1742093,1742101,1742105,1742111,1742139,1742146,1742148,1742166,1742181,1742184,1742187,1742246,1742248-1742251,1742263-1742264,1742268,1742276,1742369,1742387,1742448,1742509-1742512,1742917,1742919,1742933,1742975-1742976,1742984,1742986,1743019,1743115,1743117,1743124-1743125,1743134,1743425,1743554,1743679,1743696-1743698,1743700-1743701,1744058,1744064-1744065,1744125,1744194,1744229,1744270,1744323,1744432,1744684,1744697,1744705,1744713,1744760,1744786,1745083,1745142-1745143,1745145,1745177,1745179-1745180,1745227,1745248,1745254,1745337,1745467,1745473,1745576,1745735,1745744,1746304,1746306-1746307,1746319,1746327,1746338,1746340-1746341,1746344,1746427,1746441,1746473,1746490,1746492,1746495-1746496,1746499-1746501,1746503-1746507,1746509,1746549,1746551,1746554,1746556,1746558,1746584,1746620,1746649,1746724,1746939,1746989,1747014,1747028,1747035,1747210,1747225,1747234,1747253,1747404,1747506,1747536,1747
924,1747980,1747993,1748001,1748253,1748452,1748547,1748629,1748676,1748715,1749287,1749296,1749328,1749373,1749465,1749506,1749508,1749665-1749666,1749763,1749865-1749866,1749898,1749978,1749980,1750011,1750015,1750056,1750480,1750617,1750634,1750692,1750697,1750700,1750703,1750707,1750714,1750718,1750723,1750774,1750899,1750975,1750995,1751061,1751097,1751173,1751438,1751447,1751463,1751702,1752212,1752737,1752745,1753078,1753080,1753358,1753363,1754111,1754140-1754141,1754281,1754310,1754445,1754467,1754494,1754496,1754528,1754532-1754533,1754613,1754714,1754874,1754941,1754944,1754950-1754951,1755005,1755007,1755009,1755132,1755180-1755181,1755185,1755190,1755204-1755206,1755208,1755214,1755224,1755227,1755230,1755629,1755646-1755647,1755650,1755653,1755675,1755680,1755683,1755693,1755717,1755731-1755737,1755812,1755828,1755884,1755890,1755918-1755919,1755942,1755958,1755960,1755970,1755993,1756013,1756019,1756039,1756056,1756083-1756114,1756175,1756288-1756289,1756408-1756410,1
756778,1756798,1756878,1756898,1756939,1757123-1757124,1757126,1757128,1757132-1757133,1757136,1757145,1757167-1757168,1757175,1757180,1757182,1757195,1757271,1757278,1757347,1757353-1757354,1757363,1757374,1757399,1757406,1757408,1757485,1757495,1757499,1757527,1757684,1757722,1757727,1757853,1757903,1757997,1758072-1758075
Modified: tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/openssl/ciphers/OpenSSLCipherConfigurationParser.java
URL: http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/openssl/ciphers/OpenSSLCipherConfigurationParser.java?rev=1758076&r1=1758075&r2=1758076&view=diff
==============================================================================
--- tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/openssl/ciphers/OpenSSLCipherConfigurationParser.java (original)
+++ tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/openssl/ciphers/OpenSSLCipherConfigurationParser.java Sat Aug 27 21:39:18 2016
@@ -421,10 +421,6 @@ public class OpenSSLCipherConfigurationP
List<Cipher> allCiphersList = Arrays.asList(Cipher.values());
Collections.reverse(allCiphersList);
LinkedHashSet<Cipher> allCiphers = defaultSort(new LinkedHashSet<>(allCiphersList));
- // OpenSSL has disabled 3DES by default so remove it from the set of
- // known ciphers
- allCiphers.removeAll(filterByEncryption(allCiphers, Collections.singleton(Encryption.TRIPLE_DES)));
-
addListAlias(eNULL, filterByEncryption(allCiphers, Collections.singleton(Encryption.eNULL)));
LinkedHashSet<Cipher> all = new LinkedHashSet<>(allCiphers);
remove(all, eNULL);
Modified: tomcat/tc8.5.x/trunk/test/org/apache/tomcat/util/net/openssl/ciphers/TestCipher.java
URL: http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/test/org/apache/tomcat/util/net/openssl/ciphers/TestCipher.java?rev=1758076&r1=1758075&r2=1758076&view=diff
==============================================================================
--- tomcat/tc8.5.x/trunk/test/org/apache/tomcat/util/net/openssl/ciphers/TestCipher.java (original)
+++ tomcat/tc8.5.x/trunk/test/org/apache/tomcat/util/net/openssl/ciphers/TestCipher.java Sat Aug 27 21:39:18 2016
@@ -73,11 +73,10 @@ public class TestCipher {
*/
@Test
public void testOpenSSLCipherAvailability() throws Exception {
- // OpenSSL 0.9.8 does not include aNULL or eNULL in all.
// OpenSSL does not include ECDH/ECDHE ciphers in all and there is no
// EC alias. Use aRSA.
// OpenSSL 1.0.0 onwards does not include eNULL in all.
- Set<String> availableCipherSuites = TesterOpenSSL.getOpenSSLCiphersAsSet("ALL:eNULL:aNULL:aRSA");
+ Set<String> availableCipherSuites = TesterOpenSSL.getOpenSSLCiphersAsSet("ALL:eNULL:aRSA");
Set<String> expectedCipherSuites = new HashSet<>();
for (Cipher cipher : Cipher.values()) {
if (TesterOpenSSL.OPENSSL_UNIMPLEMENTED_CIPHERS.contains(cipher)) {
Modified: tomcat/tc8.5.x/trunk/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java
URL: http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java?rev=1758076&r1=1758075&r2=1758076&view=diff
==============================================================================
--- tomcat/tc8.5.x/trunk/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java (original)
+++ tomcat/tc8.5.x/trunk/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java Sat Aug 27 21:39:18 2016
@@ -44,11 +44,19 @@ public class TesterOpenSSL {
} catch (IOException e) {
versionString = "";
}
- if (versionString.startsWith("OpenSSL 1.1.0")) {
+ if (versionString.startsWith("OpenSSL 1.1.1")) {
+ // Note: Gump currently tests 9.0.x with OpenSSL master
+ // (a.k.a 1.1.1-dev)
+ VERSION = 10101;
+ } else if (versionString.startsWith("OpenSSL 1.1.0")) {
+ // Support ends 2018-04-30
VERSION = 10100;
} else if (versionString.startsWith("OpenSSL 1.0.2")) {
+ // Support ends 2019-12-31 (LTS)
+ // Note: Gump current tests 8.0.x with OpenSSL 1.0.2
VERSION = 10002;
} else if (versionString.startsWith("OpenSSL 1.0.1")) {
+ // Support ends 2016-12-31
VERSION = 10001;
// Note: Release branches 1.0.0 and earlier are no longer supported by
// the OpenSSL team so these tests don't support them either.
@@ -122,7 +130,22 @@ public class TesterOpenSSL {
} else {
// These were removed in 1.0.2 so won't be available from that
// version onwards.
- // None at present.
+ // DES and 3DES require compile time switches to enable. Treat as
+ // removed.
+ unimplemented.add(Cipher.TLS_PSK_WITH_3DES_EDE_CBC_SHA);
+ unimplemented.add(Cipher.TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA);
+ unimplemented.add(Cipher.TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA);
+ unimplemented.add(Cipher.TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA);
+ unimplemented.add(Cipher.TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA);
+ unimplemented.add(Cipher.TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA);
+ unimplemented.add(Cipher.TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA);
+ unimplemented.add(Cipher.TLS_DH_anon_WITH_3DES_EDE_CBC_SHA);
+ unimplemented.add(Cipher.TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA);
+ unimplemented.add(Cipher.TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA);
+ unimplemented.add(Cipher.TLS_RSA_WITH_3DES_EDE_CBC_SHA);
+ unimplemented.add(Cipher.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA);
+ unimplemented.add(Cipher.TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA);
+ unimplemented.add(Cipher.TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA);
}
if (VERSION < 10100) {
@@ -301,11 +324,7 @@ public class TesterOpenSSL {
if (specification == null) {
stdout = executeOpenSSLCommand("ciphers", "-v");
} else {
- if (VERSION < 10000) {
- stdout = executeOpenSSLCommand("ciphers", "-v", specification);
- } else {
- stdout = executeOpenSSLCommand("ciphers", "-v", specification);
- }
+ stdout = executeOpenSSLCommand("ciphers", "-v", specification);
}
if (stdout.length() == 0) {
Modified: tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml?rev=1758076&r1=1758075&r2=1758076&view=diff
==============================================================================
--- tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml Sat Aug 27 21:39:18 2016
@@ -216,7 +216,7 @@
Patch provided by Svetlin Zarev. (markt)
</fix>
<fix>
- OpenSSl now disables 3DES by default so reflect this when using OpenSSL
+ OpenSSL now disables 3DES by default so reflect this when using OpenSSL
syntax to select ciphers. (markt)
</fix>
<fix>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org