You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2015/02/16 12:44:05 UTC
svn commit: r1660074 - in
/tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl: TestCipher.java
TesterOpenSSL.java
Author: markt
Date: Mon Feb 16 11:44:04 2015
New Revision: 1660074
URL: http://svn.apache.org/r1660074
Log:
Fixes for OpenSSL 1.0.2 which implements 24 new DH ciphers.
Modified:
tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestCipher.java
tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TesterOpenSSL.java
Modified: tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestCipher.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestCipher.java?rev=1660074&r1=1660073&r2=1660074&view=diff
==============================================================================
--- tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestCipher.java (original)
+++ tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestCipher.java Mon Feb 16 11:44:04 2015
@@ -92,14 +92,6 @@ public class TestCipher {
if (openSSLAlias.contains("GOST")) {
continue;
}
- // OpenSSL does not implement any DH-DSS or DH-RSA algorithms so
- // exclude them from the expected list
- if (openSSLAlias.startsWith("DH-DSS") || openSSLAlias.startsWith("EXP-DH-DSS")) {
- continue;
- }
- if (openSSLAlias.startsWith("DH-RSA") || openSSLAlias.startsWith("EXP-DH-RSA")) {
- continue;
- }
// OpenSSL does not enable the experimental EXP1024 and
// DHE-DSS-RC4-SHA cipher suites unless the source is explicitly
// patched so exclude them from the expected list
@@ -403,6 +395,10 @@ public class TestCipher {
* http://www-01.ibm.com/support/knowledgecenter/SSYKE2_7.0.0/com.ibm.java.security.component.71.doc/security-component/jsse2Docs/ciphersuites.html?lang=en
* on 29th July 2014.
* <br>
+ * As of 16 February 2015 the list for IBM Java 7 was identical to that for
+ * IBM Java 8
+ * http://www-01.ibm.com/support/knowledgecenter/SSYKE2_8.0.0/com.ibm.java.security.component.80.doc/security-component/jsse2Docs/ciphersuites.html?lang=en
+ * <br>
* Note that IBM cipher suites names can begin with TLS or SSL.
*/
private static final Set<String> CIPHER_SUITE_STANDARD_NAMES_IBM;
@@ -535,12 +531,36 @@ public class TestCipher {
"CAMELLIA256-SHA+SSLv3",
"DES-CBC-MD5+SSLv2",
"DES-CBC3-MD5+SSLv2",
+ "DH-DSS-AES128-GCM-SHA256+TLSv1.2",
+ "DH-DSS-AES256-GCM-SHA384+TLSv1.2",
+ "DH-DSS-AES128-SHA+SSLv3",
+ "DH-DSS-AES128-SHA256+TLSv1.2",
+ "DH-DSS-AES256-SHA+SSLv3",
+ "DH-DSS-AES256-SHA256+TLSv1.2",
+ "DH-DSS-CAMELLIA128-SHA+SSLv3",
+ "DH-DSS-CAMELLIA256-SHA+SSLv3",
+ "DH-DSS-DES-CBC-SHA+SSLv3",
+ "DH-DSS-DES-CBC3-SHA+SSLv3",
+ "DH-DSS-SEED-SHA+SSLv3",
+ "DH-RSA-AES128-GCM-SHA256+TLSv1.2",
+ "DH-RSA-AES256-GCM-SHA384+TLSv1.2",
+ "DH-RSA-AES128-SHA+SSLv3",
+ "DH-RSA-AES128-SHA256+TLSv1.2",
+ "DH-RSA-AES256-SHA+SSLv3",
+ "DH-RSA-AES256-SHA256+TLSv1.2",
+ "DH-RSA-CAMELLIA128-SHA+SSLv3",
+ "DH-RSA-CAMELLIA256-SHA+SSLv3",
+ "DH-RSA-DES-CBC-SHA+SSLv3",
+ "DH-RSA-DES-CBC3-SHA+SSLv3",
+ "DH-RSA-SEED-SHA+SSLv3",
"DHE-DSS-CAMELLIA128-SHA+SSLv3",
"DHE-DSS-CAMELLIA256-SHA+SSLv3",
"DHE-DSS-SEED-SHA+SSLv3",
"DHE-RSA-CAMELLIA128-SHA+SSLv3",
"DHE-RSA-CAMELLIA256-SHA+SSLv3",
"DHE-RSA-SEED-SHA+SSLv3",
+ "EXP-DH-DSS-DES-CBC-SHA+SSLv3",
+ "EXP-DH-RSA-DES-CBC-SHA+SSLv3",
"EXP-RC2-CBC-MD5+SSLv2",
"EXP-RC4-MD5+SSLv2",
"IDEA-CBC-MD5+SSLv2",
Modified: tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TesterOpenSSL.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TesterOpenSSL.java?rev=1660074&r1=1660073&r2=1660074&view=diff
==============================================================================
--- tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TesterOpenSSL.java (original)
+++ tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TesterOpenSSL.java Mon Feb 16 11:44:04 2015
@@ -34,30 +34,6 @@ public class TesterOpenSSL {
public static final Set<Cipher> OPENSSL_UNIMPLEMENTED_CIPHERS =
Collections.unmodifiableSet(new HashSet<>(Arrays.asList(
- Cipher.TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA,
- Cipher.TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA,
- Cipher.TLS_DH_DSS_WITH_AES_256_GCM_SHA384,
- Cipher.TLS_DH_RSA_WITH_AES_256_GCM_SHA384,
- Cipher.TLS_DH_DSS_WITH_AES_256_CBC_SHA256,
- Cipher.TLS_DH_RSA_WITH_AES_256_CBC_SHA256,
- Cipher.TLS_DH_RSA_WITH_AES_256_CBC_SHA,
- Cipher.TLS_DH_DSS_WITH_AES_256_CBC_SHA,
- Cipher.TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
- Cipher.TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
- Cipher.TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA,
- Cipher.TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA,
- Cipher.TLS_DH_DSS_WITH_AES_128_GCM_SHA256,
- Cipher.TLS_DH_RSA_WITH_AES_128_CBC_SHA256,
- Cipher.TLS_DH_DSS_WITH_AES_128_CBC_SHA256,
- Cipher.TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
- Cipher.TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
- Cipher.TLS_DH_RSA_WITH_AES_128_GCM_SHA256,
- Cipher.TLS_DH_RSA_WITH_AES_128_CBC_SHA,
- Cipher.TLS_DH_DSS_WITH_AES_128_CBC_SHA,
- Cipher.TLS_DH_RSA_WITH_DES_CBC_SHA,
- Cipher.TLS_DH_DSS_WITH_DES_CBC_SHA,
- Cipher.TLS_DH_RSA_WITH_SEED_CBC_SHA,
- Cipher.TLS_DH_DSS_WITH_SEED_CBC_SHA,
Cipher.TLS_DHE_DSS_WITH_RC4_128_SHA,
Cipher.SSL_CK_RC2_128_CBC_WITH_MD5,
Cipher.SSL_FORTEZZA_DMS_WITH_NULL_SHA,
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org