You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by sc...@apache.org on 2015/02/27 05:05:46 UTC
svn commit: r1662632 - in
/tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/net/jsse:
JSSESocketFactory.java res/LocalStrings.properties
Author: schultz
Date: Fri Feb 27 04:05:46 2015
New Revision: 1662632
URL: http://svn.apache.org/r1662632
Log:
Additional fix for https://bz.apache.org/bugzilla/show_bug.cgi?id=55988
Include support for useServerCipherSuiteOrder for Java BIO connector.
Modified:
tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/net/jsse/res/LocalStrings.properties
Modified: tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
URL: http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java?rev=1662632&r1=1662631&r2=1662632&view=diff
==============================================================================
--- tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java (original)
+++ tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java Fri Feb 27 04:05:46 2015
@@ -22,6 +22,8 @@ import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
+import java.lang.reflect.InvocationTargetException;
+import java.lang.reflect.Method;
import java.net.InetAddress;
import java.net.ServerSocket;
import java.net.Socket;
@@ -52,6 +54,7 @@ import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.ManagerFactoryParameters;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
+import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSession;
@@ -773,6 +776,52 @@ public class JSSESocketFactory implement
}
/**
+ * Configures SSLEngine to honor cipher suites ordering based upon
+ * endpoint configuration.
+ *
+ * @throws InvalidAlgorithmParameterException If the runtime JVM doesn't
+ * support this setting.
+ */
+ protected void configureUseServerCipherSuitesOrder(SSLServerSocket socket) {
+ String useServerCipherSuitesOrderStr = endpoint
+ .getUseServerCipherSuitesOrder().trim();
+
+ // Only use this feature if the user explicitly requested its use.
+ if(!"".equals(useServerCipherSuitesOrderStr)) {
+ SSLParameters sslParameters = socket.getSSLParameters();
+ boolean useServerCipherSuitesOrder =
+ ("true".equalsIgnoreCase(useServerCipherSuitesOrderStr)
+ || "yes".equalsIgnoreCase(useServerCipherSuitesOrderStr));
+
+ try {
+ // This method is only available in Java 8+
+ // Check to see if the method exists, and then call it.
+ Method m = SSLParameters.class.getMethod("setUseCipherSuitesOrder",
+ Boolean.TYPE);
+
+ m.invoke(sslParameters, Boolean.valueOf(useServerCipherSuitesOrder));
+ }
+ catch (NoSuchMethodException nsme) {
+ throw new UnsupportedOperationException(sm.getString("endpoint.jsse.cannotHonorServerCipherOrder"),
+ nsme);
+ } catch (InvocationTargetException ite) {
+ // Should not happen
+ throw new UnsupportedOperationException(sm.getString("endpoint.jsse.cannotHonorServerCipherOrder"),
+ ite);
+ } catch (IllegalArgumentException iae) {
+ // Should not happen
+ throw new UnsupportedOperationException(sm.getString("endpoint.jsse.cannotHonorServerCipherOrder"),
+ iae);
+ } catch (IllegalAccessException e) {
+ // Should not happen
+ throw new UnsupportedOperationException(sm.getString("endpoint.jsse.cannotHonorServerCipherOrder"),
+ e);
+ }
+ socket.setSSLParameters(sslParameters);
+ }
+ }
+
+ /**
* Configures the given SSL server socket with the requested cipher suites,
* protocol versions, and need for client authentication
*/
@@ -786,6 +835,7 @@ public class JSSESocketFactory implement
// we don't know if client auth is needed -
// after parsing the request we may re-handshake
configureClientAuth(socket);
+ configureUseServerCipherSuitesOrder(socket);
}
/**
Modified: tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/net/jsse/res/LocalStrings.properties
URL: http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/net/jsse/res/LocalStrings.properties?rev=1662632&r1=1662631&r2=1662632&view=diff
==============================================================================
--- tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/net/jsse/res/LocalStrings.properties (original)
+++ tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/net/jsse/res/LocalStrings.properties Fri Feb 27 04:05:46 2015
@@ -35,3 +35,4 @@ jsseSupport.serverRenegDisabled=SSL serv
jsseSupport.unexpectedData=Unexpected data read from input stream
jsse.openssl.unknownElement=Unknown element in cipher string: {0}
jsse.openssl.effectiveCiphers=Ciphers used: {0}
+jsse.cannotHonorServerCipherOrder=Java Runtime does not support "useServerCipherSuitesOrder". You must use Java 8 or later to use this feature.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org