You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2016/04/09 20:33:41 UTC
svn commit: r1738369 - in
/tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net:
AbstractEndpoint.java AbstractJsseEndpoint.java LocalStrings.properties
Author: markt
Date: Sat Apr 9 18:33:41 2016
New Revision: 1738369
URL: http://svn.apache.org/viewvc?rev=1738369&view=rev
Log:
Follow-up to r1737745
Check the support for cipher ordering on connector init and fail then else the error won't be visible until the first user tries a TLS connection.
Modified:
tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java
tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/LocalStrings.properties
Modified: tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java
URL: http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java?rev=1738369&r1=1738368&r2=1738369&view=diff
==============================================================================
--- tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java (original)
+++ tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java Sat Apr 9 18:33:41 2016
@@ -793,13 +793,14 @@ public abstract class AbstractEndpoint<S
public abstract void startInternal() throws Exception;
public abstract void stopInternal() throws Exception;
- public final void init() throws Exception {
+ public void init() throws Exception {
if (bindOnInit) {
bind();
bindState = BindState.BOUND_ON_INIT;
}
}
+
public final void start() throws Exception {
if (bindState == BindState.UNBOUND) {
bind();
Modified: tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
URL: http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java?rev=1738369&r1=1738368&r2=1738369&view=diff
==============================================================================
--- tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java (original)
+++ tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java Sat Apr 9 18:33:41 2016
@@ -62,6 +62,7 @@ public abstract class AbstractJsseEndpoi
}
+
@Override
protected Type getSslConfigType() {
if (OpenSSLImplementation.class.getName().equals(sslImplementationName)) {
@@ -189,6 +190,28 @@ public abstract class AbstractJsseEndpoi
}
+ @Override
+ public void init() throws Exception {
+ testServerCipherSuitesOrderSupport();
+ super.init();
+ }
+
+
+ private void testServerCipherSuitesOrderSupport() {
+ // Only need to test for this if running on Java < 8 and not using the
+ // OpenSSL SSLImplementation
+ if(!JreCompat.isJre8Available() &&
+ !OpenSSLImplementation.class.getName().equals(getSslImplementationName())) {
+ for (SSLHostConfig sslHostConfig : sslHostConfigs.values()) {
+ if (!"".equals(sslHostConfig.getHonorCipherOrder().trim())) {
+ throw new UnsupportedOperationException(
+ sm.getString("endpoint.jsse.cannotHonorServerCipherOrder"));
+ }
+ }
+ }
+ }
+
+
@Override
public void unbind() throws Exception {
for (SSLHostConfig sslHostConfig : sslHostConfigs.values()) {
Modified: tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/LocalStrings.properties
URL: http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/LocalStrings.properties?rev=1738369&r1=1738368&r2=1738369&view=diff
==============================================================================
--- tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/LocalStrings.properties (original)
+++ tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/LocalStrings.properties Sat Apr 9 18:33:41 2016
@@ -72,6 +72,7 @@ endpoint.apr.pollMergeEvents=Merge polle
endpoint.apr.pollUnknownEvent=A socket was returned from the poller with an unrecognized event [{0}]
endpoint.apr.tooManyCertFiles=More certificate files were configured than the AprEndpoint can handle
endpoint.apr.remoteport=APR socket [{0}] opened with remote port [{1}]
+endpoint.jsse.cannotHonorServerCipherOrder=The Java Runtime does not support "useServerCipherSuitesOrder" with JSSE. You must use OpenSSL or Java 8 onwards to use this feature.
endpoint.jsse.noSslContext=No SSLContext could be found for the host name [{0}]
endpoint.nio.selectorCloseFail=Failed to close selector when closing the poller
endpoint.nio.timeoutCme=Exception during processing of timeouts. The code has been checked repeatedly and no concurrent modification has been found. If you are able to repeat this error please open a Tomcat bug and provide the steps to reproduce.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org