You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2014/08/05 17:46:37 UTC
svn commit: r1615947 - in /tomcat/trunk:
java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
webapps/docs/changelog.xml
Author: markt
Date: Tue Aug 5 15:46:37 2014
New Revision: 1615947
URL: http://svn.apache.org/r1615947
Log:
Simplify catch block
Enable Tomcat to start when using SSL with an IBM JRE in strict SP800-131a mode.
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
tomcat/trunk/webapps/docs/changelog.xml
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java?rev=1615947&r1=1615946&r2=1615947&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java Tue Aug 5 15:46:37 2014
@@ -108,6 +108,7 @@ public class JSSESocketFactory implement
String[] ciphers = null;
String[] protocols = null;
try {
+ // BZ 56780 IBM JRE can throw IllegalArgumentException here
context = SSLContext.getInstance("TLS");
context.init(null, null, null);
SSLServerSocketFactory ssf = context.getServerSocketFactory();
@@ -129,12 +130,11 @@ public class JSSESocketFactory implement
SSLServerSocket socket = (SSLServerSocket) ssf.createServerSocket();
ciphers = socket.getEnabledCipherSuites();
protocols = socket.getEnabledProtocols();
- } catch (NoSuchAlgorithmException e) {
- // Assume no RFC 5746 support
- } catch (KeyManagementException e) {
- // Assume no RFC 5746 support
- } catch (IOException e) {
- // Unable to determine default ciphers/protocols so use none
+ } catch (NoSuchAlgorithmException | KeyManagementException | IOException |
+ IllegalArgumentException e) {
+ // Assume no RFC 5746 support if an SSLContext could not be created
+ // If an IOException is thrown trying to determine default
+ // ciphers/protocols use none as the default
}
RFC_5746_SUPPORTED = result;
DEFAULT_SERVER_CIPHER_SUITES = ciphers;
Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1615947&r1=1615946&r2=1615947&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Tue Aug 5 15:46:37 2014
@@ -137,6 +137,10 @@
that no weak ciphers are enabled by default. (remm)
</fix>
<fix>
+ <bug>56780</bug>: Enable Tomcat to start when using SSL with an IBM JRE
+ in strict SP800-131a mode. (markt)
+ </fix>
+ <fix>
<bug>56810</bug>: Remove use of Java 8 specific API calls in unit tests
for OpenSSL to JSSE cipher conversion. (markt)
</fix>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org