You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2016/03/03 11:47:31 UTC

svn commit: r1733437 - in /tomcat/trunk: java/org/apache/tomcat/util/net/openssl/ciphers/OpenSSLCipherConfigurationParser.java test/org/apache/tomcat/util/net/openssl/ciphers/TestOpenSSLCipherConfigurationParserOnly.java

Author: markt
Date: Thu Mar  3 10:47:30 2016
New Revision: 1733437

URL: http://svn.apache.org/viewvc?rev=1733437&view=rev
Log:
Revert 1733435. Fix was incorrect. Failign test committed to early

Modified:
    tomcat/trunk/java/org/apache/tomcat/util/net/openssl/ciphers/OpenSSLCipherConfigurationParser.java
    tomcat/trunk/test/org/apache/tomcat/util/net/openssl/ciphers/TestOpenSSLCipherConfigurationParserOnly.java

Modified: tomcat/trunk/java/org/apache/tomcat/util/net/openssl/ciphers/OpenSSLCipherConfigurationParser.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/openssl/ciphers/OpenSSLCipherConfigurationParser.java?rev=1733437&r1=1733436&r2=1733437&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/openssl/ciphers/OpenSSLCipherConfigurationParser.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/openssl/ciphers/OpenSSLCipherConfigurationParser.java Thu Mar  3 10:47:30 2016
@@ -564,7 +564,7 @@ public class OpenSSLCipherConfigurationP
         final LinkedHashSet<Cipher> ecdh = new LinkedHashSet<>(ciphers.size());
 
         /* Everything else being equal, prefer ephemeral ECDH over other key exchange mechanisms */
-        ecdh.addAll(filterByKeyExchange(ciphers, new HashSet<>(Arrays.asList(KeyExchange.EECDH, KeyExchange.ECDHEPSK))));
+        ecdh.addAll(filterByKeyExchange(ciphers, Collections.singleton(KeyExchange.EECDH)));
 
         /* AES is our preferred symmetric cipher */
         Set<Encryption> aes = new HashSet<>(Arrays.asList(Encryption.AES128, Encryption.AES128CCM,

Modified: tomcat/trunk/test/org/apache/tomcat/util/net/openssl/ciphers/TestOpenSSLCipherConfigurationParserOnly.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/net/openssl/ciphers/TestOpenSSLCipherConfigurationParserOnly.java?rev=1733437&r1=1733436&r2=1733437&view=diff
==============================================================================
--- tomcat/trunk/test/org/apache/tomcat/util/net/openssl/ciphers/TestOpenSSLCipherConfigurationParserOnly.java (original)
+++ tomcat/trunk/test/org/apache/tomcat/util/net/openssl/ciphers/TestOpenSSLCipherConfigurationParserOnly.java Thu Mar  3 10:47:30 2016
@@ -84,6 +84,44 @@ public class TestOpenSSLCipherConfigurat
     }
 
     @Test
+    public void testDefaultSort04() throws Exception {
+        // Reproducing a failure observed on Gump with OpenSSL 1.1.x
+        // Note: Failure seems to depend on the order ciphers are added to the
+        //       input list.
+
+        LinkedHashSet<Cipher> input = new LinkedHashSet<>();
+        input.add(Cipher.TLS_DH_anon_WITH_3DES_EDE_CBC_SHA);
+        input.add(Cipher.TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA);
+        input.add(Cipher.TLS_PSK_WITH_RC4_128_SHA);
+        input.add(Cipher.TLS_RSA_WITH_RC4_128_MD5);
+        input.add(Cipher.TLS_RSA_WITH_RC4_128_SHA);
+        input.add(Cipher.TLS_DH_anon_WITH_RC4_128_MD5);
+        input.add(Cipher.TLS_ECDH_anon_WITH_RC4_128_SHA);
+        input.add(Cipher.TLS_DHE_PSK_WITH_RC4_128_SHA);
+        input.add(Cipher.TLS_RSA_PSK_WITH_RC4_128_SHA);
+        input.add(Cipher.TLS_ECDHE_PSK_WITH_RC4_128_SHA);
+        input.add(Cipher.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA);
+        input.add(Cipher.TLS_ECDHE_RSA_WITH_RC4_128_SHA);
+        LinkedHashSet<Cipher> result = OpenSSLCipherConfigurationParser.defaultSort(input);
+
+        LinkedHashSet<Cipher> expected = new LinkedHashSet<>();
+        expected.add(Cipher.TLS_ECDHE_RSA_WITH_RC4_128_SHA);
+        expected.add(Cipher.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA);
+        expected.add(Cipher.TLS_ECDHE_PSK_WITH_RC4_128_SHA);
+        expected.add(Cipher.TLS_RSA_PSK_WITH_RC4_128_SHA);
+        expected.add(Cipher.TLS_DHE_PSK_WITH_RC4_128_SHA);
+        expected.add(Cipher.TLS_ECDH_anon_WITH_RC4_128_SHA);
+        expected.add(Cipher.TLS_DH_anon_WITH_RC4_128_MD5);
+        expected.add(Cipher.TLS_RSA_WITH_RC4_128_SHA);
+        expected.add(Cipher.TLS_RSA_WITH_RC4_128_MD5);
+        expected.add(Cipher.TLS_PSK_WITH_RC4_128_SHA);
+        expected.add(Cipher.TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA);
+        expected.add(Cipher.TLS_DH_anon_WITH_3DES_EDE_CBC_SHA);
+
+        Assert.assertEquals(expected.toString(), result.toString());
+    }
+
+    @Test
     public void testRename01() throws Exception {
         // EDH -> DHE
         LinkedHashSet<Cipher> result =



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org