On 17/12/2015 19:23, Mark Thomas wrote: > On 17/12/2015 18:36, Konstantin Kolinko wrote: >> 2015-12-17 18:30 GMT+03:00 <ma...@apache.org>: >>> Author: markt >>> Date: Thu Dec 17 15:30:11 2015 >>> New Revision: 1720604 >>> >>> URL: http://svn.apache.org/viewvc?rev=1720604&view=rev >>> Log: >>> Align cipher names with proposed names for registry >>> >>> Modified: >>> tomcat/trunk/java/org/apache/tomcat/util/net/openssl/ciphers/Cipher.java >>> >>> Modified: >>> tomcat/trunk/java/org/apache/tomcat/util/net/openssl/ciphers/Cipher.java >>> URL: >>> http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/openssl/ciphers/Cipher.java?rev=1720604&r1=1720603&r2=1720604&view=diff >>> ============================================================================== >>> --- >>> tomcat/trunk/java/org/apache/tomcat/util/net/openssl/ciphers/Cipher.java >>> (original) >>> +++ >>> tomcat/trunk/java/org/apache/tomcat/util/net/openssl/ciphers/Cipher.java >>> Thu Dec 17 15:30:11 2015 >>> @@ -4324,7 +4324,7 @@ public enum Cipher { >>> null >>> ), >>> // draft-ietf-tl\s-chacha20-poly1305-03 >> >> Regarding the above comment: >> >> 1) A typo ('tl\s') >> >> 2) It would be better with working URL to ietf site, like you wrote in >> TestCipher in r1720603: >>>> + // From >>>> https://tools.ietf.org/html/draft-ietf-tls-chacha20-poly1305-04 >>>> + // These might change. >> >> 3) The above comment says "-03" that is version 03 of the draft, but >> the URL in TestCipher says -04, version 04. >> I wonder why the difference. > > Because the OpenSSL commit referenced draft 03 before I found there was > a later one. > >> This is why I think an URL is better. > > I'll update it. > > Right now I'm more concerned about figuring out how OpenSSL is ordering > the ciphers because my tests so far seem to indicate there is ordering > going on that I haven't found in the OpenSSL code yet. I need to do some > more testing to confirm exactly what ordering OpenSSL is applying.
And 30s after typing this I figure out what is happening. OpenSSL isn't applying any ordering. It is just that the default ordering for ciphers of the same preference have different default orders in our code and in OpenSSL. I need to refactor the tests to take this into account. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
