Author: fschumacher
Date: Sun Mar 13 14:04:10 2016
New Revision: 1734808
URL: http://svn.apache.org/viewvc?rev=1734808&view=rev
Log:
Use reflection to detect the presence of SSLParameters#setUseCipherSuitesOrder,
which is a java 8 method
Modified:
tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/LocalStrings.properties
tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java
Modified:
tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
URL:
http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java?rev=1734808&r1=1734807&r2=1734808&view=diff
==============================================================================
---
tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
(original)
+++
tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
Sun Mar 13 14:04:10 2016
@@ -16,6 +16,8 @@
*/
package org.apache.tomcat.util.net;
+import java.lang.reflect.InvocationTargetException;
+import java.lang.reflect.Method;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.LinkedHashSet;
@@ -146,7 +148,20 @@ public abstract class AbstractJsseEndpoi
engine.setEnabledProtocols(sslHostConfig.getEnabledProtocols());
SSLParameters sslParameters = engine.getSSLParameters();
-
sslParameters.setUseCipherSuitesOrder(sslHostConfig.getHonorCipherOrder());
+ if (sslHostConfig.getHonorCipherOrder()) {
+ // SSLParameters#setUseCipherSuiteOrder is java 8 and upwards
+ try {
+ Method m = SSLParameters.class.getMethod(
+ "setUseCipherSuitesOrder", Boolean.TYPE);
+ m.invoke(sslParameters, Boolean.TRUE);
+ } catch (NoSuchMethodException | SecurityException
+ | IllegalAccessException | IllegalArgumentException
+ | InvocationTargetException e) {
+ throw new UnsupportedOperationException(
+
sm.getString("endpoint.jsse.cannotHonorServerCipherOrder"),
+ e);
+ }
+ }
// In case the getter returns a defensive copy
engine.setSSLParameters(sslParameters);
Modified:
tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/LocalStrings.properties
URL:
http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/LocalStrings.properties?rev=1734808&r1=1734807&r2=1734808&view=diff
==============================================================================
---
tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/LocalStrings.properties
(original)
+++
tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/LocalStrings.properties
Sun Mar 13 14:04:10 2016
@@ -77,6 +77,7 @@ endpoint.apr.pollUnknownEvent=A socket w
endpoint.apr.tooManyCertFiles=More certificate files were configured than the
AprEndpoint can handle
endpoint.apr.remoteport=APR socket [{0}] opened with remote port [{1}]
endpoint.jsse.noSslContext=No SSLContext could be found for the host name [{0}]
+endpoint.jsse.cannotHonorServerCipherOrder=Java Runtime does not support
"useServerCipherSuitesOrder". You must use Java 8 or later to use this feature.
endpoint.nio.selectorCloseFail=Failed to close selector when closing the poller
endpoint.nio.timeoutCme=Exception during processing of timeouts. The code has
been checked repeatedly and no concurrent modification has been found. If you
are able to repeat this error please open a Tomcat bug and provide the steps to
reproduce.
endpoint.nio2.exclusiveExecutor=The NIO2 connector requires an exclusive
executor to operate properly on shutdown
Modified:
tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java
URL:
http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java?rev=1734808&r1=1734807&r2=1734808&view=diff
==============================================================================
--- tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java
(original)
+++ tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java Sun
Mar 13 14:04:10 2016
@@ -25,6 +25,7 @@ import java.util.Map;
import java.util.Set;
import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.SSLParameters;
import javax.net.ssl.TrustManagerFactory;
import org.apache.juli.logging.Log;
@@ -347,6 +348,11 @@ public class SSLHostConfig {
public void setHonorCipherOrder(boolean honorCipherOrder) {
+ try {
+ SSLParameters.class.getMethod("setUseCipherSuitesOrder",
Boolean.TYPE);
+ } catch (NoSuchMethodException | SecurityException e) {
+ throw new
UnsupportedOperationException(sm.getString("endpoint.jsse.cannotHonorServerCipherOrder"),
e);
+ }
this.honorCipherOrder = honorCipherOrder;
}
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
