On 28/03/2016 10:51, [email protected] wrote: > Author: markt > Date: Mon Mar 28 09:51:14 2016 > New Revision: 1736849 > > URL: http://svn.apache.org/viewvc?rev=1736849&view=rev > Log: > TLSv1 is not exactly the same as SSLv3. Some ciphers are only available for > TLSv1.
Hmm. As far as I can tell, OpenSSL 1.1.x and OpenSSL 1.0.x have a different view on what TLSv1 means. It looks like: 1.1.x treats it as those ciphers that require TLSv1 1.0.x treats it as an alias for SSLv3. Currently 9.0.x is aligned with 1.1.x and 8.0.x is aligned with 1.0.x. I'm going to align 8.5.x with 1.1.x. Experience tells me this stuff is easy to get wrong so a second pair of eyes would be appreciated. Mark > > Modified: > > tomcat/trunk/java/org/apache/tomcat/util/net/openssl/ciphers/OpenSSLCipherConfigurationParser.java > > Modified: > tomcat/trunk/java/org/apache/tomcat/util/net/openssl/ciphers/OpenSSLCipherConfigurationParser.java > URL: > http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/openssl/ciphers/OpenSSLCipherConfigurationParser.java?rev=1736849&r1=1736848&r2=1736849&view=diff > ============================================================================== > --- > tomcat/trunk/java/org/apache/tomcat/util/net/openssl/ciphers/OpenSSLCipherConfigurationParser.java > (original) > +++ > tomcat/trunk/java/org/apache/tomcat/util/net/openssl/ciphers/OpenSSLCipherConfigurationParser.java > Mon Mar 28 09:51:14 2016 > @@ -479,7 +479,7 @@ public class OpenSSLCipherConfigurationP > addListAlias(Constants.SSL_PROTO_TLSv1_2, > filterByProtocol(allCiphers, Collections.singleton(Protocol.TLSv1_2))); > addListAlias(Constants.SSL_PROTO_TLSv1_0, > filterByProtocol(allCiphers, Collections.singleton(Protocol.TLSv1))); > addListAlias(Constants.SSL_PROTO_SSLv3, filterByProtocol(allCiphers, > Collections.singleton(Protocol.SSLv3))); > - aliases.put(Constants.SSL_PROTO_TLSv1, > aliases.get(Constants.SSL_PROTO_SSLv3)); > + aliases.put(Constants.SSL_PROTO_TLSv1, > aliases.get(Constants.SSL_PROTO_TLSv1_0)); > addListAlias(Constants.SSL_PROTO_SSLv2, filterByProtocol(allCiphers, > Collections.singleton(Protocol.SSLv2))); > addListAlias(DH, filterByKeyExchange(allCiphers, new > HashSet<>(Arrays.asList(KeyExchange.DHr, KeyExchange.DHd, KeyExchange.EDH)))); > Set<Cipher> adh = filterByKeyExchange(allCiphers, > Collections.singleton(KeyExchange.EDH)); > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
