Author: markt
Date: Tue Apr 5 18:13:07 2016
New Revision: 1737866
URL: http://svn.apache.org/viewvc?rev=1737866&view=rev
Log:
Fix the regression in 1737745
Only try and set honorCipherOrder if it appears in the config.
Trying to set this on Java 7 will trigger an error with the JSSE implementation.
Modified:
tomcat/tc8.5.x/trunk/ (props changed)
tomcat/tc8.5.x/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java
tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/compat/Jre8Compat.java
tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/compat/JreCompat.java
tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java
tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java
tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
Propchange: tomcat/tc8.5.x/trunk/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Tue Apr 5 18:13:07 2016
@@ -1 +1 @@
-/tomcat/trunk:1734785,1734799,1734845,1734928,1735041,1735044,1735480,1735577,1735597,1735599-1735600,1735615,1736145,1736162,1736209,1736280,1736297,1736299,1736489,1736646,1736703,1736836,1736849,1737104-1737105,1737112,1737117,1737119-1737120,1737155,1737157,1737192,1737280,1737339,1737632,1737664,1737715,1737748,1737785
+/tomcat/trunk:1734785,1734799,1734845,1734928,1735041,1735044,1735480,1735577,1735597,1735599-1735600,1735615,1736145,1736162,1736209,1736280,1736297,1736299,1736489,1736646,1736703,1736836,1736849,1737104-1737105,1737112,1737117,1737119-1737120,1737155,1737157,1737192,1737280,1737339,1737632,1737664,1737715,1737748,1737785,1737860
Modified:
tomcat/tc8.5.x/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java
URL:
http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java?rev=1737866&r1=1737865&r2=1737866&view=diff
==============================================================================
---
tomcat/tc8.5.x/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java
(original)
+++
tomcat/tc8.5.x/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java
Tue Apr 5 18:13:07 2016
@@ -475,11 +475,11 @@ public abstract class AbstractHttp11Prot
}
- public void setUseServerCipherSuitesOrder(boolean honorCipherOrder) {
+ public void setUseServerCipherSuitesOrder(String honorCipherOrder) {
registerDefaultSSLHostConfig();
defaultSSLHostConfig.setHonorCipherOrder(honorCipherOrder);
}
- public void setSSLHonorCipherOrder(boolean honorCipherOrder) {
+ public void setSSLHonorCipherOrder(String honorCipherOrder) {
registerDefaultSSLHostConfig();
defaultSSLHostConfig.setHonorCipherOrder(honorCipherOrder);
}
Modified:
tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/compat/Jre8Compat.java
URL:
http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/compat/Jre8Compat.java?rev=1737866&r1=1737865&r2=1737866&view=diff
==============================================================================
--- tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/compat/Jre8Compat.java
(original)
+++ tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/compat/Jre8Compat.java Tue
Apr 5 18:13:07 2016
@@ -54,7 +54,8 @@ class Jre8Compat extends JreCompat {
boolean useCipherSuitesOrder) {
SSLParameters sslParameters = engine.getSSLParameters();
try {
- setUseCipherSuitesOrderMethod.invoke(sslParameters,
Boolean.valueOf(useCipherSuitesOrder));
+ setUseCipherSuitesOrderMethod.invoke(sslParameters,
+ Boolean.valueOf(useCipherSuitesOrder));
engine.setSSLParameters(sslParameters);
} catch (IllegalArgumentException e) {
throw new UnsupportedOperationException(e);
Modified: tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/compat/JreCompat.java
URL:
http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/compat/JreCompat.java?rev=1737866&r1=1737865&r2=1737866&view=diff
==============================================================================
--- tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/compat/JreCompat.java
(original)
+++ tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/compat/JreCompat.java Tue
Apr 5 18:13:07 2016
@@ -60,10 +60,7 @@ public class JreCompat {
@SuppressWarnings("unused")
- public void setUseServerCipherSuitesOrder(SSLEngine engine,
- boolean useCipherSuitesOrder) {
- // FIXME: Diasabled for now as it i always called during SSL init,
which makes it fail on Java 7
- //throw new
UnsupportedOperationException(sm.getString("jreCompat.noServerCipherSuiteOrder"));
+ public void setUseServerCipherSuitesOrder(SSLEngine engine, boolean
useCipherSuitesOrder) {
+ throw new
UnsupportedOperationException(sm.getString("jreCompat.noServerCipherSuiteOrder"));
}
-
}
Modified:
tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
URL:
http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java?rev=1737866&r1=1737865&r2=1737866&view=diff
==============================================================================
---
tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
(original)
+++
tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
Tue Apr 5 18:13:07 2016
@@ -145,9 +145,11 @@ public abstract class AbstractJsseEndpoi
engine.setEnabledCipherSuites(sslHostConfig.getEnabledCiphers());
engine.setEnabledProtocols(sslHostConfig.getEnabledProtocols());
- JreCompat.getInstance().setUseServerCipherSuitesOrder(engine,
- sslHostConfig.getHonorCipherOrder());
-
+ String honorCipherOrderStr = sslHostConfig.getHonorCipherOrder();
+ if (honorCipherOrderStr != null) {
+ boolean honorCipherOrder =
Boolean.parseBoolean(honorCipherOrderStr);
+ JreCompat.getInstance().setUseServerCipherSuitesOrder(engine,
honorCipherOrder);
+ }
return engine;
}
@@ -163,7 +165,7 @@ public abstract class AbstractJsseEndpoi
LinkedHashSet<Cipher> serverCiphers = sslHostConfig.getCipherList();
List<Cipher> candidateCiphers = new ArrayList<>();
- if (sslHostConfig.getHonorCipherOrder()) {
+ if (Boolean.parseBoolean(sslHostConfig.getHonorCipherOrder())) {
candidateCiphers.addAll(serverCiphers);
candidateCiphers.retainAll(clientCiphers);
} else {
Modified: tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java
URL:
http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java?rev=1737866&r1=1737865&r2=1737866&view=diff
==============================================================================
--- tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java
(original)
+++ tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java Tue
Apr 5 18:13:07 2016
@@ -425,10 +425,14 @@ public class AprEndpoint extends Abstrac
// Use server's preference order for ciphers (rather than
// client's)
- if (sslHostConfig.getHonorCipherOrder()) {
- SSLContext.setOptions(ctx,
SSL.SSL_OP_CIPHER_SERVER_PREFERENCE);
- } else {
- SSLContext.clearOptions(ctx,
SSL.SSL_OP_CIPHER_SERVER_PREFERENCE);
+ String honorCipherOrderStr =
sslHostConfig.getHonorCipherOrder();
+ if (honorCipherOrderStr != null) {
+ boolean honorCipherOrder =
Boolean.valueOf(honorCipherOrderStr).booleanValue();
+ if (honorCipherOrder) {
+ SSLContext.setOptions(ctx,
SSL.SSL_OP_CIPHER_SERVER_PREFERENCE);
+ } else {
+ SSLContext.clearOptions(ctx,
SSL.SSL_OP_CIPHER_SERVER_PREFERENCE);
+ }
}
// Disable compression if requested
Modified:
tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java
URL:
http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java?rev=1737866&r1=1737865&r2=1737866&view=diff
==============================================================================
--- tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java
(original)
+++ tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java Tue
Apr 5 18:13:07 2016
@@ -86,7 +86,7 @@ public class SSLHostConfig {
private String ciphers;
private LinkedHashSet<Cipher> cipherList = null;
private List<String> jsseCipherNames = null;
- private boolean honorCipherOrder = false;
+ private String honorCipherOrder = null;
private Set<String> protocols = new HashSet<>();
// JSSE
private String keyManagerAlgorithm =
KeyManagerFactory.getDefaultAlgorithm();
@@ -357,12 +357,12 @@ public class SSLHostConfig {
}
- public void setHonorCipherOrder(boolean honorCipherOrder) {
+ public void setHonorCipherOrder(String honorCipherOrder) {
this.honorCipherOrder = honorCipherOrder;
}
- public boolean getHonorCipherOrder() {
+ public String getHonorCipherOrder() {
return honorCipherOrder;
}
Modified:
tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
URL:
http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java?rev=1737866&r1=1737865&r2=1737866&view=diff
==============================================================================
---
tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
(original)
+++
tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
Tue Apr 5 18:13:07 2016
@@ -202,10 +202,13 @@ public class OpenSSLContext implements o
// Use server's preference order for ciphers (rather than
// client's)
- if (sslHostConfig.getHonorCipherOrder()) {
- SSLContext.setOptions(ctx,
SSL.SSL_OP_CIPHER_SERVER_PREFERENCE);
- } else {
- SSLContext.clearOptions(ctx,
SSL.SSL_OP_CIPHER_SERVER_PREFERENCE);
+ String honorCipherOrderStr = sslHostConfig.getHonorCipherOrder();
+ if (honorCipherOrderStr != null) {
+ if (Boolean.parseBoolean(honorCipherOrderStr)) {
+ SSLContext.setOptions(ctx,
SSL.SSL_OP_CIPHER_SERVER_PREFERENCE);
+ } else {
+ SSLContext.clearOptions(ctx,
SSL.SSL_OP_CIPHER_SERVER_PREFERENCE);
+ }
}
// Disable compression if requested
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
