This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 11.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/11.0.x by this push:
new 8f1fa8b71d Add test cases for issues discovered during 1.3.2 release
vote
8f1fa8b71d is described below
commit 8f1fa8b71d83f2a77ab5f87aaa2bd8e31fd6a652
Author: Mark Thomas <[email protected]>
AuthorDate: Thu Dec 18 11:31:36 2025 +0000
Add test cases for issues discovered during 1.3.2 release vote
---
java/org/apache/tomcat/util/net/SSLHostConfig.java | 4 +--
.../tomcat/util/net/TestClientCertTls13.java | 33 ++++++++++++++++++++++
2 files changed, 35 insertions(+), 2 deletions(-)
diff --git a/java/org/apache/tomcat/util/net/SSLHostConfig.java
b/java/org/apache/tomcat/util/net/SSLHostConfig.java
index b2aa792d8b..710f7d3409 100644
--- a/java/org/apache/tomcat/util/net/SSLHostConfig.java
+++ b/java/org/apache/tomcat/util/net/SSLHostConfig.java
@@ -59,8 +59,8 @@ public class SSLHostConfig implements Serializable {
// keys in Maps.
protected static final String DEFAULT_SSL_HOST_NAME = "_default_";
protected static final Set<String> SSL_PROTO_ALL_SET = new HashSet<>();
- private static final String DEFAULT_TLS_12_BELOW_CIPHERS =
"HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA";
- private static final String DEFAULT_TLS_13_ABOVE_CIPHERS =
"TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256";
+ protected static final String DEFAULT_TLS_12_BELOW_CIPHERS =
"HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA";
+ protected static final String DEFAULT_TLS_13_ABOVE_CIPHERS =
"TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256";
public static final String DEFAULT_TLS_CIPHERS =
DEFAULT_TLS_12_BELOW_CIPHERS + ":" + DEFAULT_TLS_13_ABOVE_CIPHERS;
static {
diff --git a/test/org/apache/tomcat/util/net/TestClientCertTls13.java
b/test/org/apache/tomcat/util/net/TestClientCertTls13.java
index 0b103fa40c..79515982b7 100644
--- a/test/org/apache/tomcat/util/net/TestClientCertTls13.java
+++ b/test/org/apache/tomcat/util/net/TestClientCertTls13.java
@@ -23,6 +23,7 @@ import java.util.List;
import org.junit.Assert;
import org.junit.Assume;
+import org.junit.Ignore;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;
@@ -108,6 +109,38 @@ public class TestClientCertTls13 extends TomcatBaseTest {
Assert.assertEquals("OK-" + size, res.toString());
}
+ @Test
+ @Ignore // Currently fails with Tomcat Native 1.3.2 (unreleased)
+ public void testCiphersTLS12Only() throws Exception {
+ Tomcat tomcat = getTomcatInstance();
+ SSLHostConfig sslHostConfig =
tomcat.getConnector().findSslHostConfigs()[0];
+ sslHostConfig.setCiphers(SSLHostConfig.DEFAULT_TLS_12_BELOW_CIPHERS);
+
+ tomcat.start();
+
+ Assume.assumeFalse("LibreSSL does not allow PHA",
+ TesterSupport.isOpenSSLVariant(sslImplementationName,
OpenSSLStatus.Name.LIBRESSL));
+
+ ByteChunk res = getUrl("https://localhost:"; + getPort() +
"/protected");
+ Assert.assertEquals("OK-" + TesterSupport.ROLE, res.toString());
+ }
+
+ @Test
+ @Ignore // Currently fails with Tomcat Native 1.3.1
+ public void testCiphersTLS13Only() throws Exception {
+ Tomcat tomcat = getTomcatInstance();
+ SSLHostConfig sslHostConfig =
tomcat.getConnector().findSslHostConfigs()[0];
+ sslHostConfig.setCiphers(SSLHostConfig.DEFAULT_TLS_13_ABOVE_CIPHERS);
+
+ tomcat.start();
+
+ Assume.assumeFalse("LibreSSL does not allow PHA",
+ TesterSupport.isOpenSSLVariant(sslImplementationName,
OpenSSLStatus.Name.LIBRESSL));
+
+ ByteChunk res = getUrl("https://localhost:"; + getPort() +
"/protected");
+ Assert.assertEquals("OK-" + TesterSupport.ROLE, res.toString());
+ }
+
@Override
public void setUp() throws Exception {
super.setUp();
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
