This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 15019f6f29 Add utility method to check if a named cipher suite is from
TLS 1.3
15019f6f29 is described below
commit 15019f6f297f994696b53b25fa6389d0fcd7a9bb
Author: Mark Thomas <[email protected]>
AuthorDate: Fri Jan 9 19:07:31 2026 +0000
Add utility method to check if a named cipher suite is from TLS 1.3
Will be used by upcoming TLSv1.3 cipher configuration support
---
.../ciphers/OpenSSLCipherConfigurationParser.java | 26 ++++++++++++++++++++++
1 file changed, 26 insertions(+)
diff --git
a/java/org/apache/tomcat/util/net/openssl/ciphers/OpenSSLCipherConfigurationParser.java
b/java/org/apache/tomcat/util/net/openssl/ciphers/OpenSSLCipherConfigurationParser.java
index 34c38907d0..3335b2081a 100644
---
a/java/org/apache/tomcat/util/net/openssl/ciphers/OpenSSLCipherConfigurationParser.java
+++
b/java/org/apache/tomcat/util/net/openssl/ciphers/OpenSSLCipherConfigurationParser.java
@@ -72,6 +72,8 @@ public class OpenSSLCipherConfigurationParser {
*/
private static final Map<String,List<Cipher>> aliases = new
LinkedHashMap<>();
+ private static final Set<String> tls13CipherSuiteNames = new HashSet<>();
+
/**
* the 'NULL' ciphers that is those offering no encryption. Because these
offer no encryption at all and are a
* security risk they are disabled unless explicitly included.
@@ -423,6 +425,16 @@ public class OpenSSLCipherConfigurationParser {
for (String jsseName : jsseNames) {
jsseToOpenSSL.put(jsseName, cipher.getOpenSSLAlias());
}
+
+ if (cipher.getProtocol().equals(Protocol.TLSv1_3)) {
+ tls13CipherSuiteNames.add(cipher.getOpenSSLAlias());
+ /*
+ * The TLS 1.3 cipher suites do not, currently (January 2026),
have any alternative names defined so the
+ * following two calls are NO-OPs but are implemented in case
alternative names are used in the future.
+ */
+ tls13CipherSuiteNames.addAll(cipher.getOpenSSLAltNames());
+ tls13CipherSuiteNames.addAll(cipher.getJsseNames());
+ }
}
List<Cipher> allCiphersList = Arrays.asList(Cipher.values());
Collections.reverse(allCiphersList);
@@ -819,6 +831,20 @@ public class OpenSSLCipherConfigurationParser {
return result;
}
+ /**
+ * Determines if the provided name is the name of a TLS 1.3 cipher suite.
+ *
+ * @param cipherSuiteName The name to test
+ *
+ * @return {@code true} if the provided String is recognised as the name
of a TLS 1.3 cipherSuite.
+ */
+ public static boolean isTls13Cipher(String cipherSuiteName) {
+ if (!initialized) {
+ init();
+ }
+ return tls13CipherSuiteNames.contains(cipherSuiteName);
+ }
+
/**
* Parse the specified expression according to the OpenSSL syntax and
returns a list of standard JSSE cipher names.
*
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
