This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new 970ce7cef2 Add utility method to check if a named cipher suite is from
TLS 1.3
970ce7cef2 is described below
commit 970ce7cef2301dd4aad01f3a218b8687499103e2
Author: Mark Thomas <[email protected]>
AuthorDate: Fri Jan 9 19:07:31 2026 +0000
Add utility method to check if a named cipher suite is from TLS 1.3
Will be used by upcoming TLSv1.3 cipher configuration support
---
.../ciphers/OpenSSLCipherConfigurationParser.java | 26 ++++++++++++++++++++++
1 file changed, 26 insertions(+)
diff --git
a/java/org/apache/tomcat/util/net/openssl/ciphers/OpenSSLCipherConfigurationParser.java
b/java/org/apache/tomcat/util/net/openssl/ciphers/OpenSSLCipherConfigurationParser.java
index 10c5dfefd9..666bbad903 100644
---
a/java/org/apache/tomcat/util/net/openssl/ciphers/OpenSSLCipherConfigurationParser.java
+++
b/java/org/apache/tomcat/util/net/openssl/ciphers/OpenSSLCipherConfigurationParser.java
@@ -72,6 +72,8 @@ public class OpenSSLCipherConfigurationParser {
*/
private static final Map<String,List<Cipher>> aliases = new
LinkedHashMap<>();
+ private static final Set<String> tls13CipherSuiteNames = new HashSet<>();
+
/**
* the 'NULL' ciphers that is those offering no encryption. Because these
offer no encryption at all and are a
* security risk they are disabled unless explicitly included.
@@ -423,6 +425,16 @@ public class OpenSSLCipherConfigurationParser {
for (String jsseName : jsseNames) {
jsseToOpenSSL.put(jsseName, cipher.getOpenSSLAlias());
}
+
+ if (cipher.getProtocol().equals(Protocol.TLSv1_3)) {
+ tls13CipherSuiteNames.add(cipher.getOpenSSLAlias());
+ /*
+ * The TLS 1.3 cipher suites do not, currently (January 2026),
have any alternative names defined so the
+ * following two calls are NO-OPs but are implemented in case
alternative names are used in the future.
+ */
+ tls13CipherSuiteNames.addAll(cipher.getOpenSSLAltNames());
+ tls13CipherSuiteNames.addAll(cipher.getJsseNames());
+ }
}
List<Cipher> allCiphersList = Arrays.asList(Cipher.values());
Collections.reverse(allCiphersList);
@@ -819,6 +831,20 @@ public class OpenSSLCipherConfigurationParser {
return result;
}
+ /**
+ * Determines if the provided name is the name of a TLS 1.3 cipher suite.
+ *
+ * @param cipherSuiteName The name to test
+ *
+ * @return {@code true} if the provided String is recognised as the name
of a TLS 1.3 cipherSuite.
+ */
+ public static boolean isTls13Cipher(String cipherSuiteName) {
+ if (!initialized) {
+ init();
+ }
+ return tls13CipherSuiteNames.contains(cipherSuiteName);
+ }
+
/**
* Parse the specified expression according to the OpenSSL syntax and
returns a list of standard JSSE cipher names.
*
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
