This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 11.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/11.0.x by this push:
new 4decf9f7b3 Remove support for the FZA aliases
4decf9f7b3 is described below
commit 4decf9f7b3ebd7fb7c0353ce049393bcd09c3fc1
Author: Mark Thomas <[email protected]>
AuthorDate: Tue Feb 10 16:18:52 2026 +0000
Remove support for the FZA aliases
---
.../ciphers/OpenSSLCipherConfigurationParser.java | 21 ----------
.../TestOpenSSLCipherConfigurationParser.java | 48 +++++++++++-----------
webapps/docs/changelog.xml | 8 ++--
3 files changed, 29 insertions(+), 48 deletions(-)
diff --git
a/java/org/apache/tomcat/util/net/openssl/ciphers/OpenSSLCipherConfigurationParser.java
b/java/org/apache/tomcat/util/net/openssl/ciphers/OpenSSLCipherConfigurationParser.java
index 8add5928d2..f8e1042745 100644
---
a/java/org/apache/tomcat/util/net/openssl/ciphers/OpenSSLCipherConfigurationParser.java
+++
b/java/org/apache/tomcat/util/net/openssl/ciphers/OpenSSLCipherConfigurationParser.java
@@ -199,22 +199,6 @@ public class OpenSSLCipherConfigurationParser {
* Cipher suites effectively using ECDSA authentication, i.e. the
certificates carry ECDSA keys.
*/
private static final String ECDSA = "ECDSA";
- /**
- * Ciphers suites using FORTEZZA key exchange algorithms.
- */
- private static final String kFZA = "kFZA";
- /**
- * Ciphers suites using FORTEZZA authentication algorithms.
- */
- private static final String aFZA = "aFZA";
- /**
- * Ciphers suites using FORTEZZA encryption algorithms.
- */
- private static final String eFZA = "eFZA";
- /**
- * Ciphers suites using all FORTEZZA algorithms.
- */
- private static final String FZA = "FZA";
/**
* Cipher suites using DH, including anonymous DH, ephemeral DH and fixed
DH.
*/
@@ -476,11 +460,6 @@ public class OpenSSLCipherConfigurationParser {
addListAlias(aECDH, filterByAuthentication(allCiphers,
Collections.singleton(Authentication.ECDH)));
addListAlias(ECDSA, filterByAuthentication(allCiphers,
Collections.singleton(Authentication.ECDSA)));
aliases.put(aECDSA, aliases.get(ECDSA));
- addListAlias(kFZA, filterByKeyExchange(allCiphers,
Collections.singleton(KeyExchange.FZA)));
- addListAlias(aFZA, filterByAuthentication(allCiphers,
Collections.singleton(Authentication.FZA)));
- addListAlias(eFZA, filterByEncryption(allCiphers,
Collections.singleton(Encryption.FZA)));
- addListAlias(FZA, filter(allCiphers, null,
Collections.singleton(KeyExchange.FZA),
- Collections.singleton(Authentication.FZA),
Collections.singleton(Encryption.FZA), null, null));
addListAlias(Constants.SSL_PROTO_TLSv1_2,
filterByProtocol(allCiphers,
Collections.singleton(Protocol.TLSv1_2)));
addListAlias(Constants.SSL_PROTO_TLSv1_0, filterByProtocol(allCiphers,
Collections.singleton(Protocol.TLSv1)));
diff --git
a/test/org/apache/tomcat/util/net/openssl/ciphers/TestOpenSSLCipherConfigurationParser.java
b/test/org/apache/tomcat/util/net/openssl/ciphers/TestOpenSSLCipherConfigurationParser.java
index c48bcb40d6..2c092efa7a 100644
---
a/test/org/apache/tomcat/util/net/openssl/ciphers/TestOpenSSLCipherConfigurationParser.java
+++
b/test/org/apache/tomcat/util/net/openssl/ciphers/TestOpenSSLCipherConfigurationParser.java
@@ -232,30 +232,6 @@ public class TestOpenSSLCipherConfigurationParser {
}
- @Test
- public void testkFZA() throws Exception {
- testSpecification("kFZA");
- }
-
-
- @Test
- public void testaFZA() throws Exception {
- testSpecification("aFZA");
- }
-
-
- @Test
- public void testeFZA() throws Exception {
- testSpecification("eFZA");
- }
-
-
- @Test
- public void testFZA() throws Exception {
- testSpecification("FZA");
- }
-
-
@Test
public void testTLSv1_2() throws Exception {
testSpecification("TLSv1.2");
@@ -599,6 +575,30 @@ public class TestOpenSSLCipherConfigurationParser {
}
+ @Test
+ public void testSpecificationIsEmptykFZA() throws Exception {
+ testSpecificationIsEmpty("kFZA");
+ }
+
+
+ @Test
+ public void testSpecificationIsEmptyaFZA() throws Exception {
+ testSpecificationIsEmpty("aFZA");
+ }
+
+
+ @Test
+ public void testSpecificationIsEmptyeFZA() throws Exception {
+ testSpecificationIsEmpty("eFZA");
+ }
+
+
+ @Test
+ public void testSpecificationIsEmptyFZA() throws Exception {
+ testSpecificationIsEmpty("FZA");
+ }
+
+
private void testSpecificationIsEmpty(String specification) throws
Exception {
String openSSLCipherList =
TesterOpenSSL.getOpenSSLCiphersAsExpression(specification);
Assert.assertEquals("Specification [" + specification + "] returned ["
+ openSSLCipherList +
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 0e7baf198b..155a76005c 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -120,9 +120,11 @@
<fix>
To maintain the documented alignment with the OpenSSL development
branch, the use of the aliases <code>SSLv3</code>, <code>EXPORT</code>,
- <code>EXPORT40</code>, <code>EXPORT56</code> and <code>KRB5</code> are
- no longer supported when setting the <code>ciphers</code> attribute of
- an <code>SSLHostConfig</code> element. (markt)
+ <code>EXPORT40</code>, <code>EXPORT56</code>, <code>KRB5</code>,
+ <code>kFZA</code>, <code>aFZA</code>, <code>eFZA</code> and
+ <code>FZA</code> are no longer supported when setting the
+ <code>ciphers</code> attribute of an <code>SSLHostConfig</code>
element.
+ (markt)
</fix>
<fix>
To maintain the documented alignment with the OpenSSL development
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
