Author: markt Date: Tue Jul 29 13:26:54 2014 New Revision: 1614342 URL: http://svn.apache.org/r1614342 Log: Make test for OpenSSL to JSSE mapping for sophisticated. Still commented out as there are still failures that need to be resolved.
Modified: tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestCipher.java Modified: tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestCipher.java URL: http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestCipher.java?rev=1614342&r1=1614341&r2=1614342&view=diff ============================================================================== --- tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestCipher.java (original) +++ tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestCipher.java Tue Jul 29 13:26:54 2014 @@ -1,6 +1,8 @@ package org.apache.tomcat.util.net.jsse.openssl; import java.io.InputStream; +import java.util.Arrays; +import java.util.Collections; import java.util.HashSet; import java.util.List; import java.util.Set; @@ -23,8 +25,26 @@ public class TestCipher { for (String openSSLCipherSuite : openSSLCipherSuites) { List<String> jsseCipherSuites = OpenSSLCipherConfigurationParser.parseExpression(openSSLCipherSuite); - Assert.assertTrue("The OpenSSL cipher suite " + openSSLCipherSuite + - " does not map to a JSSE cipher suite", jsseCipherSuites.size() > 0); + + for (JsseImpl jsseImpl : JSSE_IMPLS) { + boolean found = false; + for (String jsseCipherSuite : jsseCipherSuites) { + if (jsseImpl.getStandardNames().contains(jsseCipherSuite)) { + found = true; + Assert.assertFalse("Mapping found in " + jsseImpl.getVendor() + + "'s JSSE implementation for " + openSSLCipherSuite + + " when none was expected", + jsseImpl.getOpenSslUnmapped().contains(openSSLCipherSuite)); + break; + } + } + if (!found) { + Assert.assertTrue("No mapping found in " + jsseImpl.getVendor() + + "'s JSSE implementation for " + openSSLCipherSuite + + " when one was expected", + jsseImpl.getOpenSslUnmapped().contains(openSSLCipherSuite)); + } + } } } @@ -60,4 +80,388 @@ public class TestCipher { IOTools.flow(stdout, stdoutBytes); return stdoutBytes.toString(); } + + + /** + * These are all the Oracle standard Java names for cipher suites taken from + * http://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#ciphersuites + * on 15th July 2014. + */ + private static final Set<String> CIPHER_SUITE_STANDARD_NAMES_ORACLE = + Collections.unmodifiableSet(new HashSet<>(Arrays.asList( + "SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA", + "SSL_DH_anon_EXPORT_WITH_RC4_40_MD5", + "SSL_DH_anon_WITH_3DES_EDE_CBC_SHA", + "TLS_DH_anon_WITH_AES_128_CBC_SHA", + "TLS_DH_anon_WITH_AES_128_CBC_SHA256", + "TLS_DH_anon_WITH_AES_128_GCM_SHA256", + "TLS_DH_anon_WITH_AES_256_CBC_SHA", + "TLS_DH_anon_WITH_AES_256_CBC_SHA256", + "TLS_DH_anon_WITH_AES_256_GCM_SHA384", + "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA", + "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256", + "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA", + "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256", + "SSL_DH_anon_WITH_DES_CBC_SHA", + "SSL_DH_anon_WITH_RC4_128_MD5", + "TLS_DH_anon_WITH_SEED_CBC_SHA", + "SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA", + "SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA", + "TLS_DH_DSS_WITH_AES_128_CBC_SHA", + "TLS_DH_DSS_WITH_AES_128_CBC_SHA256", + "TLS_DH_DSS_WITH_AES_128_GCM_SHA256", + "TLS_DH_DSS_WITH_AES_256_CBC_SHA", + "TLS_DH_DSS_WITH_AES_256_CBC_SHA256", + "TLS_DH_DSS_WITH_AES_256_GCM_SHA384", + "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA", + "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256", + "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA", + "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256", + "SSL_DH_DSS_WITH_DES_CBC_SHA", + "TLS_DH_DSS_WITH_SEED_CBC_SHA", + "SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA", + "SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA", + "TLS_DH_RSA_WITH_AES_128_CBC_SHA", + "TLS_DH_RSA_WITH_AES_128_CBC_SHA256", + "TLS_DH_RSA_WITH_AES_128_GCM_SHA256", + "TLS_DH_RSA_WITH_AES_256_CBC_SHA", + "TLS_DH_RSA_WITH_AES_256_CBC_SHA256", + "TLS_DH_RSA_WITH_AES_256_GCM_SHA384", + "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA", + "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256", + "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA", + "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256", + "SSL_DH_RSA_WITH_DES_CBC_SHA", + "TLS_DH_RSA_WITH_SEED_CBC_SHA", + "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", + "SSL_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA", + "SSL_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA", + "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA", + "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", + "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256", + "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256", + "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", + "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256", + "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384", + "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA", + "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256", + "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA", + "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256", + "SSL_DHE_DSS_WITH_DES_CBC_SHA", + "SSL_DHE_DSS_WITH_RC4_128_SHA", + "TLS_DHE_DSS_WITH_SEED_CBC_SHA", + "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA", + "TLS_DHE_PSK_WITH_AES_128_CBC_SHA", + "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256", + "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256", + "TLS_DHE_PSK_WITH_AES_256_CBC_SHA", + "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384", + "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384", + "TLS_DHE_PSK_WITH_NULL_SHA", + "TLS_DHE_PSK_WITH_NULL_SHA256", + "TLS_DHE_PSK_WITH_NULL_SHA384", + "TLS_DHE_PSK_WITH_RC4_128_SHA", + "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", + "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA", + "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", + "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", + "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", + "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", + "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", + "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", + "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA", + "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256", + "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA", + "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256", + "SSL_DHE_RSA_WITH_DES_CBC_SHA", + "TLS_DHE_RSA_WITH_SEED_CBC_SHA", + "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA", + "TLS_ECDH_anon_WITH_AES_128_CBC_SHA", + "TLS_ECDH_anon_WITH_AES_256_CBC_SHA", + "TLS_ECDH_anon_WITH_NULL_SHA", + "TLS_ECDH_anon_WITH_RC4_128_SHA", + "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", + "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", + "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256", + "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256", + "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", + "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384", + "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384", + "TLS_ECDH_ECDSA_WITH_NULL_SHA", + "TLS_ECDH_ECDSA_WITH_RC4_128_SHA", + "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", + "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", + "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256", + "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256", + "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", + "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384", + "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384", + "TLS_ECDH_RSA_WITH_NULL_SHA", + "TLS_ECDH_RSA_WITH_RC4_128_SHA", + "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", + "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", + "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", + "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", + "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", + "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", + "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", + "TLS_ECDHE_ECDSA_WITH_NULL_SHA", + "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", + "TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA", + "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA", + "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256", + "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA", + "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384", + "TLS_ECDHE_PSK_WITH_NULL_SHA", + "TLS_ECDHE_PSK_WITH_NULL_SHA256", + "TLS_ECDHE_PSK_WITH_NULL_SHA384", + "TLS_ECDHE_PSK_WITH_RC4_128_SHA", + "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", + "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", + "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", + "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", + "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", + "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", + "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", + "TLS_ECDHE_RSA_WITH_NULL_SHA", + "TLS_ECDHE_RSA_WITH_RC4_128_SHA", + "TLS_EMPTY_RENEGOTIATION_INFO_SCSV", + "SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA", + "SSL_FORTEZZA_DMS_WITH_NULL_SHA", + "TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5", + "TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA", + "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5", + "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA", + "TLS_KRB5_EXPORT_WITH_RC4_40_MD5", + "TLS_KRB5_EXPORT_WITH_RC4_40_SHA", + "TLS_KRB5_WITH_3DES_EDE_CBC_MD5", + "TLS_KRB5_WITH_3DES_EDE_CBC_SHA", + "TLS_KRB5_WITH_DES_CBC_MD5", + "TLS_KRB5_WITH_DES_CBC_SHA", + "TLS_KRB5_WITH_IDEA_CBC_MD5", + "TLS_KRB5_WITH_IDEA_CBC_SHA", + "TLS_KRB5_WITH_RC4_128_MD5", + "TLS_KRB5_WITH_RC4_128_SHA", + "TLS_PSK_WITH_3DES_EDE_CBC_SHA", + "TLS_PSK_WITH_AES_128_CBC_SHA", + "TLS_PSK_WITH_AES_128_CBC_SHA256", + "TLS_PSK_WITH_AES_128_GCM_SHA256", + "TLS_PSK_WITH_AES_256_CBC_SHA", + "TLS_PSK_WITH_AES_256_CBC_SHA384", + "TLS_PSK_WITH_AES_256_GCM_SHA384", + "TLS_PSK_WITH_NULL_SHA", + "TLS_PSK_WITH_NULL_SHA256", + "TLS_PSK_WITH_NULL_SHA384", + "TLS_PSK_WITH_RC4_128_SHA", + "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", + "SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5", + "SSL_RSA_EXPORT_WITH_RC4_40_MD5", + "SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA", + "SSL_RSA_EXPORT1024_WITH_RC4_56_SHA", + "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA", + "SSL_RSA_FIPS_WITH_DES_CBC_SHA", + "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA", + "TLS_RSA_PSK_WITH_AES_128_CBC_SHA", + "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256", + "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256", + "TLS_RSA_PSK_WITH_AES_256_CBC_SHA", + "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384", + "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384", + "TLS_RSA_PSK_WITH_NULL_SHA", + "TLS_RSA_PSK_WITH_NULL_SHA256", + "TLS_RSA_PSK_WITH_NULL_SHA384", + "TLS_RSA_PSK_WITH_RC4_128_SHA", + "SSL_RSA_WITH_3DES_EDE_CBC_SHA", + "TLS_RSA_WITH_AES_128_CBC_SHA", + "TLS_RSA_WITH_AES_128_CBC_SHA256", + "TLS_RSA_WITH_AES_128_GCM_SHA256", + "TLS_RSA_WITH_AES_256_CBC_SHA", + "TLS_RSA_WITH_AES_256_CBC_SHA256", + "TLS_RSA_WITH_AES_256_GCM_SHA384", + "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA", + "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256", + "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA", + "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256", + "SSL_RSA_WITH_DES_CBC_SHA", + "SSL_RSA_WITH_IDEA_CBC_SHA", + "SSL_RSA_WITH_NULL_MD5", + "SSL_RSA_WITH_NULL_SHA", + "TLS_RSA_WITH_NULL_SHA256", + "SSL_RSA_WITH_RC4_128_MD5", + "SSL_RSA_WITH_RC4_128_SHA", + "TLS_RSA_WITH_SEED_CBC_SHA", + "TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA", + "TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA", + "TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA", + "TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA", + "TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA", + "TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA", + "TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA", + "TLS_SRP_SHA_WITH_AES_128_CBC_SHA", + "TLS_SRP_SHA_WITH_AES_256_CBC_SHA"))); + + + /** + * These are the cipher suites implemented by OpenSSL that are not + * implemented by Oracle's JSSE implementation. + */ + private static Set<String> OPENSSL_UNMAPPED_ORACLE = + Collections.unmodifiableSet(new HashSet<>(Arrays.asList( + "DES-CBC-MD5"))); + + + /** + * These are all the IBM standard Java names for cipher suites taken from + * http://www-01.ibm.com/support/knowledgecenter/SSYKE2_7.0.0/com.ibm.java.security.component.71.doc/security-component/jsse2Docs/ciphersuites.html?lang=en + * on 29th July 2014. + */ + private static final Set<String> CIPHER_SUITE_STANDARD_NAMES_IBM = + Collections.unmodifiableSet(new HashSet<>(Arrays.asList( + "SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", + "SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA384", + "SSL_RSA_WITH_AES_256_CBC_SHA256", + "SSL_ECDH_ECDSA_WITH_AES_256_CBC_SHA384", + "SSL_ECDH_RSA_WITH_AES_256_CBC_SHA384", + "SSL_DHE_RSA_WITH_AES_256_CBC_SHA256", + "SSL_DHE_DSS_WITH_AES_256_CBC_SHA256", + "SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", + "SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA", + "SSL_RSA_WITH_AES_256_CBC_SHA", + "SSL_ECDH_ECDSA_WITH_AES_256_CBC_SHA", + "SSL_ECDH_RSA_WITH_AES_256_CBC_SHA", + "SSL_DHE_RSA_WITH_AES_256_CBC_SHA", + "SSL_DHE_DSS_WITH_AES_256_CBC_SHA", + "SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", + "SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256", + "SSL_RSA_WITH_AES_128_CBC_SHA256", + "SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA256", + "SSL_ECDH_RSA_WITH_AES_128_CBC_SHA256", + "SSL_DHE_RSA_WITH_AES_128_CBC_SHA256", + "SSL_DHE_DSS_WITH_AES_128_CBC_SHA256", + "SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", + "SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA", + "SSL_RSA_WITH_AES_128_CBC_SHA", + "SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA", + "SSL_ECDH_RSA_WITH_AES_128_CBC_SHA", + "SSL_DHE_RSA_WITH_AES_128_CBC_SHA", + "SSL_DHE_DSS_WITH_AES_128_CBC_SHA", + "SSL_ECDHE_ECDSA_WITH_RC4_128_SHA", + "SSL_ECDHE_RSA_WITH_RC4_128_SHA", + "SSL_RSA_WITH_RC4_128_SHA", + "SSL_ECDH_ECDSA_WITH_RC4_128_SHA", + "SSL_ECDH_RSA_WITH_RC4_128_SHA", + "SSL_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", + "SSL_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", + "SSL_RSA_WITH_3DES_EDE_CBC_SHA", + "SSL_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", + "SSL_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", + "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA", + "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA", + "SSL_RSA_WITH_RC4_128_MD5", + "TLS_EMPTY_RENEGOTIATION_INFO_SCSV", + "SSL_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", + "SSL_ECDHE_RSA_WITH_AES_256_GCM_SHA384", + "SSL_RSA_WITH_AES_256_GCM_SHA384", + "SSL_ECDH_ECDSA_WITH_AES_256_GCM_SHA384", + "SSL_ECDH_RSA_WITH_AES_256_GCM_SHA384", + "SSL_DHE_DSS_WITH_AES_256_GCM_SHA384", + "SSL_DHE_RSA_WITH_AES_256_GCM_SHA384", + "SSL_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", + "SSL_ECDHE_RSA_WITH_AES_128_GCM_SHA256", + "SSL_RSA_WITH_AES_128_GCM_SHA256", + "SSL_ECDH_ECDSA_WITH_AES_128_GCM_SHA256", + "SSL_ECDH_RSA_WITH_AES_128_GCM_SHA256", + "SSL_DHE_RSA_WITH_AES_128_GCM_SHA256", + "SSL_DHE_DSS_WITH_AES_128_GCM_SHA256", + "SSL_DH_anon_WITH_AES_256_CBC_SHA256", + "SSL_ECDH_anon_WITH_AES_256_CBC_SHA", + "SSL_DH_anon_WITH_AES_256_CBC_SHA", + "SSL_DH_anon_WITH_AES_256_GCM_SHA384", + "SSL_DH_anon_WITH_AES_128_GCM_SHA256", + "SSL_DH_anon_WITH_AES_128_CBC_SHA256", + "SSL_ECDH_anon_WITH_AES_128_CBC_SHA", + "SSL_DH_anon_WITH_AES_128_CBC_SHA", + "SSL_ECDH_anon_WITH_RC4_128_SHA", + "SSL_DH_anon_WITH_RC4_128_MD5", + "SSL_ECDH_anon_WITH_3DES_EDE_CBC_SHA", + "SSL_DH_anon_WITH_3DES_EDE_CBC_SHA", + "SSL_RSA_WITH_NULL_SHA256", + "SSL_ECDHE_ECDSA_WITH_NULL_SHA", + "SSL_ECDHE_RSA_WITH_NULL_SHA", + "SSL_RSA_WITH_NULL_SHA", + "SSL_ECDH_ECDSA_WITH_NULL_SHA", + "SSL_ECDH_RSA_WITH_NULL_SHA", + "SSL_ECDH_anon_WITH_NULL_SHA", + "SSL_RSA_WITH_NULL_MD5", + "SSL_RSA_WITH_DES_CBC_SHA", + "SSL_DHE_RSA_WITH_DES_CBC_SHA", + "SSL_DHE_DSS_WITH_DES_CBC_SHA", + "SSL_DH_anon_WITH_DES_CBC_SHA", + "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA", + "SSL_RSA_FIPS_WITH_DES_EDE_CBC_SHA", + "SSL_DHE_DSS_WITH_RC4_128_SHA", + "SSL_RSA_EXPORT_WITH_RC4_40_MD5", + "SSL_DH_anon_EXPORT_WITH_RC4_40_MD5", + "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", + "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", + "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", + "SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA", + "SSL_KRB5_WITH_RC4_128_SHA", + "SSL_KRB5_WITH_RC4_128_MD5", + "SSL_KRB5_WITH_3DES_EDE_CBC_SHA", + "SSL_KRB5_WITH_3DES_EDE_CBC_MD5", + "SSL_KRB5_WITH_DES_CBC_SHA", + "SSL_KRB5_WITH_DES_CBC_MD5", + "SSL_KRB5_EXPORT_WITH_RC4_40_SHA", + "SSL_KRB5_EXPORT_WITH_RC4_40_MD5", + "SSL_KRB5_EXPORT_WITH_DES_CBC_40_SHA", + "SSL_KRB5_EXPORT_WITH_DES_CBC_40_MD5", + "SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5"))); + + + /** + * These are the cipher suites implemented by OpenSSL that are not + * implemented by IBM's JSSE implementation. + */ + private static Set<String> OPENSSL_UNMAPPED_IBM = + Collections.unmodifiableSet(new HashSet<>(Arrays.asList( + "DES-CBC-MD5"))); + + + private static JsseImpl ORACLE_JSSE_CIPHER_IMPL = new JsseImpl("Oracle", + CIPHER_SUITE_STANDARD_NAMES_ORACLE, OPENSSL_UNMAPPED_ORACLE); + + + private static JsseImpl IBM_JSSE_CIPHER_IMPL = new JsseImpl("IBM", + CIPHER_SUITE_STANDARD_NAMES_IBM, OPENSSL_UNMAPPED_IBM); + + + private static Set<JsseImpl> JSSE_IMPLS = Collections.unmodifiableSet( + new HashSet<>(Arrays.asList(ORACLE_JSSE_CIPHER_IMPL, IBM_JSSE_CIPHER_IMPL))); + + + private static class JsseImpl { + private final String vendor; + private final Set<String> standardNames; + private final Set<String> openSslUnmapped; + + public JsseImpl(String vendor, Set<String> standardNames, + Set<String> openSslUnmapped) { + this.vendor = vendor; + this.standardNames = standardNames; + this.openSslUnmapped = openSslUnmapped; + } + + public String getVendor() { + return vendor; + } + + public Set<String> getStandardNames() { + return standardNames; + } + + public Set<String> getOpenSslUnmapped() { + return openSslUnmapped; + } + } } --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org