Author: markt
Date: Tue Jul 29 13:26:54 2014
New Revision: 1614342
URL: http://svn.apache.org/r1614342
Log:
Make test for OpenSSL to JSSE mapping for sophisticated.
Still commented out as there are still failures that need to be resolved.
Modified:
tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestCipher.java
Modified:
tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestCipher.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestCipher.java?rev=1614342&r1=1614341&r2=1614342&view=diff
==============================================================================
--- tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestCipher.java
(original)
+++ tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestCipher.java
Tue Jul 29 13:26:54 2014
@@ -1,6 +1,8 @@
package org.apache.tomcat.util.net.jsse.openssl;
import java.io.InputStream;
+import java.util.Arrays;
+import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
@@ -23,8 +25,26 @@ public class TestCipher {
for (String openSSLCipherSuite : openSSLCipherSuites) {
List<String> jsseCipherSuites =
OpenSSLCipherConfigurationParser.parseExpression(openSSLCipherSuite);
- Assert.assertTrue("The OpenSSL cipher suite " + openSSLCipherSuite
+
- " does not map to a JSSE cipher suite",
jsseCipherSuites.size() > 0);
+
+ for (JsseImpl jsseImpl : JSSE_IMPLS) {
+ boolean found = false;
+ for (String jsseCipherSuite : jsseCipherSuites) {
+ if (jsseImpl.getStandardNames().contains(jsseCipherSuite))
{
+ found = true;
+ Assert.assertFalse("Mapping found in " +
jsseImpl.getVendor() +
+ "'s JSSE implementation for " +
openSSLCipherSuite +
+ " when none was expected",
+
jsseImpl.getOpenSslUnmapped().contains(openSSLCipherSuite));
+ break;
+ }
+ }
+ if (!found) {
+ Assert.assertTrue("No mapping found in " +
jsseImpl.getVendor() +
+ "'s JSSE implementation for " + openSSLCipherSuite
+
+ " when one was expected",
+
jsseImpl.getOpenSslUnmapped().contains(openSSLCipherSuite));
+ }
+ }
}
}
@@ -60,4 +80,388 @@ public class TestCipher {
IOTools.flow(stdout, stdoutBytes);
return stdoutBytes.toString();
}
+
+
+ /**
+ * These are all the Oracle standard Java names for cipher suites taken
from
+ *
http://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#ciphersuites
+ * on 15th July 2014.
+ */
+ private static final Set<String> CIPHER_SUITE_STANDARD_NAMES_ORACLE =
+ Collections.unmodifiableSet(new HashSet<>(Arrays.asList(
+ "SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA",
+ "SSL_DH_anon_EXPORT_WITH_RC4_40_MD5",
+ "SSL_DH_anon_WITH_3DES_EDE_CBC_SHA",
+ "TLS_DH_anon_WITH_AES_128_CBC_SHA",
+ "TLS_DH_anon_WITH_AES_128_CBC_SHA256",
+ "TLS_DH_anon_WITH_AES_128_GCM_SHA256",
+ "TLS_DH_anon_WITH_AES_256_CBC_SHA",
+ "TLS_DH_anon_WITH_AES_256_CBC_SHA256",
+ "TLS_DH_anon_WITH_AES_256_GCM_SHA384",
+ "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA",
+ "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256",
+ "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA",
+ "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256",
+ "SSL_DH_anon_WITH_DES_CBC_SHA",
+ "SSL_DH_anon_WITH_RC4_128_MD5",
+ "TLS_DH_anon_WITH_SEED_CBC_SHA",
+ "SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA",
+ "SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA",
+ "TLS_DH_DSS_WITH_AES_128_CBC_SHA",
+ "TLS_DH_DSS_WITH_AES_128_CBC_SHA256",
+ "TLS_DH_DSS_WITH_AES_128_GCM_SHA256",
+ "TLS_DH_DSS_WITH_AES_256_CBC_SHA",
+ "TLS_DH_DSS_WITH_AES_256_CBC_SHA256",
+ "TLS_DH_DSS_WITH_AES_256_GCM_SHA384",
+ "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA",
+ "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256",
+ "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA",
+ "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256",
+ "SSL_DH_DSS_WITH_DES_CBC_SHA",
+ "TLS_DH_DSS_WITH_SEED_CBC_SHA",
+ "SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA",
+ "SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA",
+ "TLS_DH_RSA_WITH_AES_128_CBC_SHA",
+ "TLS_DH_RSA_WITH_AES_128_CBC_SHA256",
+ "TLS_DH_RSA_WITH_AES_128_GCM_SHA256",
+ "TLS_DH_RSA_WITH_AES_256_CBC_SHA",
+ "TLS_DH_RSA_WITH_AES_256_CBC_SHA256",
+ "TLS_DH_RSA_WITH_AES_256_GCM_SHA384",
+ "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA",
+ "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256",
+ "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA",
+ "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256",
+ "SSL_DH_RSA_WITH_DES_CBC_SHA",
+ "TLS_DH_RSA_WITH_SEED_CBC_SHA",
+ "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA",
+ "SSL_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA",
+ "SSL_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA",
+ "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA",
+ "TLS_DHE_DSS_WITH_AES_128_CBC_SHA",
+ "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256",
+ "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256",
+ "TLS_DHE_DSS_WITH_AES_256_CBC_SHA",
+ "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256",
+ "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384",
+ "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA",
+ "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256",
+ "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA",
+ "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256",
+ "SSL_DHE_DSS_WITH_DES_CBC_SHA",
+ "SSL_DHE_DSS_WITH_RC4_128_SHA",
+ "TLS_DHE_DSS_WITH_SEED_CBC_SHA",
+ "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA",
+ "TLS_DHE_PSK_WITH_AES_128_CBC_SHA",
+ "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256",
+ "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256",
+ "TLS_DHE_PSK_WITH_AES_256_CBC_SHA",
+ "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384",
+ "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384",
+ "TLS_DHE_PSK_WITH_NULL_SHA",
+ "TLS_DHE_PSK_WITH_NULL_SHA256",
+ "TLS_DHE_PSK_WITH_NULL_SHA384",
+ "TLS_DHE_PSK_WITH_RC4_128_SHA",
+ "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
+ "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
+ "TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
+ "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256",
+ "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
+ "TLS_DHE_RSA_WITH_AES_256_CBC_SHA",
+ "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256",
+ "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",
+ "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA",
+ "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256",
+ "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA",
+ "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256",
+ "SSL_DHE_RSA_WITH_DES_CBC_SHA",
+ "TLS_DHE_RSA_WITH_SEED_CBC_SHA",
+ "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA",
+ "TLS_ECDH_anon_WITH_AES_128_CBC_SHA",
+ "TLS_ECDH_anon_WITH_AES_256_CBC_SHA",
+ "TLS_ECDH_anon_WITH_NULL_SHA",
+ "TLS_ECDH_anon_WITH_RC4_128_SHA",
+ "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA",
+ "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA",
+ "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256",
+ "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256",
+ "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA",
+ "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384",
+ "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384",
+ "TLS_ECDH_ECDSA_WITH_NULL_SHA",
+ "TLS_ECDH_ECDSA_WITH_RC4_128_SHA",
+ "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA",
+ "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA",
+ "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256",
+ "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256",
+ "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA",
+ "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384",
+ "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384",
+ "TLS_ECDH_RSA_WITH_NULL_SHA",
+ "TLS_ECDH_RSA_WITH_RC4_128_SHA",
+ "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA",
+ "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
+ "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
+ "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
+ "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
+ "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
+ "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
+ "TLS_ECDHE_ECDSA_WITH_NULL_SHA",
+ "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
+ "TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA",
+ "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA",
+ "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256",
+ "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA",
+ "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384",
+ "TLS_ECDHE_PSK_WITH_NULL_SHA",
+ "TLS_ECDHE_PSK_WITH_NULL_SHA256",
+ "TLS_ECDHE_PSK_WITH_NULL_SHA384",
+ "TLS_ECDHE_PSK_WITH_RC4_128_SHA",
+ "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",
+ "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
+ "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
+ "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
+ "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
+ "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
+ "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
+ "TLS_ECDHE_RSA_WITH_NULL_SHA",
+ "TLS_ECDHE_RSA_WITH_RC4_128_SHA",
+ "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
+ "SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA",
+ "SSL_FORTEZZA_DMS_WITH_NULL_SHA",
+ "TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5",
+ "TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA",
+ "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5",
+ "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA",
+ "TLS_KRB5_EXPORT_WITH_RC4_40_MD5",
+ "TLS_KRB5_EXPORT_WITH_RC4_40_SHA",
+ "TLS_KRB5_WITH_3DES_EDE_CBC_MD5",
+ "TLS_KRB5_WITH_3DES_EDE_CBC_SHA",
+ "TLS_KRB5_WITH_DES_CBC_MD5",
+ "TLS_KRB5_WITH_DES_CBC_SHA",
+ "TLS_KRB5_WITH_IDEA_CBC_MD5",
+ "TLS_KRB5_WITH_IDEA_CBC_SHA",
+ "TLS_KRB5_WITH_RC4_128_MD5",
+ "TLS_KRB5_WITH_RC4_128_SHA",
+ "TLS_PSK_WITH_3DES_EDE_CBC_SHA",
+ "TLS_PSK_WITH_AES_128_CBC_SHA",
+ "TLS_PSK_WITH_AES_128_CBC_SHA256",
+ "TLS_PSK_WITH_AES_128_GCM_SHA256",
+ "TLS_PSK_WITH_AES_256_CBC_SHA",
+ "TLS_PSK_WITH_AES_256_CBC_SHA384",
+ "TLS_PSK_WITH_AES_256_GCM_SHA384",
+ "TLS_PSK_WITH_NULL_SHA",
+ "TLS_PSK_WITH_NULL_SHA256",
+ "TLS_PSK_WITH_NULL_SHA384",
+ "TLS_PSK_WITH_RC4_128_SHA",
+ "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA",
+ "SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5",
+ "SSL_RSA_EXPORT_WITH_RC4_40_MD5",
+ "SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA",
+ "SSL_RSA_EXPORT1024_WITH_RC4_56_SHA",
+ "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA",
+ "SSL_RSA_FIPS_WITH_DES_CBC_SHA",
+ "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA",
+ "TLS_RSA_PSK_WITH_AES_128_CBC_SHA",
+ "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256",
+ "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256",
+ "TLS_RSA_PSK_WITH_AES_256_CBC_SHA",
+ "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384",
+ "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384",
+ "TLS_RSA_PSK_WITH_NULL_SHA",
+ "TLS_RSA_PSK_WITH_NULL_SHA256",
+ "TLS_RSA_PSK_WITH_NULL_SHA384",
+ "TLS_RSA_PSK_WITH_RC4_128_SHA",
+ "SSL_RSA_WITH_3DES_EDE_CBC_SHA",
+ "TLS_RSA_WITH_AES_128_CBC_SHA",
+ "TLS_RSA_WITH_AES_128_CBC_SHA256",
+ "TLS_RSA_WITH_AES_128_GCM_SHA256",
+ "TLS_RSA_WITH_AES_256_CBC_SHA",
+ "TLS_RSA_WITH_AES_256_CBC_SHA256",
+ "TLS_RSA_WITH_AES_256_GCM_SHA384",
+ "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA",
+ "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256",
+ "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA",
+ "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256",
+ "SSL_RSA_WITH_DES_CBC_SHA",
+ "SSL_RSA_WITH_IDEA_CBC_SHA",
+ "SSL_RSA_WITH_NULL_MD5",
+ "SSL_RSA_WITH_NULL_SHA",
+ "TLS_RSA_WITH_NULL_SHA256",
+ "SSL_RSA_WITH_RC4_128_MD5",
+ "SSL_RSA_WITH_RC4_128_SHA",
+ "TLS_RSA_WITH_SEED_CBC_SHA",
+ "TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA",
+ "TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA",
+ "TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA",
+ "TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA",
+ "TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA",
+ "TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA",
+ "TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA",
+ "TLS_SRP_SHA_WITH_AES_128_CBC_SHA",
+ "TLS_SRP_SHA_WITH_AES_256_CBC_SHA")));
+
+
+ /**
+ * These are the cipher suites implemented by OpenSSL that are not
+ * implemented by Oracle's JSSE implementation.
+ */
+ private static Set<String> OPENSSL_UNMAPPED_ORACLE =
+ Collections.unmodifiableSet(new HashSet<>(Arrays.asList(
+ "DES-CBC-MD5")));
+
+
+ /**
+ * These are all the IBM standard Java names for cipher suites taken from
+ *
http://www-01.ibm.com/support/knowledgecenter/SSYKE2_7.0.0/com.ibm.java.security.component.71.doc/security-component/jsse2Docs/ciphersuites.html?lang=en
+ * on 29th July 2014.
+ */
+ private static final Set<String> CIPHER_SUITE_STANDARD_NAMES_IBM =
+ Collections.unmodifiableSet(new HashSet<>(Arrays.asList(
+ "SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
+ "SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
+ "SSL_RSA_WITH_AES_256_CBC_SHA256",
+ "SSL_ECDH_ECDSA_WITH_AES_256_CBC_SHA384",
+ "SSL_ECDH_RSA_WITH_AES_256_CBC_SHA384",
+ "SSL_DHE_RSA_WITH_AES_256_CBC_SHA256",
+ "SSL_DHE_DSS_WITH_AES_256_CBC_SHA256",
+ "SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
+ "SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA",
+ "SSL_RSA_WITH_AES_256_CBC_SHA",
+ "SSL_ECDH_ECDSA_WITH_AES_256_CBC_SHA",
+ "SSL_ECDH_RSA_WITH_AES_256_CBC_SHA",
+ "SSL_DHE_RSA_WITH_AES_256_CBC_SHA",
+ "SSL_DHE_DSS_WITH_AES_256_CBC_SHA",
+ "SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
+ "SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
+ "SSL_RSA_WITH_AES_128_CBC_SHA256",
+ "SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA256",
+ "SSL_ECDH_RSA_WITH_AES_128_CBC_SHA256",
+ "SSL_DHE_RSA_WITH_AES_128_CBC_SHA256",
+ "SSL_DHE_DSS_WITH_AES_128_CBC_SHA256",
+ "SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
+ "SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA",
+ "SSL_RSA_WITH_AES_128_CBC_SHA",
+ "SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA",
+ "SSL_ECDH_RSA_WITH_AES_128_CBC_SHA",
+ "SSL_DHE_RSA_WITH_AES_128_CBC_SHA",
+ "SSL_DHE_DSS_WITH_AES_128_CBC_SHA",
+ "SSL_ECDHE_ECDSA_WITH_RC4_128_SHA",
+ "SSL_ECDHE_RSA_WITH_RC4_128_SHA",
+ "SSL_RSA_WITH_RC4_128_SHA",
+ "SSL_ECDH_ECDSA_WITH_RC4_128_SHA",
+ "SSL_ECDH_RSA_WITH_RC4_128_SHA",
+ "SSL_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA",
+ "SSL_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",
+ "SSL_RSA_WITH_3DES_EDE_CBC_SHA",
+ "SSL_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA",
+ "SSL_ECDH_RSA_WITH_3DES_EDE_CBC_SHA",
+ "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
+ "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA",
+ "SSL_RSA_WITH_RC4_128_MD5",
+ "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
+ "SSL_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
+ "SSL_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
+ "SSL_RSA_WITH_AES_256_GCM_SHA384",
+ "SSL_ECDH_ECDSA_WITH_AES_256_GCM_SHA384",
+ "SSL_ECDH_RSA_WITH_AES_256_GCM_SHA384",
+ "SSL_DHE_DSS_WITH_AES_256_GCM_SHA384",
+ "SSL_DHE_RSA_WITH_AES_256_GCM_SHA384",
+ "SSL_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
+ "SSL_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
+ "SSL_RSA_WITH_AES_128_GCM_SHA256",
+ "SSL_ECDH_ECDSA_WITH_AES_128_GCM_SHA256",
+ "SSL_ECDH_RSA_WITH_AES_128_GCM_SHA256",
+ "SSL_DHE_RSA_WITH_AES_128_GCM_SHA256",
+ "SSL_DHE_DSS_WITH_AES_128_GCM_SHA256",
+ "SSL_DH_anon_WITH_AES_256_CBC_SHA256",
+ "SSL_ECDH_anon_WITH_AES_256_CBC_SHA",
+ "SSL_DH_anon_WITH_AES_256_CBC_SHA",
+ "SSL_DH_anon_WITH_AES_256_GCM_SHA384",
+ "SSL_DH_anon_WITH_AES_128_GCM_SHA256",
+ "SSL_DH_anon_WITH_AES_128_CBC_SHA256",
+ "SSL_ECDH_anon_WITH_AES_128_CBC_SHA",
+ "SSL_DH_anon_WITH_AES_128_CBC_SHA",
+ "SSL_ECDH_anon_WITH_RC4_128_SHA",
+ "SSL_DH_anon_WITH_RC4_128_MD5",
+ "SSL_ECDH_anon_WITH_3DES_EDE_CBC_SHA",
+ "SSL_DH_anon_WITH_3DES_EDE_CBC_SHA",
+ "SSL_RSA_WITH_NULL_SHA256",
+ "SSL_ECDHE_ECDSA_WITH_NULL_SHA",
+ "SSL_ECDHE_RSA_WITH_NULL_SHA",
+ "SSL_RSA_WITH_NULL_SHA",
+ "SSL_ECDH_ECDSA_WITH_NULL_SHA",
+ "SSL_ECDH_RSA_WITH_NULL_SHA",
+ "SSL_ECDH_anon_WITH_NULL_SHA",
+ "SSL_RSA_WITH_NULL_MD5",
+ "SSL_RSA_WITH_DES_CBC_SHA",
+ "SSL_DHE_RSA_WITH_DES_CBC_SHA",
+ "SSL_DHE_DSS_WITH_DES_CBC_SHA",
+ "SSL_DH_anon_WITH_DES_CBC_SHA",
+ "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA",
+ "SSL_RSA_FIPS_WITH_DES_EDE_CBC_SHA",
+ "SSL_DHE_DSS_WITH_RC4_128_SHA",
+ "SSL_RSA_EXPORT_WITH_RC4_40_MD5",
+ "SSL_DH_anon_EXPORT_WITH_RC4_40_MD5",
+ "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA",
+ "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
+ "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA",
+ "SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA",
+ "SSL_KRB5_WITH_RC4_128_SHA",
+ "SSL_KRB5_WITH_RC4_128_MD5",
+ "SSL_KRB5_WITH_3DES_EDE_CBC_SHA",
+ "SSL_KRB5_WITH_3DES_EDE_CBC_MD5",
+ "SSL_KRB5_WITH_DES_CBC_SHA",
+ "SSL_KRB5_WITH_DES_CBC_MD5",
+ "SSL_KRB5_EXPORT_WITH_RC4_40_SHA",
+ "SSL_KRB5_EXPORT_WITH_RC4_40_MD5",
+ "SSL_KRB5_EXPORT_WITH_DES_CBC_40_SHA",
+ "SSL_KRB5_EXPORT_WITH_DES_CBC_40_MD5",
+ "SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5")));
+
+
+ /**
+ * These are the cipher suites implemented by OpenSSL that are not
+ * implemented by IBM's JSSE implementation.
+ */
+ private static Set<String> OPENSSL_UNMAPPED_IBM =
+ Collections.unmodifiableSet(new HashSet<>(Arrays.asList(
+ "DES-CBC-MD5")));
+
+
+ private static JsseImpl ORACLE_JSSE_CIPHER_IMPL = new JsseImpl("Oracle",
+ CIPHER_SUITE_STANDARD_NAMES_ORACLE, OPENSSL_UNMAPPED_ORACLE);
+
+
+ private static JsseImpl IBM_JSSE_CIPHER_IMPL = new JsseImpl("IBM",
+ CIPHER_SUITE_STANDARD_NAMES_IBM, OPENSSL_UNMAPPED_IBM);
+
+
+ private static Set<JsseImpl> JSSE_IMPLS = Collections.unmodifiableSet(
+ new HashSet<>(Arrays.asList(ORACLE_JSSE_CIPHER_IMPL,
IBM_JSSE_CIPHER_IMPL)));
+
+
+ private static class JsseImpl {
+ private final String vendor;
+ private final Set<String> standardNames;
+ private final Set<String> openSslUnmapped;
+
+ public JsseImpl(String vendor, Set<String> standardNames,
+ Set<String> openSslUnmapped) {
+ this.vendor = vendor;
+ this.standardNames = standardNames;
+ this.openSslUnmapped = openSslUnmapped;
+ }
+
+ public String getVendor() {
+ return vendor;
+ }
+
+ public Set<String> getStandardNames() {
+ return standardNames;
+ }
+
+ public Set<String> getOpenSslUnmapped() {
+ return openSslUnmapped;
+ }
+ }
}
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
