Author: markt
Date: Fri Aug 1 10:48:28 2014
New Revision: 1615068
URL: http://svn.apache.org/r1615068
Log:
The AECDH alias is for "anonymous Elliptic Curve Diffie Hellman cipher suites".
Parser was returning non-anonymous ECDH cipher suites.
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java
tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestOpenSSLCipherConfigurationParser.java
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java?rev=1615068&r1=1615067&r2=1615068&view=diff
==============================================================================
---
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java
(original)
+++
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java
Fri Aug 1 10:48:28 2014
@@ -415,9 +415,8 @@ public class OpenSSLCipherConfigurationP
addListAlias(aDSS, filterByAuthentication(allCiphers,
Collections.singleton(Authentication.DSS)));
aliases.put("DSS", aliases.get(aDSS));
addListAlias(aDH, filterByAuthentication(allCiphers,
Collections.singleton(Authentication.DH)));
- Set<Cipher> aecdh = filterByKeyExchange(allCiphers, new
HashSet<>(Arrays.asList(KeyExchange.ECDHe, KeyExchange.ECDHr)));
- aecdh.removeAll(filterByAuthentication(allCiphers,
Collections.singleton(Authentication.aNULL)));
- addListAlias(AECDH, aecdh);
+ Set<Cipher> aecdh = filterByKeyExchange(allCiphers, new
HashSet<>(Arrays.asList(KeyExchange.EECDH)));
+ addListAlias(AECDH, filterByAuthentication(aecdh,
Collections.singleton(Authentication.aNULL)));
addListAlias(aECDH, filterByAuthentication(allCiphers,
Collections.singleton(Authentication.ECDH)));
addListAlias(ECDSA, filterByAuthentication(allCiphers,
Collections.singleton(Authentication.ECDSA)));
aliases.put(aECDSA, aliases.get(ECDSA));
Modified:
tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestOpenSSLCipherConfigurationParser.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestOpenSSLCipherConfigurationParser.java?rev=1615068&r1=1615067&r2=1615068&view=diff
==============================================================================
---
tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestOpenSSLCipherConfigurationParser.java
(original)
+++
tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestOpenSSLCipherConfigurationParser.java
Fri Aug 1 10:48:28 2014
@@ -171,14 +171,33 @@ public class TestOpenSSLCipherConfigurat
}
- // TODO
@Test
- //@Ignore("Currently failing - needs investigation")
+ @Ignore("Contrary to the docs, OpenSSL does not recognise kECDHE")
public void testkECDHE() throws Exception {
testSpecification("kECDHE");
}
+ @Test
+ @Ignore("Contrary to the docs, OpenSSL does not recognise kECDHE")
+ public void testECDHE() throws Exception {
+ testSpecification("ECDHE");
+ }
+
+
+ @Test
+ @Ignore("Contrary to the docs, OpenSSL does not recognise kECDHE")
+ public void testEECDHE() throws Exception {
+ testSpecification("EECDHE");
+ }
+
+
+ @Test
+ public void testAECDH() throws Exception {
+ testSpecification("AECDH");
+ }
+
+
private void testSpecification(String specification) throws Exception {
// Filter out cipher suites that OpenSSL does not implement
String parserSpecification = "" + specification;
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
