Author: markt Date: Fri Aug 1 10:48:28 2014 New Revision: 1615068 URL: http://svn.apache.org/r1615068 Log: The AECDH alias is for "anonymous Elliptic Curve Diffie Hellman cipher suites". Parser was returning non-anonymous ECDH cipher suites.
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestOpenSSLCipherConfigurationParser.java Modified: tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java?rev=1615068&r1=1615067&r2=1615068&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java (original) +++ tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java Fri Aug 1 10:48:28 2014 @@ -415,9 +415,8 @@ public class OpenSSLCipherConfigurationP addListAlias(aDSS, filterByAuthentication(allCiphers, Collections.singleton(Authentication.DSS))); aliases.put("DSS", aliases.get(aDSS)); addListAlias(aDH, filterByAuthentication(allCiphers, Collections.singleton(Authentication.DH))); - Set<Cipher> aecdh = filterByKeyExchange(allCiphers, new HashSet<>(Arrays.asList(KeyExchange.ECDHe, KeyExchange.ECDHr))); - aecdh.removeAll(filterByAuthentication(allCiphers, Collections.singleton(Authentication.aNULL))); - addListAlias(AECDH, aecdh); + Set<Cipher> aecdh = filterByKeyExchange(allCiphers, new HashSet<>(Arrays.asList(KeyExchange.EECDH))); + addListAlias(AECDH, filterByAuthentication(aecdh, Collections.singleton(Authentication.aNULL))); addListAlias(aECDH, filterByAuthentication(allCiphers, Collections.singleton(Authentication.ECDH))); addListAlias(ECDSA, filterByAuthentication(allCiphers, Collections.singleton(Authentication.ECDSA))); aliases.put(aECDSA, aliases.get(ECDSA)); Modified: tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestOpenSSLCipherConfigurationParser.java URL: http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestOpenSSLCipherConfigurationParser.java?rev=1615068&r1=1615067&r2=1615068&view=diff ============================================================================== --- tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestOpenSSLCipherConfigurationParser.java (original) +++ tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestOpenSSLCipherConfigurationParser.java Fri Aug 1 10:48:28 2014 @@ -171,14 +171,33 @@ public class TestOpenSSLCipherConfigurat } - // TODO @Test - //@Ignore("Currently failing - needs investigation") + @Ignore("Contrary to the docs, OpenSSL does not recognise kECDHE") public void testkECDHE() throws Exception { testSpecification("kECDHE"); } + @Test + @Ignore("Contrary to the docs, OpenSSL does not recognise kECDHE") + public void testECDHE() throws Exception { + testSpecification("ECDHE"); + } + + + @Test + @Ignore("Contrary to the docs, OpenSSL does not recognise kECDHE") + public void testEECDHE() throws Exception { + testSpecification("EECDHE"); + } + + + @Test + public void testAECDH() throws Exception { + testSpecification("AECDH"); + } + + private void testSpecification(String specification) throws Exception { // Filter out cipher suites that OpenSSL does not implement String parserSpecification = "" + specification; --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org