Mark, On 2/28/15 2:39 PM, Mark Thomas wrote: > On 28/02/2015 13:30, Mark Thomas wrote: >> On 28/02/2015 12:04, Mark Thomas wrote: >>> On 27/02/2015 04:14, schu...@apache.org wrote: >>>> Author: schultz >>>> Date: Fri Feb 27 04:14:11 2015 >>>> New Revision: 1662633 >>>> >>>> URL: http://svn.apache.org/r1662633 >>>> Log: >>>> Back-port r1662627 and r1662632 to fix >>>> https://bz.apache.org/bugzilla/show_bug.cgi?id=55988 >>>> Respect TLS server cipher ordering in JSSE-based connectors. >>>> Based upon patches provided by Ognjen Blagojevic. >>> >>> -1 (veto). >>> >>> This patch uses SSLServerSocket.getSSLParameters(). That is only >>> available with Java 7 onwards. Tomcat 7 is required (excluding >>> WebSocket) to compile and run with Java 6. >> >> This and a few other things like [1] make me think we need to bring back >> the org.apache.tomcat.util.compat package - or a variation of it at >> least - to access optional features if Tomcat is running on later than >> the minimum JRE. >> >> I'll take a stab at a fix for [1] over the weekend with a view to >> extending it to cover BZ 55988 as well. > > I went ahead and implemented this for BZ 55988. Hope that was OK.
Sorry... just now seeing these messages, now. I'll take a look at your fixes; I'm sure they are okay. I didn't realize that SSLServerSocket.getSSLParameters was Java 7+... I'm fairly certain I built Tomcat 7 with Java 6 and then *ran it* with Java 7 (and my build configuration suggests it was so... I had trouble building with Java 7 (or 8?) and so had to use 6). I'll look into that... -chris
signature.asc
Description: OpenPGP digital signature