Author: markt
Date: Mon Aug 10 15:20:34 2015
New Revision: 1695111
URL: http://svn.apache.org/r1695111
Log:
Fix DEFAULT
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java?rev=1695111&r1=1695110&r2=1695111&view=diff
==============================================================================
---
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java
(original)
+++
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java
Mon Aug 10 15:20:34 2015
@@ -485,13 +485,12 @@ public class OpenSSLCipherConfigurationP
addListAlias(SRP, filterByKeyExchange(allCiphers,
Collections.singleton(KeyExchange.SRP)));
initialized = true;
// Despite what the OpenSSL docs say, DEFAULT also excludes SSLv2
- addListAlias(DEFAULT, parse("ALL:!EXPORT:!eNULL:!aNULL:!SSLv2"));
+ addListAlias(DEFAULT, parse("ALL:!eNULL:!aNULL:!SSLv2"));
// COMPLEMENTOFDEFAULT is also not exactly as defined by the docs
Set<Cipher> complementOfDefault = filterByKeyExchange(all, new
HashSet<>(Arrays.asList(KeyExchange.EDH,KeyExchange.EECDH)));
complementOfDefault = filterByAuthentication(complementOfDefault,
Collections.singleton(Authentication.aNULL));
complementOfDefault.removeAll(aliases.get(eNULL));
complementOfDefault.addAll(aliases.get(Constants.SSL_PROTO_SSLv2));
- complementOfDefault.addAll(aliases.get(EXPORT));
addListAlias(COMPLEMENTOFDEFAULT, complementOfDefault);
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
