subject:"\[Pki\-devel\] \[PATCH\] Bug 1203407 \- tomcatjss\: missing ciphers"

Re: [Pki-devel] [PATCH] Bug 1203407 - tomcatjss: missing ciphers

2016-06-30 Thread Christina Fu


got verbal ack from Jack.

Pushed to master (the dogtag patch):
commit f0ad71e8a4fbae665a6b4875cce5b82895ad74f0

tomcatjss will be built in the next few days.

Christina


On 06/30/2016 03:04 PM, Christina Fu wrote:

The tomcatjss patch address:
*Bug 1203407*  
-tomcatjss: missing ciphers


2nd patch is the accompanying dogtag change to remove references to 
the unsupported ciphers.  There is no critical dependency of the new 
tomcatjss.


thanks,
Christina


___
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel


___
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel

[Pki-devel] [PATCH] Bug 1203407 - tomcatjss: missing ciphers

2016-06-30 Thread Christina Fu


The tomcatjss patch address:
*Bug 1203407*  
-tomcatjss: missing ciphers


2nd patch is the accompanying dogtag change to remove references to the 
unsupported ciphers.  There is no critical dependency of the new tomcatjss.


thanks,
Christina
diff -up src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java.cfu src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java
--- src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java.cfu	2016-06-30 15:52:40.536775347 -0600
+++ src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java	2016-06-30 15:54:40.636612569 -0600
@@ -96,8 +96,12 @@ public class JSSSocketFactory implements
 SSLSocket.SSL3_RSA_EXPORT_WITH_DES40_CBC_SHA);
 cipherMap.put("SSL3_RSA_WITH_DES_CBC_SHA",
 SSLSocket.SSL3_RSA_WITH_DES_CBC_SHA);
+
 cipherMap.put("SSL3_RSA_WITH_3DES_EDE_CBC_SHA",
 SSLSocket.SSL3_RSA_WITH_3DES_EDE_CBC_SHA);
+// deprecated SSL3.0 names replaced by IANA-registered TLS names
+cipherMap.put("TLS_RSA_WITH_3DES_EDE_CBC_SHA",
+SSLSocket.SSL3_RSA_WITH_3DES_EDE_CBC_SHA);
 
 cipherMap.put("SSL3_DH_DSS_EXPORT_WITH_DES40_CBC_SHA",
 SSLSocket.SSL3_DH_DSS_EXPORT_WITH_DES40_CBC_SHA);
@@ -116,14 +120,23 @@ public class JSSSocketFactory implements
 SSLSocket.SSL3_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA);
 cipherMap.put("SSL3_DHE_DSS_WITH_DES_CBC_SHA",
 SSLSocket.SSL3_DHE_DSS_WITH_DES_CBC_SHA);
+
 cipherMap.put("SSL3_DHE_DSS_WITH_3DES_EDE_CBC_SHA",
 SSLSocket.SSL3_DHE_DSS_WITH_3DES_EDE_CBC_SHA);
+// deprecated SSL3.0 names replaced by IANA-registered TLS names
+cipherMap.put("TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA",
+SSLSocket.SSL3_DHE_DSS_WITH_3DES_EDE_CBC_SHA);
+
 cipherMap.put("SSL3_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
 SSLSocket.SSL3_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA);
 cipherMap.put("SSL3_DHE_RSA_WITH_DES_CBC_SHA",
 SSLSocket.SSL3_DHE_RSA_WITH_DES_CBC_SHA);
+
 cipherMap.put("SSL3_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
 SSLSocket.SSL3_DHE_RSA_WITH_3DES_EDE_CBC_SHA);
+// deprecated SSL3.0 names replaced by IANA-registered TLS names
+cipherMap.put("TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
+SSLSocket.SSL3_DHE_RSA_WITH_3DES_EDE_CBC_SHA);
 
 cipherMap.put("SSL3_DH_ANON_EXPORT_WITH_RC4_40_MD5",
 SSLSocket.SSL3_DH_ANON_EXPORT_WITH_RC4_40_MD5);
@@ -257,13 +270,21 @@ public class JSSSocketFactory implements
 SSLSocket.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256);
 cipherMap.put("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
 SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256);
-cipherMap.put("TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256",
-SSLSocket.TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256);
 cipherMap.put("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
 SSLSocket.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256);
+/* unsupported by nss
+cipherMap.put("TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256",
+SSLSocket.TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256);
 cipherMap.put("TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256",
 SSLSocket.TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256);
+*/
 
+cipherMap.put("TLS_ECDH_RSA_WITH_AES_256_CBC_SHA",
+SSLSocket.TLS_ECDH_RSA_WITH_AES_256_CBC_SHA);
+cipherMap.put("TLS_ECDH_RSA_WITH_AES_128_CBC_SHA",
+SSLSocket.TLS_ECDH_RSA_WITH_AES_128_CBC_SHA);
+cipherMap.put("TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA",
+SSLSocket.TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA);
 }
 
 private static HashMap eccCipherMap = new HashMap();
@@ -308,6 +329,10 @@ public class JSSSocketFactory implements
 "TLS_ECDH_RSA_WITH_NULL_SHA");
 eccCipherMap.put(SSLSocket.TLS_ECDH_ECDSA_WITH_NULL_SHA,
 "TLS_ECDH_ECDSA_WITH_NULL_SHA");
+/* unsupported by nss
+eccCipherMap.put(SSLSocket.TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
+"TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256");
+*/
 }
 
 private AbstractEndpoint endpoint;
@@ -393,6 +418,7 @@ public class JSSSocketFactory implements
 + ": 0x" + Integer.toHexString(cipherid) + "\n");
 SSLSocket.setCipherPreferenceDefault(cipherid, state);
 } catch (Exception e) {
+System.err.println("SSLSocket.setCipherPreferenceDefault exception:" +e);
 if (eccCipherMap.containsKey(cipherid)) {
 System.err
 .println("Warning: SSL ECC cipher \""

From c0bf4a016709d000f81df2262cb73f2a660a2a42 Mon Sep 17 00:00:00 2001
From: Christina Fu 
Date: Thu, 30 Jun 2016 15:01:42 -0700
Subject: [PATCH] Bugzilla

Re: [Pki-devel] [PATCH] Bug 1203407 - tomcatjss: missing ciphers

[Pki-devel] [PATCH] Bug 1203407 - tomcatjss: missing ciphers

2 matches

Site Navigation

Mail list logo

Footer information