[Bug 60597] Add ability to set cipher suites for websocket client connections
https://bz.apache.org/bugzilla/show_bug.cgi?id=60597 Mark Thomas changed: What|Removed |Added Status|NEW |RESOLVED Resolution|--- |WONTFIX --- Comment #17 from Mark Thomas --- This has been overtaken by events. The WebSocket 2.1 specification added ClientEndpointConfig.getSSLContext() for configuring client TLS connections. Tomcat has adopted this approach. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 60597] Add ability to set cipher suites for websocket client connections
https://bz.apache.org/bugzilla/show_bug.cgi?id=60597 Mark Thomas changed: What|Removed |Added Product|Tomcat 7|Tomcat 8 Target Milestone|--- | Version|7.0.73 |8.5.x-trunk Component|WebSocket |WebSocket --- Comment #16 from Mark Thomas --- With Tomcat 7 reaching EOL, move the remaining open enhancement requests to Tomcat 8. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 60597] Add ability to set cipher suites for websocket client connections
https://bz.apache.org/bugzilla/show_bug.cgi?id=60597 Christopher Schultz changed: What|Removed |Added Keywords||PatchAvailable -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 60597] Add ability to set cipher suites for websocket client connections
https://bz.apache.org/bugzilla/show_bug.cgi?id=60597 --- Comment #15 from Michael Orr --- Again, can someone please review this? -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 60597] Add ability to set cipher suites for websocket client connections
https://bz.apache.org/bugzilla/show_bug.cgi?id=60597 --- Comment #14 from Michael Orr --- Is there any feedback on the attached patch please? Thanks! -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 60597] Add ability to set cipher suites for websocket client connections
https://bz.apache.org/bugzilla/show_bug.cgi?id=60597 Michael Orr changed: What|Removed |Added CC||michaelomich...@gmail.com -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 60597] Add ability to set cipher suites for websocket client connections
https://bz.apache.org/bugzilla/show_bug.cgi?id=60597 --- Comment #13 from Michael Orr --- I've added three new patches for the various versions. You can now pass an SSL_ENGINE property in the user properties when calling WebSocketContainer.connectToServer(). I've marked the other properties (SSL_PROTOCOLS, SSL_TRUST*, and SSL_CONTEXT) as deprecated in all three versions; I assume it's too late to just remove them completely in trunk, now that Tomcat 9 is GA. If my assumption is wrong, or if there are any other changes that should be made, please let me know. Thanks. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 60597] Add ability to set cipher suites for websocket client connections
https://bz.apache.org/bugzilla/show_bug.cgi?id=60597 Michael Orr changed: What|Removed |Added Attachment #34639|0 |1 is obsolete|| --- Comment #12 from Michael Orr --- Created attachment 35580 --> https://bz.apache.org/bugzilla/attachment.cgi?id=35580&action=edit Proposed patch to add SSL_ENGINE property to Trunk (9.0) -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 60597] Add ability to set cipher suites for websocket client connections
https://bz.apache.org/bugzilla/show_bug.cgi?id=60597 Michael Orr changed: What|Removed |Added Attachment #34638|0 |1 is obsolete|| --- Comment #11 from Michael Orr --- Created attachment 35579 --> https://bz.apache.org/bugzilla/attachment.cgi?id=35579&action=edit Proposed patch to add SSL_ENGINE property to 8.5 -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 60597] Add ability to set cipher suites for websocket client connections
https://bz.apache.org/bugzilla/show_bug.cgi?id=60597 Michael Orr changed: What|Removed |Added Attachment #34637|0 |1 is obsolete|| --- Comment #10 from Michael Orr --- Created attachment 35578 --> https://bz.apache.org/bugzilla/attachment.cgi?id=35578&action=edit Proposed patch to add SSL_ENGINE property to 7.0 -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 60597] Add ability to set cipher suites for websocket client connections
https://bz.apache.org/bugzilla/show_bug.cgi?id=60597 Mark Thomas changed: What|Removed |Added Severity|minor |enhancement -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 60597] Add ability to set cipher suites for websocket client connections
https://bz.apache.org/bugzilla/show_bug.cgi?id=60597 --- Comment #9 from Michael Orr --- Ok, thanks for the feedback. I'll work on a patch to pass in an SSLEngine instance and deprecate/remove the old constants. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 60597] Add ability to set cipher suites for websocket client connections
https://bz.apache.org/bugzilla/show_bug.cgi?id=60597 --- Comment #8 from Mark Thomas --- I think an SSLEngine is required rather than a socket factory but apart from that I think that is the way to go. The code already started down that route with SSLContext but I think SSLEngine is the right way to do this. Note: I'd deprecate the other constants in 7.0 to 8.5 and remove them entirely in 9.0. The docs will need an appropriate update as well. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 60597] Add ability to set cipher suites for websocket client connections
https://bz.apache.org/bugzilla/show_bug.cgi?id=60597 --- Comment #7 from Michael Orr --- Yes, SSLSocketFactory would enable you to set all of these in one fell swoop (with the exception of the hostname verifier, which I think is applied after the socket factory has produced the initial socket, but I might be wrong there). Do you think we should abandon/deprecate the current mechanism in favour of this and, if so, shall I withdraw these patches? -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 60597] Add ability to set cipher suites for websocket client connections
https://bz.apache.org/bugzilla/show_bug.cgi?id=60597 Christopher Schultz changed: What|Removed |Added Summary|Add ability to set cipher |Add ability to set cipher |suites for websocket|suites for websocket client |connections |connections -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org