Author: markt Date: Wed Sep 12 10:28:32 2018 New Revision: 1840653 URL: http://svn.apache.org/viewvc?rev=1840653&view=rev Log: Better fix for OpenSSL 1.1.2 Add a comment to increase the chances of the right fix next time there is an OpenSSL version bump
Modified: tomcat/trunk/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java Modified: tomcat/trunk/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java URL: http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java?rev=1840653&r1=1840652&r2=1840653&view=diff ============================================================================== --- tomcat/trunk/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java (original) +++ tomcat/trunk/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java Wed Sep 12 10:28:32 2018 @@ -109,10 +109,17 @@ public class TesterOpenSSL { unimplemented.add(Cipher.SSL2_IDEA_128_CBC_WITH_MD5); unimplemented.add(Cipher.SSL2_DES_192_EDE3_CBC_WITH_MD5); - // These are TLS v1.3 ciphers that are not supported by any current - // version + // These are TLS v1.3 cipher suites + // Java does not currently support these so they are excluded from the + // testing. + // Note: If OpenSSL is used then some of these may be available + // depending on the OpenSSL version used and the defaults for that + // version unimplemented.add(Cipher.TLS_AES_128_CCM_8_SHA256); unimplemented.add(Cipher.TLS_AES_128_CCM_SHA256); + unimplemented.add(Cipher.TLS_AES_128_GCM_SHA256); + unimplemented.add(Cipher.TLS_AES_256_GCM_SHA384); + unimplemented.add(Cipher.TLS_CHACHA20_POLY1305_SHA256); if (VERSION < 10002) { // These were implemented in 1.0.2 so won't be available in any @@ -328,18 +335,6 @@ public class TesterOpenSSL { unimplemented.add(Cipher.TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA); } - if (VERSION < 10102) { - // These were implemented in 1.1.2 so won't be available in any - // earlier version - unimplemented.add(Cipher.TLS_AES_128_GCM_SHA256); - unimplemented.add(Cipher.TLS_AES_256_GCM_SHA384); - unimplemented.add(Cipher.TLS_CHACHA20_POLY1305_SHA256); - } else { - // These were removed in 1.1.2 so won't be available from that - // version onwards - /* Currently none */ - } - OPENSSL_UNIMPLEMENTED_CIPHERS = Collections.unmodifiableSet(unimplemented); Map<String,String> renamed = new HashMap<>(); @@ -389,7 +384,7 @@ public class TesterOpenSSL { // Standard command to list the ciphers args.add("ciphers"); args.add("-v"); - if (VERSION == 10101) { + if (VERSION >= 10101) { // Need to exclude the TLSv1.3 ciphers args.add("-ciphersuites"); args.add(""); --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org