Author: markt Date: Tue Dec 18 20:11:13 2018 New Revision: 1849222 URL: http://svn.apache.org/viewvc?rev=1849222&view=rev Log: More work required to get the TLS tests to play nicely with Java 7 through 11 (and hopefully beyond)
Modified: tomcat/tc8.5.x/trunk/test/org/apache/tomcat/util/net/TesterSupport.java tomcat/tc8.5.x/trunk/test/org/apache/tomcat/util/net/jsse/TesterBug50640SslImpl.java Modified: tomcat/tc8.5.x/trunk/test/org/apache/tomcat/util/net/TesterSupport.java URL: http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/test/org/apache/tomcat/util/net/TesterSupport.java?rev=1849222&r1=1849221&r2=1849222&view=diff ============================================================================== --- tomcat/tc8.5.x/trunk/test/org/apache/tomcat/util/net/TesterSupport.java (original) +++ tomcat/tc8.5.x/trunk/test/org/apache/tomcat/util/net/TesterSupport.java Tue Dec 18 20:11:13 2018 @@ -53,6 +53,7 @@ import org.apache.catalina.startup.Tomca import org.apache.tomcat.jni.Library; import org.apache.tomcat.jni.LibraryNotFoundError; import org.apache.tomcat.jni.SSL; +import org.apache.tomcat.util.compat.JreCompat; import org.apache.tomcat.util.compat.TLS; import org.apache.tomcat.util.descriptor.web.LoginConfig; import org.apache.tomcat.util.descriptor.web.SecurityCollection; @@ -238,10 +239,16 @@ public final class TesterSupport { /* When running on Java 11, TLSv1.3 is enabled by default. The JSSE * implementation of TLSv1.3 does not support * certificateVerification="optional", a setting on which these tests - * depend. Therefore, force these tests to use TLSv1.2 so that they pass - * when running on TLSv1.3. + * depend. + * Java 7 does not enable TLSv1.1 or TLS1.2 by default + * + * Ensure these tests pass with all JREs from Java 7 onwards. */ - tomcat.getConnector().setProperty("sslEnabledProtocols", Constants.SSL_PROTO_TLSv1_2); + if (JreCompat.isJre8Available()) { + tomcat.getConnector().setProperty("sslEnabledProtocols", Constants.SSL_PROTO_TLSv1_2); + } else { + tomcat.getConnector().setProperty("sslEnabledProtocols", Constants.SSL_PROTO_TLSv1); + } // Need a web application with a protected and unprotected URL // No file system docBase required Modified: tomcat/tc8.5.x/trunk/test/org/apache/tomcat/util/net/jsse/TesterBug50640SslImpl.java URL: http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/test/org/apache/tomcat/util/net/jsse/TesterBug50640SslImpl.java?rev=1849222&r1=1849221&r2=1849222&view=diff ============================================================================== --- tomcat/tc8.5.x/trunk/test/org/apache/tomcat/util/net/jsse/TesterBug50640SslImpl.java (original) +++ tomcat/tc8.5.x/trunk/test/org/apache/tomcat/util/net/jsse/TesterBug50640SslImpl.java Tue Dec 18 20:11:13 2018 @@ -16,6 +16,7 @@ */ package org.apache.tomcat.util.net.jsse; +import org.apache.tomcat.util.compat.JreCompat; import org.apache.tomcat.util.net.Constants; import org.apache.tomcat.util.net.SSLHostConfig; import org.apache.tomcat.util.net.SSLHostConfigCertificate; @@ -32,7 +33,11 @@ public class TesterBug50640SslImpl exten SSLHostConfig sslHostConfig = certificate.getSSLHostConfig(); if (sslHostConfig.getProtocols().size() == 1 && sslHostConfig.getProtocols().contains(PROPERTY_VALUE)) { - sslHostConfig.setProtocols(Constants.SSL_PROTO_TLSv1_2); + if (JreCompat.isJre8Available()) { + sslHostConfig.setProtocols(Constants.SSL_PROTO_TLSv1_2); + } else { + sslHostConfig.setProtocols(Constants.SSL_PROTO_TLSv1); + } return super.getSSLUtil(certificate); } else { return null; --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org