On 24/06/2015 17:57, Christopher Schultz wrote: > Mark, > > On 6/24/15 12:45 PM, Mark Thomas wrote: >> On 24/06/2015 16:55, Christopher Schultz wrote: > >>> There are some related files (like Cipher.java), but start in >>> that class right there. I think a simple driver class could take >>> an OpenSSL-style cipher string and dump-out the JSSE-compatible >>> (expanded) cipher suites string. > >> The key mapping information is held in the Cipher enumeration. >> There should be an entry for each known Cipher, excluding a few >> there aren't implemented (and are unlikely to be implemented) in >> OpenSSL or JSSE. > >> The tricky part isn't porting the mapping but the unit tests since >> they depend on which ciphers are enabled in the JRE and the unit >> tests for older Tomcat versions run on older JREs with fewer >> ciphers. > >> We could just skip porting the unit tests. > > But the JRE will happily allow discovery of supported ciphers. Could > we simply run the unit tests and white-list only those ciphers that > are actually supported by the runtime JRE?
You could. It would make the unit tests more complicated. For bonus points you'd need to do the same with OpenSSL. Where it gets really tricky is the some of the OpenSSL filter strings are NO-OPs on older versions. Some have also subtlety changed meanings. By all means go for it, but prepared for there to be some non-trivial edge cases. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
