changelog.xml

markt Sat, 11 Mar 2006 12:45:51 -0800

Author: markt
Date: Sat Mar 11 12:45:10 2006
New Revision: 385160

URL: http://svn.apache.org/viewcvs?rev=385160&view=rev
Log:
Change default cipher suites to remove insecure ones.


Modified:
    
tomcat/connectors/trunk/util/java/org/apache/tomcat/util/net/jsse/JSSE13SocketFactory.java
    
tomcat/connectors/trunk/util/java/org/apache/tomcat/util/net/jsse/JSSE14SocketFactory.java
    tomcat/container/tc5.5.x/webapps/docs/changelog.xml

Modified: 
tomcat/connectors/trunk/util/java/org/apache/tomcat/util/net/jsse/JSSE13SocketFactory.java
URL: 
http://svn.apache.org/viewcvs/tomcat/connectors/trunk/util/java/org/apache/tomcat/util/net/jsse/JSSE13SocketFactory.java?rev=385160&r1=385159&r2=385160&view=diff
==============================================================================
--- 
tomcat/connectors/trunk/util/java/org/apache/tomcat/util/net/jsse/JSSE13SocketFactory.java
 (original)
+++ 
tomcat/connectors/trunk/util/java/org/apache/tomcat/util/net/jsse/JSSE13SocketFactory.java
 Sat Mar 11 12:45:10 2006
@@ -126,7 +126,7 @@
             // Determine which cipher suites to enable
             String requestedCiphers = (String)attributes.get("ciphers");
             enabledCiphers = getEnabledCiphers(requestedCiphers,
-                     sslProxy.getSupportedCipherSuites());
+                     sslProxy.getDefaultCipherSuites());
 
         } catch(Exception e) {
             if( e instanceof IOException )

Modified: 
tomcat/connectors/trunk/util/java/org/apache/tomcat/util/net/jsse/JSSE14SocketFactory.java
URL: 
http://svn.apache.org/viewcvs/tomcat/connectors/trunk/util/java/org/apache/tomcat/util/net/jsse/JSSE14SocketFactory.java?rev=385160&r1=385159&r2=385160&view=diff
==============================================================================
--- 
tomcat/connectors/trunk/util/java/org/apache/tomcat/util/net/jsse/JSSE14SocketFactory.java
 (original)
+++ 
tomcat/connectors/trunk/util/java/org/apache/tomcat/util/net/jsse/JSSE14SocketFactory.java
 Sat Mar 11 12:45:10 2006
@@ -117,7 +117,7 @@
             // Determine which cipher suites to enable
             String requestedCiphers = (String)attributes.get("ciphers");
             enabledCiphers = getEnabledCiphers(requestedCiphers,
-                                               
sslProxy.getSupportedCipherSuites());
+                                               
sslProxy.getDefaultCipherSuites());
 
         } catch(Exception e) {
             if( e instanceof IOException )

Modified: tomcat/container/tc5.5.x/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewcvs/tomcat/container/tc5.5.x/webapps/docs/changelog.xml?rev=385160&r1=385159&r2=385160&view=diff
==============================================================================
--- tomcat/container/tc5.5.x/webapps/docs/changelog.xml (original)
+++ tomcat/container/tc5.5.x/webapps/docs/changelog.xml Sat Mar 11 12:45:10 2006
@@ -28,6 +28,16 @@
       </fix>
     </changelog>
   </subsection>
+  <subsection name="Coyote">
+    <changelog>
+      <fix>
+        Make the default cipher suites available for SSL the same as the set 
of cipher
+        suites enabled by default rather than the set of all cipher suites. 
This prevents
+        ciphers suites that do not provide confidentiality protection and/or 
server
+        authentication being used by default. (markt)
+      </fix>
+    </changelog>
+  </subsection>
   <subsection name="Webapps">
     <changelog>
       <fix>



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

svn commit: r385160 - in /tomcat: connectors/trunk/util/java/org/apache/tomcat/util/net/jsse/JSSE13SocketFactory.java connectors/trunk/util/java/org/apache/tomcat/util/net/jsse/JSSE14SocketFactory.java container/tc5.5.x/webapps/docs/changelog.xml

Reply via email to