svn commit: r1721346 - /tomcat/tc8.0.x/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TesterOpenSSL.java

Tue, 22 Dec 2015 03:07:22 -0800 

Author: markt
Date: Tue Dec 22 11:06:59 2015
New Revision: 1721346

URL: http://svn.apache.org/viewvc?rev=1721346&view=rev
Log:
OpenSSL trunk has removed support for all fixed DH cipher suites

Modified:
    
tomcat/tc8.0.x/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TesterOpenSSL.java

Modified: 
tomcat/tc8.0.x/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TesterOpenSSL.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TesterOpenSSL.java?rev=1721346&r1=1721345&r2=1721346&view=diff
==============================================================================
--- 
tomcat/tc8.0.x/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TesterOpenSSL.java
 (original)
+++ 
tomcat/tc8.0.x/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TesterOpenSSL.java
 Tue Dec 22 11:06:59 2015
@@ -68,6 +68,12 @@ public class TesterOpenSSL {
         unimplemented.add(Cipher.TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA);
         unimplemented.add(Cipher.TLS_RSA_EXPORT1024_WITH_RC4_56_SHA);
         unimplemented.add(Cipher.TLS_RSA_EXPORT1024_WITH_RC4_56_MD5);
+        unimplemented.add(Cipher.TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA);
+        unimplemented.add(Cipher.TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA);
+        unimplemented.add(Cipher.TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256);
+        unimplemented.add(Cipher.TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256);
+        unimplemented.add(Cipher.TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256);
+        unimplemented.add(Cipher.TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256);
 
         if (VERSION < 10000) {
             // These were implemented in 1.0.0 so won't be available in any
@@ -153,19 +159,12 @@ public class TesterOpenSSL {
         } else {
             // These were removed in 1.0.1 so won't be available from that
             // version onwards.
-            unimplemented.add(Cipher.TLS_RSA_EXPORT1024_WITH_RC4_56_MD5);
-            unimplemented.add(Cipher.TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5);
-            unimplemented.add(Cipher.TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA);
-            unimplemented.add(Cipher.TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA);
-            unimplemented.add(Cipher.TLS_RSA_EXPORT1024_WITH_RC4_56_SHA);
-            unimplemented.add(Cipher.TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA);
-            unimplemented.add(Cipher.TLS_DHE_DSS_WITH_RC4_128_SHA);
+            // None at present.
         }
 
         if (VERSION < 10002) {
             // These were implemented in 1.0.2 so won't be available in any
             // earlier version
-            unimplemented.add(Cipher.TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA);
             unimplemented.add(Cipher.TLS_DH_DSS_WITH_AES_128_CBC_SHA);
             unimplemented.add(Cipher.TLS_DH_DSS_WITH_AES_256_CBC_SHA);
             unimplemented.add(Cipher.TLS_DH_DSS_WITH_AES_128_CBC_SHA256);
@@ -177,7 +176,6 @@ public class TesterOpenSSL {
             unimplemented.add(Cipher.TLS_DH_DSS_WITH_DES_CBC_SHA);
             unimplemented.add(Cipher.TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA);
             unimplemented.add(Cipher.TLS_DH_DSS_WITH_SEED_CBC_SHA);
-            unimplemented.add(Cipher.TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA);
             unimplemented.add(Cipher.TLS_DH_RSA_WITH_AES_128_CBC_SHA);
             unimplemented.add(Cipher.TLS_DH_RSA_WITH_AES_256_CBC_SHA);
             unimplemented.add(Cipher.TLS_DH_RSA_WITH_AES_128_CBC_SHA256);
@@ -193,8 +191,7 @@ public class TesterOpenSSL {
         } else {
             // These were removed in 1.0.2 so won't be available from that
             // version onwards.
-            unimplemented.add(Cipher.TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA);
-            unimplemented.add(Cipher.TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA);
+            // None at present.
         }
 
         if (VERSION < 10100) {
@@ -244,12 +241,8 @@ public class TesterOpenSSL {
             unimplemented.add(Cipher.TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384);
             
unimplemented.add(Cipher.TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256);
             
unimplemented.add(Cipher.TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384);
-            unimplemented.add(Cipher.TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256);
-            unimplemented.add(Cipher.TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256);
             unimplemented.add(Cipher.TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256);
             unimplemented.add(Cipher.TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256);
-            unimplemented.add(Cipher.TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256);
-            unimplemented.add(Cipher.TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256);
             unimplemented.add(Cipher.TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256);
             unimplemented.add(Cipher.TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256);
             
unimplemented.add(Cipher.TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384);
@@ -261,8 +254,6 @@ public class TesterOpenSSL {
             
unimplemented.add(Cipher.TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384);
             
unimplemented.add(Cipher.TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256);
             unimplemented.add(Cipher.TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256);
-            unimplemented.add(Cipher.TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256);
-            unimplemented.add(Cipher.TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256);
             unimplemented.add(Cipher.TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256);
             unimplemented.add(Cipher.TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256);
             unimplemented.add(Cipher.TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256);
@@ -320,6 +311,26 @@ public class TesterOpenSSL {
             unimplemented.add(Cipher.TLS_RSA_EXPORT_WITH_DES40_CBC_SHA);
             unimplemented.add(Cipher.TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5);
             unimplemented.add(Cipher.TLS_RSA_EXPORT_WITH_RC4_40_MD5);
+            unimplemented.add(Cipher.TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA);
+            unimplemented.add(Cipher.TLS_DH_DSS_WITH_AES_128_CBC_SHA);
+            unimplemented.add(Cipher.TLS_DH_DSS_WITH_AES_128_CBC_SHA256);
+            unimplemented.add(Cipher.TLS_DH_DSS_WITH_AES_128_GCM_SHA256);
+            unimplemented.add(Cipher.TLS_DH_DSS_WITH_AES_256_CBC_SHA);
+            unimplemented.add(Cipher.TLS_DH_DSS_WITH_AES_256_CBC_SHA256);
+            unimplemented.add(Cipher.TLS_DH_DSS_WITH_AES_256_GCM_SHA384);
+            unimplemented.add(Cipher.TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA);
+            unimplemented.add(Cipher.TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA);
+            unimplemented.add(Cipher.TLS_DH_DSS_WITH_SEED_CBC_SHA);
+            unimplemented.add(Cipher.TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA);
+            unimplemented.add(Cipher.TLS_DH_RSA_WITH_AES_128_CBC_SHA);
+            unimplemented.add(Cipher.TLS_DH_RSA_WITH_AES_128_CBC_SHA256);
+            unimplemented.add(Cipher.TLS_DH_RSA_WITH_AES_128_GCM_SHA256);
+            unimplemented.add(Cipher.TLS_DH_RSA_WITH_AES_256_CBC_SHA);
+            unimplemented.add(Cipher.TLS_DH_RSA_WITH_AES_256_CBC_SHA256);
+            unimplemented.add(Cipher.TLS_DH_RSA_WITH_AES_256_GCM_SHA384);
+            unimplemented.add(Cipher.TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA);
+            unimplemented.add(Cipher.TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA);
+            unimplemented.add(Cipher.TLS_DH_RSA_WITH_SEED_CBC_SHA);
         }
         OPENSSL_UNIMPLEMENTED_CIPHERS = 
Collections.unmodifiableSet(unimplemented);
     }



---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to