Author: markt
Date: Wed Mar 9 09:45:10 2016
New Revision: 1734205
URL: http://svn.apache.org/viewvc?rev=1734205&view=rev
Log:
OpenSSL 1.1.0 has removed DSS, SEED, IDEA, CAMELLIA, and AESCCM from the
default cipher list
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/openssl/ciphers/OpenSSLCipherConfigurationParser.java
tomcat/trunk/test/org/apache/tomcat/util/net/openssl/ciphers/TestOpenSSLCipherConfigurationParser.java
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/openssl/ciphers/OpenSSLCipherConfigurationParser.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/openssl/ciphers/OpenSSLCipherConfigurationParser.java?rev=1734205&r1=1734204&r2=1734205&view=diff
==============================================================================
---
tomcat/trunk/java/org/apache/tomcat/util/net/openssl/ciphers/OpenSSLCipherConfigurationParser.java
(original)
+++
tomcat/trunk/java/org/apache/tomcat/util/net/openssl/ciphers/OpenSSLCipherConfigurationParser.java
Wed Mar 9 09:45:10 2016
@@ -240,7 +240,7 @@ public class OpenSSLCipherConfigurationP
*/
private static final String AES128 = "AES128";
/**
- * Cipher suites using 256 bit AE.
+ * Cipher suites using 256 bit AES.
*/
private static final String AES256 = "AES256";
/**
@@ -252,6 +252,10 @@ public class OpenSSLCipherConfigurationP
*/
private static final String AESGCM = "AESGCM";
/**
+ * AES in Counter with CBC-MAC Mode (CCM).
+ */
+ private static final String AESCCM = "AESCCM";
+ /**
* Cipher suites using 128 bit CAMELLIA.
*/
private static final String CAMELLIA128 = "CAMELLIA128";
@@ -462,6 +466,7 @@ public class OpenSSLCipherConfigurationP
addListAlias(AES256, filterByEncryption(allCiphers, new
HashSet<>(Arrays.asList(Encryption.AES256, Encryption.AES256CCM,
Encryption.AES256CCM8, Encryption.AES256GCM))));
addListAlias(AES, filterByEncryption(allCiphers, new
HashSet<>(Arrays.asList(Encryption.AES128, Encryption.AES128CCM,
Encryption.AES128CCM8, Encryption.AES128GCM, Encryption.AES256,
Encryption.AES256CCM, Encryption.AES256CCM8, Encryption.AES256GCM))));
addListAlias(AESGCM, filterByEncryption(allCiphers, new
HashSet<>(Arrays.asList(Encryption.AES128GCM, Encryption.AES256GCM))));
+ addListAlias(AESCCM, filterByEncryption(allCiphers, new
HashSet<>(Arrays.asList(Encryption.AES128CCM, Encryption.AES128CCM8,
Encryption.AES256CCM, Encryption.AES256CCM8))));
addListAlias(CAMELLIA, filterByEncryption(allCiphers, new
HashSet<>(Arrays.asList(Encryption.CAMELLIA128, Encryption.CAMELLIA256))));
addListAlias(CAMELLIA128, filterByEncryption(allCiphers,
Collections.singleton(Encryption.CAMELLIA128)));
addListAlias(CAMELLIA256, filterByEncryption(allCiphers,
Collections.singleton(Encryption.CAMELLIA256)));
@@ -489,7 +494,7 @@ public class OpenSSLCipherConfigurationP
addListAlias(SRP, filterByKeyExchange(allCiphers,
Collections.singleton(KeyExchange.SRP)));
initialized = true;
// Despite what the OpenSSL docs say, DEFAULT also excludes SSLv2
- addListAlias(DEFAULT,
parse("ALL:!EXPORT:!eNULL:!aNULL:!SSLv2:!DES:!RC2:!RC4"));
+ addListAlias(DEFAULT,
parse("ALL:!EXPORT:!eNULL:!aNULL:!SSLv2:!DES:!RC2:!RC4:!DSS:!SEED:!IDEA:!CAMELLIA:!AESCCM"));
// COMPLEMENTOFDEFAULT is also not exactly as defined by the docs
LinkedHashSet<Cipher> complementOfDefault = filterByKeyExchange(all,
new HashSet<>(Arrays.asList(KeyExchange.EDH,KeyExchange.EECDH)));
complementOfDefault = filterByAuthentication(complementOfDefault,
Collections.singleton(Authentication.aNULL));
@@ -499,6 +504,11 @@ public class OpenSSLCipherConfigurationP
complementOfDefault.addAll(aliases.get(DES));
complementOfDefault.addAll(aliases.get(RC2));
complementOfDefault.addAll(aliases.get(RC4));
+ complementOfDefault.addAll(aliases.get(aDSS));
+ complementOfDefault.addAll(aliases.get(SEED));
+ complementOfDefault.addAll(aliases.get(IDEA));
+ complementOfDefault.addAll(aliases.get(CAMELLIA));
+ complementOfDefault.addAll(aliases.get(AESCCM));
defaultSort(complementOfDefault);
addListAlias(COMPLEMENTOFDEFAULT, complementOfDefault);
}
Modified:
tomcat/trunk/test/org/apache/tomcat/util/net/openssl/ciphers/TestOpenSSLCipherConfigurationParser.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/net/openssl/ciphers/TestOpenSSLCipherConfigurationParser.java?rev=1734205&r1=1734204&r2=1734205&view=diff
==============================================================================
---
tomcat/trunk/test/org/apache/tomcat/util/net/openssl/ciphers/TestOpenSSLCipherConfigurationParser.java
(original)
+++
tomcat/trunk/test/org/apache/tomcat/util/net/openssl/ciphers/TestOpenSSLCipherConfigurationParser.java
Wed Mar 9 09:45:10 2016
@@ -26,9 +26,9 @@ public class TestOpenSSLCipherConfigurat
@Test
public void testDEFAULT() throws Exception {
- // RC4 was removed from default in 1.1.0-dev
+ // NULL, RC4, DSS, SEED, IDEA, CAMELLIA and SEC-CCM were removed from
default in 1.1.0-dev
if (TesterOpenSSL.VERSION < 10100) {
- testSpecification("DEFAULT:!RC4");
+
testSpecification("DEFAULT:!RC4:!DSS:!SEED:!IDEA:!CAMELLIA:!AESCCM");
} else {
testSpecification("DEFAULT");
}
@@ -37,9 +37,9 @@ public class TestOpenSSLCipherConfigurat
@Test
public void testCOMPLEMENTOFDEFAULT() throws Exception {
- // NULL and RC4 were removed from default in 1.1.0-dev
+ // NULL, RC4, DSS, SEED, IDEA, CAMELLIA and SEC-CCM were removed from
default in 1.1.0-dev
if (TesterOpenSSL.VERSION < 10100) {
- testSpecification("COMPLEMENTOFDEFAULT:RC4:aNULL");
+
testSpecification("COMPLEMENTOFDEFAULT:RC4:DSS:SEED:IDEA:CAMELLIA:AESCCM:aNULL");
} else {
testSpecification("COMPLEMENTOFDEFAULT");
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
