Author: markt
Date: Sat Aug 27 21:35:59 2016
New Revision: 1758074
URL: http://svn.apache.org/viewvc?rev=1758074&view=rev
Log:
OpenSSL master has moved to 1.1.1
- Update version handling so 1.1.1 is recognized
- Add info on support dates for OpenSSL versions
- Add info on versions Gump tests against
3DES now requires a compile time switch to enable in 1.0.2 onwards. Treat it as
if it has been removed.
Modified:
tomcat/trunk/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java
Modified:
tomcat/trunk/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java?rev=1758074&r1=1758073&r2=1758074&view=diff
==============================================================================
---
tomcat/trunk/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java
(original)
+++
tomcat/trunk/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java
Sat Aug 27 21:35:59 2016
@@ -44,11 +44,19 @@ public class TesterOpenSSL {
} catch (IOException e) {
versionString = "";
}
- if (versionString.startsWith("OpenSSL 1.1.0")) {
+ if (versionString.startsWith("OpenSSL 1.1.1")) {
+ // Note: Gump currently tests 9.0.x with OpenSSL master
+ // (a.k.a 1.1.1-dev)
+ VERSION = 10101;
+ } else if (versionString.startsWith("OpenSSL 1.1.0")) {
+ // Support ends 2018-04-30
VERSION = 10100;
} else if (versionString.startsWith("OpenSSL 1.0.2")) {
+ // Support ends 2019-12-31 (LTS)
+ // Note: Gump current tests 8.0.x with OpenSSL 1.0.2
VERSION = 10002;
} else if (versionString.startsWith("OpenSSL 1.0.1")) {
+ // Support ends 2016-12-31
VERSION = 10001;
// Note: Release branches 1.0.0 and earlier are no longer supported by
// the OpenSSL team so these tests don't support them either.
@@ -122,7 +130,22 @@ public class TesterOpenSSL {
} else {
// These were removed in 1.0.2 so won't be available from that
// version onwards.
- // None at present.
+ // DES and 3DES require compile time switches to enable. Treat as
+ // removed.
+ unimplemented.add(Cipher.TLS_PSK_WITH_3DES_EDE_CBC_SHA);
+ unimplemented.add(Cipher.TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA);
+ unimplemented.add(Cipher.TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA);
+ unimplemented.add(Cipher.TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA);
+ unimplemented.add(Cipher.TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA);
+ unimplemented.add(Cipher.TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA);
+ unimplemented.add(Cipher.TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA);
+ unimplemented.add(Cipher.TLS_DH_anon_WITH_3DES_EDE_CBC_SHA);
+ unimplemented.add(Cipher.TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA);
+ unimplemented.add(Cipher.TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA);
+ unimplemented.add(Cipher.TLS_RSA_WITH_3DES_EDE_CBC_SHA);
+ unimplemented.add(Cipher.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA);
+ unimplemented.add(Cipher.TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA);
+ unimplemented.add(Cipher.TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA);
}
if (VERSION < 10100) {
@@ -301,11 +324,7 @@ public class TesterOpenSSL {
if (specification == null) {
stdout = executeOpenSSLCommand("ciphers", "-v");
} else {
- if (VERSION < 10000) {
- stdout = executeOpenSSLCommand("ciphers", "-v", specification);
- } else {
- stdout = executeOpenSSLCommand("ciphers", "-v", specification);
- }
+ stdout = executeOpenSSLCommand("ciphers", "-v", specification);
}
if (stdout.length() == 0) {
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
