Author: markt
Date: Sun Aug 28 22:20:23 2016
New Revision: 1758159
URL: http://svn.apache.org/viewvc?rev=1758159&view=rev
Log:
Align 8.0.x OpenSSL parsing with 9.0.x
Modified:
tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Cipher.java
tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java
tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Protocol.java
tomcat/tc8.0.x/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestCipher.java
tomcat/tc8.0.x/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestOpenSSLCipherConfigurationParser.java
tomcat/tc8.0.x/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TesterOpenSSL.java
Modified:
tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Cipher.java
URL:
http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Cipher.java?rev=1758159&r1=1758158&r2=1758159&view=diff
==============================================================================
---
tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Cipher.java
(original)
+++
tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Cipher.java
Sun Aug 28 22:20:23 2016
@@ -215,7 +215,7 @@ public enum Cipher {
MessageDigest.SHA1,
Protocol.SSLv3,
false,
- EncryptionLevel.HIGH,
+ EncryptionLevel.MEDIUM,
true,
112,
168,
@@ -267,7 +267,7 @@ public enum Cipher {
MessageDigest.SHA1,
Protocol.SSLv3,
false,
- EncryptionLevel.HIGH,
+ EncryptionLevel.MEDIUM,
true,
112,
168,
@@ -318,7 +318,7 @@ public enum Cipher {
MessageDigest.SHA1,
Protocol.SSLv3,
false,
- EncryptionLevel.HIGH,
+ EncryptionLevel.MEDIUM,
true,
112,
168,
@@ -370,7 +370,7 @@ public enum Cipher {
MessageDigest.SHA1,
Protocol.SSLv3,
false,
- EncryptionLevel.HIGH,
+ EncryptionLevel.MEDIUM,
true,
112,
168,
@@ -421,7 +421,7 @@ public enum Cipher {
MessageDigest.SHA1,
Protocol.SSLv3,
false,
- EncryptionLevel.HIGH,
+ EncryptionLevel.MEDIUM,
true,
112,
168,
@@ -506,7 +506,7 @@ public enum Cipher {
MessageDigest.SHA1,
Protocol.SSLv3,
false,
- EncryptionLevel.HIGH,
+ EncryptionLevel.MEDIUM,
true,
112,
168,
@@ -1697,7 +1697,7 @@ public enum Cipher {
MessageDigest.SHA1,
Protocol.SSLv3,
false,
- EncryptionLevel.HIGH,
+ EncryptionLevel.MEDIUM,
true,
112,
168,
@@ -1765,7 +1765,7 @@ public enum Cipher {
MessageDigest.SHA1,
Protocol.SSLv3,
false,
- EncryptionLevel.HIGH,
+ EncryptionLevel.MEDIUM,
true,
112,
168,
@@ -1833,7 +1833,7 @@ public enum Cipher {
MessageDigest.SHA1,
Protocol.SSLv3,
false,
- EncryptionLevel.HIGH,
+ EncryptionLevel.MEDIUM,
true,
112,
168,
@@ -2746,7 +2746,7 @@ public enum Cipher {
MessageDigest.SHA1,
Protocol.SSLv3,
false,
- EncryptionLevel.HIGH,
+ EncryptionLevel.MEDIUM,
true,
112,
168,
@@ -2831,7 +2831,7 @@ public enum Cipher {
MessageDigest.SHA1,
Protocol.SSLv3,
false,
- EncryptionLevel.HIGH,
+ EncryptionLevel.MEDIUM,
true,
112,
168,
@@ -2916,7 +2916,7 @@ public enum Cipher {
MessageDigest.SHA1,
Protocol.SSLv3,
false,
- EncryptionLevel.HIGH,
+ EncryptionLevel.MEDIUM,
true,
112,
168,
@@ -3001,7 +3001,7 @@ public enum Cipher {
MessageDigest.SHA1,
Protocol.SSLv3,
false,
- EncryptionLevel.HIGH,
+ EncryptionLevel.MEDIUM,
true,
112,
168,
@@ -3086,7 +3086,7 @@ public enum Cipher {
MessageDigest.SHA1,
Protocol.SSLv3,
false,
- EncryptionLevel.HIGH,
+ EncryptionLevel.MEDIUM,
true,
112,
168,
@@ -3138,7 +3138,7 @@ public enum Cipher {
MessageDigest.SHA1,
Protocol.SSLv3,
false,
- EncryptionLevel.HIGH,
+ EncryptionLevel.MEDIUM,
false,
112,
168,
@@ -3155,7 +3155,7 @@ public enum Cipher {
MessageDigest.SHA1,
Protocol.SSLv3,
false,
- EncryptionLevel.HIGH,
+ EncryptionLevel.MEDIUM,
false,
112,
168,
@@ -3172,7 +3172,7 @@ public enum Cipher {
MessageDigest.SHA1,
Protocol.SSLv3,
false,
- EncryptionLevel.HIGH,
+ EncryptionLevel.MEDIUM,
false,
112,
168,
@@ -3582,7 +3582,7 @@ public enum Cipher {
MessageDigest.SHA1,
Protocol.SSLv3,
false,
- EncryptionLevel.HIGH,
+ EncryptionLevel.MEDIUM,
true,
112,
168,
@@ -4554,7 +4554,7 @@ public enum Cipher {
MessageDigest.MD5,
Protocol.SSLv2,
false,
- EncryptionLevel.HIGH,
+ EncryptionLevel.MEDIUM,
false,
112,
168,
Modified:
tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java
URL:
http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java?rev=1758159&r1=1758158&r2=1758159&view=diff
==============================================================================
---
tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java
(original)
+++
tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java
Sun Aug 28 22:20:23 2016
@@ -479,7 +479,7 @@ public class OpenSSLCipherConfigurationP
addListAlias(Constants.SSL_PROTO_TLSv1_2, filterByProtocol(allCiphers,
Collections.singleton(Protocol.TLSv1_2)));
addListAlias(Constants.SSL_PROTO_TLSv1_0, filterByProtocol(allCiphers,
Collections.singleton(Protocol.TLSv1)));
addListAlias(Constants.SSL_PROTO_SSLv3, filterByProtocol(allCiphers,
Collections.singleton(Protocol.SSLv3)));
- aliases.put(Constants.SSL_PROTO_TLSv1,
aliases.get(Constants.SSL_PROTO_SSLv3));
+ aliases.put(Constants.SSL_PROTO_TLSv1,
aliases.get(Constants.SSL_PROTO_TLSv1_0));
addListAlias(Constants.SSL_PROTO_SSLv2, filterByProtocol(allCiphers,
Collections.singleton(Protocol.SSLv2)));
addListAlias(DH, filterByKeyExchange(allCiphers, new
HashSet<>(Arrays.asList(KeyExchange.DHr, KeyExchange.DHd, KeyExchange.EDH))));
Set<Cipher> adh = filterByKeyExchange(allCiphers,
Collections.singleton(KeyExchange.EDH));
Modified:
tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Protocol.java
URL:
http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Protocol.java?rev=1758159&r1=1758158&r2=1758159&view=diff
==============================================================================
---
tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Protocol.java
(original)
+++
tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Protocol.java
Sun Aug 28 22:20:23 2016
@@ -23,7 +23,7 @@ enum Protocol {
SSLv3(Constants.SSL_PROTO_SSLv3),
SSLv2(Constants.SSL_PROTO_SSLv2),
- TLSv1(Constants.SSL_PROTO_TLSv1_0),
+ TLSv1(Constants.SSL_PROTO_TLSv1),
TLSv1_2(Constants.SSL_PROTO_TLSv1_2);
private final String openSSLName;
Modified:
tomcat/tc8.0.x/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestCipher.java
URL:
http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestCipher.java?rev=1758159&r1=1758158&r2=1758159&view=diff
==============================================================================
---
tomcat/tc8.0.x/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestCipher.java
(original)
+++
tomcat/tc8.0.x/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestCipher.java
Sun Aug 28 22:20:23 2016
@@ -367,8 +367,8 @@ public class TestCipher {
"DHE-PSK-AES128-CCM8+TLSv1.2",
"DHE-PSK-AES256-CCM+TLSv1.2",
"DHE-PSK-AES256-CCM8+TLSv1.2",
- "DHE-PSK-CAMELLIA128-SHA256+TLSv1.0",
- "DHE-PSK-CAMELLIA256-SHA384+TLSv1.0",
+ "DHE-PSK-CAMELLIA128-SHA256+TLSv1",
+ "DHE-PSK-CAMELLIA256-SHA384+TLSv1",
"DHE-PSK-CHACHA20-POLY1305+TLSv1.2",
"DHE-RSA-AES128-CCM+TLSv1.2",
"DHE-RSA-AES128-CCM8+TLSv1.2",
@@ -386,8 +386,8 @@ public class TestCipher {
"ECDHE-ECDSA-CAMELLIA128-SHA256+TLSv1.2",
"ECDHE-ECDSA-CAMELLIA256-SHA384+TLSv1.2",
"ECDHE-ECDSA-CHACHA20-POLY1305+TLSv1.2",
- "ECDHE-PSK-CAMELLIA128-SHA256+TLSv1.0",
- "ECDHE-PSK-CAMELLIA256-SHA384+TLSv1.0",
+ "ECDHE-PSK-CAMELLIA128-SHA256+TLSv1",
+ "ECDHE-PSK-CAMELLIA256-SHA384+TLSv1",
"ECDHE-PSK-CHACHA20-POLY1305+TLSv1.2",
"ECDHE-RSA-CAMELLIA128-SHA256+TLSv1.2",
"ECDHE-RSA-CAMELLIA256-SHA384+TLSv1.2",
@@ -399,13 +399,13 @@ public class TestCipher {
"PSK-AES128-CCM8+TLSv1.2",
"PSK-AES256-CCM+TLSv1.2",
"PSK-AES256-CCM8+TLSv1.2",
- "PSK-CAMELLIA128-SHA256+TLSv1.0",
- "PSK-CAMELLIA256-SHA384+TLSv1.0",
+ "PSK-CAMELLIA128-SHA256+TLSv1",
+ "PSK-CAMELLIA256-SHA384+TLSv1",
"PSK-CHACHA20-POLY1305+TLSv1.2",
"RC2-CBC-MD5+SSLv2",
"RC4-MD5+SSLv2",
- "RSA-PSK-CAMELLIA128-SHA256+TLSv1.0",
- "RSA-PSK-CAMELLIA256-SHA384+TLSv1.0",
+ "RSA-PSK-CAMELLIA128-SHA256+TLSv1",
+ "RSA-PSK-CAMELLIA256-SHA384+TLSv1",
"RSA-PSK-CHACHA20-POLY1305+TLSv1.2")));
@@ -591,21 +591,21 @@ public class TestCipher {
"DHE-DSS-SEED-SHA+SSLv3",
"DHE-PSK-3DES-EDE-CBC-SHA+SSLv3",
"DHE-PSK-AES128-CBC-SHA+SSLv3",
- "DHE-PSK-AES128-CBC-SHA256+TLSv1.0",
+ "DHE-PSK-AES128-CBC-SHA256+TLSv1",
"DHE-PSK-AES128-CCM+TLSv1.2",
"DHE-PSK-AES128-CCM8+TLSv1.2",
"DHE-PSK-AES128-GCM-SHA256+TLSv1.2",
"DHE-PSK-AES256-CBC-SHA+SSLv3",
- "DHE-PSK-AES256-CBC-SHA384+TLSv1.0",
+ "DHE-PSK-AES256-CBC-SHA384+TLSv1",
"DHE-PSK-AES256-CCM+TLSv1.2",
"DHE-PSK-AES256-CCM8+TLSv1.2",
"DHE-PSK-AES256-GCM-SHA384+TLSv1.2",
- "DHE-PSK-CAMELLIA128-SHA256+TLSv1.0",
- "DHE-PSK-CAMELLIA256-SHA384+TLSv1.0",
+ "DHE-PSK-CAMELLIA128-SHA256+TLSv1",
+ "DHE-PSK-CAMELLIA256-SHA384+TLSv1",
"DHE-PSK-CHACHA20-POLY1305+TLSv1.2",
"DHE-PSK-NULL-SHA+SSLv3",
- "DHE-PSK-NULL-SHA256+TLSv1.0",
- "DHE-PSK-NULL-SHA384+TLSv1.0",
+ "DHE-PSK-NULL-SHA256+TLSv1",
+ "DHE-PSK-NULL-SHA384+TLSv1",
"DHE-PSK-RC4-SHA+SSLv3",
"DHE-RSA-AES128-CCM+TLSv1.2",
"DHE-RSA-AES128-CCM8+TLSv1.2",
@@ -630,15 +630,15 @@ public class TestCipher {
"ECDHE-ECDSA-CHACHA20-POLY1305+TLSv1.2",
"ECDHE-PSK-3DES-EDE-CBC-SHA+SSLv3",
"ECDHE-PSK-AES128-CBC-SHA+SSLv3",
- "ECDHE-PSK-AES128-CBC-SHA256+TLSv1.0",
+ "ECDHE-PSK-AES128-CBC-SHA256+TLSv1",
"ECDHE-PSK-AES256-CBC-SHA+SSLv3",
- "ECDHE-PSK-AES256-CBC-SHA384+TLSv1.0",
- "ECDHE-PSK-CAMELLIA128-SHA256+TLSv1.0",
- "ECDHE-PSK-CAMELLIA256-SHA384+TLSv1.0",
+ "ECDHE-PSK-AES256-CBC-SHA384+TLSv1",
+ "ECDHE-PSK-CAMELLIA128-SHA256+TLSv1",
+ "ECDHE-PSK-CAMELLIA256-SHA384+TLSv1",
"ECDHE-PSK-CHACHA20-POLY1305+TLSv1.2",
"ECDHE-PSK-NULL-SHA+SSLv3",
- "ECDHE-PSK-NULL-SHA256+TLSv1.0",
- "ECDHE-PSK-NULL-SHA384+TLSv1.0",
+ "ECDHE-PSK-NULL-SHA256+TLSv1",
+ "ECDHE-PSK-NULL-SHA384+TLSv1",
"ECDHE-PSK-RC4-SHA+SSLv3",
"ECDHE-RSA-CAMELLIA128-SHA256+TLSv1.2",
"ECDHE-RSA-CAMELLIA256-SHA384+TLSv1.2",
@@ -651,37 +651,37 @@ public class TestCipher {
"IDEA-CBC-SHA+SSLv3",
"PSK-3DES-EDE-CBC-SHA+SSLv3",
"PSK-AES128-CBC-SHA+SSLv3",
- "PSK-AES128-CBC-SHA256+TLSv1.0",
+ "PSK-AES128-CBC-SHA256+TLSv1",
"PSK-AES128-CCM+TLSv1.2",
"PSK-AES128-CCM8+TLSv1.2",
"PSK-AES128-GCM-SHA256+TLSv1.2",
"PSK-AES256-CBC-SHA+SSLv3",
- "PSK-AES256-CBC-SHA384+TLSv1.0",
+ "PSK-AES256-CBC-SHA384+TLSv1",
"PSK-AES256-CCM+TLSv1.2",
"PSK-AES256-CCM8+TLSv1.2",
"PSK-AES256-GCM-SHA384+TLSv1.2",
- "PSK-CAMELLIA128-SHA256+TLSv1.0",
- "PSK-CAMELLIA256-SHA384+TLSv1.0",
+ "PSK-CAMELLIA128-SHA256+TLSv1",
+ "PSK-CAMELLIA256-SHA384+TLSv1",
"PSK-CHACHA20-POLY1305+TLSv1.2",
"PSK-NULL-SHA+SSLv3",
- "PSK-NULL-SHA256+TLSv1.0",
- "PSK-NULL-SHA384+TLSv1.0",
+ "PSK-NULL-SHA256+TLSv1",
+ "PSK-NULL-SHA384+TLSv1",
"PSK-RC4-SHA+SSLv3",
"RC2-CBC-MD5+SSLv2",
"RC4-MD5+SSLv2",
"RSA-PSK-3DES-EDE-CBC-SHA+SSLv3",
"RSA-PSK-AES128-CBC-SHA+SSLv3",
- "RSA-PSK-AES128-CBC-SHA256+TLSv1.0",
+ "RSA-PSK-AES128-CBC-SHA256+TLSv1",
"RSA-PSK-AES128-GCM-SHA256+TLSv1.2",
"RSA-PSK-AES256-CBC-SHA+SSLv3",
- "RSA-PSK-AES256-CBC-SHA384+TLSv1.0",
+ "RSA-PSK-AES256-CBC-SHA384+TLSv1",
"RSA-PSK-AES256-GCM-SHA384+TLSv1.2",
- "RSA-PSK-CAMELLIA128-SHA256+TLSv1.0",
- "RSA-PSK-CAMELLIA256-SHA384+TLSv1.0",
+ "RSA-PSK-CAMELLIA128-SHA256+TLSv1",
+ "RSA-PSK-CAMELLIA256-SHA384+TLSv1",
"RSA-PSK-CHACHA20-POLY1305+TLSv1.2",
"RSA-PSK-NULL-SHA+SSLv3",
- "RSA-PSK-NULL-SHA256+TLSv1.0",
- "RSA-PSK-NULL-SHA384+TLSv1.0",
+ "RSA-PSK-NULL-SHA256+TLSv1",
+ "RSA-PSK-NULL-SHA384+TLSv1",
"RSA-PSK-RC4-SHA+SSLv3",
"SEED-SHA+SSLv3",
"SRP-AES-128-CBC-SHA+SSLv3",
Modified:
tomcat/tc8.0.x/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestOpenSSLCipherConfigurationParser.java
URL:
http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestOpenSSLCipherConfigurationParser.java?rev=1758159&r1=1758158&r2=1758159&view=diff
==============================================================================
---
tomcat/tc8.0.x/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestOpenSSLCipherConfigurationParser.java
(original)
+++
tomcat/tc8.0.x/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestOpenSSLCipherConfigurationParser.java
Sun Aug 28 22:20:23 2016
@@ -128,8 +128,8 @@ public class TestOpenSSLCipherConfigurat
public void testkDHE() throws Exception {
// This alias was introduced in 1.0.2
if (TesterOpenSSL.VERSION >= 10002) {
- testSpecification("kDHE");
- }
+ testSpecification("kDHE");
+ }
}
@@ -143,8 +143,8 @@ public class TestOpenSSLCipherConfigurat
public void testDHE() throws Exception {
// This alias was introduced in 1.0.2
if (TesterOpenSSL.VERSION >= 10002) {
- testSpecification("DHE");
- }
+ testSpecification("DHE");
+ }
}
@@ -289,7 +289,11 @@ public class TestOpenSSLCipherConfigurat
@Test
public void testTLSv1() throws Exception {
- testSpecification("TLSv1");
+ // In OpenSSL 1.1.0-dev, TLSv1 refers to those ciphers that require
+ // TLSv1 rather than being an alias for SSLv3
+ if (TesterOpenSSL.VERSION >= 10100) {
+ testSpecification("TLSv1");
+ }
}
@@ -535,8 +539,8 @@ public class TestOpenSSLCipherConfigurat
@Test
public void testSpecification02() throws Exception {
// Suggestion from dev list (s/ECDHE/kEECDH/, s/DHE/EDH/
-
testSpecification("!aNULL:!eNULL:!EXPORT:!DSS:!DES:!SSLv2:kEECDH:ECDH:EDH:AES256-GCM-SHA384:AES128-GCM-SHA256:+RC4:HIGH:aRSA:kECDHr:MEDIUM");
- }
+
testSpecification("!aNULL:!eNULL:!EXPORT:!DSS:!DES:!SSLv2:kEECDH:ECDH:EDH:AES256-GCM-SHA384:AES128-GCM-SHA256:+RC4:HIGH:aRSA:kECDHr:MEDIUM");
+ }
@Test
Modified:
tomcat/tc8.0.x/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TesterOpenSSL.java
URL:
http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TesterOpenSSL.java?rev=1758159&r1=1758158&r2=1758159&view=diff
==============================================================================
---
tomcat/tc8.0.x/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TesterOpenSSL.java
(original)
+++
tomcat/tc8.0.x/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TesterOpenSSL.java
Sun Aug 28 22:20:23 2016
@@ -323,7 +323,7 @@ public class TesterOpenSSL {
if (specification == null) {
stdout = executeOpenSSLCommand("ciphers", "-v");
} else {
- stdout = executeOpenSSLCommand("ciphers", "-v", specification);
+ stdout = executeOpenSSLCommand("ciphers", "-v", specification);
}
if (stdout.length() == 0) {
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
