TesterOpenSSL.java

markt Wed, 12 Sep 2018 01:36:54 -0700

Author: markt
Date: Wed Sep 12 08:36:42 2018
New Revision: 1840641

URL: http://svn.apache.org/viewvc?rev=1840641&view=rev
Log:
OpenSSL 1.1.2 appears to have enabled some TLS 1.3 ciphers. Update the tests 
for this.


Modified:
    
tomcat/trunk/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java

Modified: 
tomcat/trunk/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java?rev=1840641&r1=1840640&r2=1840641&view=diff
==============================================================================
--- 
tomcat/trunk/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java 
(original)
+++ 
tomcat/trunk/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java 
Wed Sep 12 08:36:42 2018
@@ -109,12 +109,10 @@ public class TesterOpenSSL {
         unimplemented.add(Cipher.SSL2_IDEA_128_CBC_WITH_MD5);
         unimplemented.add(Cipher.SSL2_DES_192_EDE3_CBC_WITH_MD5);
 
-        // These are TLS v1.3 ciphers that the test suite doesn't yet handle
+        // These are TLS v1.3 ciphers that are not supported by any current
+        // version
         unimplemented.add(Cipher.TLS_AES_128_CCM_8_SHA256);
         unimplemented.add(Cipher.TLS_AES_128_CCM_SHA256);
-        unimplemented.add(Cipher.TLS_AES_128_GCM_SHA256);
-        unimplemented.add(Cipher.TLS_AES_256_GCM_SHA384);
-        unimplemented.add(Cipher.TLS_CHACHA20_POLY1305_SHA256);
 
         if (VERSION < 10002) {
             // These were implemented in 1.0.2 so won't be available in any
@@ -329,6 +327,19 @@ public class TesterOpenSSL {
             unimplemented.add(Cipher.TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA);
             unimplemented.add(Cipher.TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA);
         }
+
+        if (VERSION < 10102) {
+            // These were implemented in 1.1.2 so won't be available in any
+            // earlier version
+            unimplemented.add(Cipher.TLS_AES_128_GCM_SHA256);
+            unimplemented.add(Cipher.TLS_AES_256_GCM_SHA384);
+            unimplemented.add(Cipher.TLS_CHACHA20_POLY1305_SHA256);
+        } else {
+            // These were removed in 1.1.2 so won't be available from that
+            // version onwards
+            /* Currently none */
+        }
+
         OPENSSL_UNIMPLEMENTED_CIPHERS = 
Collections.unmodifiableSet(unimplemented);
 
         Map<String,String> renamed = new HashMap<>();



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1840641 - /tomcat/trunk/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java

Reply via email to