[tomcat] branch main updated: Warn when non default ciphers are removed because the engine reject them.

Tue, 08 Aug 2023 23:01:49 -0700 

This is an automated email from the ASF dual-hosted git repository.

jfclere pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/main by this push:
     new fc2cb12cc9 Warn when non default ciphers are removed because the 
engine reject them.
     new 60c838826e Merge pull request #644 from jfclere/warn_ciphers
fc2cb12cc9 is described below

commit fc2cb12cc9e89f1119e98463267e326decd6fc3b
Author: Jean-Frederic Clere <jfcl...@gmail.com>
AuthorDate: Tue Aug 8 17:09:35 2023 +0200

    Warn when non default ciphers are removed because the engine reject
    them.
---
 java/org/apache/tomcat/util/net/SSLUtilBase.java | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/java/org/apache/tomcat/util/net/SSLUtilBase.java 
b/java/org/apache/tomcat/util/net/SSLUtilBase.java
index bdbf893f6a..ad6e78d182 100644
--- a/java/org/apache/tomcat/util/net/SSLUtilBase.java
+++ b/java/org/apache/tomcat/util/net/SSLUtilBase.java
@@ -127,10 +127,11 @@ public abstract class SSLUtilBase implements SSLUtil {
             // TODO: sslHostConfig can query that with Panama, but skip for now
             this.enabledCiphers = new String[0];
         } else {
+            boolean warnOnSkip = 
!sslHostConfig.getCiphers().equals(sslHostConfig.DEFAULT_TLS_CIPHERS);
             List<String> configuredCiphers = 
sslHostConfig.getJsseCipherNames();
             Set<String> implementedCiphers = getImplementedCiphers();
             List<String> enabledCiphers =
-                    getEnabled("ciphers", getLog(), false, configuredCiphers, 
implementedCiphers);
+                    getEnabled("ciphers", getLog(), warnOnSkip, 
configuredCiphers, implementedCiphers);
             this.enabledCiphers = enabledCiphers.toArray(new String[0]);
         }
     }


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to