svn commit: r1615068 - in /tomcat/trunk: java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java test/org/apache/tomcat/util/net/jsse/openssl/TestOpenSSLCipherConfigurationParser.java

Fri, 01 Aug 2014 03:49:31 -0700 

Author: markt
Date: Fri Aug  1 10:48:28 2014
New Revision: 1615068

URL: http://svn.apache.org/r1615068
Log:
The AECDH alias is for "anonymous Elliptic Curve Diffie Hellman cipher suites". 
Parser was returning non-anonymous ECDH cipher suites.

Modified:
    
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java
    
tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestOpenSSLCipherConfigurationParser.java

Modified: 
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java?rev=1615068&r1=1615067&r2=1615068&view=diff
==============================================================================
--- 
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java
 (original)
+++ 
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java
 Fri Aug  1 10:48:28 2014
@@ -415,9 +415,8 @@ public class OpenSSLCipherConfigurationP
         addListAlias(aDSS, filterByAuthentication(allCiphers, 
Collections.singleton(Authentication.DSS)));
         aliases.put("DSS", aliases.get(aDSS));
         addListAlias(aDH, filterByAuthentication(allCiphers, 
Collections.singleton(Authentication.DH)));
-        Set<Cipher> aecdh = filterByKeyExchange(allCiphers, new 
HashSet<>(Arrays.asList(KeyExchange.ECDHe, KeyExchange.ECDHr)));
-        aecdh.removeAll(filterByAuthentication(allCiphers, 
Collections.singleton(Authentication.aNULL)));
-        addListAlias(AECDH, aecdh);
+        Set<Cipher> aecdh = filterByKeyExchange(allCiphers, new 
HashSet<>(Arrays.asList(KeyExchange.EECDH)));
+        addListAlias(AECDH, filterByAuthentication(aecdh, 
Collections.singleton(Authentication.aNULL)));
         addListAlias(aECDH, filterByAuthentication(allCiphers, 
Collections.singleton(Authentication.ECDH)));
         addListAlias(ECDSA, filterByAuthentication(allCiphers, 
Collections.singleton(Authentication.ECDSA)));
         aliases.put(aECDSA, aliases.get(ECDSA));

Modified: 
tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestOpenSSLCipherConfigurationParser.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestOpenSSLCipherConfigurationParser.java?rev=1615068&r1=1615067&r2=1615068&view=diff
==============================================================================
--- 
tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestOpenSSLCipherConfigurationParser.java
 (original)
+++ 
tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestOpenSSLCipherConfigurationParser.java
 Fri Aug  1 10:48:28 2014
@@ -171,14 +171,33 @@ public class TestOpenSSLCipherConfigurat
     }
 
 
-    // TODO
     @Test
-    //@Ignore("Currently failing - needs investigation")
+    @Ignore("Contrary to the docs, OpenSSL does not recognise kECDHE")
     public void testkECDHE() throws Exception {
         testSpecification("kECDHE");
     }
 
 
+    @Test
+    @Ignore("Contrary to the docs, OpenSSL does not recognise kECDHE")
+    public void testECDHE() throws Exception {
+        testSpecification("ECDHE");
+    }
+
+
+    @Test
+    @Ignore("Contrary to the docs, OpenSSL does not recognise kECDHE")
+    public void testEECDHE() throws Exception {
+        testSpecification("EECDHE");
+    }
+
+
+    @Test
+    public void testAECDH() throws Exception {
+        testSpecification("AECDH");
+    }
+
+
     private void testSpecification(String specification) throws Exception {
         // Filter out cipher suites that OpenSSL does not implement
         String parserSpecification = "" + specification;



---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to