svn commit: r1632606 - in /tomcat/tc7.0.x/trunk: java/org/apache/tomcat/jni/ java/org/apache/tomcat/util/net/ webapps/docs/ webapps/docs/config/

schultz Fri, 17 Oct 2014 08:32:10 -0700

Author: schultz
Date: Fri Oct 17 15:31:16 2014
New Revision: 1632606

URL: http://svn.apache.org/r1632606
Log:
Back-ported r1632604 to fix 
https://issues.apache.org/bugzilla/show_bug.cgi?id=53952
Add support for TLSv1.1 and TLSv1.2 to APR connector.


Modified:
    tomcat/tc7.0.x/trunk/java/org/apache/tomcat/jni/SSL.java
    tomcat/tc7.0.x/trunk/java/org/apache/tomcat/jni/SSLContext.java
    tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java
    tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
    tomcat/tc7.0.x/trunk/webapps/docs/config/http.xml
    tomcat/tc7.0.x/trunk/webapps/docs/ssl-howto.xml

Modified: tomcat/tc7.0.x/trunk/java/org/apache/tomcat/jni/SSL.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/tomcat/jni/SSL.java?rev=1632606&r1=1632605&r2=1632606&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/java/org/apache/tomcat/jni/SSL.java (original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/tomcat/jni/SSL.java Fri Oct 17 
15:31:16 2014
@@ -72,7 +72,9 @@ public final class SSL {
     public static final int SSL_PROTOCOL_SSLV2 = (1<<0);
     public static final int SSL_PROTOCOL_SSLV3 = (1<<1);
     public static final int SSL_PROTOCOL_TLSV1 = (1<<2);
-    public static final int SSL_PROTOCOL_ALL   = (SSL_PROTOCOL_TLSV1);
+    public static final int SSL_PROTOCOL_TLSV1_1 = (1<<3);
+    public static final int SSL_PROTOCOL_TLSV1_2 = (1<<4);
+    public static final int SSL_PROTOCOL_ALL   = (SSL_PROTOCOL_TLSV1 | 
SSL_PROTOCOL_TLSV1_1 | SSL_PROTOCOL_TLSV1_2);
 
     /*
      * Define the SSL verify levels

Modified: tomcat/tc7.0.x/trunk/java/org/apache/tomcat/jni/SSLContext.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/tomcat/jni/SSLContext.java?rev=1632606&r1=1632605&r2=1632606&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/java/org/apache/tomcat/jni/SSLContext.java (original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/tomcat/jni/SSLContext.java Fri Oct 17 
15:31:16 2014
@@ -27,13 +27,15 @@ public final class SSLContext {
     /**
      * Initialize new SSL context
      * @param pool The pool to use.
-     * @param protocol The SSL protocol to use. It can be one of:
+     * @param protocol The SSL protocol to use. It can be any combination of
+     * the following:
      * <PRE>
-     * SSL_PROTOCOL_SSLV2
-     * SSL_PROTOCOL_SSLV3
-     * SSL_PROTOCOL_SSLV2 | SSL_PROTOCOL_SSLV3
-     * SSL_PROTOCOL_TLSV1
-     * SSL_PROTOCOL_ALL
+     * {@link SSL#SSL_PROTOCOL_SSLV2}
+     * {@link SSL#SSL_PROTOCOL_SSLV3}
+     * {@link SSL#SSL_PROTOCOL_TLSV1}
+     * {@link SSL#SSL_PROTOCOL_TLSV1_1}
+     * {@link SSL#SSL_PROTOCOL_TLSV1_2}
+     * {@link SSL#SSL_PROTOCOL_ALL} ( == all TLS versions, no SSL)
      * </PRE>
      * @param mode SSL mode to use
      * <PRE>

Modified: tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java?rev=1632606&r1=1632605&r2=1632606&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java 
(original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java Fri 
Oct 17 15:31:16 2014
@@ -503,6 +503,10 @@ public class AprEndpoint extends Abstrac
                         value |= SSL.SSL_PROTOCOL_SSLV3;
                     } else if ("TLSv1".equalsIgnoreCase(protocol)) {
                         value |= SSL.SSL_PROTOCOL_TLSV1;
+                    } else if ("TLSv1.1".equalsIgnoreCase(protocol)) {
+                        value |= SSL.SSL_PROTOCOL_TLSV1_1;
+                    } else if ("TLSv1.2".equalsIgnoreCase(protocol)) {
+                        value |= SSL.SSL_PROTOCOL_TLSV1_2;
                     } else if ("all".equalsIgnoreCase(protocol)) {
                         value |= SSL.SSL_PROTOCOL_ALL;
                     } else {

Modified: tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?rev=1632606&r1=1632605&r2=1632606&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Fri Oct 17 15:31:16 2014
@@ -59,6 +59,9 @@
   <subsection name="Catalina">
     <changelog>
       <fix>
+        <bug>53952</bug>: Add support for TLSv1.1 and TLSv1.2 for APR 
connector.
+        Based upon a patch by Marcel &#352;ebek. (schultz/jfclere)
+      </fix>
         <bug>57022</bug>: Ensure SPNEGO authentication continues to work with
         the JNDI Realm using delegated credentials with recent Oracle JREs.
         (markt)

Modified: tomcat/tc7.0.x/trunk/webapps/docs/config/http.xml
URL: 
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/config/http.xml?rev=1632606&r1=1632605&r2=1632606&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/webapps/docs/config/http.xml (original)
+++ tomcat/tc7.0.x/trunk/webapps/docs/config/http.xml Fri Oct 17 15:31:16 2014
@@ -1243,11 +1243,12 @@
 
     <attribute name="SSLProtocol" required="false">
       <p>Protocol which may be used for communicating with clients. The default
-      value is <code>all</code>, which is equivalent to <code>TLSv1</code>
+      value is <code>all</code>, which is equivalent to 
<code>TLSv1+TLSv1.1+TLSv1.2</code>
       with other acceptable values being <code>SSLv2</code>,
-      <code>SSLv3</code>, <code>TLSv1</code> and any combination of the three
-      protocols concatenated with a plus sign. Note that the protocols
-      <code>SSLv2</code> and <code>SSLv3</code> are inherently unsafe.</p>
+      <code>SSLv3</code>, <code>TLSv1</code>, <code>TLSv1.1</code>, 
<code>TLSv1.2</code>
+      and any combination of the three protocols concatenated with a plus sign.
+      Note that both protocols <code>SSLv2</code> and <code>SSLv3</code> are
+      inherently unsafe.</p>
     </attribute>
 
     <attribute name="SSLVerifyClient" required="false">

Modified: tomcat/tc7.0.x/trunk/webapps/docs/ssl-howto.xml
URL: 
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/ssl-howto.xml?rev=1632606&r1=1632605&r2=1632606&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/webapps/docs/ssl-howto.xml (original)
+++ tomcat/tc7.0.x/trunk/webapps/docs/ssl-howto.xml Fri Oct 17 15:31:16 2014
@@ -368,7 +368,7 @@ this:</p>
            scheme="https" secure="true" SSLEnabled="true"
            SSLCertificateFile="/usr/local/ssl/server.crt"
            SSLCertificateKeyFile="/usr/local/ssl/server.pem"
-           SSLVerifyClient="optional" SSLProtocol="TLSv1"/&gt;
+           SSLVerifyClient="optional" SSLProtocol="TLSv1+TLSv1.1+TLSv1.2"/&gt;
 </source>
 </p>
 



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1632606 - in /tomcat/tc7.0.x/trunk: java/org/apache/tomcat/jni/ java/org/apache/tomcat/util/net/ webapps/docs/ webapps/docs/config/

Reply via email to