[Bug 57234] New: Use case-insensitive substring search when filtering SSLv2/v3 protocols in connectors

bugzilla Tue, 18 Nov 2014 12:32:10 -0800

https://issues.apache.org/bugzilla/show_bug.cgi?id=57234


            Bug ID: 57234
           Summary: Use case-insensitive substring search when filtering
                    SSLv2/v3 protocols in connectors
           Product: Tomcat 8
           Version: 8.0.15
          Hardware: PC
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Connectors
          Assignee: [email protected]
          Reporter: [email protected]

Regarding "protocol.contains("SSL")" check in
org.apache.tomcat.util.net.jsse.JSSESocketFactory  from r1632512 etc.

If one reads [1], it has the following phrase at the top of the document:
"Note: Standard names are not case-sensitive."

I doubt that anybody is really bitten by this, as I doubt that any JVM vendor
misspells "SSL"

On [1] there is a link named "Note: The Sun Provider Documentation contains
specific provider and algorithm information.". If you follow it to [2], it
lists the actual names used by Oracle JRE. Those are spelled with uppercase
"SSL".

Nevertheless, technically it would be better to do
protocol.toUpperCase(Locale.ENGLISH).contains("SSL")


[1]
https://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#jssenames
[2]
https://docs.oracle.com/javase/7/docs/technotes/guides/security/SunProviders.html

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[Bug 57234] New: Use case-insensitive substring search when filtering SSLv2/v3 protocols in connectors

Reply via email to