Re: [GUMP@vmgump]: Project tomcat-tc8.0.x-test-nio2 (in module tomcat-8.0.x) failed

Mon, 16 Feb 2015 03:05:27 -0800 

On 16/02/2015 10:30, Mark Thomas wrote:
> On 16/02/2015 10:19, Rainer Jung wrote:
>> Am 16.02.2015 um 08:49 schrieb Bill Barker:
>>
>>>     [concat] Testsuites with failed tests:
>>>     [concat]
>>> TEST-org.apache.catalina.loader.TestWebappClassLoaderThreadLocalMemoryLeak.NIO2.txt
>>>
>>>     [concat]
>>> TEST-org.apache.tomcat.util.net.jsse.openssl.TestCipher.NIO2.txt
>>>     [concat]
>>> TEST-org.apache.tomcat.util.net.jsse.openssl.TestOpenSSLCipherConfigurationParser.NIO2.txt
>>>
>>
>> For the openssl falures, it seems that for OpenSSL 1.0.2 compatibility
>> at least the following ciphers have to be added to Ciphers.java:
>>
>> SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA
>> SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA
>> SSL_DH_DSS_WITH_DES_CBC_SHA
>> SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA
>> SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA
>> SSL_DH_RSA_WITH_DES_CBC_SHA
>> TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA
>> TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA
>> TLS_DH_DSS_WITH_AES_128_CBC_SHA
>> TLS_DH_DSS_WITH_AES_128_CBC_SHA256
>> TLS_DH_DSS_WITH_AES_128_GCM_SHA256
>> TLS_DH_DSS_WITH_AES_256_CBC_SHA
>> TLS_DH_DSS_WITH_AES_256_CBC_SHA256
>> TLS_DH_DSS_WITH_AES_256_GCM_SHA384
>> TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA
>> TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA
>> TLS_DH_DSS_WITH_DES_CBC_SHA
>> TLS_DH_DSS_WITH_SEED_CBC_SHA
>> TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA
>> TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA
>> TLS_DH_RSA_WITH_AES_128_CBC_SHA
>> TLS_DH_RSA_WITH_AES_128_CBC_SHA256
>> TLS_DH_RSA_WITH_AES_128_GCM_SHA256
>> TLS_DH_RSA_WITH_AES_256_CBC_SHA
>> TLS_DH_RSA_WITH_AES_256_CBC_SHA256
>>
>> I can do it over the week.
> 
> Hmm. I only checked that last one but it is already listed in Ciphers.
> Looking at the names, I'd expect most if not all of them to be there
> already.
> 
> I wonder if this is a case of fixing the name mappings and/or the "what
> ciphers are implemented where" lists?

Looks like it. DH cipher support is new in 1.0.2 so that means we have
some updates to do. I have some time this morning so I'll start looking
at this now. Don't know how far I'll get.

Mark


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to