Author: schultz Date: Fri Feb 27 04:05:46 2015 New Revision: 1662632 URL: http://svn.apache.org/r1662632 Log: Additional fix for https://bz.apache.org/bugzilla/show_bug.cgi?id=55988 Include support for useServerCipherSuiteOrder for Java BIO connector.
Modified: tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/net/jsse/res/LocalStrings.properties Modified: tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java URL: http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java?rev=1662632&r1=1662631&r2=1662632&view=diff ============================================================================== --- tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java (original) +++ tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java Fri Feb 27 04:05:46 2015 @@ -22,6 +22,8 @@ import java.io.FileInputStream; import java.io.FileNotFoundException; import java.io.IOException; import java.io.InputStream; +import java.lang.reflect.InvocationTargetException; +import java.lang.reflect.Method; import java.net.InetAddress; import java.net.ServerSocket; import java.net.Socket; @@ -52,6 +54,7 @@ import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.ManagerFactoryParameters; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLException; +import javax.net.ssl.SSLParameters; import javax.net.ssl.SSLServerSocket; import javax.net.ssl.SSLServerSocketFactory; import javax.net.ssl.SSLSession; @@ -773,6 +776,52 @@ public class JSSESocketFactory implement } /** + * Configures SSLEngine to honor cipher suites ordering based upon + * endpoint configuration. + * + * @throws InvalidAlgorithmParameterException If the runtime JVM doesn't + * support this setting. + */ + protected void configureUseServerCipherSuitesOrder(SSLServerSocket socket) { + String useServerCipherSuitesOrderStr = endpoint + .getUseServerCipherSuitesOrder().trim(); + + // Only use this feature if the user explicitly requested its use. + if(!"".equals(useServerCipherSuitesOrderStr)) { + SSLParameters sslParameters = socket.getSSLParameters(); + boolean useServerCipherSuitesOrder = + ("true".equalsIgnoreCase(useServerCipherSuitesOrderStr) + || "yes".equalsIgnoreCase(useServerCipherSuitesOrderStr)); + + try { + // This method is only available in Java 8+ + // Check to see if the method exists, and then call it. + Method m = SSLParameters.class.getMethod("setUseCipherSuitesOrder", + Boolean.TYPE); + + m.invoke(sslParameters, Boolean.valueOf(useServerCipherSuitesOrder)); + } + catch (NoSuchMethodException nsme) { + throw new UnsupportedOperationException(sm.getString("endpoint.jsse.cannotHonorServerCipherOrder"), + nsme); + } catch (InvocationTargetException ite) { + // Should not happen + throw new UnsupportedOperationException(sm.getString("endpoint.jsse.cannotHonorServerCipherOrder"), + ite); + } catch (IllegalArgumentException iae) { + // Should not happen + throw new UnsupportedOperationException(sm.getString("endpoint.jsse.cannotHonorServerCipherOrder"), + iae); + } catch (IllegalAccessException e) { + // Should not happen + throw new UnsupportedOperationException(sm.getString("endpoint.jsse.cannotHonorServerCipherOrder"), + e); + } + socket.setSSLParameters(sslParameters); + } + } + + /** * Configures the given SSL server socket with the requested cipher suites, * protocol versions, and need for client authentication */ @@ -786,6 +835,7 @@ public class JSSESocketFactory implement // we don't know if client auth is needed - // after parsing the request we may re-handshake configureClientAuth(socket); + configureUseServerCipherSuitesOrder(socket); } /** Modified: tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/net/jsse/res/LocalStrings.properties URL: http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/net/jsse/res/LocalStrings.properties?rev=1662632&r1=1662631&r2=1662632&view=diff ============================================================================== --- tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/net/jsse/res/LocalStrings.properties (original) +++ tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/net/jsse/res/LocalStrings.properties Fri Feb 27 04:05:46 2015 @@ -35,3 +35,4 @@ jsseSupport.serverRenegDisabled=SSL serv jsseSupport.unexpectedData=Unexpected data read from input stream jsse.openssl.unknownElement=Unknown element in cipher string: {0} jsse.openssl.effectiveCiphers=Ciphers used: {0} +jsse.cannotHonorServerCipherOrder=Java Runtime does not support "useServerCipherSuitesOrder". You must use Java 8 or later to use this feature. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org