svn commit: r1665238 - /tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java

Mon, 09 Mar 2015 06:59:10 -0700 

Author: markt
Date: Mon Mar  9 13:57:07 2015
New Revision: 1665238

URL: http://svn.apache.org/r1665238
Log:
OpenSSL 1.0.2-dev now excludes export ciphers from DEFAULT

Modified:
    
tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java

Modified: 
tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java?rev=1665238&r1=1665237&r2=1665238&view=diff
==============================================================================
--- 
tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java
 (original)
+++ 
tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java
 Mon Mar  9 13:57:07 2015
@@ -479,7 +479,7 @@ public class OpenSSLCipherConfigurationP
         addListAlias(SRP, filterByKeyExchange(allCiphers, 
Collections.singleton(KeyExchange.SRP)));
         initialized = true;
         // Despite what the OpenSSL docs say, DEFAULT also excludes SSLv2
-        addListAlias(DEFAULT, parse("ALL:!eNULL:!aNULL:!SSLv2"));
+        addListAlias(DEFAULT, parse("ALL:!EXPORT:!eNULL:!aNULL:!SSLv2"));
         // COMPLEMENTOFDEFAULT is also not exactly as defined by the docs
         Set<Cipher> complementOfDefault = filterByKeyExchange(all, new 
HashSet<>(Arrays.asList(KeyExchange.EDH,KeyExchange.EECDH)));
         complementOfDefault = filterByAuthentication(complementOfDefault, 
Collections.singleton(Authentication.aNULL));



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to