Author: markt
Date: Mon Mar 9 13:57:07 2015
New Revision: 1665238
URL: http://svn.apache.org/r1665238
Log:
OpenSSL 1.0.2-dev now excludes export ciphers from DEFAULT
Modified:
tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java
Modified:
tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java
URL:
http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java?rev=1665238&r1=1665237&r2=1665238&view=diff
==============================================================================
---
tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java
(original)
+++
tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java
Mon Mar 9 13:57:07 2015
@@ -479,7 +479,7 @@ public class OpenSSLCipherConfigurationP
addListAlias(SRP, filterByKeyExchange(allCiphers,
Collections.singleton(KeyExchange.SRP)));
initialized = true;
// Despite what the OpenSSL docs say, DEFAULT also excludes SSLv2
- addListAlias(DEFAULT, parse("ALL:!eNULL:!aNULL:!SSLv2"));
+ addListAlias(DEFAULT, parse("ALL:!EXPORT:!eNULL:!aNULL:!SSLv2"));
// COMPLEMENTOFDEFAULT is also not exactly as defined by the docs
Set<Cipher> complementOfDefault = filterByKeyExchange(all, new
HashSet<>(Arrays.asList(KeyExchange.EDH,KeyExchange.EECDH)));
complementOfDefault = filterByAuthentication(complementOfDefault,
Collections.singleton(Authentication.aNULL));
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
