Author: violetagg
Date: Fri Mar 27 07:49:10 2015
New Revision: 1669519
URL: http://svn.apache.org/r1669519
Log:
Ensure that SSL parameters are provided to SSLServerSocket and SSLEngine. Patch
provided by Ognjen Blagojevic.
Modified:
tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/compat/Jre8Compat.java
tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
Modified:
tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/compat/Jre8Compat.java
URL:
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/compat/Jre8Compat.java?rev=1669519&r1=1669518&r2=1669519&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/compat/Jre8Compat.java
(original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/compat/Jre8Compat.java Fri
Mar 27 07:49:10 2015
@@ -27,16 +27,19 @@ class Jre8Compat extends Jre7Compat {
private static final Method getSSLParametersMethod;
private static final Method setUseCipherSuitesOrderMethod;
+ private static final Method setSSLParametersMethod;
static {
Method m1 = null;
Method m2 = null;
+ Method m3 = null;
try {
// Get this class first since it is Java 8+ only
Class<?> c2 = Class.forName("javax.net.ssl.SSLParameters");
m1 = SSLServerSocket.class.getMethod("getSSLParameters");
m2 = c2.getMethod("setUseCipherSuitesOrder", boolean.class);
+ m3 = SSLServerSocket.class.getMethod("setSSLParameters", c2);
} catch (SecurityException e) {
// Should never happen
} catch (NoSuchMethodException e) {
@@ -46,6 +49,7 @@ class Jre8Compat extends Jre7Compat {
}
getSSLParametersMethod = m1;
setUseCipherSuitesOrderMethod = m2;
+ setSSLParametersMethod = m3;
}
@@ -61,6 +65,7 @@ class Jre8Compat extends Jre7Compat {
Object sslParameters = getSSLParametersMethod.invoke(socket);
setUseCipherSuitesOrderMethod.invoke(
sslParameters, Boolean.valueOf(useCipherSuitesOrder));
+ setSSLParametersMethod.invoke(socket, sslParameters);
return;
} catch (IllegalArgumentException e) {
throw new UnsupportedOperationException(e);
@@ -78,6 +83,7 @@ class Jre8Compat extends Jre7Compat {
SSLParameters sslParameters = engine.getSSLParameters();
try {
setUseCipherSuitesOrderMethod.invoke(sslParameters,
Boolean.valueOf(useCipherSuitesOrder));
+ engine.setSSLParameters(sslParameters);
} catch (IllegalArgumentException e) {
throw new UnsupportedOperationException(e);
} catch (IllegalAccessException e) {
Modified: tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?rev=1669519&r1=1669518&r2=1669519&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Fri Mar 27 07:49:10 2015
@@ -59,8 +59,10 @@
<subsection name="Catalina">
<changelog>
<fix>
- Correct the check used for Java 8 JSSE server-preferred TLS cipher
- suite ordering. Patch provided by Ognjen Blagojevic. (violetagg)
+ <bug>55988</bug>: Correct the check used for Java 8 JSSE
+ server-preferred TLS cipher suite ordering. Ensure that SSL parameters
+ are provided to <code>SSLServerSocket</code> and
<code>SSLEngine</code>.
+ Patch provided by Ognjen Blagojevic. (violetagg)
</fix>
</changelog>
</subsection>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
