svn commit: r1695159 - in /tomcat/trunk: java/org/apache/tomcat/util/net/jsse/openssl/ test/org/apache/tomcat/util/net/jsse/openssl/

Mon, 10 Aug 2015 12:53:01 -0700 

Author: markt
Date: Mon Aug 10 19:52:17 2015
New Revision: 1695159

URL: http://svn.apache.org/r1695159
Log:
OpenSSL cipher mapping in trunk now works (i.e. tests pass) with 1.0.2.
Need to test with 1.1.0 - I suspect some 'tweaks' will be required.

Modified:
    tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Cipher.java
    
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java
    tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestCipher.java
    
tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestOpenSSLCipherConfigurationParser.java
    tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TesterOpenSSL.java

Modified: tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Cipher.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Cipher.java?rev=1695159&r1=1695158&r2=1695159&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Cipher.java 
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Cipher.java Mon 
Aug 10 19:52:17 2015
@@ -4021,7 +4021,7 @@ public enum Cipher {
     // RC2_128_CBC_WITH_MD5
     SSL_CK_RC2_128_CBC_WITH_MD5(
             -1,
-            "RC2-MD5",
+            "RC2-CBC-MD5",
             KeyExchange.RSA,
             Authentication.RSA,
             Encryption.RC2,

Modified: 
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java?rev=1695159&r1=1695158&r2=1695159&view=diff
==============================================================================
--- 
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java
 (original)
+++ 
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java
 Mon Aug 10 19:52:17 2015
@@ -485,12 +485,13 @@ public class OpenSSLCipherConfigurationP
         addListAlias(SRP, filterByKeyExchange(allCiphers, 
Collections.singleton(KeyExchange.SRP)));
         initialized = true;
         // Despite what the OpenSSL docs say, DEFAULT also excludes SSLv2
-        addListAlias(DEFAULT, parse("ALL:!eNULL:!aNULL:!SSLv2"));
+        addListAlias(DEFAULT, parse("ALL:!EXPORT:!eNULL:!aNULL:!SSLv2"));
         // COMPLEMENTOFDEFAULT is also not exactly as defined by the docs
         Set<Cipher> complementOfDefault = filterByKeyExchange(all, new 
HashSet<>(Arrays.asList(KeyExchange.EDH,KeyExchange.EECDH)));
         complementOfDefault = filterByAuthentication(complementOfDefault, 
Collections.singleton(Authentication.aNULL));
         complementOfDefault.removeAll(aliases.get(eNULL));
         complementOfDefault.addAll(aliases.get(Constants.SSL_PROTO_SSLv2));
+        complementOfDefault.addAll(aliases.get(EXPORT));
         addListAlias(COMPLEMENTOFDEFAULT, complementOfDefault);
     }
 

Modified: 
tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestCipher.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestCipher.java?rev=1695159&r1=1695158&r2=1695159&view=diff
==============================================================================
--- tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestCipher.java 
(original)
+++ tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestCipher.java 
Mon Aug 10 19:52:17 2015
@@ -23,17 +23,10 @@ import java.util.List;
 import java.util.Set;
 
 import org.junit.Assert;
-import org.junit.Assume;
-import org.junit.Before;
 import org.junit.Test;
 
 public class TestCipher {
 
-    @Before
-    public void checkVersion() {
-        Assume.assumeTrue(TesterOpenSSL.IS_EXPECTED_VERSION);
-    }
-
     /*
      * Checks that every cipher suite returned by OpenSSL is mapped to at least
      * one cipher suite that is recognised by JSSE or is a cipher suite known
@@ -83,43 +76,10 @@ public class TestCipher {
         Set<String> availableCipherSuites = 
TesterOpenSSL.getOpenSSLCiphersAsSet("ALL:eNULL");
         Set<String> expectedCipherSuites = new HashSet<>();
         for (Cipher cipher : Cipher.values()) {
-            String openSSLAlias = cipher.getOpenSSLAlias();
-            // OpenSSL does not implement any FORTEZZA algorithms so exclude
-            // them from the expected list
-            if (openSSLAlias.contains("FZA")) {
-                continue;
-            }
-            // GOST algorithms are not enabled by default and no JSSE
-            // implementation supports them so exclude them from the expected
-            // list
-            if (openSSLAlias.contains("GOST")) {
-                continue;
-            }
-            // OpenSSL does not enable the experimental EXP1024 and
-            // DHE-DSS-RC4-SHA cipher suites unless the source is explicitly
-            // patched so exclude them from the expected list
-            if (openSSLAlias.contains("EXP1024")) {
-                continue;
-            }
-            if (openSSLAlias.contains("DHE-DSS-RC4-SHA")) {
-                continue;
-            }
-            // OpenSSL removed (broken) support for EXP-DH-RSA-DES-CBC-SHA
-            // and EXP-DH-DSS-DES-CBC-SHA on 2015-05-23.
-            if (openSSLAlias.contains("EXP-DH-")) {
-                continue;
-            }
-            // RC2-MD5 is not referenced in the OpenSSL source so exclude it
-            // from the expected list
-            if (openSSLAlias.contains("RC2-MD5")) {
-                continue;
-            }
-            // As of OpenSSL 1.1.0, SSLv2 ciphers are not supported so exclude
-            // them from the expected list
-            if (cipher.getProtocol().equals(Protocol.SSLv2)) {
+            if (TesterOpenSSL.OPENSSL_UNIMPLEMENTED_CIPHERS.contains(cipher)) {
                 continue;
             }
-            expectedCipherSuites.add(openSSLAlias + "+" +
+            expectedCipherSuites.add(cipher.getOpenSSLAlias() + "+" +
                     cipher.getProtocol().getOpenSSLName());
         }
 

Modified: 
tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestOpenSSLCipherConfigurationParser.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestOpenSSLCipherConfigurationParser.java?rev=1695159&r1=1695158&r2=1695159&view=diff
==============================================================================
--- 
tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestOpenSSLCipherConfigurationParser.java
 (original)
+++ 
tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestOpenSSLCipherConfigurationParser.java
 Mon Aug 10 19:52:17 2015
@@ -19,19 +19,11 @@ package org.apache.tomcat.util.net.jsse.
 import java.util.List;
 
 import org.junit.Assert;
-import org.junit.Assume;
-import org.junit.Before;
 import org.junit.Ignore;
 import org.junit.Test;
 
 public class TestOpenSSLCipherConfigurationParser {
 
-    @Before
-    public void checkVersion() {
-        Assume.assumeTrue(TesterOpenSSL.IS_EXPECTED_VERSION);
-    }
-
-
     @Test
     public void testDEFAULT() throws Exception {
         testSpecification("DEFAULT");

Modified: 
tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TesterOpenSSL.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TesterOpenSSL.java?rev=1695159&r1=1695158&r2=1695159&view=diff
==============================================================================
--- 
tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TesterOpenSSL.java 
(original)
+++ 
tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TesterOpenSSL.java 
Mon Aug 10 19:52:17 2015
@@ -19,7 +19,6 @@ package org.apache.tomcat.util.net.jsse.
 import java.io.IOException;
 import java.io.InputStream;
 import java.util.ArrayList;
-import java.util.Arrays;
 import java.util.Collections;
 import java.util.HashSet;
 import java.util.List;
@@ -30,45 +29,196 @@ import org.apache.tomcat.util.http.fileu
 
 public class TesterOpenSSL {
 
-    public static final boolean IS_EXPECTED_VERSION;
+    public static final int VERSION;
 
-    public static final Set<Cipher> OPENSSL_UNIMPLEMENTED_CIPHERS =
-            Collections.unmodifiableSet(new HashSet<>(Arrays.asList(
-                    // The following ciphers are not implemented in an OpenSSL
-                    // version
-                    Cipher.SSL2_DES_64_CBC_WITH_MD5,
-                    Cipher.SSL_CK_RC2_128_CBC_WITH_MD5,
-                    // The following are not implemented in 1.1.x onwards. They
-                    // are implemented in 1.0.x and earlier
-                    Cipher.SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5,
-                    Cipher.SSL_CK_RC4_128_WITH_MD5,
-                    Cipher.SSL2_DES_64_CBC_WITH_MD5,
-                    Cipher.SSL2_DES_192_EDE3_CBC_WITH_MD5,
-                    Cipher.SSL2_IDEA_128_CBC_WITH_MD5,
-                    Cipher.SSL2_RC4_128_EXPORT40_WITH_MD5,
-                    Cipher.TLS_RSA_EXPORT1024_WITH_RC4_56_MD5,
-                    Cipher.TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
-                    Cipher.TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA,
-                    Cipher.TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
-                    Cipher.TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,
-                    Cipher.TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
-                    Cipher.TLS_DHE_DSS_WITH_RC4_128_SHA,
-                    // The following have been removed from OpenSSL on 
2015-05-23
-                    Cipher.TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA,
-                    Cipher.TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA)));
+    public static final Set<Cipher> OPENSSL_UNIMPLEMENTED_CIPHERS;
 
     static {
         // Note: The tests are configured for the OpenSSL 1.1.0 development
         //       branch. Running with a different version is likely to trigger
         //       failures.
-        String expected_version = 
System.getProperty("tomcat.test.openssl.version", "");
         String versionString = null;
         try {
             versionString = executeOpenSSLCommand("version");
         } catch (IOException e) {
             versionString = "";
         }
-        IS_EXPECTED_VERSION = versionString.startsWith("OpenSSL " + 
expected_version);
+        if (versionString.startsWith("OpenSSL 1.1.0")) {
+            VERSION = 10100;
+        } else if (versionString.startsWith("OpenSSL 1.0.2")) {
+            VERSION = 10002;
+        } else if (versionString.startsWith("OpenSSL 1.0.1")) {
+            VERSION = 10001;
+        } else if (versionString.startsWith("OpenSSL 1.0.0")) {
+            VERSION = 10000;
+        } else if (versionString.startsWith("OpenSSL 0.9.8")) {
+            VERSION =   908;
+        } else {
+            // Unknown OpenSSL version
+            throw new IllegalStateException("Unknown OpenSSL version " + 
versionString);
+        }
+
+        HashSet<Cipher> unimplemented = new HashSet<>();
+
+        // Note: The following lists are intended to be aligned with the most
+        //       recent release of each OpenSSL release branch
+
+        // TODO Validate this for all OpenSSL versions
+        //      0.9.8 - TODO
+        //      1.0.0 - TODO
+        //      1.0.1 - TODO
+        //      1.0.2 - Done
+        //      1.1.0 - TODO
+
+        // These were removed in 0.9.8 (or earlier) so won't be available in 
any
+        // supported version.
+        unimplemented.add(Cipher.TLS_DHE_DSS_WITH_RC4_128_SHA);
+        unimplemented.add(Cipher.TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA);
+        unimplemented.add(Cipher.TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA);
+        unimplemented.add(Cipher.TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5);
+        unimplemented.add(Cipher.TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA);
+        unimplemented.add(Cipher.TLS_RSA_EXPORT1024_WITH_RC4_56_SHA);
+        unimplemented.add(Cipher.TLS_RSA_EXPORT1024_WITH_RC4_56_MD5);
+
+        if (VERSION < 10000) {
+            // These were implemented in 1.0.0 so won't be available in any
+            // earlier version
+        } else {
+            // These were removed in 1.0.0 so won't be available from that
+            // version onwards.
+        }
+
+
+        if (VERSION < 10001) {
+            // These were added in 1.0.1 so won't be available in any earlier
+            // version
+            unimplemented.add(Cipher.TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256);
+            unimplemented.add(Cipher.TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256);
+            unimplemented.add(Cipher.TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256);
+            unimplemented.add(Cipher.TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256);
+            unimplemented.add(Cipher.TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256);
+            unimplemented.add(Cipher.TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256);
+            unimplemented.add(Cipher.TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256);
+            unimplemented.add(Cipher.TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256);
+            unimplemented.add(Cipher.TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256);
+            unimplemented.add(Cipher.TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256);
+            
unimplemented.add(Cipher.TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256);
+            
unimplemented.add(Cipher.TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384);
+            
unimplemented.add(Cipher.TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256);
+            
unimplemented.add(Cipher.TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384);
+            
unimplemented.add(Cipher.TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256);
+            
unimplemented.add(Cipher.TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384);
+            
unimplemented.add(Cipher.TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256);
+            
unimplemented.add(Cipher.TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384);
+            unimplemented.add(Cipher.TLS_PSK_WITH_AES_128_GCM_SHA256);
+            unimplemented.add(Cipher.TLS_PSK_WITH_AES_256_GCM_SHA384);
+        } else {
+            // These were removed in 1.0.1 so won't be available from that
+            // version onwards.
+            unimplemented.add(Cipher.TLS_RSA_EXPORT1024_WITH_RC4_56_MD5);
+            unimplemented.add(Cipher.TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5);
+            unimplemented.add(Cipher.TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA);
+            unimplemented.add(Cipher.TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA);
+            unimplemented.add(Cipher.TLS_RSA_EXPORT1024_WITH_RC4_56_SHA);
+            unimplemented.add(Cipher.TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA);
+            unimplemented.add(Cipher.TLS_DHE_DSS_WITH_RC4_128_SHA);
+        }
+
+        if (VERSION < 10002) {
+            // These were implemented in 1.0.2 so won't be available in any
+            // earlier version
+        } else {
+            // These were removed in 1.0.2 so won't be available from that
+            // version onwards.
+            unimplemented.add(Cipher.TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA);
+            unimplemented.add(Cipher.TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA);
+        }
+
+        if (VERSION < 10100) {
+            // These were implemented in 1.1.0 so won't be available in any
+            // earlier version
+            unimplemented.add(Cipher.TLS_PSK_WITH_NULL_SHA);
+            unimplemented.add(Cipher.TLS_DHE_PSK_WITH_NULL_SHA);
+            unimplemented.add(Cipher.TLS_RSA_PSK_WITH_NULL_SHA);
+            unimplemented.add(Cipher.TLS_DHE_PSK_WITH_AES_128_GCM_SHA256);
+            unimplemented.add(Cipher.TLS_DHE_PSK_WITH_AES_256_GCM_SHA384);
+            unimplemented.add(Cipher.TLS_RSA_PSK_WITH_AES_128_GCM_SHA256);
+            unimplemented.add(Cipher.TLS_RSA_PSK_WITH_AES_256_GCM_SHA384);
+            unimplemented.add(Cipher.TLS_PSK_WITH_AES_128_CBC_SHA256);
+            unimplemented.add(Cipher.TLS_PSK_WITH_AES_256_CBC_SHA384);
+            unimplemented.add(Cipher.TLS_PSK_WITH_NULL_SHA256);
+            unimplemented.add(Cipher.TLS_PSK_WITH_NULL_SHA384);
+            unimplemented.add(Cipher.TLS_DHE_PSK_WITH_AES_128_CBC_SHA256);
+            unimplemented.add(Cipher.TLS_DHE_PSK_WITH_AES_256_CBC_SHA384);
+            unimplemented.add(Cipher.TLS_DHE_PSK_WITH_NULL_SHA256);
+            unimplemented.add(Cipher.TLS_DHE_PSK_WITH_NULL_SHA384);
+            unimplemented.add(Cipher.TLS_RSA_PSK_WITH_AES_128_CBC_SHA256);
+            unimplemented.add(Cipher.TLS_RSA_PSK_WITH_AES_256_CBC_SHA384);
+            unimplemented.add(Cipher.TLS_RSA_PSK_WITH_NULL_SHA256);
+            unimplemented.add(Cipher.TLS_RSA_PSK_WITH_NULL_SHA384);
+            unimplemented.add(Cipher.TLS_DHE_PSK_WITH_RC4_128_SHA);
+            unimplemented.add(Cipher.TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA);
+            unimplemented.add(Cipher.TLS_DHE_PSK_WITH_AES_128_CBC_SHA);
+            unimplemented.add(Cipher.TLS_DHE_PSK_WITH_AES_256_CBC_SHA);
+            unimplemented.add(Cipher.TLS_RSA_PSK_WITH_RC4_128_SHA);
+            unimplemented.add(Cipher.TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA);
+            unimplemented.add(Cipher.TLS_RSA_PSK_WITH_AES_128_CBC_SHA);
+            unimplemented.add(Cipher.TLS_RSA_PSK_WITH_AES_256_CBC_SHA);
+            unimplemented.add(Cipher.TLS_ECDHE_PSK_WITH_RC4_128_SHA);
+            unimplemented.add(Cipher.TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA);
+            unimplemented.add(Cipher.TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA);
+            unimplemented.add(Cipher.TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA);
+            unimplemented.add(Cipher.TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256);
+            unimplemented.add(Cipher.TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384);
+            unimplemented.add(Cipher.TLS_ECDHE_PSK_WITH_NULL_SHA);
+            unimplemented.add(Cipher.TLS_ECDHE_PSK_WITH_NULL_SHA256);
+            unimplemented.add(Cipher.TLS_ECDHE_PSK_WITH_NULL_SHA384);
+            unimplemented.add(Cipher.TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256);
+            unimplemented.add(Cipher.TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384);
+            unimplemented.add(Cipher.TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256);
+            unimplemented.add(Cipher.TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384);
+            unimplemented.add(Cipher.TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256);
+            unimplemented.add(Cipher.TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384);
+            
unimplemented.add(Cipher.TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256);
+            
unimplemented.add(Cipher.TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384);
+            unimplemented.add(Cipher.TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256);
+            unimplemented.add(Cipher.TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256);
+            unimplemented.add(Cipher.TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256);
+            unimplemented.add(Cipher.TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256);
+            unimplemented.add(Cipher.TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256);
+            unimplemented.add(Cipher.TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256);
+            unimplemented.add(Cipher.TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256);
+            unimplemented.add(Cipher.TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256);
+            
unimplemented.add(Cipher.TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384);
+            
unimplemented.add(Cipher.TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384);
+            
unimplemented.add(Cipher.TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256);
+            
unimplemented.add(Cipher.TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256);
+            
unimplemented.add(Cipher.TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384);
+            
unimplemented.add(Cipher.TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256);
+            
unimplemented.add(Cipher.TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384);
+            
unimplemented.add(Cipher.TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256);
+            unimplemented.add(Cipher.TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256);
+            unimplemented.add(Cipher.TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256);
+            unimplemented.add(Cipher.TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256);
+            unimplemented.add(Cipher.TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256);
+            unimplemented.add(Cipher.TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256);
+            unimplemented.add(Cipher.TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256);
+            unimplemented.add(Cipher.TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256);
+            unimplemented.add(Cipher.TLS_PSK_WITH_AES_128_GCM_SHA256);
+            unimplemented.add(Cipher.TLS_PSK_WITH_AES_256_GCM_SHA384);
+            unimplemented.add(Cipher.TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256);
+        } else {
+            // These were removed in 1.1.0 so won't be available from that
+            // version onwards.
+            unimplemented.add(Cipher.SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5);
+            unimplemented.add(Cipher.SSL_CK_RC4_128_WITH_MD5);
+            unimplemented.add(Cipher.SSL2_DES_192_EDE3_CBC_WITH_MD5);
+            unimplemented.add(Cipher.SSL2_DES_64_CBC_WITH_MD5);
+            unimplemented.add(Cipher.SSL2_IDEA_128_CBC_WITH_MD5);
+            unimplemented.add(Cipher.SSL2_RC4_128_EXPORT40_WITH_MD5);
+            unimplemented.add(Cipher.SSL_CK_RC2_128_CBC_WITH_MD5);
+        }
+        OPENSSL_UNIMPLEMENTED_CIPHERS = 
Collections.unmodifiableSet(unimplemented);
     }
 
 
@@ -106,6 +256,8 @@ public class TesterOpenSSL {
         // OpenSSL should have returned one cipher per line
         String ciphers[] = stdout.split("\n");
         for (String cipher : ciphers) {
+            // Handle rename for 1.1.0 onwards
+            cipher = cipher.replaceAll("EDH", "DHE");
             if (first) {
                 first = false;
             } else {



---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to