Author: markt
Date: Mon Sep 28 09:26:06 2015
New Revision: 1705630
URL: http://svn.apache.org/viewvc?rev=1705630&view=rev
Log:
Add the CCM ciphers from RFC6655 and RFC7251 to align with OpenSSL master
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Cipher.java
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Encryption.java
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Cipher.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Cipher.java?rev=1705630&r1=1705629&r2=1705630&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Cipher.java
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Cipher.java Mon
Sep 28 09:26:06 2015
@@ -3981,6 +3981,348 @@ public enum Cipher {
null,
null
),
+ // CCM ciphersuites from RFC6655
+ // Cipher C09C
+ TLS_RSA_WITH_AES_128_CCM(
+ 0xC09C,
+ "AES128-CCM",
+ KeyExchange.RSA,
+ Authentication.RSA,
+ Encryption.AES128CCM,
+ MessageDigest.AEAD,
+ Protocol.TLSv1_2,
+ false,
+ EncryptionLevel.HIGH,
+ false,
+ 128,
+ 128,
+ null,
+ null
+ ),
+ // Cipher C09D
+ TLS_RSA_WITH_AES_256_CCM(
+ 0xC09D,
+ "AES256-CCM",
+ KeyExchange.RSA,
+ Authentication.RSA,
+ Encryption.AES256CCM,
+ MessageDigest.AEAD,
+ Protocol.TLSv1_2,
+ false,
+ EncryptionLevel.HIGH,
+ false,
+ 256,
+ 256,
+ null,
+ null
+ ),
+ // Cipher C09E
+ TLS_DHE_RSA_WITH_AES_128_CCM(
+ 0xC09E,
+ "DHE-RSA-AES128-CCM",
+ KeyExchange.EDH,
+ Authentication.RSA,
+ Encryption.AES128CCM,
+ MessageDigest.AEAD,
+ Protocol.TLSv1_2,
+ false,
+ EncryptionLevel.HIGH,
+ false,
+ 128,
+ 128,
+ null,
+ null
+ ),
+ // Cipher C09F
+ TLS_DHE_RSA_WITH_AES_256_CCM(
+ 0xC09F,
+ "DHE-RSA-AES256-CCM",
+ KeyExchange.EDH,
+ Authentication.RSA,
+ Encryption.AES256CCM,
+ MessageDigest.AEAD,
+ Protocol.TLSv1_2,
+ false,
+ EncryptionLevel.HIGH,
+ false,
+ 256,
+ 256,
+ null,
+ null
+ ),
+ // Cipher C0A0
+ TLS_RSA_WITH_AES_128_CCM_8(
+ 0xC0A0,
+ "AES128-CCM8",
+ KeyExchange.RSA,
+ Authentication.RSA,
+ Encryption.AES128CCM8,
+ MessageDigest.AEAD,
+ Protocol.TLSv1_2,
+ false,
+ EncryptionLevel.HIGH,
+ false,
+ 128,
+ 128,
+ null,
+ null
+ ),
+ // Cipher C0A1
+ TLS_RSA_WITH_AES_256_CCM_8(
+ 0xC0A1,
+ "AES256-CCM8",
+ KeyExchange.RSA,
+ Authentication.RSA,
+ Encryption.AES256CCM8,
+ MessageDigest.AEAD,
+ Protocol.TLSv1_2,
+ false,
+ EncryptionLevel.HIGH,
+ false,
+ 256,
+ 256,
+ null,
+ null
+ ),
+ // Cipher C0A2
+ TLS_DHE_RSA_WITH_AES_128_CCM_8(
+ 0xC0A2,
+ "DHE-RSA-AES128-CCM8",
+ KeyExchange.EDH,
+ Authentication.RSA,
+ Encryption.AES128CCM8,
+ MessageDigest.AEAD,
+ Protocol.TLSv1_2,
+ false,
+ EncryptionLevel.HIGH,
+ false,
+ 128,
+ 128,
+ null,
+ null
+ ),
+ // Cipher C0A3
+ TLS_DHE_RSA_WITH_AES_256_CCM_8(
+ 0xC0A3,
+ "DHE-RSA-AES256-CCM8",
+ KeyExchange.EDH,
+ Authentication.RSA,
+ Encryption.AES256CCM8,
+ MessageDigest.AEAD,
+ Protocol.TLSv1_2,
+ false,
+ EncryptionLevel.HIGH,
+ false,
+ 256,
+ 256,
+ null,
+ null
+ ),
+ // Cipher C0A4
+ TLS_PSK_WITH_AES_128_CCM(
+ 0xC0A4,
+ "PSK-AES128-CCM",
+ KeyExchange.PSK,
+ Authentication.PSK,
+ Encryption.AES128CCM,
+ MessageDigest.AEAD,
+ Protocol.TLSv1_2,
+ false,
+ EncryptionLevel.HIGH,
+ false,
+ 128,
+ 128,
+ null,
+ null
+ ),
+ // Cipher C0A5
+ TLS_PSK_WITH_AES_256_CCM(
+ 0xC0A5,
+ "PSK-AES256-CCM",
+ KeyExchange.PSK,
+ Authentication.PSK,
+ Encryption.AES256CCM,
+ MessageDigest.AEAD,
+ Protocol.TLSv1_2,
+ false,
+ EncryptionLevel.HIGH,
+ false,
+ 256,
+ 256,
+ null,
+ null
+ ),
+ // Cipher C0A6
+ TLS_DHE_PSK_WITH_AES_128_CCM(
+ 0xC0A6,
+ "DHE-PSK-AES128-CCM",
+ KeyExchange.DHEPSK,
+ Authentication.PSK,
+ Encryption.AES128CCM,
+ MessageDigest.AEAD,
+ Protocol.TLSv1_2,
+ false,
+ EncryptionLevel.HIGH,
+ false,
+ 128,
+ 128,
+ null,
+ null
+ ),
+ // Cipher C0A7
+ TLS_DHE_PSK_WITH_AES_256_CCM(
+ 0xC0A7,
+ "DHE-PSK-AES256-CCM",
+ KeyExchange.DHEPSK,
+ Authentication.PSK,
+ Encryption.AES256CCM,
+ MessageDigest.AEAD,
+ Protocol.TLSv1_2,
+ false,
+ EncryptionLevel.HIGH,
+ false,
+ 256,
+ 256,
+ null,
+ null
+ ),
+ // Cipher C0A8
+ TLS_PSK_WITH_AES_128_CCM_8(
+ 0xC0A8,
+ "PSK-AES128-CCM8",
+ KeyExchange.PSK,
+ Authentication.PSK,
+ Encryption.AES128CCM8,
+ MessageDigest.AEAD,
+ Protocol.TLSv1_2,
+ false,
+ EncryptionLevel.HIGH,
+ false,
+ 128,
+ 128,
+ null,
+ null
+ ),
+ // Cipher C0A9
+ TLS_PSK_WITH_AES_256_CCM_8(
+ 0xC0A9,
+ "PSK-AES256-CCM8",
+ KeyExchange.PSK,
+ Authentication.PSK,
+ Encryption.AES256CCM8,
+ MessageDigest.AEAD,
+ Protocol.TLSv1_2,
+ false,
+ EncryptionLevel.HIGH,
+ false,
+ 256,
+ 256,
+ null,
+ null
+ ),
+ // Cipher C0AA
+ TLS_DHE_PSK_WITH_AES_128_CCM_8(
+ 0xC0AA,
+ "DHE-PSK-AES128-CCM8",
+ KeyExchange.DHEPSK,
+ Authentication.PSK,
+ Encryption.AES128CCM8,
+ MessageDigest.AEAD,
+ Protocol.TLSv1_2,
+ false,
+ EncryptionLevel.HIGH,
+ false,
+ 128,
+ 128,
+ null,
+ null
+ ),
+ // Cipher C0AB
+ TLS_DHE_PSK_WITH_AES_256_CCM_8(
+ 0xC0AB,
+ "DHE-PSK-AES256-CCM8",
+ KeyExchange.DHEPSK,
+ Authentication.PSK,
+ Encryption.AES256CCM8,
+ MessageDigest.AEAD,
+ Protocol.TLSv1_2,
+ false,
+ EncryptionLevel.HIGH,
+ false,
+ 256,
+ 256,
+ null,
+ null
+ ),
+ // CCM ciphersuites from RFC7251
+ // Cipher C0AC
+ TLS_ECDHE_ECDSA_WITH_AES_128_CCM(
+ 0xC0AC,
+ "ECDHE-ECDSA-AES128-CCM",
+ KeyExchange.ECDHe,
+ Authentication.ECDSA,
+ Encryption.AES128CCM,
+ MessageDigest.AEAD,
+ Protocol.TLSv1_2,
+ false,
+ EncryptionLevel.HIGH,
+ false,
+ 128,
+ 128,
+ null,
+ null
+ ),
+ // Cipher C0AD
+ TLS_ECDHE_ECDSA_WITH_AES_256_CCM(
+ 0xC0AD,
+ "ECDHE-ECDSA-AES256-CCM",
+ KeyExchange.ECDHe,
+ Authentication.ECDSA,
+ Encryption.AES256CCM,
+ MessageDigest.AEAD,
+ Protocol.TLSv1_2,
+ false,
+ EncryptionLevel.HIGH,
+ false,
+ 128,
+ 128,
+ null,
+ null
+ ),
+ // Cipher C0AE
+ TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8(
+ 0xC0AE,
+ "ECDHE-ECDSA-AES128-CCM8",
+ KeyExchange.ECDHe,
+ Authentication.ECDSA,
+ Encryption.AES128CCM8,
+ MessageDigest.AEAD,
+ Protocol.TLSv1_2,
+ false,
+ EncryptionLevel.HIGH,
+ false,
+ 128,
+ 128,
+ null,
+ null
+ ),
+ // Cipher C0AF
+ TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8(
+ 0xC0AF,
+ "ECDHE-ECDSA-AES256-CCM8",
+ KeyExchange.ECDHe,
+ Authentication.ECDSA,
+ Encryption.AES256CCM8,
+ MessageDigest.AEAD,
+ Protocol.TLSv1_2,
+ false,
+ EncryptionLevel.HIGH,
+ false,
+ 128,
+ 128,
+ null,
+ null
+ ),
// Cipher 0x010080 (SSLv2)
// RC4_128_WITH_MD5
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Encryption.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Encryption.java?rev=1705630&r1=1705629&r2=1705630&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Encryption.java
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Encryption.java
Mon Sep 28 09:26:06 2015
@@ -18,10 +18,14 @@
package org.apache.tomcat.util.net.jsse.openssl;
enum Encryption {
- AES256GCM,
- AES256,
- AES128GCM,
AES128,
+ AES128CCM,
+ AES128CCM8,
+ AES128GCM,
+ AES256,
+ AES256CCM,
+ AES256CCM8,
+ AES256GCM,
CAMELLIA256,
CAMELLIA128,
TRIPLE_DES,
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
