Author: markt Date: Wed Mar 2 21:56:14 2016 New Revision: 1733375 URL: http://svn.apache.org/viewvc?rev=1733375&view=rev Log: Fix ordering for newer ciphers suites only in OpenSSL master
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/openssl/ciphers/OpenSSLCipherConfigurationParser.java Modified: tomcat/trunk/java/org/apache/tomcat/util/net/openssl/ciphers/OpenSSLCipherConfigurationParser.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/openssl/ciphers/OpenSSLCipherConfigurationParser.java?rev=1733375&r1=1733374&r2=1733375&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/tomcat/util/net/openssl/ciphers/OpenSSLCipherConfigurationParser.java (original) +++ tomcat/trunk/java/org/apache/tomcat/util/net/openssl/ciphers/OpenSSLCipherConfigurationParser.java Wed Mar 2 21:56:14 2016 @@ -565,10 +565,11 @@ public class OpenSSLCipherConfigurationP /* Everything else being equal, prefer ephemeral ECDH over other key exchange mechanisms */ result.addAll(filterByKeyExchange(ciphers, Collections.singleton(KeyExchange.EECDH))); /* AES is our preferred symmetric cipher */ - moveToStart(result, filterByEncryption(result, new HashSet<>(Arrays.asList(Encryption.AES128, Encryption.AES128GCM, - Encryption.AES256, Encryption.AES256GCM)))); - result.addAll(filterByEncryption(ciphers, new HashSet<>(Arrays.asList(Encryption.AES128, Encryption.AES128GCM, - Encryption.AES256, Encryption.AES256GCM)))); + Set<Encryption> aes = new HashSet<>(Arrays.asList(Encryption.AES128, Encryption.AES128CCM, + Encryption.AES128CCM8, Encryption.AES128GCM, Encryption.AES256, + Encryption.AES256CCM, Encryption.AES256CCM8, Encryption.AES256GCM)); + moveToStart(result, filterByEncryption(result, aes)); + result.addAll(filterByEncryption(ciphers, aes)); /* Temporarily enable everything else for sorting */ result.addAll(ciphers); --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org