svn commit: r1733390 - in /tomcat/trunk: java/org/apache/tomcat/util/net/ java/org/apache/tomcat/util/net/openssl/ciphers/ test/org/apache/tomcat/util/net/openssl/ciphers/ webapps/docs/

markt Wed, 02 Mar 2016 15:14:14 -0800

Author: markt
Date: Wed Mar  2 23:13:25 2016
New Revision: 1733390

URL: http://svn.apache.org/viewvc?rev=1733390&view=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=59081
Retain the user defined cipher order when defining ciphers


Modified:
    tomcat/trunk/java/org/apache/tomcat/util/net/SSLUtilBase.java
    
tomcat/trunk/java/org/apache/tomcat/util/net/openssl/ciphers/OpenSSLCipherConfigurationParser.java
    
tomcat/trunk/test/org/apache/tomcat/util/net/openssl/ciphers/TestOpenSSLCipherConfigurationParserOnly.java
    tomcat/trunk/webapps/docs/changelog.xml

Modified: tomcat/trunk/java/org/apache/tomcat/util/net/SSLUtilBase.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/SSLUtilBase.java?rev=1733390&r1=1733389&r2=1733390&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/SSLUtilBase.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/SSLUtilBase.java Wed Mar  2 
23:13:25 2016
@@ -70,8 +70,8 @@ public abstract class SSLUtilBase implem
             // can be done at this point.
             enabled.addAll(configured);
         } else {
-            enabled.addAll(implemented);
-            enabled.retainAll(configured);
+            enabled.addAll(configured);
+            enabled.retainAll(implemented);
 
             if (enabled.isEmpty()) {
                 // Don't use the defaults in this case. They may be less secure

Modified: 
tomcat/trunk/java/org/apache/tomcat/util/net/openssl/ciphers/OpenSSLCipherConfigurationParser.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/openssl/ciphers/OpenSSLCipherConfigurationParser.java?rev=1733390&r1=1733389&r2=1733390&view=diff
==============================================================================
--- 
tomcat/trunk/java/org/apache/tomcat/util/net/openssl/ciphers/OpenSSLCipherConfigurationParser.java
 (original)
+++ 
tomcat/trunk/java/org/apache/tomcat/util/net/openssl/ciphers/OpenSSLCipherConfigurationParser.java
 Wed Mar  2 23:13:25 2016
@@ -695,7 +695,7 @@ public class OpenSSLCipherConfigurationP
             }
         }
         ciphers.removeAll(removedCiphers);
-        return defaultSort(ciphers);
+        return ciphers;
     }
 
     public static List<String> convertForJSSE(Collection<Cipher> ciphers) {

Modified: 
tomcat/trunk/test/org/apache/tomcat/util/net/openssl/ciphers/TestOpenSSLCipherConfigurationParserOnly.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/net/openssl/ciphers/TestOpenSSLCipherConfigurationParserOnly.java?rev=1733390&r1=1733389&r2=1733390&view=diff
==============================================================================
--- 
tomcat/trunk/test/org/apache/tomcat/util/net/openssl/ciphers/TestOpenSSLCipherConfigurationParserOnly.java
 (original)
+++ 
tomcat/trunk/test/org/apache/tomcat/util/net/openssl/ciphers/TestOpenSSLCipherConfigurationParserOnly.java
 Wed Mar  2 23:13:25 2016
@@ -76,4 +76,21 @@ public class TestOpenSSLCipherConfigurat
 
         Assert.assertEquals(expected, result);
     }
+
+    @Test
+    public void testCustomOrdering() throws Exception {
+        // https://bz.apache.org/bugzilla/show_bug.cgi?id=59081
+        LinkedHashSet<Cipher> result = OpenSSLCipherConfigurationParser.parse(
+                
"ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:" +
+                "DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:DES-CBC3-SHA");
+        LinkedHashSet<Cipher> expected = new LinkedHashSet<>();
+        expected.add(Cipher.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384);
+        expected.add(Cipher.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA);
+        expected.add(Cipher.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA);
+        expected.add(Cipher.TLS_DHE_RSA_WITH_AES_256_CBC_SHA);
+        expected.add(Cipher.TLS_DHE_RSA_WITH_AES_128_CBC_SHA);
+        expected.add(Cipher.TLS_RSA_WITH_3DES_EDE_CBC_SHA);
+
+        Assert.assertEquals(expected.toString(), result.toString());
+    }
 }

Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1733390&r1=1733389&r2=1733390&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Wed Mar  2 23:13:25 2016
@@ -168,6 +168,10 @@
         Align cipher aliases for <code>kECDHE</code> and <code>ECDHE</code> 
with
         the current OpenSSL implementation. (markt)
       </fix>
+      <fix>
+        <bug>59081</bug>: Retain the user defined cipher order when defining
+        ciphers. (markt)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Jasper">



---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

svn commit: r1733390 - in /tomcat/trunk: java/org/apache/tomcat/util/net/ java/org/apache/tomcat/util/net/openssl/ciphers/ test/org/apache/tomcat/util/net/openssl/ciphers/ webapps/docs/

Reply via email to