Re: svn commit: r1733390 - in /tomcat/trunk: java/org/apache/tomcat/util/net/ java/org/apache/tomcat/util/net/openssl/ciphers/ test/org/apache/tomcat/util/net/openssl/ciphers/ webapps/docs/

Mark Thomas Wed, 02 Mar 2016 15:50:53 -0800

On 02/03/2016 23:13, ma...@apache.org wrote:
> Author: markt
> Date: Wed Mar  2 23:13:25 2016
> New Revision: 1733390
> 
> URL: http://svn.apache.org/viewvc?rev=1733390&view=rev
> Log:
> Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=59081
> Retain the user defined cipher order when defining ciphers


Note: This works for 1.0.2 but I am currently seeing test failures with
OpenSSL master. I'm working on a fix but expect Gump to complain about
some of the Cipher tests until I'm done.

Mark


> 
> Modified:
>     tomcat/trunk/java/org/apache/tomcat/util/net/SSLUtilBase.java
>     
> tomcat/trunk/java/org/apache/tomcat/util/net/openssl/ciphers/OpenSSLCipherConfigurationParser.java
>     
> tomcat/trunk/test/org/apache/tomcat/util/net/openssl/ciphers/TestOpenSSLCipherConfigurationParserOnly.java
>     tomcat/trunk/webapps/docs/changelog.xml
> 
> Modified: tomcat/trunk/java/org/apache/tomcat/util/net/SSLUtilBase.java
> URL: 
> http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/SSLUtilBase.java?rev=1733390&r1=1733389&r2=1733390&view=diff
> ==============================================================================
> --- tomcat/trunk/java/org/apache/tomcat/util/net/SSLUtilBase.java (original)
> +++ tomcat/trunk/java/org/apache/tomcat/util/net/SSLUtilBase.java Wed Mar  2 
> 23:13:25 2016
> @@ -70,8 +70,8 @@ public abstract class SSLUtilBase implem
>              // can be done at this point.
>              enabled.addAll(configured);
>          } else {
> -            enabled.addAll(implemented);
> -            enabled.retainAll(configured);
> +            enabled.addAll(configured);
> +            enabled.retainAll(implemented);
>  
>              if (enabled.isEmpty()) {
>                  // Don't use the defaults in this case. They may be less 
> secure
> 
> Modified: 
> tomcat/trunk/java/org/apache/tomcat/util/net/openssl/ciphers/OpenSSLCipherConfigurationParser.java
> URL: 
> http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/openssl/ciphers/OpenSSLCipherConfigurationParser.java?rev=1733390&r1=1733389&r2=1733390&view=diff
> ==============================================================================
> --- 
> tomcat/trunk/java/org/apache/tomcat/util/net/openssl/ciphers/OpenSSLCipherConfigurationParser.java
>  (original)
> +++ 
> tomcat/trunk/java/org/apache/tomcat/util/net/openssl/ciphers/OpenSSLCipherConfigurationParser.java
>  Wed Mar  2 23:13:25 2016
> @@ -695,7 +695,7 @@ public class OpenSSLCipherConfigurationP
>              }
>          }
>          ciphers.removeAll(removedCiphers);
> -        return defaultSort(ciphers);
> +        return ciphers;
>      }
>  
>      public static List<String> convertForJSSE(Collection<Cipher> ciphers) {
> 
> Modified: 
> tomcat/trunk/test/org/apache/tomcat/util/net/openssl/ciphers/TestOpenSSLCipherConfigurationParserOnly.java
> URL: 
> http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/net/openssl/ciphers/TestOpenSSLCipherConfigurationParserOnly.java?rev=1733390&r1=1733389&r2=1733390&view=diff
> ==============================================================================
> --- 
> tomcat/trunk/test/org/apache/tomcat/util/net/openssl/ciphers/TestOpenSSLCipherConfigurationParserOnly.java
>  (original)
> +++ 
> tomcat/trunk/test/org/apache/tomcat/util/net/openssl/ciphers/TestOpenSSLCipherConfigurationParserOnly.java
>  Wed Mar  2 23:13:25 2016
> @@ -76,4 +76,21 @@ public class TestOpenSSLCipherConfigurat
>  
>          Assert.assertEquals(expected, result);
>      }
> +
> +    @Test
> +    public void testCustomOrdering() throws Exception {
> +        // https://bz.apache.org/bugzilla/show_bug.cgi?id=59081
> +        LinkedHashSet<Cipher> result = 
> OpenSSLCipherConfigurationParser.parse(
> +                
> "ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:" +
> +                "DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:DES-CBC3-SHA");
> +        LinkedHashSet<Cipher> expected = new LinkedHashSet<>();
> +        expected.add(Cipher.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384);
> +        expected.add(Cipher.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA);
> +        expected.add(Cipher.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA);
> +        expected.add(Cipher.TLS_DHE_RSA_WITH_AES_256_CBC_SHA);
> +        expected.add(Cipher.TLS_DHE_RSA_WITH_AES_128_CBC_SHA);
> +        expected.add(Cipher.TLS_RSA_WITH_3DES_EDE_CBC_SHA);
> +
> +        Assert.assertEquals(expected.toString(), result.toString());
> +    }
>  }
> 
> Modified: tomcat/trunk/webapps/docs/changelog.xml
> URL: 
> http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1733390&r1=1733389&r2=1733390&view=diff
> ==============================================================================
> --- tomcat/trunk/webapps/docs/changelog.xml (original)
> +++ tomcat/trunk/webapps/docs/changelog.xml Wed Mar  2 23:13:25 2016
> @@ -168,6 +168,10 @@
>          Align cipher aliases for <code>kECDHE</code> and <code>ECDHE</code> 
> with
>          the current OpenSSL implementation. (markt)
>        </fix>
> +      <fix>
> +        <bug>59081</bug>: Retain the user defined cipher order when defining
> +        ciphers. (markt)
> +      </fix>
>      </changelog>
>    </subsection>
>    <subsection name="Jasper">
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: svn commit: r1733390 - in /tomcat/trunk: java/org/apache/tomcat/util/net/ java/org/apache/tomcat/util/net/openssl/ciphers/ test/org/apache/tomcat/util/net/openssl/ciphers/ webapps/docs/

Reply via email to