Author: markt
Date: Thu Mar 3 00:22:52 2016
New Revision: 1733394
URL: http://svn.apache.org/viewvc?rev=1733394&view=rev
Log:
Fix ordering exposed by latest changes with OpenSSL master
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/openssl/ciphers/OpenSSLCipherConfigurationParser.java
tomcat/trunk/test/org/apache/tomcat/util/net/openssl/ciphers/TestOpenSSLCipherConfigurationParserOnly.java
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/openssl/ciphers/OpenSSLCipherConfigurationParser.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/openssl/ciphers/OpenSSLCipherConfigurationParser.java?rev=1733394&r1=1733393&r2=1733394&view=diff
==============================================================================
---
tomcat/trunk/java/org/apache/tomcat/util/net/openssl/ciphers/OpenSSLCipherConfigurationParser.java
(original)
+++
tomcat/trunk/java/org/apache/tomcat/util/net/openssl/ciphers/OpenSSLCipherConfigurationParser.java
Thu Mar 3 00:22:52 2016
@@ -560,17 +560,22 @@ public class OpenSSLCipherConfigurationP
*/
static LinkedHashSet<Cipher> defaultSort(final LinkedHashSet<Cipher>
ciphers) {
final LinkedHashSet<Cipher> result = new
LinkedHashSet<>(ciphers.size());
- /* Now arrange all ciphers by preference: */
+ final LinkedHashSet<Cipher> ecdh = new LinkedHashSet<>(ciphers.size());
/* Everything else being equal, prefer ephemeral ECDH over other key
exchange mechanisms */
- result.addAll(filterByKeyExchange(ciphers,
Collections.singleton(KeyExchange.EECDH)));
+ ecdh.addAll(filterByKeyExchange(ciphers,
Collections.singleton(KeyExchange.EECDH)));
+
/* AES is our preferred symmetric cipher */
Set<Encryption> aes = new HashSet<>(Arrays.asList(Encryption.AES128,
Encryption.AES128CCM,
Encryption.AES128CCM8, Encryption.AES128GCM, Encryption.AES256,
Encryption.AES256CCM, Encryption.AES256CCM8,
Encryption.AES256GCM));
- moveToStart(result, filterByEncryption(result, aes));
+
+ /* Now arrange all ciphers by preference: */
+ result.addAll(filterByEncryption(ecdh, aes));
result.addAll(filterByEncryption(ciphers, aes));
- /* Temporarily enable everything else for sorting */
+
+ /* Add everything else */
+ result.addAll(ecdh);
result.addAll(ciphers);
/* Low priority for MD5 */
Modified:
tomcat/trunk/test/org/apache/tomcat/util/net/openssl/ciphers/TestOpenSSLCipherConfigurationParserOnly.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/net/openssl/ciphers/TestOpenSSLCipherConfigurationParserOnly.java?rev=1733394&r1=1733393&r2=1733394&view=diff
==============================================================================
---
tomcat/trunk/test/org/apache/tomcat/util/net/openssl/ciphers/TestOpenSSLCipherConfigurationParserOnly.java
(original)
+++
tomcat/trunk/test/org/apache/tomcat/util/net/openssl/ciphers/TestOpenSSLCipherConfigurationParserOnly.java
Thu Mar 3 00:22:52 2016
@@ -67,6 +67,23 @@ public class TestOpenSSLCipherConfigurat
}
@Test
+ public void testDefaultSort03() throws Exception {
+ // Reproducing a failure observed on Gump with OpenSSL 1.1.x
+
+ // AES should beat CAMELLIA
+ LinkedHashSet<Cipher> input = new LinkedHashSet<>();
+ input.add(Cipher.TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384);
+ input.add(Cipher.TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384);
+ LinkedHashSet<Cipher> result =
OpenSSLCipherConfigurationParser.defaultSort(input);
+
+ LinkedHashSet<Cipher> expected = new LinkedHashSet<>();
+ expected.add(Cipher.TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384);
+ expected.add(Cipher.TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384);
+
+ Assert.assertEquals(expected.toString(), result.toString());
+ }
+
+ @Test
public void testRename01() throws Exception {
// EDH -> DHE
LinkedHashSet<Cipher> result =
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
