Author: markt
Date: Thu Dec 21 20:16:26 2017
New Revision: 1818976
URL: http://svn.apache.org/viewvc?rev=1818976&view=rev
Log:
Add support for the OpenSSL ARIA ciphers to the OpenSSL to JSSE cipher mapping.
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/openssl/ciphers/Cipher.java
tomcat/trunk/java/org/apache/tomcat/util/net/openssl/ciphers/Encryption.java
tomcat/trunk/test/org/apache/tomcat/util/net/openssl/ciphers/TestCipher.java
tomcat/trunk/webapps/docs/changelog.xml
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/openssl/ciphers/Cipher.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/openssl/ciphers/Cipher.java?rev=1818976&r1=1818975&r2=1818976&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/openssl/ciphers/Cipher.java
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/openssl/ciphers/Cipher.java
Thu Dec 21 20:16:26 2017
@@ -3706,9 +3706,291 @@ public enum Cipher {
null
),
- /* ARIA ciphers 0xC03C to 0xC071
+ /* ARIA ciphers 0xC03C to 0xC04F
* Unsupported by both Java and OpenSSL
*/
+
+ TLS_RSA_WITH_ARIA_128_GCM_SHA256(
+ 0xC050,
+ "ARIA128-GCM-SHA256",
+ KeyExchange.RSA,
+ Authentication.RSA,
+ Encryption.ARIA128GCM,
+ MessageDigest.SHA256,
+ Protocol.TLSv1_2,
+ false,
+ EncryptionLevel.HIGH,
+ false,
+ 128,
+ 128,
+ null,
+ null
+ ),
+ TLS_RSA_WITH_ARIA_256_GCM_SHA384(
+ 0xC051,
+ "ARIA256-GCM-SHA384",
+ KeyExchange.RSA,
+ Authentication.RSA,
+ Encryption.ARIA256GCM,
+ MessageDigest.SHA384,
+ Protocol.TLSv1_2,
+ false,
+ EncryptionLevel.HIGH,
+ false,
+ 256,
+ 256,
+ null,
+ null
+ ),
+ TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256(
+ 0xC052,
+ "DHE-RSA-ARIA128-GCM-SHA256",
+ KeyExchange.EDH,
+ Authentication.RSA,
+ Encryption.ARIA128GCM,
+ MessageDigest.SHA256,
+ Protocol.TLSv1_2,
+ false,
+ EncryptionLevel.HIGH,
+ false,
+ 128,
+ 128,
+ null,
+ null
+ ),
+ TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384(
+ 0xC053,
+ "DHE-RSA-ARIA256-GCM-SHA384",
+ KeyExchange.EDH,
+ Authentication.RSA,
+ Encryption.ARIA256GCM,
+ MessageDigest.SHA384,
+ Protocol.TLSv1_2,
+ false,
+ EncryptionLevel.HIGH,
+ false,
+ 256,
+ 256,
+ null,
+ null
+ ),
+
+ /* ARIA ciphers 0xC054 to 0xC055
+ * Unsupported by both Java and OpenSSL
+ */
+
+ TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256(
+ 0xC056,
+ "DHE-DSS-ARIA128-GCM-SHA256",
+ KeyExchange.EDH,
+ Authentication.DSS,
+ Encryption.ARIA128GCM,
+ MessageDigest.SHA256,
+ Protocol.TLSv1_2,
+ false,
+ EncryptionLevel.HIGH,
+ false,
+ 128,
+ 128,
+ null,
+ null
+ ),
+ TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384(
+ 0xC057,
+ "DHE-DSS-ARIA256-GCM-SHA384",
+ KeyExchange.EDH,
+ Authentication.DSS,
+ Encryption.ARIA256GCM,
+ MessageDigest.SHA384,
+ Protocol.TLSv1_2,
+ false,
+ EncryptionLevel.HIGH,
+ false,
+ 256,
+ 256,
+ null,
+ null
+ ),
+
+ /* ARIA ciphers 0xC058 to 0xC05B
+ * Unsupported by both Java and OpenSSL
+ */
+
+ TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256(
+ 0xC05C,
+ "ECDHE_ECDSA-ARIA128-GCM-SHA256",
+ KeyExchange.ECDHe,
+ Authentication.ECDSA,
+ Encryption.ARIA128GCM,
+ MessageDigest.SHA256,
+ Protocol.TLSv1_2,
+ false,
+ EncryptionLevel.HIGH,
+ false,
+ 128,
+ 128,
+ null,
+ null
+ ),
+ TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384(
+ 0xC05D,
+ "ECDHE_ECDSA-ARIA256-GCM-SHA384",
+ KeyExchange.ECDHe,
+ Authentication.ECDSA,
+ Encryption.ARIA256GCM,
+ MessageDigest.SHA384,
+ Protocol.TLSv1_2,
+ false,
+ EncryptionLevel.HIGH,
+ false,
+ 256,
+ 256,
+ null,
+ null
+ ),
+
+ /* ARIA ciphers 0xC05E to 0xC05F
+ * Unsupported by both Java and OpenSSL
+ */
+
+ TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256(
+ 0xC060,
+ "ECDHE-RSA-ARIA128-GCM-SHA256",
+ KeyExchange.ECDHe,
+ Authentication.RSA,
+ Encryption.ARIA128GCM,
+ MessageDigest.SHA256,
+ Protocol.TLSv1_2,
+ false,
+ EncryptionLevel.HIGH,
+ false,
+ 128,
+ 128,
+ null,
+ null
+ ),
+ TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384(
+ 0xC061,
+ "ECDHE-RSA-ARIA256-GCM-SHA384",
+ KeyExchange.ECDHe,
+ Authentication.RSA,
+ Encryption.ARIA256GCM,
+ MessageDigest.SHA384,
+ Protocol.TLSv1_2,
+ false,
+ EncryptionLevel.HIGH,
+ false,
+ 256,
+ 256,
+ null,
+ null
+ ),
+
+ /* ARIA ciphers 0xC062 to 0xC069
+ * Unsupported by both Java and OpenSSL
+ */
+
+ TLS_PSK_WITH_ARIA_128_GCM_SHA256(
+ 0xC06A,
+ "PSK-ARIA128-GCM-SHA256",
+ KeyExchange.PSK,
+ Authentication.PSK,
+ Encryption.ARIA128GCM,
+ MessageDigest.SHA256,
+ Protocol.TLSv1_2,
+ false,
+ EncryptionLevel.HIGH,
+ false,
+ 128,
+ 128,
+ null,
+ null
+ ),
+ TLS_PSK_WITH_ARIA_256_GCM_SHA384(
+ 0xC06B,
+ "PSK-ARIA256-GCM-SHA384",
+ KeyExchange.PSK,
+ Authentication.PSK,
+ Encryption.ARIA256GCM,
+ MessageDigest.SHA384,
+ Protocol.TLSv1_2,
+ false,
+ EncryptionLevel.HIGH,
+ false,
+ 256,
+ 256,
+ null,
+ null
+ ),
+ TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256(
+ 0xC06C,
+ "DHE-PSK-ARIA128-GCM-SHA256",
+ KeyExchange.DHEPSK,
+ Authentication.PSK,
+ Encryption.ARIA128GCM,
+ MessageDigest.SHA256,
+ Protocol.TLSv1_2,
+ false,
+ EncryptionLevel.HIGH,
+ false,
+ 128,
+ 128,
+ null,
+ null
+ ),
+ TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384(
+ 0xC06D,
+ "DHE-PSK-ARIA256-GCM-SHA384",
+ KeyExchange.DHEPSK,
+ Authentication.PSK,
+ Encryption.ARIA256GCM,
+ MessageDigest.SHA384,
+ Protocol.TLSv1_2,
+ false,
+ EncryptionLevel.HIGH,
+ false,
+ 256,
+ 256,
+ null,
+ null
+ ),
+ TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256(
+ 0xC06E,
+ "RSA-PSK-ARIA128-GCM-SHA256",
+ KeyExchange.RSAPSK,
+ Authentication.RSA,
+ Encryption.ARIA128GCM,
+ MessageDigest.SHA256,
+ Protocol.TLSv1_2,
+ false,
+ EncryptionLevel.HIGH,
+ false,
+ 128,
+ 128,
+ null,
+ null
+ ),
+ TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384(
+ 0xC06F,
+ "RSA-PSK-ARIA256-GCM-SHA384",
+ KeyExchange.RSAPSK,
+ Authentication.RSA,
+ Encryption.ARIA256GCM,
+ MessageDigest.SHA384,
+ Protocol.TLSv1_2,
+ false,
+ EncryptionLevel.HIGH,
+ false,
+ 256,
+ 256,
+ null,
+ null
+ ),
+
+ /* ARIA ciphers 0xC070 to 0xC071
+ * Unsupported by both Java and OpenSSL
+ */
+
// Cipher C072
TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256(
0xC072,
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/openssl/ciphers/Encryption.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/openssl/ciphers/Encryption.java?rev=1818976&r1=1818975&r2=1818976&view=diff
==============================================================================
---
tomcat/trunk/java/org/apache/tomcat/util/net/openssl/ciphers/Encryption.java
(original)
+++
tomcat/trunk/java/org/apache/tomcat/util/net/openssl/ciphers/Encryption.java
Thu Dec 21 20:16:26 2017
@@ -26,6 +26,8 @@ enum Encryption {
AES256CCM,
AES256CCM8,
AES256GCM,
+ ARIA128GCM,
+ ARIA256GCM,
CAMELLIA256,
CAMELLIA128,
CHACHA20POLY1305,
Modified:
tomcat/trunk/test/org/apache/tomcat/util/net/openssl/ciphers/TestCipher.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/net/openssl/ciphers/TestCipher.java?rev=1818976&r1=1818975&r2=1818976&view=diff
==============================================================================
---
tomcat/trunk/test/org/apache/tomcat/util/net/openssl/ciphers/TestCipher.java
(original)
+++
tomcat/trunk/test/org/apache/tomcat/util/net/openssl/ciphers/TestCipher.java
Thu Dec 21 20:16:26 2017
@@ -373,12 +373,18 @@ public class TestCipher {
"AES128-CCM8+TLSv1.2",
"AES256-CCM+TLSv1.2",
"AES256-CCM8+TLSv1.2",
+ "ARIA128-GCM-SHA256",
+ "ARIA256-GCM-SHA384",
"DES-CBC-MD5+SSLv2",
"DES-CBC3-MD5+SSLv2",
+ "DHE-DSS-ARIA128-GCM-SHA256",
+ "DHE-DSS-ARIA256-GCM-SHA384",
"DHE-PSK-AES128-CCM+TLSv1.2",
"DHE-PSK-AES128-CCM8+TLSv1.2",
"DHE-PSK-AES256-CCM+TLSv1.2",
"DHE-PSK-AES256-CCM8+TLSv1.2",
+ "DHE-PSK-ARIA128-GCM-SHA256",
+ "DHE-PSK-ARIA256-GCM-SHA384",
"DHE-PSK-CAMELLIA128-SHA256+TLSv1",
"DHE-PSK-CAMELLIA256-SHA384+TLSv1",
"DHE-PSK-CHACHA20-POLY1305+TLSv1.2",
@@ -386,6 +392,10 @@ public class TestCipher {
"DHE-RSA-AES128-CCM8+TLSv1.2",
"DHE-RSA-AES256-CCM+TLSv1.2",
"DHE-RSA-AES256-CCM8+TLSv1.2",
+ "DHE-RSA-ARIA128-GCM-SHA256",
+ "DHE-RSA-ARIA256-GCM-SHA384",
+ "ECDHE-ARIA128-GCM-SHA256",
+ "ECDHE-ARIA256-GCM-SHA384",
"DHE-RSA-CHACHA20-POLY1305+TLSv1.2",
"ECDH-ECDSA-CAMELLIA128-SHA256+TLSv1.2",
"ECDH-ECDSA-CAMELLIA256-SHA384+TLSv1.2",
@@ -395,6 +405,8 @@ public class TestCipher {
"ECDHE-ECDSA-AES128-CCM8+TLSv1.2",
"ECDHE-ECDSA-AES256-CCM+TLSv1.2",
"ECDHE-ECDSA-AES256-CCM8+TLSv1.2",
+ "ECDHE-ECDSA-ARIA128-GCM-SHA256",
+ "ECDHE-ECDSA-ARIA256-GCM-SHA384",
"ECDHE-ECDSA-CAMELLIA128-SHA256+TLSv1.2",
"ECDHE-ECDSA-CAMELLIA256-SHA384+TLSv1.2",
"ECDHE-ECDSA-CHACHA20-POLY1305+TLSv1.2",
@@ -411,11 +423,15 @@ public class TestCipher {
"PSK-AES128-CCM8+TLSv1.2",
"PSK-AES256-CCM+TLSv1.2",
"PSK-AES256-CCM8+TLSv1.2",
+ "PSK-ARIA128-GCM-SHA256",
+ "PSK-ARIA256-GCM-SHA384",
"PSK-CAMELLIA128-SHA256+TLSv1",
"PSK-CAMELLIA256-SHA384+TLSv1",
"PSK-CHACHA20-POLY1305+TLSv1.2",
"RC2-CBC-MD5+SSLv2",
"RC4-MD5+SSLv2",
+ "RSA-PSK-ARIA128-GCM-SHA256",
+ "RSA-PSK-ARIA256-GCM-SHA384",
"RSA-PSK-CAMELLIA128-SHA256+TLSv1",
"RSA-PSK-CAMELLIA256-SHA384+TLSv1",
"RSA-PSK-CHACHA20-POLY1305+TLSv1.2",
@@ -569,6 +585,8 @@ public class TestCipher {
"AES128-CCM8+TLSv1.2",
"AES256-CCM+TLSv1.2",
"AES256-CCM8+TLSv1.2",
+ "ARIA128-GCM-SHA256",
+ "ARIA256-GCM-SHA384",
"CAMELLIA128-SHA+SSLv3",
"CAMELLIA256-SHA+SSLv3",
"CAMELLIA128-SHA256+TLSv1.2",
@@ -601,6 +619,8 @@ public class TestCipher {
"DH-RSA-DES-CBC-SHA+SSLv3",
"DH-RSA-DES-CBC3-SHA+SSLv3",
"DH-RSA-SEED-SHA+SSLv3",
+ "DHE-DSS-ARIA128-GCM-SHA256",
+ "DHE-DSS-ARIA256-GCM-SHA384",
"DHE-DSS-CAMELLIA128-SHA+SSLv3",
"DHE-DSS-CAMELLIA128-SHA256+TLSv1.2",
"DHE-DSS-CAMELLIA256-SHA+SSLv3",
@@ -617,6 +637,8 @@ public class TestCipher {
"DHE-PSK-AES256-CCM+TLSv1.2",
"DHE-PSK-AES256-CCM8+TLSv1.2",
"DHE-PSK-AES256-GCM-SHA384+TLSv1.2",
+ "DHE-PSK-ARIA128-GCM-SHA256",
+ "DHE-PSK-ARIA256-GCM-SHA384",
"DHE-PSK-CAMELLIA128-SHA256+TLSv1",
"DHE-PSK-CAMELLIA256-SHA384+TLSv1",
"DHE-PSK-CHACHA20-POLY1305+TLSv1.2",
@@ -628,6 +650,8 @@ public class TestCipher {
"DHE-RSA-AES128-CCM8+TLSv1.2",
"DHE-RSA-AES256-CCM+TLSv1.2",
"DHE-RSA-AES256-CCM8+TLSv1.2",
+ "DHE-RSA-ARIA128-GCM-SHA256",
+ "DHE-RSA-ARIA256-GCM-SHA384",
"DHE-RSA-CAMELLIA128-SHA+SSLv3",
"DHE-RSA-CAMELLIA128-SHA256+TLSv1.2",
"DHE-RSA-CAMELLIA256-SHA+SSLv3",
@@ -638,10 +662,14 @@ public class TestCipher {
"ECDH-ECDSA-CAMELLIA256-SHA384+TLSv1.2",
"ECDH-RSA-CAMELLIA128-SHA256+TLSv1.2",
"ECDH-RSA-CAMELLIA256-SHA384+TLSv1.2",
+ "ECDHE-ARIA128-GCM-SHA256",
+ "ECDHE-ARIA256-GCM-SHA384",
"ECDHE-ECDSA-AES128-CCM+TLSv1.2",
"ECDHE-ECDSA-AES128-CCM8+TLSv1.2",
"ECDHE-ECDSA-AES256-CCM+TLSv1.2",
"ECDHE-ECDSA-AES256-CCM8+TLSv1.2",
+ "ECDHE-ECDSA-ARIA128-GCM-SHA256",
+ "ECDHE-ECDSA-ARIA256-GCM-SHA384",
"ECDHE-ECDSA-CAMELLIA128-SHA256+TLSv1.2",
"ECDHE-ECDSA-CAMELLIA256-SHA384+TLSv1.2",
"ECDHE-ECDSA-CHACHA20-POLY1305+TLSv1.2",
@@ -677,6 +705,8 @@ public class TestCipher {
"PSK-AES256-CCM+TLSv1.2",
"PSK-AES256-CCM8+TLSv1.2",
"PSK-AES256-GCM-SHA384+TLSv1.2",
+ "PSK-ARIA128-GCM-SHA256",
+ "PSK-ARIA256-GCM-SHA384",
"PSK-CAMELLIA128-SHA256+TLSv1",
"PSK-CAMELLIA256-SHA384+TLSv1",
"PSK-CHACHA20-POLY1305+TLSv1.2",
@@ -693,6 +723,8 @@ public class TestCipher {
"RSA-PSK-AES256-CBC-SHA+SSLv3",
"RSA-PSK-AES256-CBC-SHA384+TLSv1",
"RSA-PSK-AES256-GCM-SHA384+TLSv1.2",
+ "RSA-PSK-ARIA128-GCM-SHA256",
+ "RSA-PSK-ARIA256-GCM-SHA384",
"RSA-PSK-CAMELLIA128-SHA256+TLSv1",
"RSA-PSK-CAMELLIA256-SHA384+TLSv1",
"RSA-PSK-CHACHA20-POLY1305+TLSv1.2",
Modified: tomcat/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1818976&r1=1818975&r2=1818976&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Thu Dec 21 20:16:26 2017
@@ -79,6 +79,10 @@
<bug>61914</bug>: Possible NPE with Java 9 when creating a SSL engine.
Patch submitted by Evgenij Ryazanov. (remm)
</fix>
+ <add>
+ Add support for the OpenSSL ARIA ciphers to the OpenSSL to JSSE
+ cipher mapping. (markt)
+ </add>
</changelog>
</subsection>
<subsection name="Jasper">
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
