changelog.xml

rjung Tue, 02 Oct 2018 14:34:38 -0700

Author: rjung
Date: Tue Oct  2 21:34:11 2018
New Revision: 1842656

URL: http://svn.apache.org/viewvc?rev=1842656&view=rev
Log:
Add TLSv1.3 to the default protocols and to the
"all" alias for JSSE based TLS connectors when
running on a JVM that supports TLS version 1.3.
One such JVM is OpenJDK version 11.
This line, and those below, will be ignored--


M    webapps/docs/changelog.xml
AM   java/org/apache/tomcat/util/compat/TLS.java
M    java/org/apache/tomcat/util/net/SSLHostConfig.java

Added:
    tomcat/trunk/java/org/apache/tomcat/util/compat/TLS.java   (with props)
Modified:
    tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java
    tomcat/trunk/webapps/docs/changelog.xml

Added: tomcat/trunk/java/org/apache/tomcat/util/compat/TLS.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/compat/TLS.java?rev=1842656&view=auto
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/compat/TLS.java (added)
+++ tomcat/trunk/java/org/apache/tomcat/util/compat/TLS.java Tue Oct  2 
21:34:11 2018
@@ -0,0 +1,46 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+package org.apache.tomcat.util.compat;
+
+import java.security.NoSuchAlgorithmException;
+
+import javax.net.ssl.SSLContext;
+
+import org.apache.tomcat.util.net.Constants;
+
+/**
+ * This class checks for the availability of TLS features.
+ */
+public class TLS {
+
+    private static final boolean tlsv13Available;
+
+    static {
+        boolean ok = false;
+        try {
+            SSLContext sc = 
SSLContext.getInstance(Constants.SSL_PROTO_TLSv1_3);
+            ok = true;
+        } catch (NoSuchAlgorithmException ex) {
+        }
+        tlsv13Available = ok;
+    }
+
+    public static boolean isTlsv13Available() {
+        return tlsv13Available;
+    }
+
+}

Propchange: tomcat/trunk/java/org/apache/tomcat/util/compat/TLS.java
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java?rev=1842656&r1=1842655&r2=1842656&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java Tue Oct  2 
21:34:11 2018
@@ -35,6 +35,7 @@ import javax.net.ssl.TrustManagerFactory
 
 import org.apache.juli.logging.Log;
 import org.apache.juli.logging.LogFactory;
+import org.apache.tomcat.util.compat.TLS;
 import org.apache.tomcat.util.net.openssl.OpenSSLConf;
 import org.apache.tomcat.util.net.openssl.ciphers.Cipher;
 import 
org.apache.tomcat.util.net.openssl.ciphers.OpenSSLCipherConfigurationParser;
@@ -61,6 +62,9 @@ public class SSLHostConfig implements Se
         SSL_PROTO_ALL_SET.add(Constants.SSL_PROTO_TLSv1);
         SSL_PROTO_ALL_SET.add(Constants.SSL_PROTO_TLSv1_1);
         SSL_PROTO_ALL_SET.add(Constants.SSL_PROTO_TLSv1_2);
+        if (TLS.isTlsv13Available()) {
+            SSL_PROTO_ALL_SET.add(Constants.SSL_PROTO_TLSv1_3);
+        }
     }
 
     private Type configType = null;

Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1842656&r1=1842655&r2=1842656&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Tue Oct  2 21:34:11 2018
@@ -91,6 +91,11 @@
   </subsection>
   <subsection name="Coyote">
     <changelog>
+      <add>
+        Add TLSv1.3 to the default protocols and to the <code>all</code>
+        alias for JSSE based TLS connectors when running on a JVM that
+        supports TLS version 1.3. One such JVM is OpenJDK version 11. (rjung)
+      </add>
       <fix>
         <bug>62685</bug>: Correct an error in host name validation parsing that
         did not allow a fully qualified domain name to terminate with a period.



---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

svn commit: r1842656 - in /tomcat/trunk: java/org/apache/tomcat/util/compat/TLS.java java/org/apache/tomcat/util/net/SSLHostConfig.java webapps/docs/changelog.xml

Reply via email to