This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit d8c636fecfd7ed1fa41d7c9fc4b946263367a96e Author: Mark Thomas <[email protected]> AuthorDate: Tue Feb 10 16:18:52 2026 +0000 Remove support for the FZA aliases --- .../ciphers/OpenSSLCipherConfigurationParser.java | 21 ---------- .../TestOpenSSLCipherConfigurationParser.java | 48 +++++++++++----------- webapps/docs/changelog.xml | 8 ++-- 3 files changed, 29 insertions(+), 48 deletions(-) diff --git a/java/org/apache/tomcat/util/net/openssl/ciphers/OpenSSLCipherConfigurationParser.java b/java/org/apache/tomcat/util/net/openssl/ciphers/OpenSSLCipherConfigurationParser.java index ddd19dfc02..ef68f8f9a3 100644 --- a/java/org/apache/tomcat/util/net/openssl/ciphers/OpenSSLCipherConfigurationParser.java +++ b/java/org/apache/tomcat/util/net/openssl/ciphers/OpenSSLCipherConfigurationParser.java @@ -199,22 +199,6 @@ public class OpenSSLCipherConfigurationParser { * Cipher suites effectively using ECDSA authentication, i.e. the certificates carry ECDSA keys. */ private static final String ECDSA = "ECDSA"; - /** - * Ciphers suites using FORTEZZA key exchange algorithms. - */ - private static final String kFZA = "kFZA"; - /** - * Ciphers suites using FORTEZZA authentication algorithms. - */ - private static final String aFZA = "aFZA"; - /** - * Ciphers suites using FORTEZZA encryption algorithms. - */ - private static final String eFZA = "eFZA"; - /** - * Ciphers suites using all FORTEZZA algorithms. - */ - private static final String FZA = "FZA"; /** * Cipher suites using DH, including anonymous DH, ephemeral DH and fixed DH. */ @@ -476,11 +460,6 @@ public class OpenSSLCipherConfigurationParser { addListAlias(aECDH, filterByAuthentication(allCiphers, Collections.singleton(Authentication.ECDH))); addListAlias(ECDSA, filterByAuthentication(allCiphers, Collections.singleton(Authentication.ECDSA))); aliases.put(aECDSA, aliases.get(ECDSA)); - addListAlias(kFZA, filterByKeyExchange(allCiphers, Collections.singleton(KeyExchange.FZA))); - addListAlias(aFZA, filterByAuthentication(allCiphers, Collections.singleton(Authentication.FZA))); - addListAlias(eFZA, filterByEncryption(allCiphers, Collections.singleton(Encryption.FZA))); - addListAlias(FZA, filter(allCiphers, null, Collections.singleton(KeyExchange.FZA), - Collections.singleton(Authentication.FZA), Collections.singleton(Encryption.FZA), null, null)); addListAlias(Constants.SSL_PROTO_TLSv1_2, filterByProtocol(allCiphers, Collections.singleton(Protocol.TLSv1_2))); addListAlias(Constants.SSL_PROTO_TLSv1_0, filterByProtocol(allCiphers, Collections.singleton(Protocol.TLSv1))); diff --git a/test/org/apache/tomcat/util/net/openssl/ciphers/TestOpenSSLCipherConfigurationParser.java b/test/org/apache/tomcat/util/net/openssl/ciphers/TestOpenSSLCipherConfigurationParser.java index c48bcb40d6..2c092efa7a 100644 --- a/test/org/apache/tomcat/util/net/openssl/ciphers/TestOpenSSLCipherConfigurationParser.java +++ b/test/org/apache/tomcat/util/net/openssl/ciphers/TestOpenSSLCipherConfigurationParser.java @@ -232,30 +232,6 @@ public class TestOpenSSLCipherConfigurationParser { } - @Test - public void testkFZA() throws Exception { - testSpecification("kFZA"); - } - - - @Test - public void testaFZA() throws Exception { - testSpecification("aFZA"); - } - - - @Test - public void testeFZA() throws Exception { - testSpecification("eFZA"); - } - - - @Test - public void testFZA() throws Exception { - testSpecification("FZA"); - } - - @Test public void testTLSv1_2() throws Exception { testSpecification("TLSv1.2"); @@ -599,6 +575,30 @@ public class TestOpenSSLCipherConfigurationParser { } + @Test + public void testSpecificationIsEmptykFZA() throws Exception { + testSpecificationIsEmpty("kFZA"); + } + + + @Test + public void testSpecificationIsEmptyaFZA() throws Exception { + testSpecificationIsEmpty("aFZA"); + } + + + @Test + public void testSpecificationIsEmptyeFZA() throws Exception { + testSpecificationIsEmpty("eFZA"); + } + + + @Test + public void testSpecificationIsEmptyFZA() throws Exception { + testSpecificationIsEmpty("FZA"); + } + + private void testSpecificationIsEmpty(String specification) throws Exception { String openSSLCipherList = TesterOpenSSL.getOpenSSLCiphersAsExpression(specification); Assert.assertEquals("Specification [" + specification + "] returned [" + openSSLCipherList + diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 3360a206a6..6f87a0773f 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -240,9 +240,11 @@ <fix> To maintain the documented alignment with the OpenSSL development branch, the use of the aliases <code>SSLv3</code>, <code>EXPORT</code>, - <code>EXPORT40</code>, <code>EXPORT56</code> and <code>KRB5</code> are - no longer supported when setting the <code>ciphers</code> attribute of - an <code>SSLHostConfig</code> element. (markt) + <code>EXPORT40</code>, <code>EXPORT56</code>, <code>KRB5</code>, + <code>kFZA</code>, <code>aFZA</code>, <code>eFZA</code> and + <code>FZA</code> are no longer supported when setting the + <code>ciphers</code> attribute of an <code>SSLHostConfig</code> element. + (markt) </fix> <fix> To maintain the documented alignment with the OpenSSL development --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
