This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 239372f08d5dcda11f5681f87f63d59ed4cc4b93 Author: Mark Thomas <[email protected]> AuthorDate: Tue Feb 10 16:15:04 2026 +0000 Remove support for the KRB5 alias --- .../openssl/ciphers/OpenSSLCipherConfigurationParser.java | 6 ------ .../ciphers/TestOpenSSLCipherConfigurationParser.java | 12 ++++++------ webapps/docs/changelog.xml | 6 +++--- 3 files changed, 9 insertions(+), 15 deletions(-) diff --git a/java/org/apache/tomcat/util/net/openssl/ciphers/OpenSSLCipherConfigurationParser.java b/java/org/apache/tomcat/util/net/openssl/ciphers/OpenSSLCipherConfigurationParser.java index 7885b73c42..ddd19dfc02 100644 --- a/java/org/apache/tomcat/util/net/openssl/ciphers/OpenSSLCipherConfigurationParser.java +++ b/java/org/apache/tomcat/util/net/openssl/ciphers/OpenSSLCipherConfigurationParser.java @@ -323,10 +323,6 @@ public class OpenSSLCipherConfigurationParser { * Cipher suites using SHA384. */ private static final String SHA384 = "SHA384"; - /** - * Cipher suites using KRB5. - */ - private static final String KRB5 = "KRB5"; /** * Cipher suites using GOST R 34.10 (either 2001 or 94) for authentication. */ @@ -549,8 +545,6 @@ public class OpenSSLCipherConfigurationParser { addListAlias(kRSAPSK, filterByKeyExchange(allCiphers, Collections.singleton(KeyExchange.RSAPSK))); addListAlias(kECDHEPSK, filterByKeyExchange(allCiphers, Collections.singleton(KeyExchange.ECDHEPSK))); addListAlias(kDHEPSK, filterByKeyExchange(allCiphers, Collections.singleton(KeyExchange.DHEPSK))); - addListAlias(KRB5, filter(allCiphers, null, Collections.singleton(KeyExchange.KRB5), - Collections.singleton(Authentication.KRB5), null, null, null)); addListAlias(aSRP, filterByAuthentication(allCiphers, Collections.singleton(Authentication.SRP))); addListAlias(kSRP, filterByKeyExchange(allCiphers, Collections.singleton(KeyExchange.SRP))); addListAlias(SRP, filterByKeyExchange(allCiphers, Collections.singleton(KeyExchange.SRP))); diff --git a/test/org/apache/tomcat/util/net/openssl/ciphers/TestOpenSSLCipherConfigurationParser.java b/test/org/apache/tomcat/util/net/openssl/ciphers/TestOpenSSLCipherConfigurationParser.java index aee2878a20..c48bcb40d6 100644 --- a/test/org/apache/tomcat/util/net/openssl/ciphers/TestOpenSSLCipherConfigurationParser.java +++ b/test/org/apache/tomcat/util/net/openssl/ciphers/TestOpenSSLCipherConfigurationParser.java @@ -416,12 +416,6 @@ public class TestOpenSSLCipherConfigurationParser { } - @Test - public void testKRB5() throws Exception { - testSpecification("KRB5"); - } - - @Test public void testaGOST() throws Exception { testSpecification("aGOST"); @@ -599,6 +593,12 @@ public class TestOpenSSLCipherConfigurationParser { } + @Test + public void testSpecificationIsEmptyKRB5() throws Exception { + testSpecificationIsEmpty("KRB5"); + } + + private void testSpecificationIsEmpty(String specification) throws Exception { String openSSLCipherList = TesterOpenSSL.getOpenSSLCiphersAsExpression(specification); Assert.assertEquals("Specification [" + specification + "] returned [" + openSSLCipherList + diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 0b24e939c7..3360a206a6 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -240,9 +240,9 @@ <fix> To maintain the documented alignment with the OpenSSL development branch, the use of the aliases <code>SSLv3</code>, <code>EXPORT</code>, - <code>EXPORT40</code> and <code>EXPORT56</code> are no longer supported - when setting the <code>ciphers</code> attribute of an - <code>SSLHostConfig</code> element. (markt) + <code>EXPORT40</code>, <code>EXPORT56</code> and <code>KRB5</code> are + no longer supported when setting the <code>ciphers</code> attribute of + an <code>SSLHostConfig</code> element. (markt) </fix> <fix> To maintain the documented alignment with the OpenSSL development --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
