This is an automated email from the ASF dual-hosted git repository. markt-asf pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 50c0dd1a4472ded344d20c448e1f15d35ced7f78 Author: Mark Thomas <[email protected]> AuthorDate: Sun May 24 14:47:49 2026 +0100 Remove cipher classes no longer supported by OpenSSL --- .../ciphers/OpenSSLCipherConfigurationParser.java | 44 +------------------- .../TestOpenSSLCipherConfigurationParser.java | 48 ---------------------- 2 files changed, 1 insertion(+), 91 deletions(-) diff --git a/java/org/apache/tomcat/util/net/openssl/ciphers/OpenSSLCipherConfigurationParser.java b/java/org/apache/tomcat/util/net/openssl/ciphers/OpenSSLCipherConfigurationParser.java index 0be1f30a48..18b8301a1f 100644 --- a/java/org/apache/tomcat/util/net/openssl/ciphers/OpenSSLCipherConfigurationParser.java +++ b/java/org/apache/tomcat/util/net/openssl/ciphers/OpenSSLCipherConfigurationParser.java @@ -133,30 +133,6 @@ public class OpenSSLCipherConfigurationParser { * Cipher suites using ephemeral DH key agreement. equivalent to kEDH:-ADH */ private static final String DHE = "DHE"; - /** - * Cipher suites using DH key agreement and DH certificates signed by CAs with RSA keys. - */ - private static final String kDHr = "kDHr"; - /** - * Cipher suites using DH key agreement and DH certificates signed by CAs with DSS keys. - */ - private static final String kDHd = "kDHd"; - /** - * Cipher suites using DH key agreement and DH certificates signed by CAs with RSA or DSS keys. - */ - private static final String kDH = "kDH"; - /** - * Cipher suites using fixed ECDH key agreement signed by CAs with RSA keys. - */ - private static final String kECDHr = "kECDHr"; - /** - * Cipher suites using fixed ECDH key agreement signed by CAs with ECDSA keys. - */ - private static final String kECDHe = "kECDHe"; - /** - * Cipher suites using fixed ECDH key agreement signed by CAs with RSA and ECDSA keys or either respectively. - */ - private static final String kECDH = "kECDH"; /** * Cipher suites using ephemeral ECDH key agreement, including anonymous cipher suites. */ @@ -189,14 +165,6 @@ public class OpenSSLCipherConfigurationParser { * Cipher suites using DSS authentication, i.e. the certificates carry DSS keys. */ private static final String aDSS = "aDSS"; - /** - * Cipher suites effectively using DH authentication, i.e. the certificates carry DH keys. - */ - private static final String aDH = "aDH"; - /** - * Cipher suites effectively using ECDH authentication, i.e. the certificates carry ECDH keys. - */ - private static final String aECDH = "aECDH"; /** * Cipher suites effectively using ECDSA authentication, i.e. the certificates carry ECDSA keys. */ @@ -437,15 +405,7 @@ public class OpenSSLCipherConfigurationParser { edh.removeAll(filterByAuthentication(allCiphers, Collections.singleton(Authentication.aNULL))); addListAlias(EDH, edh); addListAlias(DHE, edh); - addListAlias(kDHr, filterByKeyExchange(allCiphers, Collections.singleton(KeyExchange.DHr))); - addListAlias(kDHd, filterByKeyExchange(allCiphers, Collections.singleton(KeyExchange.DHd))); - addListAlias(kDH, - filterByKeyExchange(allCiphers, new HashSet<>(Arrays.asList(KeyExchange.DHr, KeyExchange.DHd)))); - - addListAlias(kECDHr, filterByKeyExchange(allCiphers, Collections.singleton(KeyExchange.ECDHr))); - addListAlias(kECDHe, filterByKeyExchange(allCiphers, Collections.singleton(KeyExchange.ECDHe))); - addListAlias(kECDH, - filterByKeyExchange(allCiphers, new HashSet<>(Arrays.asList(KeyExchange.ECDHe, KeyExchange.ECDHr)))); + addListAlias(ECDH, filterByKeyExchange(allCiphers, new HashSet<>(Arrays.asList(KeyExchange.ECDHe, KeyExchange.ECDHr, KeyExchange.EECDH)))); addListAlias(kECDHE, filterByKeyExchange(allCiphers, Collections.singleton(KeyExchange.EECDH))); @@ -460,10 +420,8 @@ public class OpenSSLCipherConfigurationParser { addListAlias(EECDH, eecdh); addListAlias(aDSS, filterByAuthentication(allCiphers, Collections.singleton(Authentication.DSS))); aliases.put(DSS, aliases.get(aDSS)); - addListAlias(aDH, filterByAuthentication(allCiphers, Collections.singleton(Authentication.DH))); Set<Cipher> aecdh = filterByKeyExchange(allCiphers, Collections.singleton(KeyExchange.EECDH)); addListAlias(AECDH, filterByAuthentication(aecdh, Collections.singleton(Authentication.aNULL))); - addListAlias(aECDH, filterByAuthentication(allCiphers, Collections.singleton(Authentication.ECDH))); addListAlias(ECDSA, filterByAuthentication(allCiphers, Collections.singleton(Authentication.ECDSA))); aliases.put(aECDSA, aliases.get(ECDSA)); addListAlias(Constants.SSL_PROTO_TLSv1_2, diff --git a/test/org/apache/tomcat/util/net/openssl/ciphers/TestOpenSSLCipherConfigurationParser.java b/test/org/apache/tomcat/util/net/openssl/ciphers/TestOpenSSLCipherConfigurationParser.java index 2c092efa7a..3e75008761 100644 --- a/test/org/apache/tomcat/util/net/openssl/ciphers/TestOpenSSLCipherConfigurationParser.java +++ b/test/org/apache/tomcat/util/net/openssl/ciphers/TestOpenSSLCipherConfigurationParser.java @@ -130,42 +130,6 @@ public class TestOpenSSLCipherConfigurationParser { } - @Test - public void testkDHr() throws Exception { - testSpecification("kDHr"); - } - - - @Test - public void testkDHd() throws Exception { - testSpecification("kDHd"); - } - - - @Test - public void testkDH() throws Exception { - testSpecification("kDH"); - } - - - @Test - public void testkECDHr() throws Exception { - testSpecification("kECDHr"); - } - - - @Test - public void testkECDHe() throws Exception { - testSpecification("kECDHe"); - } - - - @Test - public void testkECDH() throws Exception { - testSpecification("kECDH"); - } - - @Test public void testkEECDH() throws Exception { testSpecification("kEECDH"); @@ -208,18 +172,6 @@ public class TestOpenSSLCipherConfigurationParser { } - @Test - public void testaDH() throws Exception { - testSpecification("aDH"); - } - - - @Test - public void testaECDH() throws Exception { - testSpecification("aECDH"); - } - - @Test public void testaECDSA() throws Exception { testSpecification("aECDSA"); --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
