(tomcat) branch 9.0.x updated: Remove cipher classes no longer supported by OpenSSL

Sun, 24 May 2026 07:19:05 -0700 

This is an automated email from the ASF dual-hosted git repository.

markt-asf pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/9.0.x by this push:
     new 04bd81700f Remove cipher classes no longer supported by OpenSSL
04bd81700f is described below

commit 04bd81700fe8dc26e302ca75f2a7a18727763781
Author: Mark Thomas <[email protected]>
AuthorDate: Sun May 24 14:47:49 2026 +0100

    Remove cipher classes no longer supported by OpenSSL
---
 .../ciphers/OpenSSLCipherConfigurationParser.java  | 44 +-------------------
 .../TestOpenSSLCipherConfigurationParser.java      | 48 ----------------------
 2 files changed, 1 insertion(+), 91 deletions(-)

diff --git 
a/java/org/apache/tomcat/util/net/openssl/ciphers/OpenSSLCipherConfigurationParser.java
 
b/java/org/apache/tomcat/util/net/openssl/ciphers/OpenSSLCipherConfigurationParser.java
index 69379de277..2c25ba4fac 100644
--- 
a/java/org/apache/tomcat/util/net/openssl/ciphers/OpenSSLCipherConfigurationParser.java
+++ 
b/java/org/apache/tomcat/util/net/openssl/ciphers/OpenSSLCipherConfigurationParser.java
@@ -133,30 +133,6 @@ public class OpenSSLCipherConfigurationParser {
      * Cipher suites using ephemeral DH key agreement. equivalent to kEDH:-ADH
      */
     private static final String DHE = "DHE";
-    /**
-     * Cipher suites using DH key agreement and DH certificates signed by CAs 
with RSA keys.
-     */
-    private static final String kDHr = "kDHr";
-    /**
-     * Cipher suites using DH key agreement and DH certificates signed by CAs 
with DSS keys.
-     */
-    private static final String kDHd = "kDHd";
-    /**
-     * Cipher suites using DH key agreement and DH certificates signed by CAs 
with RSA or DSS keys.
-     */
-    private static final String kDH = "kDH";
-    /**
-     * Cipher suites using fixed ECDH key agreement signed by CAs with RSA 
keys.
-     */
-    private static final String kECDHr = "kECDHr";
-    /**
-     * Cipher suites using fixed ECDH key agreement signed by CAs with ECDSA 
keys.
-     */
-    private static final String kECDHe = "kECDHe";
-    /**
-     * Cipher suites using fixed ECDH key agreement signed by CAs with RSA and 
ECDSA keys or either respectively.
-     */
-    private static final String kECDH = "kECDH";
     /**
      * Cipher suites using ephemeral ECDH key agreement, including anonymous 
cipher suites.
      */
@@ -189,14 +165,6 @@ public class OpenSSLCipherConfigurationParser {
      * Cipher suites using DSS authentication, i.e. the certificates carry DSS 
keys.
      */
     private static final String aDSS = "aDSS";
-    /**
-     * Cipher suites effectively using DH authentication, i.e. the 
certificates carry DH keys.
-     */
-    private static final String aDH = "aDH";
-    /**
-     * Cipher suites effectively using ECDH authentication, i.e. the 
certificates carry ECDH keys.
-     */
-    private static final String aECDH = "aECDH";
     /**
      * Cipher suites effectively using ECDSA authentication, i.e. the 
certificates carry ECDSA keys.
      */
@@ -437,15 +405,7 @@ public class OpenSSLCipherConfigurationParser {
         edh.removeAll(filterByAuthentication(allCiphers, 
Collections.singleton(Authentication.aNULL)));
         addListAlias(EDH, edh);
         addListAlias(DHE, edh);
-        addListAlias(kDHr, filterByKeyExchange(allCiphers, 
Collections.singleton(KeyExchange.DHr)));
-        addListAlias(kDHd, filterByKeyExchange(allCiphers, 
Collections.singleton(KeyExchange.DHd)));
-        addListAlias(kDH,
-                filterByKeyExchange(allCiphers, new 
HashSet<>(Arrays.asList(KeyExchange.DHr, KeyExchange.DHd))));
-
-        addListAlias(kECDHr, filterByKeyExchange(allCiphers, 
Collections.singleton(KeyExchange.ECDHr)));
-        addListAlias(kECDHe, filterByKeyExchange(allCiphers, 
Collections.singleton(KeyExchange.ECDHe)));
-        addListAlias(kECDH,
-                filterByKeyExchange(allCiphers, new 
HashSet<>(Arrays.asList(KeyExchange.ECDHe, KeyExchange.ECDHr))));
+
         addListAlias(ECDH, filterByKeyExchange(allCiphers,
                 new HashSet<>(Arrays.asList(KeyExchange.ECDHe, 
KeyExchange.ECDHr, KeyExchange.EECDH))));
         addListAlias(kECDHE, filterByKeyExchange(allCiphers, 
Collections.singleton(KeyExchange.EECDH)));
@@ -460,10 +420,8 @@ public class OpenSSLCipherConfigurationParser {
         addListAlias(EECDH, eecdh);
         addListAlias(aDSS, filterByAuthentication(allCiphers, 
Collections.singleton(Authentication.DSS)));
         aliases.put(DSS, aliases.get(aDSS));
-        addListAlias(aDH, filterByAuthentication(allCiphers, 
Collections.singleton(Authentication.DH)));
         Set<Cipher> aecdh = filterByKeyExchange(allCiphers, 
Collections.singleton(KeyExchange.EECDH));
         addListAlias(AECDH, filterByAuthentication(aecdh, 
Collections.singleton(Authentication.aNULL)));
-        addListAlias(aECDH, filterByAuthentication(allCiphers, 
Collections.singleton(Authentication.ECDH)));
         addListAlias(ECDSA, filterByAuthentication(allCiphers, 
Collections.singleton(Authentication.ECDSA)));
         aliases.put(aECDSA, aliases.get(ECDSA));
         addListAlias(Constants.SSL_PROTO_TLSv1_2,
diff --git 
a/test/org/apache/tomcat/util/net/openssl/ciphers/TestOpenSSLCipherConfigurationParser.java
 
b/test/org/apache/tomcat/util/net/openssl/ciphers/TestOpenSSLCipherConfigurationParser.java
index 2c092efa7a..3e75008761 100644
--- 
a/test/org/apache/tomcat/util/net/openssl/ciphers/TestOpenSSLCipherConfigurationParser.java
+++ 
b/test/org/apache/tomcat/util/net/openssl/ciphers/TestOpenSSLCipherConfigurationParser.java
@@ -130,42 +130,6 @@ public class TestOpenSSLCipherConfigurationParser {
     }
 
 
-    @Test
-    public void testkDHr() throws Exception {
-        testSpecification("kDHr");
-    }
-
-
-    @Test
-    public void testkDHd() throws Exception {
-        testSpecification("kDHd");
-    }
-
-
-    @Test
-    public void testkDH() throws Exception {
-        testSpecification("kDH");
-    }
-
-
-    @Test
-    public void testkECDHr() throws Exception {
-        testSpecification("kECDHr");
-    }
-
-
-    @Test
-    public void testkECDHe() throws Exception {
-        testSpecification("kECDHe");
-    }
-
-
-    @Test
-    public void testkECDH() throws Exception {
-        testSpecification("kECDH");
-    }
-
-
     @Test
     public void testkEECDH() throws Exception {
         testSpecification("kEECDH");
@@ -208,18 +172,6 @@ public class TestOpenSSLCipherConfigurationParser {
     }
 
 
-    @Test
-    public void testaDH() throws Exception {
-        testSpecification("aDH");
-    }
-
-
-    @Test
-    public void testaECDH() throws Exception {
-        testSpecification("aECDH");
-    }
-
-
     @Test
     public void testaECDSA() throws Exception {
         testSpecification("aECDSA");


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to