On 20/08/2014 09:08, Ognjen Blagojevic wrote: <snip/>
> But, I had some problems with testing OpenSSL cypher syntax with BIO > connector. Some values for ciphers attribute worked, like > > ciphers="EECDH:EDH+aRSA:RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS" > > > but others did not: > > ciphers="EECDH+aRSA+SHA384:EECDH:EDH+aRSA:RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS" > > > The exception thrown is: <snip/> > Caused by: java.lang.NullPointerException > at java.util.ArrayList.<init>(ArrayList.java:164) > at > org.apache.tomcat.util.net.jsse.openssl.OpenSSLCipherConfigurationPar > ser.parse(OpenSSLCipherConfigurationParser.java:636) > at > org.apache.tomcat.util.net.jsse.openssl.OpenSSLCipherConfigurationPar > ser.parseExpression(OpenSSLCipherConfigurationParser.java:668) > at > org.apache.tomcat.util.net.jsse.JSSESocketFactory.getEnableableCipher > s(JSSESocketFactory.java:239) > at > org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFact > ory.java:455) > ... 19 more <snip/> > It seems that adding EECDH+aRSA+SHA384 to the ciphers attribute throws > the exception. > > I assume that OpenSSL's "EECDH+aRSA+SHA384" is equivalent to JSSE's > "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384". > > I have JCE Unlimited Strength installed, and I am able to specify > TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 using JSSE syntax. Why I am unable > to specify it using OpenSSL syntax? > > > If it is a bug, and not my oversight, I don't think this is critical to > stop the release. That certainly looks like a bug. I've added this as a unit test in r1619747. If you (or anyone else) comes across similar failures feel free to submit a patch similar to r1619747 that demonstrates the problem. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
