On 16/02/2015 10:19, Rainer Jung wrote: > Am 16.02.2015 um 08:49 schrieb Bill Barker: > >> [concat] Testsuites with failed tests: >> [concat] >> TEST-org.apache.catalina.loader.TestWebappClassLoaderThreadLocalMemoryLeak.NIO2.txt >> >> [concat] >> TEST-org.apache.tomcat.util.net.jsse.openssl.TestCipher.NIO2.txt >> [concat] >> TEST-org.apache.tomcat.util.net.jsse.openssl.TestOpenSSLCipherConfigurationParser.NIO2.txt >> > > For the openssl falures, it seems that for OpenSSL 1.0.2 compatibility > at least the following ciphers have to be added to Ciphers.java: > > SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA > SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA > SSL_DH_DSS_WITH_DES_CBC_SHA > SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA > SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA > SSL_DH_RSA_WITH_DES_CBC_SHA > TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA > TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA > TLS_DH_DSS_WITH_AES_128_CBC_SHA > TLS_DH_DSS_WITH_AES_128_CBC_SHA256 > TLS_DH_DSS_WITH_AES_128_GCM_SHA256 > TLS_DH_DSS_WITH_AES_256_CBC_SHA > TLS_DH_DSS_WITH_AES_256_CBC_SHA256 > TLS_DH_DSS_WITH_AES_256_GCM_SHA384 > TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA > TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA > TLS_DH_DSS_WITH_DES_CBC_SHA > TLS_DH_DSS_WITH_SEED_CBC_SHA > TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA > TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA > TLS_DH_RSA_WITH_AES_128_CBC_SHA > TLS_DH_RSA_WITH_AES_128_CBC_SHA256 > TLS_DH_RSA_WITH_AES_128_GCM_SHA256 > TLS_DH_RSA_WITH_AES_256_CBC_SHA > TLS_DH_RSA_WITH_AES_256_CBC_SHA256 > > I can do it over the week.
Hmm. I only checked that last one but it is already listed in Ciphers. Looking at the names, I'd expect most if not all of them to be there already. I wonder if this is a case of fixing the name mappings and/or the "what ciphers are implemented where" lists? Mark --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
