Author: markt
Date: Tue Aug 11 11:15:39 2015
New Revision: 1695263
URL: http://svn.apache.org/r1695263
Log:
Get unit tests passing (using Windows binaries linked from openssl.org) for
0.9.8, 1.0.0, 1.0.1 & 1.0.2.
Modified:
tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestCipher.java
tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestOpenSSLCipherConfigurationParser.java
tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TesterOpenSSL.java
Modified:
tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestCipher.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestCipher.java?rev=1695263&r1=1695262&r2=1695263&view=diff
==============================================================================
--- tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestCipher.java
(original)
+++ tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestCipher.java
Tue Aug 11 11:15:39 2015
@@ -73,7 +73,11 @@ public class TestCipher {
*/
@Test
public void testOpenSSLCipherAvailability() throws Exception {
- Set<String> availableCipherSuites =
TesterOpenSSL.getOpenSSLCiphersAsSet("ALL:eNULL");
+ // OpenSSL 0.9.8 does not include aNULL or eNULL in all.
+ // OpenSSL does not include ECDH/ECDHE ciphers in all and there is no
+ // EC alias. Use aRSA.
+ // OpenSSL 1.0.0 onwards does not include eNULL in all.
+ Set<String> availableCipherSuites =
TesterOpenSSL.getOpenSSLCiphersAsSet("ALL:eNULL:aNULL:aRSA");
Set<String> expectedCipherSuites = new HashSet<>();
for (Cipher cipher : Cipher.values()) {
if (TesterOpenSSL.OPENSSL_UNIMPLEMENTED_CIPHERS.contains(cipher)) {
Modified:
tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestOpenSSLCipherConfigurationParser.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestOpenSSLCipherConfigurationParser.java?rev=1695263&r1=1695262&r2=1695263&view=diff
==============================================================================
---
tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestOpenSSLCipherConfigurationParser.java
(original)
+++
tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestOpenSSLCipherConfigurationParser.java
Tue Aug 11 11:15:39 2015
@@ -28,7 +28,13 @@ public class TestOpenSSLCipherConfigurat
public void testDEFAULT() throws Exception {
// EXPORT was removed from DEFAULT in 1.1.0 but we prefer the old
// behaviour
- testSpecification("DEFAULT:!EXPORT");
+ if (TesterOpenSSL.VERSION < 10000) {
+ // OpenSSL 0.9.8 excludes EC ciphers unless explicitly enabled
+ // (using aRSA:!SSLv2:!eNULL as an EC alias isn't available)
+ testSpecification("DEFAULT:!EXPORT:aRSA:!SSLv2:!eNULL");
+ } else {
+ testSpecification("DEFAULT:!EXPORT");
+ }
}
@@ -36,19 +42,40 @@ public class TestOpenSSLCipherConfigurat
public void testCOMPLEMENTOFDEFAULT() throws Exception {
// EXPORT was removed from DEFAULT in 1.1.0 but we prefer the old
// behaviour
- testSpecification("COMPLEMENTOFDEFAULT:EXPORT");
+ if (TesterOpenSSL.VERSION < 10000) {
+ // OpenSSL 0.9.8 excludes aNULL unless explicitly enabled
+ testSpecification("COMPLEMENTOFDEFAULT:EXPORT:aNULL");
+ } else {
+ testSpecification("COMPLEMENTOFDEFAULT:EXPORT");
+ }
}
@Test
public void testALL() throws Exception {
- testSpecification("ALL");
+ if (TesterOpenSSL.VERSION < 10000) {
+ // OpenSSL 0.9.8 excludes aNULL unless explicitly enabled whereas
+ // later versions include it.
+ // OpenSSL 0.9.8 excludes EC ciphers unless explicitly enabled
+ // (using aRSA:kECDHr as an EC alias isn't available)
+ testSpecification("ALL:aNULL:aRSA:kECDHr");
+ } else {
+ testSpecification("ALL");
+ }
}
@Test
public void testCOMPLEMENTOFALL() throws Exception {
- testSpecification("COMPLEMENTOFALL");
+ if (TesterOpenSSL.VERSION < 10000) {
+ // OpenSSL 0.9.8 excludes aNULL unless explicitly enabled whereas
+ // later versions include it.
+ // OpenSSL 0.9.8 excludes EC ciphers unless explicitly enabled
+ // (using aRSA:kECDHr as an EC alias isn't available)
+ testSpecification("COMPLEMENTOFALL:!aNULL:!aRSA:!kECDHr");
+ } else {
+ testSpecification("COMPLEMENTOFALL");
+ }
}
@@ -60,19 +87,56 @@ public class TestOpenSSLCipherConfigurat
@Test
public void testeNULL() throws Exception {
- testSpecification("eNULL");
+ if (TesterOpenSSL.VERSION < 10000) {
+ // OpenSSL 0.9.8 excludes aNULL unless explicitly enabled
+ // OpenSSL 0.9.8 excludes EC ciphers unless explicitly enabled
+ // (using aRSA as an EC alias isn't available)
+ testSpecification("eNULL:eNULL+aNULL:eNULL+aRSA");
+ } else {
+ testSpecification("eNULL");
+ }
}
@Test
public void testHIGH() throws Exception {
- testSpecification("HIGH");
+ if (TesterOpenSSL.VERSION < 10000) {
+ // OpenSSL 0.9.8 excludes aNULL unless explicitly enabled
+ // OpenSSL 0.9.8 describes the following ciphers as HIGH whereas
+ // later versions use MEDIUM
+ // TLS_ECDH_anon_WITH_RC4_128_SHA (AECDH-RC4-SHA)
+ // TLS_ECDHE_RSA_WITH_RC4_128_SHA (ECDHE-RSA-RC4-SHA)
+ // TLS_ECDH_RSA_WITH_RC4_128_SHA (ECDH-RSA-RC4-SHA)
+ // TLS_ECDHE_RSA_WITH_NULL_SHA (ECDHE-RSA-NULL-SHA)
+ // TLS_ECDH_RSA_WITH_NULL_SHA (ECDH-RSA-NULL-SHA)
+ //
+ // OpenSSL 0.9.8 describes TLS_ECDH_anon_WITH_NULL_SHA
+ // (AECDH-NULL-SHA) as HIGH whereas later versions use STRONG_NONE
+ // OpenSSL 0.9.8 excludes EC ciphers unless explicitly enabled
+ // (using aRSA as an EC alias isn't available)
+ testSpecification("HIGH:HIGH+aNULL:HIGH+aRSA:" +
+
"!AECDH-RC4-SHA:!ECDHE-RSA-RC4-SHA:!ECDH-RSA-RC4-SHA:!ECDHE-RSA-NULL-SHA:!ECDH-RSA-NULL-SHA:"
+
+ "!AECDH-NULL-SHA");
+ } else {
+ testSpecification("HIGH");
+ }
}
@Test
public void testMEDIUM() throws Exception {
- testSpecification("MEDIUM");
+ if (TesterOpenSSL.VERSION < 10000) {
+ // OpenSSL 0.9.8 describes the following ciphers as HIGH whereas
+ // later versions use MEDIUM
+ // TLS_ECDH_anon_WITH_RC4_128_SHA (AECDH-RC4-SHA)
+ // TLS_ECDHE_RSA_WITH_RC4_128_SHA (ECDHE-RSA-RC4-SHA)
+ // TLS_ECDH_RSA_WITH_RC4_128_SHA (ECDH-RSA-RC4-SHA)
+ // TLS_ECDHE_RSA_WITH_NULL_SHA (ECDHE-RSA-NULL-SHA)
+ // TLS_ECDH_RSA_WITH_NULL_SHA (ECDH-RSA-NULL-SHA)
+
testSpecification("MEDIUM:AECDH-RC4-SHA:ECDHE-RSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDHE-RSA-NULL-SHA:ECDH-RSA-NULL-SHA");
+ } else {
+ testSpecification("MEDIUM");
+ }
}
@@ -102,7 +166,12 @@ public class TestOpenSSLCipherConfigurat
@Test
public void testaRSA() throws Exception {
- testSpecification("aRSA");
+ if (TesterOpenSSL.VERSION < 10000) {
+ // OpenSSL 0.9.8 treats kECDHr as aRSA
+ testSpecification("aRSA:kECDHr");
+ } else {
+ testSpecification("aRSA");
+ }
}
@@ -129,7 +198,10 @@ public class TestOpenSSLCipherConfigurat
@Test
public void testEDH() throws Exception {
- testSpecification("EDH");
+ // This alias was introduced in 1.0.0
+ if (TesterOpenSSL.VERSION >= 10000) {
+ testSpecification("EDH");
+ }
}
@@ -162,7 +234,10 @@ public class TestOpenSSLCipherConfigurat
@Test
public void testkECDHr() throws Exception {
- testSpecification("kECDHr");
+ // This alias was introduced in 1.0.0
+ if (TesterOpenSSL.VERSION >= 10000) {
+ testSpecification("kECDHr");
+ }
}
@@ -174,19 +249,28 @@ public class TestOpenSSLCipherConfigurat
@Test
public void testkECDH() throws Exception {
- testSpecification("kECDH");
+ // This alias was introduced in 1.0.0
+ if (TesterOpenSSL.VERSION >= 10000) {
+ testSpecification("kECDH");
+ }
}
@Test
public void testkEECDH() throws Exception {
- testSpecification("kEECDH");
+ // This alias was introduced in 1.0.0
+ if (TesterOpenSSL.VERSION >= 10000) {
+ testSpecification("kEECDH");
+ }
}
@Test
public void testECDH() throws Exception {
- testSpecification("ECDH");
+ // This alias was introduced in 1.0.0
+ if (TesterOpenSSL.VERSION >= 10000) {
+ testSpecification("ECDH");
+ }
}
@@ -213,7 +297,10 @@ public class TestOpenSSLCipherConfigurat
@Test
public void testAECDH() throws Exception {
- testSpecification("AECDH");
+ // This alias was introduced in 1.0.0
+ if (TesterOpenSSL.VERSION >= 10000) {
+ testSpecification("AECDH");
+ }
}
@@ -231,7 +318,10 @@ public class TestOpenSSLCipherConfigurat
@Test
public void testaECDH() throws Exception {
- testSpecification("aECDH");
+ // This alias was introduced in 1.0.0
+ if (TesterOpenSSL.VERSION >= 10000) {
+ testSpecification("aECDH");
+ }
}
@@ -279,7 +369,14 @@ public class TestOpenSSLCipherConfigurat
@Test
public void testTLSv1() throws Exception {
- testSpecification("TLSv1");
+ if (TesterOpenSSL.VERSION < 10000) {
+ // OpenSSL 0.9.8 excludes aNULL unless explicitly enabled
+ // OpenSSL 0.9.8 excludes EC ciphers unless explicitly enabled
+ // (using aRSA as an EC alias isn't available)
+ testSpecification("TLSv1:TLSv1+aNULL:TLSv1+aRSA");
+ } else {
+ testSpecification("TLSv1");
+ }
}
@@ -291,7 +388,14 @@ public class TestOpenSSLCipherConfigurat
@Test
public void testSSLv3() throws Exception {
- testSpecification("SSLv3");
+ if (TesterOpenSSL.VERSION < 10000) {
+ // OpenSSL 0.9.8 excludes aNULL unless explicitly enabled
+ // OpenSSL 0.9.8 excludes EC ciphers unless explicitly enabled
+ // (using aRSA as an EC alias isn't available)
+ testSpecification("SSLv3:SSLv3+aNULL:SSLv3+aRSA");
+ } else {
+ testSpecification("SSLv3");
+ }
}
@@ -309,19 +413,32 @@ public class TestOpenSSLCipherConfigurat
@Test
public void testAES128() throws Exception {
- testSpecification("AES128");
+ // This alias was introduced in 1.0.0
+ if (TesterOpenSSL.VERSION >= 10000) {
+ testSpecification("AES128");
+ }
}
@Test
public void testAES256() throws Exception {
- testSpecification("AES256");
+ // This alias was introduced in 1.0.0
+ if (TesterOpenSSL.VERSION >= 10000) {
+ testSpecification("AES256");
+ }
}
@Test
public void testAES() throws Exception {
- testSpecification("AES");
+ if (TesterOpenSSL.VERSION < 10000) {
+ // OpenSSL 0.9.8 excludes aNULL unless explicitly enabled
+ // OpenSSL 0.9.8 excludes EC ciphers unless explicitly enabled
+ // (using aRSA as an EC alias isn't available)
+ testSpecification("AES:AES+aNULL:AES+aRSA");
+ } else {
+ testSpecification("AES");
+ }
}
@@ -351,7 +468,14 @@ public class TestOpenSSLCipherConfigurat
@Test
public void test3DES() throws Exception {
- testSpecification("3DES");
+ if (TesterOpenSSL.VERSION < 10000) {
+ // OpenSSL 0.9.8 excludes aNULL unless explicitly enabled
+ // OpenSSL 0.9.8 excludes EC ciphers unless explicitly enabled
+ // (using aRSA as an EC alias isn't available)
+ testSpecification("3DES:3DES+aNULL:3DES+aRSA");
+ } else {
+ testSpecification("3DES");
+ }
}
@@ -363,7 +487,12 @@ public class TestOpenSSLCipherConfigurat
@Test
public void testRC4() throws Exception {
- testSpecification("RC4");
+ if (TesterOpenSSL.VERSION < 10000) {
+ // OpenSSL 0.9.8 excludes aNULL unless explicitly enabled
+ testSpecification("RC4:RC4+aNULL:RC4+aRSA");
+ } else {
+ testSpecification("RC4");
+ }
}
@@ -393,13 +522,27 @@ public class TestOpenSSLCipherConfigurat
@Test
public void testSHA1() throws Exception {
- testSpecification("SHA1");
+ if (TesterOpenSSL.VERSION < 10000) {
+ // OpenSSL 0.9.8 excludes aNULL unless explicitly enabled
+ // OpenSSL 0.9.8 excludes EC ciphers unless explicitly enabled
+ // (using aRSA as an EC alias isn't available)
+ testSpecification("SHA1:SHA1+aNULL:SHA1+aRSA");
+ } else {
+ testSpecification("SHA1");
+ }
}
@Test
public void testSHA() throws Exception {
- testSpecification("SHA");
+ if (TesterOpenSSL.VERSION < 10000) {
+ // OpenSSL 0.9.8 excludes aNULL unless explicitly enabled
+ // OpenSSL 0.9.8 excludes EC ciphers unless explicitly enabled
+ // (using aRSA as an EC alias isn't available)
+ testSpecification("SHA:SHA+aNULL:SHA+aRSA");
+ } else {
+ testSpecification("SHA");
+ }
}
@@ -470,24 +613,37 @@ public class TestOpenSSLCipherConfigurat
// Tomcat 8 default as of 2014-08-04
// This gets an A- from https://www.ssllabs.com/ssltest with no FS for
// a number of the reference browsers
- testSpecification("HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5");
+ if (TesterOpenSSL.VERSION < 10000) {
+ // OpenSSL 0.9.8 excludes EC ciphers unless explicitly enabled
+ // (using aRSA:kECDHr as an EC alias isn't available)
+
testSpecification("HIGH:aRSA:kECDHr:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5");
+ } else {
+ testSpecification("HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5");
+ }
}
@Test
public void testSpecification02() throws Exception {
// Suggestion from dev list (s/ECDHE/kEECDH/, s/DHE/EDH/
-
testSpecification("!aNULL:!eNULL:!EXPORT:!DSS:!DES:!SSLv2:kEECDH:ECDH:EDH:AES256-GCM-SHA384:AES128-GCM-SHA256:+RC4:HIGH:MEDIUM");
+ if (TesterOpenSSL.VERSION < 10000) {
+ // OpenSSL 0.9.8 excludes EC ciphers unless explicitly enabled
+ // (using aRSA:kECDHr as an EC alias isn't available)
+ } else {
+
testSpecification("!aNULL:!eNULL:!EXPORT:!DSS:!DES:!SSLv2:kEECDH:ECDH:EDH:AES256-GCM-SHA384:AES128-GCM-SHA256:+RC4:HIGH:aRSA:kECDHr:MEDIUM");
+ }
}
@Test
public void testSpecification03() throws Exception {
// Reported as failing during 8.0.11 release vote by Ognjen Blagojevic
-
testSpecification("EECDH+aRSA+SHA384:EECDH:EDH+aRSA:RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS");
+ // EDH was introduced in 1.0.0
+ if (TesterOpenSSL.VERSION >= 10000) {
+
testSpecification("EECDH+aRSA+SHA384:EECDH:EDH+aRSA:RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS");
+ }
}
-
private void testSpecification(String specification) throws Exception {
// Filter out cipher suites that OpenSSL does not implement
String openSSLCipherList =
TesterOpenSSL.getOpenSSLCiphersAsExpression(specification);
Modified:
tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TesterOpenSSL.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TesterOpenSSL.java?rev=1695263&r1=1695262&r2=1695263&view=diff
==============================================================================
---
tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TesterOpenSSL.java
(original)
+++
tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TesterOpenSSL.java
Tue Aug 11 11:15:39 2015
@@ -63,15 +63,7 @@ public class TesterOpenSSL {
// Note: The following lists are intended to be aligned with the most
// recent release of each OpenSSL release branch
- // TODO Validate this for all current OpenSSL versions
- // 0.9.8 - TODO
- // 1.0.0 - TODO
- // 1.0.1 - Done
- // 1.0.2 - Done
- // 1.1.0 - Done
-
- // These were removed in 0.9.8 (or earlier) so won't be available in
any
- // supported version.
+ // These have been removed from all supported versions.
unimplemented.add(Cipher.TLS_DHE_DSS_WITH_RC4_128_SHA);
unimplemented.add(Cipher.TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA);
unimplemented.add(Cipher.TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA);
@@ -83,35 +75,84 @@ public class TesterOpenSSL {
if (VERSION < 10000) {
// These were implemented in 1.0.0 so won't be available in any
// earlier version
+ unimplemented.add(Cipher.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA);
+ unimplemented.add(Cipher.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA);
+ unimplemented.add(Cipher.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA);
+ unimplemented.add(Cipher.TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA);
+ unimplemented.add(Cipher.TLS_ECDHE_ECDSA_WITH_NULL_SHA);
+ unimplemented.add(Cipher.TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA);
+ unimplemented.add(Cipher.TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA);
+ unimplemented.add(Cipher.TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA);
+ unimplemented.add(Cipher.TLS_RSA_WITH_CAMELLIA_256_CBC_SHA);
+ unimplemented.add(Cipher.TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA);
+ unimplemented.add(Cipher.TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA);
+ unimplemented.add(Cipher.TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA);
+ unimplemented.add(Cipher.TLS_RSA_WITH_CAMELLIA_128_CBC_SHA);
+ unimplemented.add(Cipher.TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA);
+ unimplemented.add(Cipher.TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA);
+ unimplemented.add(Cipher.TLS_PSK_WITH_AES_128_CBC_SHA);
+ unimplemented.add(Cipher.TLS_PSK_WITH_AES_256_CBC_SHA);
+ unimplemented.add(Cipher.TLS_DHE_RSA_WITH_SEED_CBC_SHA);
+ unimplemented.add(Cipher.TLS_DHE_DSS_WITH_SEED_CBC_SHA);
+ unimplemented.add(Cipher.TLS_DH_anon_WITH_SEED_CBC_SHA);
+ unimplemented.add(Cipher.TLS_RSA_WITH_SEED_CBC_SHA);
+ unimplemented.add(Cipher.TLS_ECDH_ECDSA_WITH_RC4_128_SHA);
+ unimplemented.add(Cipher.TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA);
+ unimplemented.add(Cipher.TLS_ECDH_ECDSA_WITH_NULL_SHA);
+ unimplemented.add(Cipher.TLS_PSK_WITH_RC4_128_SHA);
+ unimplemented.add(Cipher.TLS_PSK_WITH_3DES_EDE_CBC_SHA);
} else {
// These were removed in 1.0.0 so won't be available from that
// version onwards.
+ // None at present.
}
if (VERSION < 10001) {
// These were added in 1.0.1 so won't be available in any earlier
// version
- unimplemented.add(Cipher.TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256);
- unimplemented.add(Cipher.TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256);
- unimplemented.add(Cipher.TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256);
- unimplemented.add(Cipher.TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256);
- unimplemented.add(Cipher.TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256);
- unimplemented.add(Cipher.TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256);
- unimplemented.add(Cipher.TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256);
- unimplemented.add(Cipher.TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256);
- unimplemented.add(Cipher.TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256);
- unimplemented.add(Cipher.TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256);
-
unimplemented.add(Cipher.TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256);
-
unimplemented.add(Cipher.TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384);
-
unimplemented.add(Cipher.TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256);
-
unimplemented.add(Cipher.TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384);
-
unimplemented.add(Cipher.TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256);
-
unimplemented.add(Cipher.TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384);
-
unimplemented.add(Cipher.TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256);
-
unimplemented.add(Cipher.TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384);
- unimplemented.add(Cipher.TLS_PSK_WITH_AES_128_GCM_SHA256);
- unimplemented.add(Cipher.TLS_PSK_WITH_AES_256_GCM_SHA384);
+ unimplemented.add(Cipher.TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA);
+ unimplemented.add(Cipher.TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA);
+ unimplemented.add(Cipher.TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA);
+ unimplemented.add(Cipher.TLS_SRP_SHA_WITH_AES_128_CBC_SHA);
+ unimplemented.add(Cipher.TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA);
+ unimplemented.add(Cipher.TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA);
+ unimplemented.add(Cipher.TLS_SRP_SHA_WITH_AES_256_CBC_SHA);
+ unimplemented.add(Cipher.TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA);
+ unimplemented.add(Cipher.TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA);
+ unimplemented.add(Cipher.TLS_RSA_WITH_AES_256_GCM_SHA384);
+ unimplemented.add(Cipher.TLS_DHE_DSS_WITH_AES_128_CBC_SHA256);
+ unimplemented.add(Cipher.TLS_DHE_DSS_WITH_AES_256_CBC_SHA256);
+ unimplemented.add(Cipher.TLS_DHE_RSA_WITH_AES_128_CBC_SHA256);
+ unimplemented.add(Cipher.TLS_DHE_RSA_WITH_AES_256_CBC_SHA256);
+ unimplemented.add(Cipher.TLS_DH_anon_WITH_AES_128_CBC_SHA256);
+ unimplemented.add(Cipher.TLS_DH_anon_WITH_AES_256_CBC_SHA256);
+ unimplemented.add(Cipher.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384);
+ unimplemented.add(Cipher.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384);
+ unimplemented.add(Cipher.TLS_DHE_DSS_WITH_AES_256_GCM_SHA384);
+ unimplemented.add(Cipher.TLS_DHE_RSA_WITH_AES_256_GCM_SHA384);
+ unimplemented.add(Cipher.TLS_DH_anon_WITH_AES_256_GCM_SHA384);
+ unimplemented.add(Cipher.TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384);
+ unimplemented.add(Cipher.TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384);
+ unimplemented.add(Cipher.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256);
+ unimplemented.add(Cipher.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256);
+ unimplemented.add(Cipher.TLS_DHE_DSS_WITH_AES_128_GCM_SHA256);
+ unimplemented.add(Cipher.TLS_DHE_RSA_WITH_AES_128_GCM_SHA256);
+ unimplemented.add(Cipher.TLS_DH_anon_WITH_AES_128_GCM_SHA256);
+ unimplemented.add(Cipher.TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256);
+ unimplemented.add(Cipher.TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256);
+ unimplemented.add(Cipher.TLS_RSA_WITH_AES_128_GCM_SHA256);
+ unimplemented.add(Cipher.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384);
+ unimplemented.add(Cipher.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384);
+ unimplemented.add(Cipher.TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384);
+ unimplemented.add(Cipher.TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384);
+ unimplemented.add(Cipher.TLS_RSA_WITH_AES_256_CBC_SHA256);
+ unimplemented.add(Cipher.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256);
+ unimplemented.add(Cipher.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256);
+ unimplemented.add(Cipher.TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256);
+ unimplemented.add(Cipher.TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256);
+ unimplemented.add(Cipher.TLS_RSA_WITH_AES_128_CBC_SHA256);
+ unimplemented.add(Cipher.TLS_RSA_WITH_NULL_SHA256);
} else {
// These were removed in 1.0.1 so won't be available from that
// version onwards.
@@ -268,7 +309,11 @@ public class TesterOpenSSL {
if (specification == null) {
stdout = executeOpenSSLCommand("ciphers", "-v");
} else {
- stdout = executeOpenSSLCommand("ciphers", "-v", specification);
+ if (VERSION < 10000) {
+ stdout = executeOpenSSLCommand("ciphers", "-v", specification);
+ } else {
+ stdout = executeOpenSSLCommand("ciphers", "-v", specification);
+ }
}
if (stdout.length() == 0) {
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
