https://issues.apache.org/bugzilla/show_bug.cgi?id=57234
Bug ID: 57234 Summary: Use case-insensitive substring search when filtering SSLv2/v3 protocols in connectors Product: Tomcat 8 Version: 8.0.15 Hardware: PC Status: NEW Severity: normal Priority: P2 Component: Connectors Assignee: dev@tomcat.apache.org Reporter: knst.koli...@gmail.com Regarding "protocol.contains("SSL")" check in org.apache.tomcat.util.net.jsse.JSSESocketFactory from r1632512 etc. If one reads [1], it has the following phrase at the top of the document: "Note: Standard names are not case-sensitive." I doubt that anybody is really bitten by this, as I doubt that any JVM vendor misspells "SSL" On [1] there is a link named "Note: The Sun Provider Documentation contains specific provider and algorithm information.". If you follow it to [2], it lists the actual names used by Oracle JRE. Those are spelled with uppercase "SSL". Nevertheless, technically it would be better to do protocol.toUpperCase(Locale.ENGLISH).contains("SSL") [1] https://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#jssenames [2] https://docs.oracle.com/javase/7/docs/technotes/guides/security/SunProviders.html -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org