https://issues.apache.org/bugzilla/show_bug.cgi?id=57234
Bug ID: 57234
Summary: Use case-insensitive substring search when filtering
SSLv2/v3 protocols in connectors
Product: Tomcat 8
Version: 8.0.15
Hardware: PC
Status: NEW
Severity: normal
Priority: P2
Component: Connectors
Assignee: dev@tomcat.apache.org
Reporter: knst.koli...@gmail.com
Regarding "protocol.contains("SSL")" check in
org.apache.tomcat.util.net.jsse.JSSESocketFactory from r1632512 etc.
If one reads [1], it has the following phrase at the top of the document:
"Note: Standard names are not case-sensitive."
I doubt that anybody is really bitten by this, as I doubt that any JVM vendor
misspells "SSL"
On [1] there is a link named "Note: The Sun Provider Documentation contains
specific provider and algorithm information.". If you follow it to [2], it
lists the actual names used by Oracle JRE. Those are spelled with uppercase
"SSL".
Nevertheless, technically it would be better to do
protocol.toUpperCase(Locale.ENGLISH).contains("SSL")
[1]
https://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#jssenames
[2]
https://docs.oracle.com/javase/7/docs/technotes/guides/security/SunProviders.html
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
