This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/main by this push:
     new 7c55e7b  Remove testing support for old OpenSSL versions
7c55e7b is described below

commit 7c55e7bf96c28caa571dd1e97820807984cece12
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Mon May 24 10:25:53 2021 +0100

    Remove testing support for old OpenSSL versions
    
    Also update note son Gump testing
---
 .../util/net/openssl/ciphers/TesterOpenSSL.java    | 274 ++++++---------------
 1 file changed, 74 insertions(+), 200 deletions(-)

diff --git a/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java 
b/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java
index a5ce647..07edc4b 100644
--- a/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java
+++ b/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java
@@ -50,22 +50,14 @@ public class TesterOpenSSL {
             versionString = "";
         }
         if (versionString.startsWith("OpenSSL 3.0.0")) {
-            // Note: Gump currently tests 9.0.x with OpenSSL master
-            //       (a.k.a 3.0.0-dev)
+            // Note: Gump currently tests 10.x with OpenSSL 3.0.x
             VERSION = 30000;
         } else if (versionString.startsWith("OpenSSL 1.1.1")) {
             // LTS
             // Supported until at least 2023-09-11
+            // Note: Gump currently tests 9.x and earlier with OpenSSL 1.1.1[x]
             VERSION = 10101;
-        } else if (versionString.startsWith("OpenSSL 1.1.0")) {
-            // Support ends 2019-09-11
-            VERSION = 10100;
-        } else if (versionString.startsWith("OpenSSL 1.0.2")) {
-            // LTS
-            // Support ends 2019-12-31
-            // Note: Gump current tests 8.5.x with OpenSSL 1.0.2
-            VERSION = 10002;
-        // Note: Release branches 1.0.1 and earlier are no longer supported by
+        // Note: Release branches 1.1.0 and earlier are no longer supported by
         //       the OpenSSL team so these tests don't support them either.
         } else {
             VERSION = -1;
@@ -107,6 +99,76 @@ public class TesterOpenSSL {
         unimplemented.add(Cipher.SSL2_RC4_128_EXPORT40_WITH_MD5);
         unimplemented.add(Cipher.SSL2_IDEA_128_CBC_WITH_MD5);
         unimplemented.add(Cipher.SSL2_DES_192_EDE3_CBC_WITH_MD5);
+        // These were removed in 1.1.0 so won't be available from that
+        // version onwards.
+        unimplemented.add(Cipher.TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA);
+        unimplemented.add(Cipher.TLS_DH_DSS_WITH_AES_128_CBC_SHA);
+        unimplemented.add(Cipher.TLS_DH_DSS_WITH_AES_128_CBC_SHA256);
+        unimplemented.add(Cipher.TLS_DH_DSS_WITH_AES_128_GCM_SHA256);
+        unimplemented.add(Cipher.TLS_DH_DSS_WITH_AES_256_CBC_SHA);
+        unimplemented.add(Cipher.TLS_DH_DSS_WITH_AES_256_CBC_SHA256);
+        unimplemented.add(Cipher.TLS_DH_DSS_WITH_AES_256_GCM_SHA384);
+        unimplemented.add(Cipher.TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA);
+        unimplemented.add(Cipher.TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA);
+        unimplemented.add(Cipher.TLS_DH_DSS_WITH_SEED_CBC_SHA);
+        unimplemented.add(Cipher.TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA);
+        unimplemented.add(Cipher.TLS_DH_RSA_WITH_AES_128_CBC_SHA);
+        unimplemented.add(Cipher.TLS_DH_RSA_WITH_AES_128_CBC_SHA256);
+        unimplemented.add(Cipher.TLS_DH_RSA_WITH_AES_128_GCM_SHA256);
+        unimplemented.add(Cipher.TLS_DH_RSA_WITH_AES_256_CBC_SHA);
+        unimplemented.add(Cipher.TLS_DH_RSA_WITH_AES_256_CBC_SHA256);
+        unimplemented.add(Cipher.TLS_DH_RSA_WITH_AES_256_GCM_SHA384);
+        unimplemented.add(Cipher.TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA);
+        unimplemented.add(Cipher.TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA);
+        unimplemented.add(Cipher.TLS_DH_RSA_WITH_SEED_CBC_SHA);
+        unimplemented.add(Cipher.TLS_ECDH_ECDSA_WITH_NULL_SHA);
+        unimplemented.add(Cipher.TLS_ECDH_ECDSA_WITH_RC4_128_SHA);
+        unimplemented.add(Cipher.TLS_ECDH_ECDSA_WITH_RC4_128_SHA);
+        unimplemented.add(Cipher.TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA);
+        unimplemented.add(Cipher.TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA);
+        unimplemented.add(Cipher.TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA);
+        unimplemented.add(Cipher.TLS_ECDH_RSA_WITH_NULL_SHA);
+        unimplemented.add(Cipher.TLS_ECDH_RSA_WITH_RC4_128_SHA);
+        unimplemented.add(Cipher.TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA);
+        unimplemented.add(Cipher.TLS_ECDH_RSA_WITH_AES_128_CBC_SHA);
+        unimplemented.add(Cipher.TLS_ECDH_RSA_WITH_AES_256_CBC_SHA);
+        unimplemented.add(Cipher.TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256);
+        unimplemented.add(Cipher.TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384);
+        unimplemented.add(Cipher.TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256);
+        unimplemented.add(Cipher.TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384);
+        unimplemented.add(Cipher.TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256);
+        unimplemented.add(Cipher.TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384);
+        unimplemented.add(Cipher.TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256);
+        unimplemented.add(Cipher.TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384);
+        unimplemented.add(Cipher.TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256);
+        unimplemented.add(Cipher.TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384);
+        unimplemented.add(Cipher.TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256);
+        unimplemented.add(Cipher.TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384);
+        unimplemented.add(Cipher.TLS_RSA_WITH_RC4_128_MD5);
+        unimplemented.add(Cipher.TLS_DH_anon_WITH_RC4_128_MD5);
+        unimplemented.add(Cipher.TLS_ECDHE_PSK_WITH_RC4_128_SHA);
+        unimplemented.add(Cipher.TLS_RSA_PSK_WITH_RC4_128_SHA);
+        unimplemented.add(Cipher.TLS_ECDHE_RSA_WITH_RC4_128_SHA);
+        unimplemented.add(Cipher.TLS_RSA_WITH_RC4_128_SHA);
+        unimplemented.add(Cipher.TLS_PSK_WITH_RC4_128_SHA);
+        unimplemented.add(Cipher.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA);
+        unimplemented.add(Cipher.TLS_DHE_PSK_WITH_RC4_128_SHA);
+        unimplemented.add(Cipher.TLS_ECDH_anon_WITH_RC4_128_SHA);
+        // 3DES requires a compile time switch to enable. Treat as removed.
+        unimplemented.add(Cipher.TLS_PSK_WITH_3DES_EDE_CBC_SHA);
+        unimplemented.add(Cipher.TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA);
+        unimplemented.add(Cipher.TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA);
+        unimplemented.add(Cipher.TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA);
+        unimplemented.add(Cipher.TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA);
+        unimplemented.add(Cipher.TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA);
+        unimplemented.add(Cipher.TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA);
+        unimplemented.add(Cipher.TLS_DH_anon_WITH_3DES_EDE_CBC_SHA);
+        unimplemented.add(Cipher.TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA);
+        unimplemented.add(Cipher.TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA);
+        unimplemented.add(Cipher.TLS_RSA_WITH_3DES_EDE_CBC_SHA);
+        unimplemented.add(Cipher.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA);
+        unimplemented.add(Cipher.TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA);
+        unimplemented.add(Cipher.TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA);
 
         // These are TLS v1.3 cipher suites
         // Java does not currently support these so they are excluded from the
@@ -120,198 +182,10 @@ public class TesterOpenSSL {
         unimplemented.add(Cipher.TLS_AES_256_GCM_SHA384);
         unimplemented.add(Cipher.TLS_CHACHA20_POLY1305_SHA256);
 
-        if (VERSION < 10100) {
-            // These were implemented in 1.1.0 so won't be available in any
-            // earlier version
-            unimplemented.add(Cipher.TLS_PSK_WITH_NULL_SHA);
-            unimplemented.add(Cipher.TLS_DHE_PSK_WITH_NULL_SHA);
-            unimplemented.add(Cipher.TLS_RSA_PSK_WITH_NULL_SHA);
-            unimplemented.add(Cipher.TLS_DHE_PSK_WITH_AES_128_GCM_SHA256);
-            unimplemented.add(Cipher.TLS_DHE_PSK_WITH_AES_256_GCM_SHA384);
-            unimplemented.add(Cipher.TLS_RSA_PSK_WITH_AES_128_GCM_SHA256);
-            unimplemented.add(Cipher.TLS_RSA_PSK_WITH_AES_256_GCM_SHA384);
-            unimplemented.add(Cipher.TLS_PSK_WITH_AES_128_CBC_SHA256);
-            unimplemented.add(Cipher.TLS_PSK_WITH_AES_256_CBC_SHA384);
-            unimplemented.add(Cipher.TLS_PSK_WITH_NULL_SHA256);
-            unimplemented.add(Cipher.TLS_PSK_WITH_NULL_SHA384);
-            unimplemented.add(Cipher.TLS_DHE_PSK_WITH_AES_128_CBC_SHA256);
-            unimplemented.add(Cipher.TLS_DHE_PSK_WITH_AES_256_CBC_SHA384);
-            unimplemented.add(Cipher.TLS_DHE_PSK_WITH_NULL_SHA256);
-            unimplemented.add(Cipher.TLS_DHE_PSK_WITH_NULL_SHA384);
-            unimplemented.add(Cipher.TLS_RSA_PSK_WITH_AES_128_CBC_SHA256);
-            unimplemented.add(Cipher.TLS_RSA_PSK_WITH_AES_256_CBC_SHA384);
-            unimplemented.add(Cipher.TLS_RSA_PSK_WITH_NULL_SHA256);
-            unimplemented.add(Cipher.TLS_RSA_PSK_WITH_NULL_SHA384);
-            unimplemented.add(Cipher.TLS_DHE_PSK_WITH_RC4_128_SHA);
-            unimplemented.add(Cipher.TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA);
-            unimplemented.add(Cipher.TLS_DHE_PSK_WITH_AES_128_CBC_SHA);
-            unimplemented.add(Cipher.TLS_DHE_PSK_WITH_AES_256_CBC_SHA);
-            unimplemented.add(Cipher.TLS_RSA_PSK_WITH_RC4_128_SHA);
-            unimplemented.add(Cipher.TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA);
-            unimplemented.add(Cipher.TLS_RSA_PSK_WITH_AES_128_CBC_SHA);
-            unimplemented.add(Cipher.TLS_RSA_PSK_WITH_AES_256_CBC_SHA);
-            unimplemented.add(Cipher.TLS_ECDHE_PSK_WITH_RC4_128_SHA);
-            unimplemented.add(Cipher.TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA);
-            unimplemented.add(Cipher.TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA);
-            unimplemented.add(Cipher.TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA);
-            unimplemented.add(Cipher.TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256);
-            unimplemented.add(Cipher.TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384);
-            unimplemented.add(Cipher.TLS_ECDHE_PSK_WITH_NULL_SHA);
-            unimplemented.add(Cipher.TLS_ECDHE_PSK_WITH_NULL_SHA256);
-            unimplemented.add(Cipher.TLS_ECDHE_PSK_WITH_NULL_SHA384);
-            unimplemented.add(Cipher.TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256);
-            unimplemented.add(Cipher.TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384);
-            unimplemented.add(Cipher.TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256);
-            unimplemented.add(Cipher.TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384);
-            unimplemented.add(Cipher.TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256);
-            unimplemented.add(Cipher.TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384);
-            
unimplemented.add(Cipher.TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256);
-            
unimplemented.add(Cipher.TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384);
-            unimplemented.add(Cipher.TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256);
-            unimplemented.add(Cipher.TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256);
-            unimplemented.add(Cipher.TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256);
-            unimplemented.add(Cipher.TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256);
-            
unimplemented.add(Cipher.TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384);
-            
unimplemented.add(Cipher.TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384);
-            
unimplemented.add(Cipher.TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256);
-            
unimplemented.add(Cipher.TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256);
-            
unimplemented.add(Cipher.TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384);
-            
unimplemented.add(Cipher.TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256);
-            
unimplemented.add(Cipher.TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384);
-            
unimplemented.add(Cipher.TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256);
-            unimplemented.add(Cipher.TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256);
-            unimplemented.add(Cipher.TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256);
-            unimplemented.add(Cipher.TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256);
-            unimplemented.add(Cipher.TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256);
-            unimplemented.add(Cipher.TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256);
-            unimplemented.add(Cipher.TLS_PSK_WITH_AES_128_GCM_SHA256);
-            unimplemented.add(Cipher.TLS_PSK_WITH_AES_256_GCM_SHA384);
-            unimplemented.add(Cipher.TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256);
-            unimplemented.add(Cipher.TLS_RSA_WITH_AES_128_CCM);
-            unimplemented.add(Cipher.TLS_RSA_WITH_AES_256_CCM);
-            unimplemented.add(Cipher.TLS_DHE_RSA_WITH_AES_128_CCM);
-            unimplemented.add(Cipher.TLS_DHE_RSA_WITH_AES_256_CCM);
-            unimplemented.add(Cipher.TLS_RSA_WITH_AES_128_CCM_8);
-            unimplemented.add(Cipher.TLS_RSA_WITH_AES_256_CCM_8);
-            unimplemented.add(Cipher.TLS_DHE_RSA_WITH_AES_128_CCM_8);
-            unimplemented.add(Cipher.TLS_DHE_RSA_WITH_AES_256_CCM_8);
-            unimplemented.add(Cipher.TLS_PSK_WITH_AES_128_CCM);
-            unimplemented.add(Cipher.TLS_PSK_WITH_AES_256_CCM);
-            unimplemented.add(Cipher.TLS_DHE_PSK_WITH_AES_128_CCM);
-            unimplemented.add(Cipher.TLS_DHE_PSK_WITH_AES_256_CCM);
-            unimplemented.add(Cipher.TLS_PSK_WITH_AES_128_CCM_8);
-            unimplemented.add(Cipher.TLS_PSK_WITH_AES_256_CCM_8);
-            unimplemented.add(Cipher.TLS_PSK_DHE_WITH_AES_128_CCM_8);
-            unimplemented.add(Cipher.TLS_PSK_DHE_WITH_AES_256_CCM_8);
-            unimplemented.add(Cipher.TLS_ECDHE_ECDSA_WITH_AES_128_CCM);
-            unimplemented.add(Cipher.TLS_ECDHE_ECDSA_WITH_AES_256_CCM);
-            unimplemented.add(Cipher.TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8);
-            unimplemented.add(Cipher.TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8);
-            
unimplemented.add(Cipher.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256);
-            
unimplemented.add(Cipher.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256);
-            
unimplemented.add(Cipher.TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256);
-            unimplemented.add(Cipher.TLS_PSK_WITH_CHACHA20_POLY1305_SHA256);
-            
unimplemented.add(Cipher.TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256);
-            
unimplemented.add(Cipher.TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256);
-            
unimplemented.add(Cipher.TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256);
-        } else {
-            // These were removed in 1.1.0 so won't be available from that
-            // version onwards.
-            unimplemented.add(Cipher.TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA);
-            unimplemented.add(Cipher.TLS_DH_DSS_WITH_AES_128_CBC_SHA);
-            unimplemented.add(Cipher.TLS_DH_DSS_WITH_AES_128_CBC_SHA256);
-            unimplemented.add(Cipher.TLS_DH_DSS_WITH_AES_128_GCM_SHA256);
-            unimplemented.add(Cipher.TLS_DH_DSS_WITH_AES_256_CBC_SHA);
-            unimplemented.add(Cipher.TLS_DH_DSS_WITH_AES_256_CBC_SHA256);
-            unimplemented.add(Cipher.TLS_DH_DSS_WITH_AES_256_GCM_SHA384);
-            unimplemented.add(Cipher.TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA);
-            unimplemented.add(Cipher.TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA);
-            unimplemented.add(Cipher.TLS_DH_DSS_WITH_SEED_CBC_SHA);
-            unimplemented.add(Cipher.TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA);
-            unimplemented.add(Cipher.TLS_DH_RSA_WITH_AES_128_CBC_SHA);
-            unimplemented.add(Cipher.TLS_DH_RSA_WITH_AES_128_CBC_SHA256);
-            unimplemented.add(Cipher.TLS_DH_RSA_WITH_AES_128_GCM_SHA256);
-            unimplemented.add(Cipher.TLS_DH_RSA_WITH_AES_256_CBC_SHA);
-            unimplemented.add(Cipher.TLS_DH_RSA_WITH_AES_256_CBC_SHA256);
-            unimplemented.add(Cipher.TLS_DH_RSA_WITH_AES_256_GCM_SHA384);
-            unimplemented.add(Cipher.TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA);
-            unimplemented.add(Cipher.TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA);
-            unimplemented.add(Cipher.TLS_DH_RSA_WITH_SEED_CBC_SHA);
-            unimplemented.add(Cipher.TLS_ECDH_ECDSA_WITH_NULL_SHA);
-            unimplemented.add(Cipher.TLS_ECDH_ECDSA_WITH_RC4_128_SHA);
-            unimplemented.add(Cipher.TLS_ECDH_ECDSA_WITH_RC4_128_SHA);
-            unimplemented.add(Cipher.TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA);
-            unimplemented.add(Cipher.TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA);
-            unimplemented.add(Cipher.TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA);
-            unimplemented.add(Cipher.TLS_ECDH_RSA_WITH_NULL_SHA);
-            unimplemented.add(Cipher.TLS_ECDH_RSA_WITH_RC4_128_SHA);
-            unimplemented.add(Cipher.TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA);
-            unimplemented.add(Cipher.TLS_ECDH_RSA_WITH_AES_128_CBC_SHA);
-            unimplemented.add(Cipher.TLS_ECDH_RSA_WITH_AES_256_CBC_SHA);
-            unimplemented.add(Cipher.TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256);
-            unimplemented.add(Cipher.TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384);
-            unimplemented.add(Cipher.TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256);
-            unimplemented.add(Cipher.TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384);
-            unimplemented.add(Cipher.TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256);
-            unimplemented.add(Cipher.TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384);
-            unimplemented.add(Cipher.TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256);
-            unimplemented.add(Cipher.TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384);
-            
unimplemented.add(Cipher.TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256);
-            
unimplemented.add(Cipher.TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384);
-            
unimplemented.add(Cipher.TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256);
-            
unimplemented.add(Cipher.TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384);
-            unimplemented.add(Cipher.TLS_RSA_WITH_RC4_128_MD5);
-            unimplemented.add(Cipher.TLS_DH_anon_WITH_RC4_128_MD5);
-            unimplemented.add(Cipher.TLS_ECDHE_PSK_WITH_RC4_128_SHA);
-            unimplemented.add(Cipher.TLS_RSA_PSK_WITH_RC4_128_SHA);
-            unimplemented.add(Cipher.TLS_ECDHE_RSA_WITH_RC4_128_SHA);
-            unimplemented.add(Cipher.TLS_RSA_WITH_RC4_128_SHA);
-            unimplemented.add(Cipher.TLS_PSK_WITH_RC4_128_SHA);
-            unimplemented.add(Cipher.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA);
-            unimplemented.add(Cipher.TLS_DHE_PSK_WITH_RC4_128_SHA);
-            unimplemented.add(Cipher.TLS_ECDH_anon_WITH_RC4_128_SHA);
-            // 3DES requires a compile time switch to enable. Treat as removed.
-            unimplemented.add(Cipher.TLS_PSK_WITH_3DES_EDE_CBC_SHA);
-            unimplemented.add(Cipher.TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA);
-            unimplemented.add(Cipher.TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA);
-            unimplemented.add(Cipher.TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA);
-            unimplemented.add(Cipher.TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA);
-            unimplemented.add(Cipher.TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA);
-            unimplemented.add(Cipher.TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA);
-            unimplemented.add(Cipher.TLS_DH_anon_WITH_3DES_EDE_CBC_SHA);
-            unimplemented.add(Cipher.TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA);
-            unimplemented.add(Cipher.TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA);
-            unimplemented.add(Cipher.TLS_RSA_WITH_3DES_EDE_CBC_SHA);
-            unimplemented.add(Cipher.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA);
-            unimplemented.add(Cipher.TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA);
-            unimplemented.add(Cipher.TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA);
-        }
-
-        if (VERSION < 10101) {
-            // These were implemented in 1.1.1 so won't be available in any
-            // earlier version
-            unimplemented.add(Cipher.TLS_RSA_WITH_ARIA_128_GCM_SHA256);
-            unimplemented.add(Cipher.TLS_RSA_WITH_ARIA_256_GCM_SHA384);
-            unimplemented.add(Cipher.TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256);
-            unimplemented.add(Cipher.TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384);
-            unimplemented.add(Cipher.TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256);
-            unimplemented.add(Cipher.TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384);
-            unimplemented.add(Cipher.TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256);
-            unimplemented.add(Cipher.TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384);
-            unimplemented.add(Cipher.TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256);
-            unimplemented.add(Cipher.TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384);
-            unimplemented.add(Cipher.TLS_PSK_WITH_ARIA_128_GCM_SHA256);
-            unimplemented.add(Cipher.TLS_PSK_WITH_ARIA_256_GCM_SHA384);
-            unimplemented.add(Cipher.TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256);
-            unimplemented.add(Cipher.TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384);
-            unimplemented.add(Cipher.TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256);
-            unimplemented.add(Cipher.TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384);
-        }
-
         if (VERSION < 30000) {
             // No new ciphers in 3.0.0 so far
         } else {
-            // These were moved to the legacy provided in 3.0.0 so won't be
+            // These were moved to the legacy provider in 3.0.0 so won't be
             // available from that version onwards.
             unimplemented.add(Cipher.TLS_RSA_WITH_IDEA_CBC_SHA);
             unimplemented.add(Cipher.TLS_DH_anon_WITH_SEED_CBC_SHA);

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to