-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 George,
On 6/15/15 10:08 AM, George Stanchev wrote: > Is there any chance for the OpenSSL-style ciphers to be backported > to the 7 release line? I'm not sure. The biggest problem with the OpenSSL-style ciphers is maintaining the mapping, which might change with every release of Java and/or OpenSSL. Maintaining it in Tomcat's trunk and 8 is already double the work... adding Tomcat 7 is even more work. I think what might make sense is to wrap a command-line program around the trunk/8.0.x utility that does the mapping to build something like OpenSSL's "ciphers" command, but that dumps-out JSSE-style cipher suites . Then that could be used independently of any version of Tomcat for those versions that don't directly-support the openssl-style cipher suites configuration. What do you think? Another possibility would be to maintain the mapping somewhere other than code (where it currently is), and then share that mapping between the various versions, perhaps using svn external links. Then the maping gets updated in a single place and all supporting versions of Tomcat can pick it up. I'll defer to markt who mostly wrote the OpenSSL-JSSE bridge code to decide if that might work. - -chris > -----Original Message----- From: George Stanchev > [mailto:gstanc...@serena.com] Sent: Saturday, June 13, 2015 11:41 > AM To: Tomcat Users List Subject: RE: useServerCipherSuitesOrder > in 7.0.62 > > Thanks Konstantin, > > I apologize for the shortsightness. I guess I must have had a > space in the search dialog. Thanks for the answers! > > Cheers, > > George > > -----Original Message----- From: Konstantin Kolinko > [mailto:knst.koli...@gmail.com] Sent: Saturday, June 13, 2015 7:26 > AM To: Tomcat Users List Subject: Re: useServerCipherSuitesOrder > in 7.0.62 > > 2015-06-13 15:36 GMT+03:00 George Stanchev <gstanc...@serena.com>: >> Hi, >> >> I was looking at [1] and it looks the new attribute is available >> in 7.0.61 onwards as per Violeta's comment. However I cannot >> find this new attribute in the HTTP connector documentation [2] >> nor the changelog [3]. Can someone confirm or deny the >> availability of this attribute (useServerCipherSuitesOrder) in >> Tomcat 7.0.62. > > > #55988 [1] is mentioned in the changelog, twice (7.0.61, 7.0.60). > > "useServerCipherSuitesOrder" is mentioned in [2] (in "SSL Support > - BIO and NIO" section). > > Note that this feature requires running with Java 8. > > >> As a follow up question, I seem to remember that 8.0.latest >> supports OpenSSL-style list for the HTTP connector "ciphers" >> attribute. Does 7.0.62 also support this or it wasn't >> backported? > > > It was not backported. > > Relevant classes are in package > org.apache.tomcat.util.net.jsse.openssl: > > OpenSSLCipherConfigurationParser etc. > >> >> [1] https://bz.apache.org/bugzilla/show_bug.cgi?id=55988 [2] >> https://tomcat.apache.org/tomcat-7.0-doc/config/http.html [3] >> https://tomcat.apache.org/tomcat-7.0-doc/changelog.html > > Best regards, Konstantin Kolinko > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJVisCdAAoJEBzwKT+lPKRYDlAP/iKygYxuv7ie4h2HG16FUu3H 3EJ/f3mAVfsG/Z+Kwd3nGuC44vFTyLENWoRp0fBM6+0Awooe1uryFbKnFKy4ooJ/ ciLEo7cobKZmpbaeRbOIqxOrdXw66Z2uSeGoZ5pDXvAR23AObiW22ccereFcK3KF n027QdKzpn9TWn4rK4DLxD3gjv5NzZzZFxVdX+tMp36VxJIii+r8q8QiQzB8nssW F3yYjPHFFo+hP038hK9Pbc5M5CQvvSiU76HrxLOhEIM0YLKvsuf6PKffYCgF63ip Vqg+ctY8JotBkCpsBZ7s+lVxP0MTnzDoP8bVJdUU2/xJO5p3dOz2jUd3LaCVPNoy K/rMqGO3PiXw0ip3fkSXxxQX1q/iR1N3sosjMqcq0kyiJKvjzu7wwNktF4asIeMj Xagj6oepH0yaHTuVBz8NLaynBOoKmxQmpL8CuBBLtxkzSxDisWroTcdlDrwE4zo5 gKPKofW6T7j21cTB2xWC/DrPWmE/7L7HvglLEPy7+mcSQtG1cGwG9VKRlb0kTrv9 Y95a7AbjWFbYSD6I9Ur7mom8ZQv1B1L1su05pMQYRqWKyOmKWjYhUS73c0AQsGKi ZEYH2aQ3v6/e7jUrEmmUxM8dBRvTjjOtTIKdX8uRSYSRWQkSGTfP4sJFRuARX476 asRVs+Uiyz2o9npMbaLj =D15s -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
