tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ma...@apache.org
Subject svn commit: r1695263 - in /tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl: TestCipher.java TestOpenSSLCipherConfigurationParser.java TesterOpenSSL.java
Date Tue, 11 Aug 2015 11:15:39 GMT
Author: markt
Date: Tue Aug 11 11:15:39 2015
New Revision: 1695263

URL: http://svn.apache.org/r1695263
Log:
Get unit tests passing (using Windows binaries linked from openssl.org) for 0.9.8, 1.0.0,
1.0.1 & 1.0.2.

Modified:
    tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestCipher.java
    tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestOpenSSLCipherConfigurationParser.java
    tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TesterOpenSSL.java

Modified: tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestCipher.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestCipher.java?rev=1695263&r1=1695262&r2=1695263&view=diff
==============================================================================
--- tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestCipher.java (original)
+++ tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestCipher.java Tue Aug 11 11:15:39
2015
@@ -73,7 +73,11 @@ public class TestCipher {
      */
     @Test
     public void testOpenSSLCipherAvailability() throws Exception {
-        Set<String> availableCipherSuites = TesterOpenSSL.getOpenSSLCiphersAsSet("ALL:eNULL");
+        // OpenSSL 0.9.8 does not include aNULL or eNULL in all.
+        // OpenSSL does not include ECDH/ECDHE ciphers in all and there is no
+        //         EC alias. Use aRSA.
+        // OpenSSL 1.0.0 onwards does not include eNULL in all.
+        Set<String> availableCipherSuites = TesterOpenSSL.getOpenSSLCiphersAsSet("ALL:eNULL:aNULL:aRSA");
         Set<String> expectedCipherSuites = new HashSet<>();
         for (Cipher cipher : Cipher.values()) {
             if (TesterOpenSSL.OPENSSL_UNIMPLEMENTED_CIPHERS.contains(cipher)) {

Modified: tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestOpenSSLCipherConfigurationParser.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestOpenSSLCipherConfigurationParser.java?rev=1695263&r1=1695262&r2=1695263&view=diff
==============================================================================
--- tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestOpenSSLCipherConfigurationParser.java
(original)
+++ tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestOpenSSLCipherConfigurationParser.java
Tue Aug 11 11:15:39 2015
@@ -28,7 +28,13 @@ public class TestOpenSSLCipherConfigurat
     public void testDEFAULT() throws Exception {
         // EXPORT was removed from DEFAULT in 1.1.0 but we prefer the old
         // behaviour
-        testSpecification("DEFAULT:!EXPORT");
+        if (TesterOpenSSL.VERSION < 10000) {
+            // OpenSSL 0.9.8 excludes EC ciphers unless explicitly enabled
+            // (using aRSA:!SSLv2:!eNULL as an EC alias isn't available)
+            testSpecification("DEFAULT:!EXPORT:aRSA:!SSLv2:!eNULL");
+        } else {
+            testSpecification("DEFAULT:!EXPORT");
+        }
     }
 
 
@@ -36,19 +42,40 @@ public class TestOpenSSLCipherConfigurat
     public void testCOMPLEMENTOFDEFAULT() throws Exception {
         // EXPORT was removed from DEFAULT in 1.1.0 but we prefer the old
         // behaviour
-        testSpecification("COMPLEMENTOFDEFAULT:EXPORT");
+        if (TesterOpenSSL.VERSION < 10000) {
+            // OpenSSL 0.9.8 excludes aNULL unless explicitly enabled
+            testSpecification("COMPLEMENTOFDEFAULT:EXPORT:aNULL");
+        } else {
+            testSpecification("COMPLEMENTOFDEFAULT:EXPORT");
+        }
     }
 
 
     @Test
     public void testALL() throws Exception {
-        testSpecification("ALL");
+        if (TesterOpenSSL.VERSION < 10000) {
+            // OpenSSL 0.9.8 excludes aNULL unless explicitly enabled whereas
+            // later versions include it.
+            // OpenSSL 0.9.8 excludes EC ciphers unless explicitly enabled
+            // (using aRSA:kECDHr as an EC alias isn't available)
+            testSpecification("ALL:aNULL:aRSA:kECDHr");
+        } else {
+            testSpecification("ALL");
+        }
     }
 
 
     @Test
     public void testCOMPLEMENTOFALL() throws Exception {
-        testSpecification("COMPLEMENTOFALL");
+        if (TesterOpenSSL.VERSION < 10000) {
+            // OpenSSL 0.9.8 excludes aNULL unless explicitly enabled whereas
+            // later versions include it.
+            // OpenSSL 0.9.8 excludes EC ciphers unless explicitly enabled
+            // (using aRSA:kECDHr as an EC alias isn't available)
+            testSpecification("COMPLEMENTOFALL:!aNULL:!aRSA:!kECDHr");
+        } else {
+            testSpecification("COMPLEMENTOFALL");
+        }
     }
 
 
@@ -60,19 +87,56 @@ public class TestOpenSSLCipherConfigurat
 
     @Test
     public void testeNULL() throws Exception {
-        testSpecification("eNULL");
+        if (TesterOpenSSL.VERSION < 10000) {
+            // OpenSSL 0.9.8 excludes aNULL unless explicitly enabled
+            // OpenSSL 0.9.8 excludes EC ciphers unless explicitly enabled
+            // (using aRSA as an EC alias isn't available)
+            testSpecification("eNULL:eNULL+aNULL:eNULL+aRSA");
+        } else {
+            testSpecification("eNULL");
+        }
     }
 
 
     @Test
     public void testHIGH() throws Exception {
-        testSpecification("HIGH");
+        if (TesterOpenSSL.VERSION < 10000) {
+            // OpenSSL 0.9.8 excludes aNULL unless explicitly enabled
+            // OpenSSL 0.9.8 describes the following ciphers as HIGH whereas
+            // later versions use MEDIUM
+            //   TLS_ECDH_anon_WITH_RC4_128_SHA (AECDH-RC4-SHA)
+            //   TLS_ECDHE_RSA_WITH_RC4_128_SHA (ECDHE-RSA-RC4-SHA)
+            //   TLS_ECDH_RSA_WITH_RC4_128_SHA  (ECDH-RSA-RC4-SHA)
+            //   TLS_ECDHE_RSA_WITH_NULL_SHA    (ECDHE-RSA-NULL-SHA)
+            //   TLS_ECDH_RSA_WITH_NULL_SHA     (ECDH-RSA-NULL-SHA)
+            //
+            // OpenSSL 0.9.8 describes TLS_ECDH_anon_WITH_NULL_SHA
+            // (AECDH-NULL-SHA) as HIGH whereas later versions use STRONG_NONE
+            // OpenSSL 0.9.8 excludes EC ciphers unless explicitly enabled
+            // (using aRSA as an EC alias isn't available)
+            testSpecification("HIGH:HIGH+aNULL:HIGH+aRSA:" +
+                    "!AECDH-RC4-SHA:!ECDHE-RSA-RC4-SHA:!ECDH-RSA-RC4-SHA:!ECDHE-RSA-NULL-SHA:!ECDH-RSA-NULL-SHA:"
+
+                    "!AECDH-NULL-SHA");
+        } else {
+            testSpecification("HIGH");
+        }
     }
 
 
     @Test
     public void testMEDIUM() throws Exception {
-        testSpecification("MEDIUM");
+        if (TesterOpenSSL.VERSION < 10000) {
+            // OpenSSL 0.9.8 describes the following ciphers as HIGH whereas
+            // later versions use MEDIUM
+            //   TLS_ECDH_anon_WITH_RC4_128_SHA (AECDH-RC4-SHA)
+            //   TLS_ECDHE_RSA_WITH_RC4_128_SHA (ECDHE-RSA-RC4-SHA)
+            //   TLS_ECDH_RSA_WITH_RC4_128_SHA  (ECDH-RSA-RC4-SHA)
+            //   TLS_ECDHE_RSA_WITH_NULL_SHA    (ECDHE-RSA-NULL-SHA)
+            //   TLS_ECDH_RSA_WITH_NULL_SHA     (ECDH-RSA-NULL-SHA)
+            testSpecification("MEDIUM:AECDH-RC4-SHA:ECDHE-RSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDHE-RSA-NULL-SHA:ECDH-RSA-NULL-SHA");
+        } else {
+            testSpecification("MEDIUM");
+        }
     }
 
 
@@ -102,7 +166,12 @@ public class TestOpenSSLCipherConfigurat
 
     @Test
     public void testaRSA() throws Exception {
-        testSpecification("aRSA");
+        if (TesterOpenSSL.VERSION < 10000) {
+            // OpenSSL 0.9.8 treats kECDHr as aRSA
+            testSpecification("aRSA:kECDHr");
+        } else {
+            testSpecification("aRSA");
+        }
     }
 
 
@@ -129,7 +198,10 @@ public class TestOpenSSLCipherConfigurat
 
     @Test
     public void testEDH() throws Exception {
-        testSpecification("EDH");
+        // This alias was introduced in 1.0.0
+        if (TesterOpenSSL.VERSION >= 10000) {
+            testSpecification("EDH");
+        }
     }
 
 
@@ -162,7 +234,10 @@ public class TestOpenSSLCipherConfigurat
 
     @Test
     public void testkECDHr() throws Exception {
-        testSpecification("kECDHr");
+        // This alias was introduced in 1.0.0
+        if (TesterOpenSSL.VERSION >= 10000) {
+            testSpecification("kECDHr");
+        }
     }
 
 
@@ -174,19 +249,28 @@ public class TestOpenSSLCipherConfigurat
 
     @Test
     public void testkECDH() throws Exception {
-        testSpecification("kECDH");
+        // This alias was introduced in 1.0.0
+        if (TesterOpenSSL.VERSION >= 10000) {
+            testSpecification("kECDH");
+        }
     }
 
 
     @Test
     public void testkEECDH() throws Exception {
-        testSpecification("kEECDH");
+     // This alias was introduced in 1.0.0
+        if (TesterOpenSSL.VERSION >= 10000) {
+            testSpecification("kEECDH");
+        }
     }
 
 
     @Test
     public void testECDH() throws Exception {
-        testSpecification("ECDH");
+        // This alias was introduced in 1.0.0
+        if (TesterOpenSSL.VERSION >= 10000) {
+            testSpecification("ECDH");
+        }
     }
 
 
@@ -213,7 +297,10 @@ public class TestOpenSSLCipherConfigurat
 
     @Test
     public void testAECDH() throws Exception {
-        testSpecification("AECDH");
+        // This alias was introduced in 1.0.0
+        if (TesterOpenSSL.VERSION >= 10000) {
+            testSpecification("AECDH");
+        }
     }
 
 
@@ -231,7 +318,10 @@ public class TestOpenSSLCipherConfigurat
 
     @Test
     public void testaECDH() throws Exception {
-        testSpecification("aECDH");
+        // This alias was introduced in 1.0.0
+        if (TesterOpenSSL.VERSION >= 10000) {
+            testSpecification("aECDH");
+        }
     }
 
 
@@ -279,7 +369,14 @@ public class TestOpenSSLCipherConfigurat
 
     @Test
     public void testTLSv1() throws Exception {
-        testSpecification("TLSv1");
+        if (TesterOpenSSL.VERSION < 10000) {
+            // OpenSSL 0.9.8 excludes aNULL unless explicitly enabled
+            // OpenSSL 0.9.8 excludes EC ciphers unless explicitly enabled
+            // (using aRSA as an EC alias isn't available)
+            testSpecification("TLSv1:TLSv1+aNULL:TLSv1+aRSA");
+        } else {
+            testSpecification("TLSv1");
+        }
     }
 
 
@@ -291,7 +388,14 @@ public class TestOpenSSLCipherConfigurat
 
     @Test
     public void testSSLv3() throws Exception {
-        testSpecification("SSLv3");
+        if (TesterOpenSSL.VERSION < 10000) {
+            // OpenSSL 0.9.8 excludes aNULL unless explicitly enabled
+            // OpenSSL 0.9.8 excludes EC ciphers unless explicitly enabled
+            // (using aRSA as an EC alias isn't available)
+            testSpecification("SSLv3:SSLv3+aNULL:SSLv3+aRSA");
+        } else {
+            testSpecification("SSLv3");
+        }
     }
 
 
@@ -309,19 +413,32 @@ public class TestOpenSSLCipherConfigurat
 
     @Test
     public void testAES128() throws Exception {
-        testSpecification("AES128");
+        // This alias was introduced in 1.0.0
+        if (TesterOpenSSL.VERSION >= 10000) {
+            testSpecification("AES128");
+        }
     }
 
 
     @Test
     public void testAES256() throws Exception {
-        testSpecification("AES256");
+        // This alias was introduced in 1.0.0
+        if (TesterOpenSSL.VERSION >= 10000) {
+            testSpecification("AES256");
+        }
     }
 
 
     @Test
     public void testAES() throws Exception {
-        testSpecification("AES");
+        if (TesterOpenSSL.VERSION < 10000) {
+            // OpenSSL 0.9.8 excludes aNULL unless explicitly enabled
+            // OpenSSL 0.9.8 excludes EC ciphers unless explicitly enabled
+            // (using aRSA as an EC alias isn't available)
+            testSpecification("AES:AES+aNULL:AES+aRSA");
+        } else {
+            testSpecification("AES");
+        }
     }
 
 
@@ -351,7 +468,14 @@ public class TestOpenSSLCipherConfigurat
 
     @Test
     public void test3DES() throws Exception {
-        testSpecification("3DES");
+        if (TesterOpenSSL.VERSION < 10000) {
+            // OpenSSL 0.9.8 excludes aNULL unless explicitly enabled
+            // OpenSSL 0.9.8 excludes EC ciphers unless explicitly enabled
+            // (using aRSA as an EC alias isn't available)
+            testSpecification("3DES:3DES+aNULL:3DES+aRSA");
+        } else {
+            testSpecification("3DES");
+        }
     }
 
 
@@ -363,7 +487,12 @@ public class TestOpenSSLCipherConfigurat
 
     @Test
     public void testRC4() throws Exception {
-        testSpecification("RC4");
+        if (TesterOpenSSL.VERSION < 10000) {
+            // OpenSSL 0.9.8 excludes aNULL unless explicitly enabled
+            testSpecification("RC4:RC4+aNULL:RC4+aRSA");
+        } else {
+            testSpecification("RC4");
+        }
     }
 
 
@@ -393,13 +522,27 @@ public class TestOpenSSLCipherConfigurat
 
     @Test
     public void testSHA1() throws Exception {
-        testSpecification("SHA1");
+        if (TesterOpenSSL.VERSION < 10000) {
+            // OpenSSL 0.9.8 excludes aNULL unless explicitly enabled
+            // OpenSSL 0.9.8 excludes EC ciphers unless explicitly enabled
+            // (using aRSA as an EC alias isn't available)
+            testSpecification("SHA1:SHA1+aNULL:SHA1+aRSA");
+        } else {
+            testSpecification("SHA1");
+        }
     }
 
 
     @Test
     public void testSHA() throws Exception {
-        testSpecification("SHA");
+        if (TesterOpenSSL.VERSION < 10000) {
+            // OpenSSL 0.9.8 excludes aNULL unless explicitly enabled
+            // OpenSSL 0.9.8 excludes EC ciphers unless explicitly enabled
+            // (using aRSA as an EC alias isn't available)
+            testSpecification("SHA:SHA+aNULL:SHA+aRSA");
+        } else {
+            testSpecification("SHA");
+        }
     }
 
 
@@ -470,24 +613,37 @@ public class TestOpenSSLCipherConfigurat
         // Tomcat 8 default as of 2014-08-04
         // This gets an A- from https://www.ssllabs.com/ssltest with no FS for
         // a number of the reference browsers
-        testSpecification("HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5");
+        if (TesterOpenSSL.VERSION < 10000) {
+            // OpenSSL 0.9.8 excludes EC ciphers unless explicitly enabled
+            // (using aRSA:kECDHr as an EC alias isn't available)
+            testSpecification("HIGH:aRSA:kECDHr:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5");
+        } else {
+            testSpecification("HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5");
+        }
     }
 
 
     @Test
     public void testSpecification02() throws Exception {
         // Suggestion from dev list (s/ECDHE/kEECDH/, s/DHE/EDH/
-        testSpecification("!aNULL:!eNULL:!EXPORT:!DSS:!DES:!SSLv2:kEECDH:ECDH:EDH:AES256-GCM-SHA384:AES128-GCM-SHA256:+RC4:HIGH:MEDIUM");
+        if (TesterOpenSSL.VERSION < 10000) {
+            // OpenSSL 0.9.8 excludes EC ciphers unless explicitly enabled
+            // (using aRSA:kECDHr as an EC alias isn't available)
+        } else {
+            testSpecification("!aNULL:!eNULL:!EXPORT:!DSS:!DES:!SSLv2:kEECDH:ECDH:EDH:AES256-GCM-SHA384:AES128-GCM-SHA256:+RC4:HIGH:aRSA:kECDHr:MEDIUM");
+        }
     }
 
 
     @Test
     public void testSpecification03() throws Exception {
         // Reported as failing during 8.0.11 release vote by Ognjen Blagojevic
-        testSpecification("EECDH+aRSA+SHA384:EECDH:EDH+aRSA:RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS");
+        // EDH was introduced in 1.0.0
+        if (TesterOpenSSL.VERSION >= 10000) {
+            testSpecification("EECDH+aRSA+SHA384:EECDH:EDH+aRSA:RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS");
+        }
     }
 
-
     private void testSpecification(String specification) throws Exception {
         // Filter out cipher suites that OpenSSL does not implement
         String openSSLCipherList = TesterOpenSSL.getOpenSSLCiphersAsExpression(specification);

Modified: tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TesterOpenSSL.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TesterOpenSSL.java?rev=1695263&r1=1695262&r2=1695263&view=diff
==============================================================================
--- tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TesterOpenSSL.java (original)
+++ tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TesterOpenSSL.java Tue Aug 11
11:15:39 2015
@@ -63,15 +63,7 @@ public class TesterOpenSSL {
         // Note: The following lists are intended to be aligned with the most
         //       recent release of each OpenSSL release branch
 
-        // TODO Validate this for all current OpenSSL versions
-        //      0.9.8 - TODO
-        //      1.0.0 - TODO
-        //      1.0.1 - Done
-        //      1.0.2 - Done
-        //      1.1.0 - Done
-
-        // These were removed in 0.9.8 (or earlier) so won't be available in any
-        // supported version.
+        // These have been removed from all supported versions.
         unimplemented.add(Cipher.TLS_DHE_DSS_WITH_RC4_128_SHA);
         unimplemented.add(Cipher.TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA);
         unimplemented.add(Cipher.TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA);
@@ -83,35 +75,84 @@ public class TesterOpenSSL {
         if (VERSION < 10000) {
             // These were implemented in 1.0.0 so won't be available in any
             // earlier version
+            unimplemented.add(Cipher.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA);
+            unimplemented.add(Cipher.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA);
+            unimplemented.add(Cipher.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA);
+            unimplemented.add(Cipher.TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA);
+            unimplemented.add(Cipher.TLS_ECDHE_ECDSA_WITH_NULL_SHA);
+            unimplemented.add(Cipher.TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA);
+            unimplemented.add(Cipher.TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA);
+            unimplemented.add(Cipher.TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA);
+            unimplemented.add(Cipher.TLS_RSA_WITH_CAMELLIA_256_CBC_SHA);
+            unimplemented.add(Cipher.TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA);
+            unimplemented.add(Cipher.TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA);
+            unimplemented.add(Cipher.TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA);
+            unimplemented.add(Cipher.TLS_RSA_WITH_CAMELLIA_128_CBC_SHA);
+            unimplemented.add(Cipher.TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA);
+            unimplemented.add(Cipher.TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA);
+            unimplemented.add(Cipher.TLS_PSK_WITH_AES_128_CBC_SHA);
+            unimplemented.add(Cipher.TLS_PSK_WITH_AES_256_CBC_SHA);
+            unimplemented.add(Cipher.TLS_DHE_RSA_WITH_SEED_CBC_SHA);
+            unimplemented.add(Cipher.TLS_DHE_DSS_WITH_SEED_CBC_SHA);
+            unimplemented.add(Cipher.TLS_DH_anon_WITH_SEED_CBC_SHA);
+            unimplemented.add(Cipher.TLS_RSA_WITH_SEED_CBC_SHA);
+            unimplemented.add(Cipher.TLS_ECDH_ECDSA_WITH_RC4_128_SHA);
+            unimplemented.add(Cipher.TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA);
+            unimplemented.add(Cipher.TLS_ECDH_ECDSA_WITH_NULL_SHA);
+            unimplemented.add(Cipher.TLS_PSK_WITH_RC4_128_SHA);
+            unimplemented.add(Cipher.TLS_PSK_WITH_3DES_EDE_CBC_SHA);
         } else {
             // These were removed in 1.0.0 so won't be available from that
             // version onwards.
+            // None at present.
         }
 
 
         if (VERSION < 10001) {
             // These were added in 1.0.1 so won't be available in any earlier
             // version
-            unimplemented.add(Cipher.TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256);
-            unimplemented.add(Cipher.TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256);
-            unimplemented.add(Cipher.TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256);
-            unimplemented.add(Cipher.TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256);
-            unimplemented.add(Cipher.TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256);
-            unimplemented.add(Cipher.TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256);
-            unimplemented.add(Cipher.TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256);
-            unimplemented.add(Cipher.TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256);
-            unimplemented.add(Cipher.TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256);
-            unimplemented.add(Cipher.TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256);
-            unimplemented.add(Cipher.TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256);
-            unimplemented.add(Cipher.TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384);
-            unimplemented.add(Cipher.TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256);
-            unimplemented.add(Cipher.TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384);
-            unimplemented.add(Cipher.TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256);
-            unimplemented.add(Cipher.TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384);
-            unimplemented.add(Cipher.TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256);
-            unimplemented.add(Cipher.TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384);
-            unimplemented.add(Cipher.TLS_PSK_WITH_AES_128_GCM_SHA256);
-            unimplemented.add(Cipher.TLS_PSK_WITH_AES_256_GCM_SHA384);
+            unimplemented.add(Cipher.TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA);
+            unimplemented.add(Cipher.TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA);
+            unimplemented.add(Cipher.TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA);
+            unimplemented.add(Cipher.TLS_SRP_SHA_WITH_AES_128_CBC_SHA);
+            unimplemented.add(Cipher.TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA);
+            unimplemented.add(Cipher.TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA);
+            unimplemented.add(Cipher.TLS_SRP_SHA_WITH_AES_256_CBC_SHA);
+            unimplemented.add(Cipher.TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA);
+            unimplemented.add(Cipher.TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA);
+            unimplemented.add(Cipher.TLS_RSA_WITH_AES_256_GCM_SHA384);
+            unimplemented.add(Cipher.TLS_DHE_DSS_WITH_AES_128_CBC_SHA256);
+            unimplemented.add(Cipher.TLS_DHE_DSS_WITH_AES_256_CBC_SHA256);
+            unimplemented.add(Cipher.TLS_DHE_RSA_WITH_AES_128_CBC_SHA256);
+            unimplemented.add(Cipher.TLS_DHE_RSA_WITH_AES_256_CBC_SHA256);
+            unimplemented.add(Cipher.TLS_DH_anon_WITH_AES_128_CBC_SHA256);
+            unimplemented.add(Cipher.TLS_DH_anon_WITH_AES_256_CBC_SHA256);
+            unimplemented.add(Cipher.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384);
+            unimplemented.add(Cipher.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384);
+            unimplemented.add(Cipher.TLS_DHE_DSS_WITH_AES_256_GCM_SHA384);
+            unimplemented.add(Cipher.TLS_DHE_RSA_WITH_AES_256_GCM_SHA384);
+            unimplemented.add(Cipher.TLS_DH_anon_WITH_AES_256_GCM_SHA384);
+            unimplemented.add(Cipher.TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384);
+            unimplemented.add(Cipher.TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384);
+            unimplemented.add(Cipher.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256);
+            unimplemented.add(Cipher.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256);
+            unimplemented.add(Cipher.TLS_DHE_DSS_WITH_AES_128_GCM_SHA256);
+            unimplemented.add(Cipher.TLS_DHE_RSA_WITH_AES_128_GCM_SHA256);
+            unimplemented.add(Cipher.TLS_DH_anon_WITH_AES_128_GCM_SHA256);
+            unimplemented.add(Cipher.TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256);
+            unimplemented.add(Cipher.TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256);
+            unimplemented.add(Cipher.TLS_RSA_WITH_AES_128_GCM_SHA256);
+            unimplemented.add(Cipher.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384);
+            unimplemented.add(Cipher.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384);
+            unimplemented.add(Cipher.TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384);
+            unimplemented.add(Cipher.TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384);
+            unimplemented.add(Cipher.TLS_RSA_WITH_AES_256_CBC_SHA256);
+            unimplemented.add(Cipher.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256);
+            unimplemented.add(Cipher.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256);
+            unimplemented.add(Cipher.TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256);
+            unimplemented.add(Cipher.TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256);
+            unimplemented.add(Cipher.TLS_RSA_WITH_AES_128_CBC_SHA256);
+            unimplemented.add(Cipher.TLS_RSA_WITH_NULL_SHA256);
         } else {
             // These were removed in 1.0.1 so won't be available from that
             // version onwards.
@@ -268,7 +309,11 @@ public class TesterOpenSSL {
         if (specification == null) {
             stdout = executeOpenSSLCommand("ciphers", "-v");
         } else {
-            stdout = executeOpenSSLCommand("ciphers", "-v", specification);
+            if (VERSION < 10000) {
+                stdout = executeOpenSSLCommand("ciphers", "-v", specification);
+            } else {
+                stdout = executeOpenSSLCommand("ciphers", "-v", specification);
+            }
         }
 
         if (stdout.length() == 0) {



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message