tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject [Bug 53952] Add support for TLS 1.1 and 1.2
Date Fri, 05 Apr 2013 14:27:13 GMT

--- Comment #20 from Christopher Schultz <> ---
Given the comment in OpenSSL that SSL_OP_PKCS1_CHECK_{1,2} were never used, I
think it's reasonable to use the new symbolic names and remove the old ones.
Note that it will also require a patch to Tomcat trunk as well.

Interestingly, there is this comment in o.a.t.jni.SSL:

    /* The next flag deliberately changes the ciphertest, this is a check
     * for the PKCS#1 attack */
    public static final int SSL_OP_PKCS1_CHECK_1                    =
    public static final int SSL_OP_PKCS1_CHECK_2                    =

Neither of these constants are used anywhere in Tomcat trunk, so I'm not sure
a) what that comment means and b) whether there is anything to be concerned

That comment is attributed to mturk, but so is nearly the entire file, so I
suspect that his commit r423920 just ended up touching every line in the file
or something.

tcnative's code has the same comment in the same place ( attributed to
mturk in r300716, where it seems those constants were actually added. That was
way back in 2005. I wonder if Mladen remembers whether that comment is relevant

You are receiving this mail because:
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message