rpms / tomcatjss

Clone
Source Code
GIT

Blame SOURCES/tomcatjss-add-TLS-SHA384-ciphers.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8-beta-stream-10.6 c8-stream-10.6 c8s-stream-10.6 c9 c9-beta
  1.   962a554aa74ebbe3a9d72d8e67c9941549c81bcc
  2.   SOURCES
  3.   tomcatjss-add-TLS-SHA384-ciphers.patch
Blob History Raw
b0499a 
From 1970d6bf47e4ce3a43de370ada5c3e882d7a7cb0 Mon Sep 17 00:00:00 2001
b0499a 
From: Christina Fu <cfu@redhat.com>
b0499a 
Date: Fri, 29 Jun 2018 15:04:43 -0700
b0499a 
Subject: [PATCH] Ticket #11 Add support for TLS_*_SHA384 ciphers
b0499a
b0499a 
This patch adds support for TLS_*_SHA384 ciphers which NSS now supports.
b0499a
b0499a 
fixes: https://pagure.io/tomcatjss/issue/11
b0499a 
---
b0499a 
 .../tomcat/util/net/jss/JSSSocketFactory.java      | 43 +++++++++++++++++++++-
b0499a 
 1 file changed, 41 insertions(+), 2 deletions(-)
b0499a
b0499a 
diff --git a/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java b/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java
b0499a 
index f974a89..b38b091 100644
b0499a 
--- a/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java
b0499a 
+++ b/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java
b0499a 
@@ -290,6 +290,22 @@ public class JSSSocketFactory implements
b0499a 
                 SSLSocket.TLS_ECDH_RSA_WITH_AES_128_CBC_SHA);
b0499a 
         cipherMap.put("TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA",
b0499a 
                 SSLSocket.TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA);
b0499a 
+
b0499a 
+        // TLS_*_SHA384
b0499a 
+        cipherMap.put("TLS_RSA_WITH_AES_256_GCM_SHA384",
b0499a 
+                SSLSocket.TLS_RSA_WITH_AES_256_GCM_SHA384);
b0499a 
+        cipherMap.put("TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",
b0499a 
+                SSLSocket.TLS_DHE_RSA_WITH_AES_256_GCM_SHA384);
b0499a 
+        cipherMap.put("TLS_DHE_DSS_WITH_AES_256_GCM_SHA384",
b0499a 
+                SSLSocket.TLS_DHE_DSS_WITH_AES_256_GCM_SHA384);
b0499a 
+        cipherMap.put("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
b0499a 
+                SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384);
b0499a 
+        cipherMap.put("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
b0499a 
+                SSLSocket.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384);
b0499a 
+        cipherMap.put("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
b0499a 
+                SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384);
b0499a 
+        cipherMap.put("TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
b0499a 
+                SSLSocket.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384);
b0499a 
     }
b0499a
b0499a 
     private static HashMap<Integer, String> eccCipherMap = new HashMap<Integer, String>();
b0499a 
@@ -338,6 +354,22 @@ public class JSSSocketFactory implements
b0499a 
         eccCipherMap.put(SSLSocket.TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
b0499a 
                 "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256");
b0499a 
 */
b0499a 
+
b0499a 
+        // TLS_*_SHA384
b0499a 
+        eccCipherMap.put(SSLSocket.TLS_RSA_WITH_AES_256_GCM_SHA384,
b0499a 
+                "TLS_RSA_WITH_AES_256_GCM_SHA384");
b0499a 
+        eccCipherMap.put(SSLSocket.TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
b0499a 
+                "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384");
b0499a 
+        eccCipherMap.put(SSLSocket.TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,
b0499a 
+                "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384");
b0499a 
+        eccCipherMap.put(SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
b0499a 
+                "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384");
b0499a 
+        eccCipherMap.put(SSLSocket.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
b0499a 
+                "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384");
b0499a 
+        eccCipherMap.put(SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
b0499a 
+                "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384");
b0499a 
+        eccCipherMap.put(SSLSocket.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
b0499a 
+                "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384");
b0499a 
     }
b0499a
b0499a 
     private AbstractEndpoint endpoint;
b0499a 
@@ -429,23 +461,30 @@ public class JSSSocketFactory implements
b0499a 
             }
b0499a 
             if (cipherid != 0) {
b0499a 
                 try {
b0499a 
-                    debugWrite("JSSSocketFactory setSSLCiphers:  " + cipherstr
b0499a 
+                    debugWrite("JSSSocketFactory setSSLCiphers: setting: " + cipherstr
b0499a 
                             + ": 0x" + Integer.toHexString(cipherid) + "\n");
b0499a 
                     SSLSocket.setCipherPreferenceDefault(cipherid, state);
b0499a 
+                    debugWrite("JSSSocketFactory setSSLCiphers: done setting: " + cipherstr
b0499a 
+                            + ": 0x" + Integer.toHexString(cipherid) + "\n");
b0499a 
                 } catch (Exception e) {
b0499a 
-                    System.err.println("SSLSocket.setCipherPreferenceDefault exception:" +e);
b0499a 
+                    String errMsg = "SSLSocket.setCipherPreferenceDefault exception on: " + cipherstr + " : " +e;
b0499a 
+                    System.err.println(errMsg);
b0499a 
+                    debugWrite("JSSSocketFactory setSSLCiphers: " + errMsg);
b0499a 
                     if (eccCipherMap.containsKey(cipherid)) {
b0499a 
+                        debugWrite("JSSSocketFactory setSSLCiphers: Warning: cipher exists in eccCipherMap");
b0499a 
                         System.err
b0499a 
                                 .println("Warning: SSL ECC cipher \""
b0499a 
                                         + text
b0499a 
                                         + "\" unsupported by NSS. "
b0499a 
                                         + "This is probably O.K. unless ECC support has been installed.");
b0499a 
                     } else {
b0499a 
+                        debugWrite("JSSSocketFactory setSSLCiphers: Error: cipher does not exist in eccCipherMap");
b0499a 
                         System.err.println("Error: SSL cipher \"" + text
b0499a 
                                 + "\" unsupported by NSS");
b0499a 
                     }
b0499a 
                 }
b0499a 
             } else {
b0499a 
+                debugWrite("JSSSocketFactory setSSLCiphers: Error: cipher not recognized by tomcatjss");
b0499a 
                 System.err.println("Error: SSL cipher \"" + text
b0499a 
                         + "\" not recognized by tomcatjss");
b0499a 
             }
b0499a 
--
b0499a 
2.14.4
b0499a

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation