|
|
6655a9 |
diff -up src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java.cfu src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java
|
|
|
6655a9 |
--- src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java.cfu 2016-06-29 18:54:38.498127146 -0600
|
|
|
6655a9 |
+++ src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java 2016-06-29 18:56:38.646778769 -0600
|
|
|
6655a9 |
@@ -96,8 +96,12 @@ public class JSSSocketFactory implements
|
|
|
6655a9 |
SSLSocket.SSL3_RSA_EXPORT_WITH_DES40_CBC_SHA);
|
|
|
6655a9 |
cipherMap.put("SSL3_RSA_WITH_DES_CBC_SHA",
|
|
|
6655a9 |
SSLSocket.SSL3_RSA_WITH_DES_CBC_SHA);
|
|
|
6655a9 |
+
|
|
|
6655a9 |
cipherMap.put("SSL3_RSA_WITH_3DES_EDE_CBC_SHA",
|
|
|
6655a9 |
SSLSocket.SSL3_RSA_WITH_3DES_EDE_CBC_SHA);
|
|
|
6655a9 |
+ // deprecated SSL3.0 names replaced by IANA-registered TLS names
|
|
|
6655a9 |
+ cipherMap.put("TLS_RSA_WITH_3DES_EDE_CBC_SHA",
|
|
|
6655a9 |
+ SSLSocket.SSL3_RSA_WITH_3DES_EDE_CBC_SHA);
|
|
|
6655a9 |
|
|
|
6655a9 |
cipherMap.put("SSL3_DH_DSS_EXPORT_WITH_DES40_CBC_SHA",
|
|
|
6655a9 |
SSLSocket.SSL3_DH_DSS_EXPORT_WITH_DES40_CBC_SHA);
|
|
|
6655a9 |
@@ -116,14 +120,23 @@ public class JSSSocketFactory implements
|
|
|
6655a9 |
SSLSocket.SSL3_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA);
|
|
|
6655a9 |
cipherMap.put("SSL3_DHE_DSS_WITH_DES_CBC_SHA",
|
|
|
6655a9 |
SSLSocket.SSL3_DHE_DSS_WITH_DES_CBC_SHA);
|
|
|
6655a9 |
+
|
|
|
6655a9 |
cipherMap.put("SSL3_DHE_DSS_WITH_3DES_EDE_CBC_SHA",
|
|
|
6655a9 |
SSLSocket.SSL3_DHE_DSS_WITH_3DES_EDE_CBC_SHA);
|
|
|
6655a9 |
+ // deprecated SSL3.0 names replaced by IANA-registered TLS names
|
|
|
6655a9 |
+ cipherMap.put("TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA",
|
|
|
6655a9 |
+ SSLSocket.SSL3_DHE_DSS_WITH_3DES_EDE_CBC_SHA);
|
|
|
6655a9 |
+
|
|
|
6655a9 |
cipherMap.put("SSL3_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
|
|
|
6655a9 |
SSLSocket.SSL3_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA);
|
|
|
6655a9 |
cipherMap.put("SSL3_DHE_RSA_WITH_DES_CBC_SHA",
|
|
|
6655a9 |
SSLSocket.SSL3_DHE_RSA_WITH_DES_CBC_SHA);
|
|
|
6655a9 |
+
|
|
|
6655a9 |
cipherMap.put("SSL3_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
|
|
|
6655a9 |
SSLSocket.SSL3_DHE_RSA_WITH_3DES_EDE_CBC_SHA);
|
|
|
6655a9 |
+ // deprecated SSL3.0 names replaced by IANA-registered TLS names
|
|
|
6655a9 |
+ cipherMap.put("TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
|
|
|
6655a9 |
+ SSLSocket.SSL3_DHE_RSA_WITH_3DES_EDE_CBC_SHA);
|
|
|
6655a9 |
|
|
|
6655a9 |
cipherMap.put("SSL3_DH_ANON_EXPORT_WITH_RC4_40_MD5",
|
|
|
6655a9 |
SSLSocket.SSL3_DH_ANON_EXPORT_WITH_RC4_40_MD5);
|
|
|
6655a9 |
@@ -264,6 +277,12 @@ public class JSSSocketFactory implements
|
|
|
6655a9 |
cipherMap.put("TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256",
|
|
|
6655a9 |
SSLSocket.TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256);
|
|
|
6655a9 |
|
|
|
6655a9 |
+ cipherMap.put("TLS_ECDH_RSA_WITH_AES_256_CBC_SHA",
|
|
|
6655a9 |
+ SSLSocket.TLS_ECDH_RSA_WITH_AES_256_CBC_SHA);
|
|
|
6655a9 |
+ cipherMap.put("TLS_ECDH_RSA_WITH_AES_128_CBC_SHA",
|
|
|
6655a9 |
+ SSLSocket.TLS_ECDH_RSA_WITH_AES_128_CBC_SHA);
|
|
|
6655a9 |
+ cipherMap.put("TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA",
|
|
|
6655a9 |
+ SSLSocket.TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA);
|
|
|
6655a9 |
}
|
|
|
6655a9 |
|
|
|
6655a9 |
private static HashMap<Integer, String> eccCipherMap = new HashMap<Integer, String>();
|
|
|
6655a9 |
@@ -308,6 +327,8 @@ public class JSSSocketFactory implements
|
|
|
6655a9 |
"TLS_ECDH_RSA_WITH_NULL_SHA");
|
|
|
6655a9 |
eccCipherMap.put(SSLSocket.TLS_ECDH_ECDSA_WITH_NULL_SHA,
|
|
|
6655a9 |
"TLS_ECDH_ECDSA_WITH_NULL_SHA");
|
|
|
6655a9 |
+ eccCipherMap.put(SSLSocket.TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
|
|
|
6655a9 |
+ "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256");
|
|
|
6655a9 |
}
|
|
|
6655a9 |
|
|
|
6655a9 |
private AbstractEndpoint endpoint;
|
|
|
6655a9 |
@@ -393,6 +414,7 @@ public class JSSSocketFactory implements
|
|
|
6655a9 |
+ ": 0x" + Integer.toHexString(cipherid) + "\n");
|
|
|
6655a9 |
SSLSocket.setCipherPreferenceDefault(cipherid, state);
|
|
|
6655a9 |
} catch (Exception e) {
|
|
|
6655a9 |
+ System.err.println("SSLSocket.setCipherPreferenceDefault exception:" +e);
|
|
|
6655a9 |
if (eccCipherMap.containsKey(cipherid)) {
|
|
|
6655a9 |
System.err
|
|
|
6655a9 |
.println("Warning: SSL ECC cipher \""
|