Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 911968 Details for
Bug 1078204
SSL connector fails to start if cipher-suite="ALL"
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
Patch that fixes the missing aliases and adds some debug messages to help testing
bz-1078204-missing-aliases.patch (text/plain), 11.35 KB, created by
Emmanuel Hugonnet (ehsavoie)
on 2014-06-25 08:00:33 UTC
(
hide
)
Description:
Patch that fixes the missing aliases and adds some debug messages to help testing
Filename:
MIME Type:
Creator:
Emmanuel Hugonnet (ehsavoie)
Created:
2014-06-25 08:00:33 UTC
Size:
11.35 KB
patch
obsolete
>Index: src/main/java/org/apache/tomcat/util/net/jsse/JSSELogger.java >=================================================================== >--- src/main/java/org/apache/tomcat/util/net/jsse/JSSELogger.java (révision 0) >+++ src/main/java/org/apache/tomcat/util/net/jsse/JSSELogger.java (copie de travail) >@@ -0,0 +1,55 @@ >+/* >+ * Copyright (C) 2014 Red Hat, inc., and individual contributors >+ * as indicated by the @author tags. See the copyright.txt file in the >+ * distribution for a full listing of individual contributors. >+ * >+ * This library is free software; you can redistribute it and/or >+ * modify it under the terms of the GNU Lesser General Public >+ * License as published by the Free Software Foundation; either >+ * version 2.1 of the License, or (at your option) any later version. >+ * >+ * This library is distributed in the hope that it will be useful, >+ * but WITHOUT ANY WARRANTY; without even the implied warranty of >+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU >+ * Lesser General Public License for more details. >+ * >+ * You should have received a copy of the GNU Lesser General Public >+ * License along with this library; if not, write to the Free Software >+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, >+ * MA 02110-1301 USA >+ */ >+package org.apache.tomcat.util.net.jsse; >+ >+import org.jboss.logging.BasicLogger; >+import org.jboss.logging.LogMessage; >+import org.jboss.logging.Logger; >+import org.jboss.logging.Message; >+import org.jboss.logging.MessageLogger; >+ >+import static org.jboss.logging.Logger.Level.DEBUG; >+import static org.jboss.logging.Logger.Level.WARN; >+ >+/** >+ * Logging IDs 9000-9500 >+ * @author <a href="mailto:ehugonne@redhat.com">Emmanuel Hugonnet</a> (c) 2014 Red Hat, inc. >+ */ >+@MessageLogger(projectCode = "JBWEB") >+public interface JSSELogger extends BasicLogger { >+ /** >+ * A logger with the category of the package name. >+ */ >+ JSSELogger ROOT_LOGGER = Logger.getMessageLogger(JSSELogger.class, "org.apache.tomcat.util.net.jsse"); >+ >+ >+ @LogMessage(level = DEBUG) >+ @Message(id = 9000, value = "List of enabled ciphers: %s") >+ void logEnabledCiphers(final String ciphers); >+ >+ @LogMessage(level = DEBUG) >+ @Message(id = 9001, value = "List of cipher suites that my be used: %s") >+ void logUseableCiphers(final String ciphers); >+ >+ @LogMessage(level = WARN) >+ @Message(id = 9002, value = "Unknown element: %s") >+ void warnUnknowElement(final String alias); >+} >Index: src/main/java/org/apache/tomcat/util/net/jsse/JSSEUtils.java >=================================================================== >--- src/main/java/org/apache/tomcat/util/net/jsse/JSSEUtils.java (révision 2462) >+++ src/main/java/org/apache/tomcat/util/net/jsse/JSSEUtils.java (copie de travail) >@@ -52,7 +52,14 @@ > } > } > } >+ if (!result.isEmpty()) { >+ StringBuilder builder = new StringBuilder(result.size() * 16); >+ for (String cipher : result) { >+ builder.append(cipher); >+ builder.append(","); >+ } >+ JSSELogger.ROOT_LOGGER.logUseableCiphers(builder.toString().substring(0, builder.length() - 1)); >+ } > return result.toArray(new String[result.size()]); > } >- > } >Index: src/main/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java >=================================================================== >--- src/main/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java (révision 2462) >+++ src/main/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java (copie de travail) >@@ -30,10 +30,11 @@ > import java.util.List; > import java.util.Map; > import java.util.Set; >-import org.jboss.web.CoyoteLogger; >+import org.apache.tomcat.util.net.jsse.JSSELogger; > > /** > * Class in charge with parsing openSSL expressions to define a list of ciphers. >+ * > * @author <a href="mailto:ehugonne@redhat.com">Emmanuel Hugonnet</a> (c) 2014 Red Hat, inc. > */ > public class OpenSSLCipherConfigurationParser { >@@ -120,10 +121,18 @@ > */ > private static final String kEDH = "kEDH"; > /** >+ * Cipher suites using ephemeral DH key agreement. >+ */ >+ private static final String kDHE = "kDHE"; >+ /** > * Cipher suites using ephemeral DH key agreement. equivalent to kEDH:-ADH > */ > private static final String EDH = "EDH"; > /** >+ * Cipher suites using ephemeral DH key agreement. equivalent to kEDH:-ADH >+ */ >+ private static final String DHE = "DHE"; >+ /** > * Cipher suites using DH key agreement and DH certificates signed by CAs with RSA keys. > */ > private static final String kDHr = "kDHr"; >@@ -136,6 +145,42 @@ > */ > private static final String kDH = "kDH"; > /** >+ * Cipher suites using fixed ECDH key agreement signed by CAs with RSA keys. >+ */ >+ private static final String kECDHr = "kECDHr"; >+ /** >+ * Cipher suites using fixed ECDH key agreement signed by CAs with ECDSA keys. >+ */ >+ private static final String kECDHe = "kECDHe"; >+ /** >+ * Cipher suites using fixed ECDH key agreement signed by CAs with RSA and ECDSA keys or either respectively. >+ */ >+ private static final String kECDH = "kECDH"; >+ /** >+ * Cipher suites using ephemeral ECDH key agreement, including anonymous cipher suites. >+ */ >+ private static final String kEECDH = "kEECDH"; >+ /** >+ * Cipher suitesusing ECDH key exchange, including anonymous, ephemeral and fixed ECDH. >+ */ >+ private static final String ECDH = "ECDH"; >+ /** >+ * Cipher suites using ephemeral ECDH key agreement, including anonymous cipher suites. >+ */ >+ private static final String kECDHE = "kECDHE"; >+ /** >+ * Cipher suites using authenticated ephemeral ECDH key agreement >+ */ >+ private static final String ECDHE = "ECDHE"; >+ /** >+ * Cipher suites using authenticated ephemeral ECDH key agreement >+ */ >+ private static final String EECDHE = "EECDHE"; >+ /** >+ * Anonymous Elliptic Curve Diffie Hellman cipher suites. >+ */ >+ private static final String AECDH = "AECDH"; >+ /** > * Cipher suites using DSS authentication, i.e. the certificates carry DSS keys. > */ > private static final String aDSS = "aDSS"; >@@ -144,6 +189,18 @@ > */ > private static final String aDH = "aDH"; > /** >+ * Cipher suites effectively using ECDH authentication, i.e. the certificates carry ECDH keys. >+ */ >+ private static final String aECDH = "aECDH"; >+ /** >+ * Cipher suites effectively using ECDSA authentication, i.e. the certificates carry ECDSA keys. >+ */ >+ private static final String aECDSA = "aECDSA"; >+ /** >+ * Cipher suites effectively using ECDSA authentication, i.e. the certificates carry ECDSA keys. >+ */ >+ private static final String ECDSA = "ECDSA"; >+ /** > * Ciphers suites using FORTEZZA key exchange algorithms. > */ > private static final String kFZA = "kFZA"; >@@ -327,15 +384,32 @@ > addListAlias(aRSA, filterByAuthentication(all, Collections.singleton(Authentication.RSA))); > addListAlias(RSA, filter(all, null, Collections.singleton(KeyExchange.RSA), Collections.singleton(Authentication.RSA), null, null, null)); > addListAlias(kEDH, filterByKeyExchange(all, Collections.singleton(KeyExchange.EDH))); >+ addListAlias(kDHE, filterByKeyExchange(all, Collections.singleton(KeyExchange.EDH))); > Set<Ciphers> edh = filterByKeyExchange(all, Collections.singleton(KeyExchange.EDH)); > edh.removeAll(filterByAuthentication(all, Collections.singleton(Authentication.DH))); > addListAlias(EDH, edh); >+ addListAlias(DHE, edh); > addListAlias(kDHr, filterByKeyExchange(all, Collections.singleton(KeyExchange.DHr))); > addListAlias(kDHd, filterByKeyExchange(all, Collections.singleton(KeyExchange.DHd))); > addListAlias(kDH, filterByKeyExchange(all, new HashSet<KeyExchange>(Arrays.asList(KeyExchange.DHr, KeyExchange.DHd)))); >+ >+ addListAlias(kECDHr, filterByKeyExchange(all, Collections.singleton(KeyExchange.ECDHr))); >+ addListAlias(kECDHe, filterByKeyExchange(all, Collections.singleton(KeyExchange.ECDHe))); >+ addListAlias(kECDH, filterByKeyExchange(all, new HashSet<KeyExchange>(Arrays.asList(KeyExchange.ECDHe, KeyExchange.ECDHr)))); >+ aliases.put(ECDH, aliases.get(kECDH)); >+ addListAlias(kECDHE, filterByKeyExchange(all, Collections.singleton(KeyExchange.ECDHe))); >+ aliases.put(ECDHE, aliases.get(kECDHE)); >+ addListAlias(kEECDH, filterByKeyExchange(all, Collections.singleton(KeyExchange.EECDH))); >+ aliases.put(EECDHE, aliases.get(kEECDH)); > addListAlias(aDSS, filterByAuthentication(all, Collections.singleton(Authentication.DSS))); > aliases.put("DSS", aliases.get(aDSS)); > addListAlias(aDH, filterByAuthentication(all, Collections.singleton(Authentication.DH))); >+ Set<Ciphers> aecdh = filterByKeyExchange(all, new HashSet<KeyExchange>(Arrays.asList(KeyExchange.ECDHe, KeyExchange.ECDHr))); >+ aecdh.removeAll(filterByAuthentication(all, Collections.singleton(Authentication.aNULL))); >+ addListAlias(AECDH, aecdh); >+ addListAlias(aECDH, filterByAuthentication(all, Collections.singleton(Authentication.ECDH))); >+ addListAlias(ECDSA, filterByAuthentication(all, Collections.singleton(Authentication.ECDSA))); >+ aliases.put(aECDSA, aliases.get(ECDSA)); > addListAlias(kFZA, filterByKeyExchange(all, Collections.singleton(KeyExchange.FZA))); > addListAlias(aFZA, filterByAuthentication(all, Collections.singleton(Authentication.FZA))); > addListAlias(eFZA, filterByEncryption(all, Collections.singleton(Encryption.FZA))); >@@ -533,7 +607,7 @@ > if (aliases.containsKey(alias)) { > removedCiphers.addAll(aliases.get(alias)); > } else { >- CoyoteLogger.UTIL_LOGGER.warn("Unknown element " + alias); >+ JSSELogger.ROOT_LOGGER.warnUnknowElement(alias); > } > } else if (element.startsWith(TO_END)) { > String alias = element.substring(1); >@@ -556,11 +630,13 @@ > for (Ciphers cipher : ciphers) { > result.add(cipher.name()); > } >+ JSSELogger.ROOT_LOGGER.logEnabledCiphers(displayResult(ciphers, true, ",")); > return result; > } > > /** > * Parse the specified expression according to the OpenSSL syntax and returns a list of standard cipher names. >+ * > * @param expression: the openssl expression to define a list of cipher. > * @return the corresponding list of ciphers. > */ >@@ -568,13 +644,17 @@ > return convertForJSSE(parse(expression)); > } > >- static String displayResult(Set<Ciphers> ciphers, String separator) { >+ static String displayResult(Collection<Ciphers> ciphers, boolean useJSSEFormat, String separator) { > if (ciphers.isEmpty()) { > return ""; > } > StringBuilder builder = new StringBuilder(ciphers.size() * 16); > for (Ciphers cipher : ciphers) { >- builder.append(cipher.getOpenSSLAlias()); >+ if (useJSSEFormat) { >+ builder.append(cipher.name()); >+ } else { >+ builder.append(cipher.getOpenSSLAlias()); >+ } > builder.append(separator); > } > return builder.toString().substring(0, builder.length() - 1);
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=911968">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 1078204
:
893253
|
897144
|
898220
|
898235
|
910709
|
911706
| 911968 |
912705
|
912734
|
912744
|
913335
|
914449
|
914450