1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
|
From: Markus Koschany <apo@debian.org>
Date: Fri, 24 Sep 2021 14:52:24 +0200
Subject: 0021-dont-test-unsupported-ciphers
Don't check the IDEA cipher during the tests since it is disabled in Debian (see #327739)
Also ignore ARIA which is disabled by default in OpenSSL.
Forwarded: not-needed
---
.../tomcat/util/net/openssl/ciphers/TestCipher.java | 2 +-
.../ciphers/TestOpenSSLCipherConfigurationParser.java | 2 +-
.../tomcat/util/net/openssl/ciphers/TesterOpenSSL.java | 18 ++++++++++++++++++
3 files changed, 20 insertions(+), 2 deletions(-)
--- a/test/org/apache/tomcat/util/net/openssl/ciphers/TestCipher.java
+++ b/test/org/apache/tomcat/util/net/openssl/ciphers/TestCipher.java
@@ -76,7 +76,7 @@
// OpenSSL does not include ECDH/ECDHE ciphers in all and there is no
// EC alias. Use aRSA.
// OpenSSL 1.0.0 onwards does not include eNULL in all.
- Set<String> availableCipherSuites = TesterOpenSSL.getOpenSSLCiphersAsSet("ALL:eNULL:aRSA");
+ Set<String> availableCipherSuites = TesterOpenSSL.getOpenSSLCiphersAsSet("ALL:eNULL:aRSA:!ARIA");
Set<String> expectedCipherSuites = new HashSet<>();
for (Cipher cipher : Cipher.values()) {
--- a/test/org/apache/tomcat/util/net/openssl/ciphers/TestOpenSSLCipherConfigurationParser.java
+++ b/test/org/apache/tomcat/util/net/openssl/ciphers/TestOpenSSLCipherConfigurationParser.java
@@ -573,7 +573,7 @@
private void testSpecification(String specification) throws Exception {
// Filter out cipher suites that OpenSSL does not implement
- String openSSLCipherList = TesterOpenSSL.getOpenSSLCiphersAsExpression(specification);
+ String openSSLCipherList = TesterOpenSSL.getOpenSSLCiphersAsExpression(specification + ":!ARIA");
List<String> jsseCipherListFromOpenSSL =
OpenSSLCipherConfigurationParser.parseExpression(openSSLCipherList);
List<String> jsseCipherListFromParser =
--- a/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java
+++ b/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java
@@ -105,6 +105,24 @@
unimplemented.add(Cipher.SSL2_RC4_128_EXPORT40_WITH_MD5);
unimplemented.add(Cipher.SSL2_IDEA_128_CBC_WITH_MD5);
unimplemented.add(Cipher.SSL2_DES_192_EDE3_CBC_WITH_MD5);
+ unimplemented.add(Cipher.TLS_RSA_WITH_IDEA_CBC_SHA);
+ unimplemented.add(Cipher.TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256);
+ unimplemented.add(Cipher.TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384);
+ unimplemented.add(Cipher.TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256);
+ unimplemented.add(Cipher.TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384);
+ unimplemented.add(Cipher.TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256);
+ unimplemented.add(Cipher.TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384);
+ unimplemented.add(Cipher.TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256);
+ unimplemented.add(Cipher.TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384);
+ unimplemented.add(Cipher.TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256);
+ unimplemented.add(Cipher.TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384);
+ unimplemented.add(Cipher.TLS_PSK_WITH_ARIA_128_GCM_SHA256);
+ unimplemented.add(Cipher.TLS_PSK_WITH_ARIA_256_GCM_SHA384);
+ unimplemented.add(Cipher.TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256);
+ unimplemented.add(Cipher.TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384);
+ unimplemented.add(Cipher.TLS_RSA_WITH_ARIA_128_GCM_SHA256);
+ unimplemented.add(Cipher.TLS_RSA_WITH_ARIA_256_GCM_SHA384);
+
// These were removed in 1.1.0 so won't be available from that
// version onwards.
unimplemented.add(Cipher.TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA);
|
