File: 0021-dont-test-unsupported-ciphers.patch

package info (click to toggle)
tomcat11 11.0.11-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 47,028 kB
  • sloc: java: 366,244; xml: 55,681; jsp: 4,783; sh: 1,304; perl: 324; makefile: 25; ansic: 14
file content (53 lines) | stat: -rw-r--r-- 3,397 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
 
Description: Don't check the IDEA cipher during the tests since it is disabled in Debian (see #327739)
 Also ignore ARIA which is disabled by default in OpenSSL.
Author: Markus Koschany <apo@debian.org>
Forwarded: not-needed
--- a/test/org/apache/tomcat/util/net/openssl/ciphers/TestCipher.java
+++ b/test/org/apache/tomcat/util/net/openssl/ciphers/TestCipher.java
@@ -76,7 +76,7 @@
         // OpenSSL does not include ECDH/ECDHE ciphers in all and there is no
         //         EC alias. Use aRSA.
         // OpenSSL 1.0.0 onwards does not include eNULL in all.
-        Set<String> availableCipherSuites = TesterOpenSSL.getOpenSSLCiphersAsSet("ALL:eNULL:aRSA");
+        Set<String> availableCipherSuites = TesterOpenSSL.getOpenSSLCiphersAsSet("ALL:eNULL:aRSA:!ARIA");
 
         Set<String> expectedCipherSuites = new HashSet<>();
         for (Cipher cipher : Cipher.values()) {
--- a/test/org/apache/tomcat/util/net/openssl/ciphers/TestOpenSSLCipherConfigurationParser.java
+++ b/test/org/apache/tomcat/util/net/openssl/ciphers/TestOpenSSLCipherConfigurationParser.java
@@ -573,7 +573,7 @@
 
     private void testSpecification(String specification) throws Exception {
         // Filter out cipher suites that OpenSSL does not implement
-        String openSSLCipherList = TesterOpenSSL.getOpenSSLCiphersAsExpression(specification);
+        String openSSLCipherList = TesterOpenSSL.getOpenSSLCiphersAsExpression(specification + ":!ARIA");
         List<String> jsseCipherListFromOpenSSL =
                 OpenSSLCipherConfigurationParser.parseExpression(openSSLCipherList);
         List<String> jsseCipherListFromParser =
--- a/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java
+++ b/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java
@@ -105,6 +105,24 @@
         unimplemented.add(Cipher.SSL2_RC4_128_EXPORT40_WITH_MD5);
         unimplemented.add(Cipher.SSL2_IDEA_128_CBC_WITH_MD5);
         unimplemented.add(Cipher.SSL2_DES_192_EDE3_CBC_WITH_MD5);
+        unimplemented.add(Cipher.TLS_RSA_WITH_IDEA_CBC_SHA);
+        unimplemented.add(Cipher.TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256);
+        unimplemented.add(Cipher.TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384);
+        unimplemented.add(Cipher.TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256);
+        unimplemented.add(Cipher.TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384);
+        unimplemented.add(Cipher.TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256);
+        unimplemented.add(Cipher.TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384);
+        unimplemented.add(Cipher.TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256);
+        unimplemented.add(Cipher.TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384);
+        unimplemented.add(Cipher.TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256);
+        unimplemented.add(Cipher.TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384);
+        unimplemented.add(Cipher.TLS_PSK_WITH_ARIA_128_GCM_SHA256);
+        unimplemented.add(Cipher.TLS_PSK_WITH_ARIA_256_GCM_SHA384);
+        unimplemented.add(Cipher.TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256);
+        unimplemented.add(Cipher.TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384);
+        unimplemented.add(Cipher.TLS_RSA_WITH_ARIA_128_GCM_SHA256);
+        unimplemented.add(Cipher.TLS_RSA_WITH_ARIA_256_GCM_SHA384);
+
         // These were removed in 1.1.0 so won't be available from that
         // version onwards.
         unimplemented.add(Cipher.TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA);