View | Details | Raw Unified | Return to bug 51477
Collapse All | Expand All

(-)native/trunk/native/src/sslcontext.c (-2 / +2 lines)
Lines 73-79 Link Here
73
73
74
    switch (protocol) {
74
    switch (protocol) {
75
        case SSL_PROTOCOL_SSLV2:
75
        case SSL_PROTOCOL_SSLV2:
76
        case SSL_PROTOCOL_SSLV2 | SSL_PROTOCOL_TLSV1:
77
            if (mode == SSL_MODE_CLIENT)
76
            if (mode == SSL_MODE_CLIENT)
78
                ctx = SSL_CTX_new(SSLv2_client_method());
77
                ctx = SSL_CTX_new(SSLv2_client_method());
79
            else if (mode == SSL_MODE_SERVER)
78
            else if (mode == SSL_MODE_SERVER)
Lines 82-88 Link Here
82
                ctx = SSL_CTX_new(SSLv2_method());
81
                ctx = SSL_CTX_new(SSLv2_method());
83
        break;
82
        break;
84
        case SSL_PROTOCOL_SSLV3:
83
        case SSL_PROTOCOL_SSLV3:
85
        case SSL_PROTOCOL_SSLV3 | SSL_PROTOCOL_TLSV1:
86
            if (mode == SSL_MODE_CLIENT)
84
            if (mode == SSL_MODE_CLIENT)
87
                ctx = SSL_CTX_new(SSLv3_client_method());
85
                ctx = SSL_CTX_new(SSLv3_client_method());
88
            else if (mode == SSL_MODE_SERVER)
86
            else if (mode == SSL_MODE_SERVER)
Lines 91-96 Link Here
91
                ctx = SSL_CTX_new(SSLv3_method());
89
                ctx = SSL_CTX_new(SSLv3_method());
92
        break;
90
        break;
93
        case SSL_PROTOCOL_SSLV2 | SSL_PROTOCOL_SSLV3:
91
        case SSL_PROTOCOL_SSLV2 | SSL_PROTOCOL_SSLV3:
92
        case SSL_PROTOCOL_SSLV2 | SSL_PROTOCOL_TLSV1:
93
        case SSL_PROTOCOL_SSLV3 | SSL_PROTOCOL_TLSV1:
94
        case SSL_PROTOCOL_ALL:
94
        case SSL_PROTOCOL_ALL:
95
            if (mode == SSL_MODE_CLIENT)
95
            if (mode == SSL_MODE_CLIENT)
96
                ctx = SSL_CTX_new(SSLv23_client_method());
96
                ctx = SSL_CTX_new(SSLv23_client_method());
(-)native/branches/1.1.x/native/src/sslcontext.c (-2 / +2 lines)
Lines 73-79 Link Here
73
73
74
    switch (protocol) {
74
    switch (protocol) {
75
        case SSL_PROTOCOL_SSLV2:
75
        case SSL_PROTOCOL_SSLV2:
76
        case SSL_PROTOCOL_SSLV2 | SSL_PROTOCOL_TLSV1:
77
            if (mode == SSL_MODE_CLIENT)
76
            if (mode == SSL_MODE_CLIENT)
78
                ctx = SSL_CTX_new(SSLv2_client_method());
77
                ctx = SSL_CTX_new(SSLv2_client_method());
79
            else if (mode == SSL_MODE_SERVER)
78
            else if (mode == SSL_MODE_SERVER)
Lines 82-88 Link Here
82
                ctx = SSL_CTX_new(SSLv2_method());
81
                ctx = SSL_CTX_new(SSLv2_method());
83
        break;
82
        break;
84
        case SSL_PROTOCOL_SSLV3:
83
        case SSL_PROTOCOL_SSLV3:
85
        case SSL_PROTOCOL_SSLV3 | SSL_PROTOCOL_TLSV1:
86
            if (mode == SSL_MODE_CLIENT)
84
            if (mode == SSL_MODE_CLIENT)
87
                ctx = SSL_CTX_new(SSLv3_client_method());
85
                ctx = SSL_CTX_new(SSLv3_client_method());
88
            else if (mode == SSL_MODE_SERVER)
86
            else if (mode == SSL_MODE_SERVER)
Lines 91-96 Link Here
91
                ctx = SSL_CTX_new(SSLv3_method());
89
                ctx = SSL_CTX_new(SSLv3_method());
92
        break;
90
        break;
93
        case SSL_PROTOCOL_SSLV2 | SSL_PROTOCOL_SSLV3:
91
        case SSL_PROTOCOL_SSLV2 | SSL_PROTOCOL_SSLV3:
92
        case SSL_PROTOCOL_SSLV2 | SSL_PROTOCOL_TLSV1:
93
        case SSL_PROTOCOL_SSLV3 | SSL_PROTOCOL_TLSV1:
94
        case SSL_PROTOCOL_ALL:
94
        case SSL_PROTOCOL_ALL:
95
            if (mode == SSL_MODE_CLIENT)
95
            if (mode == SSL_MODE_CLIENT)
96
                ctx = SSL_CTX_new(SSLv23_client_method());
96
                ctx = SSL_CTX_new(SSLv23_client_method());
(-)trunk/java/org/apache/tomcat/util/net/AprEndpoint.java (-17 / +21 lines)
Lines 471-494 Link Here
471
            }
471
            }
472
472
473
            // SSL protocol
473
            // SSL protocol
474
            int value = SSL.SSL_PROTOCOL_ALL;
474
            int value = SSL.SSL_PROTOCOL_NONE;
475
            if ("SSLv2".equalsIgnoreCase(SSLProtocol)) {
475
            if (SSLProtocol == null || SSLProtocol.length() == 0) {
476
                value = SSL.SSL_PROTOCOL_SSLV2;
476
                value = SSL.SSL_PROTOCOL_ALL;
477
            } else if ("SSLv3".equalsIgnoreCase(SSLProtocol)) {
478
                value = SSL.SSL_PROTOCOL_SSLV3;
479
            } else if ("TLSv1".equalsIgnoreCase(SSLProtocol)) {
480
                value = SSL.SSL_PROTOCOL_TLSV1;
481
            } else if ("SSLv2+SSLv3".equalsIgnoreCase(SSLProtocol)) {
482
                value = SSL.SSL_PROTOCOL_SSLV2 | SSL.SSL_PROTOCOL_SSLV3;
483
            } else if ("all".equalsIgnoreCase(SSLProtocol) ||
484
                    SSLProtocol == null || SSLProtocol.length() == 0) {
485
                // NOOP, use the default defined above
486
            } else {
477
            } else {
487
                // Protocol not recognized, fail to start as it is safer than
478
                for (String protocol : SSLProtocol.split("\\+")) {
488
                // continuing with the default which might enable more than the
479
                    protocol = protocol.trim();
489
                // is required
480
                    if ("SSLv2".equalsIgnoreCase(protocol)) {
490
                throw new Exception(sm.getString(
481
                        value |= SSL.SSL_PROTOCOL_SSLV2;
491
                        "endpoint.apr.invalidSslProtocol", SSLProtocol));
482
                    } else if ("SSLv3".equalsIgnoreCase(protocol)) {
483
                        value |= SSL.SSL_PROTOCOL_SSLV3;
484
                    } else if ("TLSv1".equalsIgnoreCase(protocol)) {
485
                        value |= SSL.SSL_PROTOCOL_TLSV1;
486
                    } else if ("all".equalsIgnoreCase(protocol)) {
487
                        value |= SSL.SSL_PROTOCOL_ALL;
488
                    } else {
489
                        // Protocol not recognized, fail to start as it is safer than
490
                        // continuing with the default which might enable more than the
491
                        // is required
492
                        throw new Exception(sm.getString(
493
                                "endpoint.apr.invalidSslProtocol", SSLProtocol));
494
                    }
495
                }
492
            }
496
            }
493
497
494
            // Create SSL Context
498
            // Create SSL Context

Return to bug 51477