--- native/trunk/native/src/sslcontext.c (revision 1143165) +++ native/trunk/native/src/sslcontext.c (working copy) @@ -73,7 +73,6 @@ switch (protocol) { case SSL_PROTOCOL_SSLV2: - case SSL_PROTOCOL_SSLV2 | SSL_PROTOCOL_TLSV1: if (mode == SSL_MODE_CLIENT) ctx = SSL_CTX_new(SSLv2_client_method()); else if (mode == SSL_MODE_SERVER) @@ -82,7 +81,6 @@ ctx = SSL_CTX_new(SSLv2_method()); break; case SSL_PROTOCOL_SSLV3: - case SSL_PROTOCOL_SSLV3 | SSL_PROTOCOL_TLSV1: if (mode == SSL_MODE_CLIENT) ctx = SSL_CTX_new(SSLv3_client_method()); else if (mode == SSL_MODE_SERVER) @@ -91,6 +89,8 @@ ctx = SSL_CTX_new(SSLv3_method()); break; case SSL_PROTOCOL_SSLV2 | SSL_PROTOCOL_SSLV3: + case SSL_PROTOCOL_SSLV2 | SSL_PROTOCOL_TLSV1: + case SSL_PROTOCOL_SSLV3 | SSL_PROTOCOL_TLSV1: case SSL_PROTOCOL_ALL: if (mode == SSL_MODE_CLIENT) ctx = SSL_CTX_new(SSLv23_client_method()); --- native/branches/1.1.x/native/src/sslcontext.c (revision 1143165) +++ native/branches/1.1.x/native/src/sslcontext.c (working copy) @@ -73,7 +73,6 @@ switch (protocol) { case SSL_PROTOCOL_SSLV2: - case SSL_PROTOCOL_SSLV2 | SSL_PROTOCOL_TLSV1: if (mode == SSL_MODE_CLIENT) ctx = SSL_CTX_new(SSLv2_client_method()); else if (mode == SSL_MODE_SERVER) @@ -82,7 +81,6 @@ ctx = SSL_CTX_new(SSLv2_method()); break; case SSL_PROTOCOL_SSLV3: - case SSL_PROTOCOL_SSLV3 | SSL_PROTOCOL_TLSV1: if (mode == SSL_MODE_CLIENT) ctx = SSL_CTX_new(SSLv3_client_method()); else if (mode == SSL_MODE_SERVER) @@ -91,6 +89,8 @@ ctx = SSL_CTX_new(SSLv3_method()); break; case SSL_PROTOCOL_SSLV2 | SSL_PROTOCOL_SSLV3: + case SSL_PROTOCOL_SSLV2 | SSL_PROTOCOL_TLSV1: + case SSL_PROTOCOL_SSLV3 | SSL_PROTOCOL_TLSV1: case SSL_PROTOCOL_ALL: if (mode == SSL_MODE_CLIENT) ctx = SSL_CTX_new(SSLv23_client_method()); --- trunk/java/org/apache/tomcat/util/net/AprEndpoint.java (revision 1142957) +++ trunk/java/org/apache/tomcat/util/net/AprEndpoint.java (working copy) @@ -471,24 +471,28 @@ } // SSL protocol - int value = SSL.SSL_PROTOCOL_ALL; - if ("SSLv2".equalsIgnoreCase(SSLProtocol)) { - value = SSL.SSL_PROTOCOL_SSLV2; - } else if ("SSLv3".equalsIgnoreCase(SSLProtocol)) { - value = SSL.SSL_PROTOCOL_SSLV3; - } else if ("TLSv1".equalsIgnoreCase(SSLProtocol)) { - value = SSL.SSL_PROTOCOL_TLSV1; - } else if ("SSLv2+SSLv3".equalsIgnoreCase(SSLProtocol)) { - value = SSL.SSL_PROTOCOL_SSLV2 | SSL.SSL_PROTOCOL_SSLV3; - } else if ("all".equalsIgnoreCase(SSLProtocol) || - SSLProtocol == null || SSLProtocol.length() == 0) { - // NOOP, use the default defined above + int value = SSL.SSL_PROTOCOL_NONE; + if (SSLProtocol == null || SSLProtocol.length() == 0) { + value = SSL.SSL_PROTOCOL_ALL; } else { - // Protocol not recognized, fail to start as it is safer than - // continuing with the default which might enable more than the - // is required - throw new Exception(sm.getString( - "endpoint.apr.invalidSslProtocol", SSLProtocol)); + for (String protocol : SSLProtocol.split("\\+")) { + protocol = protocol.trim(); + if ("SSLv2".equalsIgnoreCase(protocol)) { + value |= SSL.SSL_PROTOCOL_SSLV2; + } else if ("SSLv3".equalsIgnoreCase(protocol)) { + value |= SSL.SSL_PROTOCOL_SSLV3; + } else if ("TLSv1".equalsIgnoreCase(protocol)) { + value |= SSL.SSL_PROTOCOL_TLSV1; + } else if ("all".equalsIgnoreCase(protocol)) { + value |= SSL.SSL_PROTOCOL_ALL; + } else { + // Protocol not recognized, fail to start as it is safer than + // continuing with the default which might enable more than the + // is required + throw new Exception(sm.getString( + "endpoint.apr.invalidSslProtocol", SSLProtocol)); + } + } } // Create SSL Context