Attachment #29148 for bug #53481

View | Details | Raw Unified | Return to bug 53481
Collapse All | Expand All

Lines 118-123 Link Here

(-)java/org/apache/coyote/http11/Http11AprProtocol.java (+7 lines)
118		118
119		119
120	/**	120	/**
		121	* SSL honor cipher order.
		122	*/
		123	public boolean getSSLHonorCipherOrder() { return ((AprEndpoint)endpoint).getSSLHonorCipherOrder(); }
		124	public void setSSLHonorCipherOrder(boolean SSLHonorCipherOrder) { ((AprEndpoint)endpoint).setSSLHonorCipherOrder(SSLHonorCipherOrder); }
		125
		126
		127	/**
121	* SSL certificate file.	128	* SSL certificate file.
122	*/	129	*/
123	public String getSSLCertificateFile() { return ((AprEndpoint)endpoint).getSSLCertificateFile(); }	130	public String getSSLCertificateFile() { return ((AprEndpoint)endpoint).getSSLCertificateFile(); }

Lines 42-47 Link Here

(-)java/org/apache/tomcat/util/net/res/LocalStrings.properties (+1 lines)
42	endpoint.sendfile.addfail=Sendfile failure: [{0}] {1}	42	endpoint.sendfile.addfail=Sendfile failure: [{0}] {1}
43	endpoint.sendfile.nosupport=Disabling sendfile, since either the APR version or the system doesn't support it	43	endpoint.sendfile.nosupport=Disabling sendfile, since either the APR version or the system doesn't support it
44	endpoint.warn.noInsecureReneg=Secure renegotation is not supported by the SSL library {0}	44	endpoint.warn.noInsecureReneg=Secure renegotation is not supported by the SSL library {0}
		45	endpoint.warn.noHonorCipherOrder=Honor ciher order option is not supported by the SSL library {0}
45	endpoint.warn.unlockAcceptorFailed=Acceptor thread [{0}] failed to unlock. Forcing hard socket shutdown.	46	endpoint.warn.unlockAcceptorFailed=Acceptor thread [{0}] failed to unlock. Forcing hard socket shutdown.
46	endpoint.debug.channelCloseFail=Failed to close channel	47	endpoint.debug.channelCloseFail=Failed to close channel
47	endpoint.debug.socketCloseFail=Failed to close socket	48	endpoint.debug.socketCloseFail=Failed to close socket

Lines 317-323 Link Here

(-)java/org/apache/tomcat/util/net/AprEndpoint.java (+23 lines)
317	public void setSSLInsecureRenegotiation(boolean SSLInsecureRenegotiation) { this.SSLInsecureRenegotiation = SSLInsecureRenegotiation; }	317	public void setSSLInsecureRenegotiation(boolean SSLInsecureRenegotiation) { this.SSLInsecureRenegotiation = SSLInsecureRenegotiation; }
318	public boolean getSSLInsecureRenegotiation() { return SSLInsecureRenegotiation; }	318	public boolean getSSLInsecureRenegotiation() { return SSLInsecureRenegotiation; }
319		319
		320	/**
		321	* SSL allow insecure renegotiation for the the client that does not
		322	* support the secure renegotiation.
		323	*/
		324	protected boolean SSLHonorCipherOrder = false;
		325	public void setSSLHonorCipherOrder(boolean SSLHonorCipherOrder) { this.SSLHonorCipherOrder = SSLHonorCipherOrder; }
		326	public boolean getSSLHonorCipherOrder() { return SSLHonorCipherOrder; }
320		327
		328
321	/**	329	/**
322	* Port in use.	330	* Port in use.
323	*/	331	*/
Lines 526-531 Link Here
526	SSL.versionString()));	534	SSL.versionString()));
527	}	535	}
528	}	536	}
		537	if (SSLHonorCipherOrder) {
		538	boolean orderCiphersSupported = false;
		539	try {
		540	orderCiphersSupported = SSL.hasOp(SSL.SSL_OP_CIPHER_SERVER_PREFERENCE);
		541	if (orderCiphersSupported)
		542	SSLContext.setOptions(sslContext, SSL.SSL_OP_CIPHER_SERVER_PREFERENCE);
		543	} catch (UnsatisfiedLinkError e) {
		544	// Ignore
		545	}
		546	if (!orderCiphersSupported) {
		547	// OpenSSL does not support ciphers ordering.
		548	log.warn(sm.getString("endpoint.warn.noHonorCipherOrder",
		549	SSL.versionString()));
		550	}
		551	}
529	// List the ciphers that the client is permitted to negotiate	552	// List the ciphers that the client is permitted to negotiate
530	SSLContext.setCipherSuite(sslContext, SSLCipherSuite);	553	SSLContext.setCipherSuite(sslContext, SSLCipherSuite);
531	// Load Server key and certificate	554	// Load Server key and certificate

Return to bug 53481