Index: coyote/src/java/org/apache/coyote/tomcat4/CoyoteConnector.java =================================================================== RCS file: /home/cvspublic/jakarta-tomcat-connectors/coyote/src/java/org/apache/coyote/tomcat4/CoyoteConnector.java,v retrieving revision 1.20.2.1 diff -u -r1.20.2.1 CoyoteConnector.java --- coyote/src/java/org/apache/coyote/tomcat4/CoyoteConnector.java 9 Feb 2003 22:30:02 -0000 1.20.2.1 +++ coyote/src/java/org/apache/coyote/tomcat4/CoyoteConnector.java 11 Jun 2003 20:04:04 -0000 @@ -65,36 +65,16 @@ package org.apache.coyote.tomcat4; -import java.io.IOException; -import java.net.InetAddress; -import java.net.ServerSocket; -import java.net.Socket; -import java.net.UnknownHostException; -import java.security.AccessControlException; -import java.util.Stack; import java.util.Vector; -import java.util.Enumeration; -import java.security.KeyStoreException; -import java.security.NoSuchAlgorithmException; -import java.security.cert.CertificateException; -import java.security.UnrecoverableKeyException; -import java.security.KeyManagementException; import org.apache.tomcat.util.IntrospectionUtils; -import org.apache.coyote.ActionCode; -import org.apache.coyote.ActionHook; import org.apache.coyote.Adapter; -import org.apache.coyote.InputBuffer; -import org.apache.coyote.OutputBuffer; import org.apache.coyote.ProtocolHandler; import org.apache.catalina.Connector; import org.apache.catalina.Container; -import org.apache.catalina.HttpRequest; -import org.apache.catalina.HttpResponse; import org.apache.catalina.Lifecycle; -import org.apache.catalina.LifecycleEvent; import org.apache.catalina.LifecycleException; import org.apache.catalina.LifecycleListener; import org.apache.catalina.Logger; @@ -1108,6 +1088,9 @@ IntrospectionUtils.setProperty(protocolHandler, "sSLImplementation", ssf.getSSLImplementation()); + IntrospectionUtils.setProperty(protocolHandler, "cipherSuites", + ssf.getCipherSuites()); + } else { IntrospectionUtils.setProperty(protocolHandler, "secure", "" + false); Index: coyote/src/java/org/apache/coyote/tomcat4/CoyoteServerSocketFactory.java =================================================================== RCS file: /home/cvspublic/jakarta-tomcat-connectors/coyote/src/java/org/apache/coyote/tomcat4/CoyoteServerSocketFactory.java,v retrieving revision 1.4 diff -u -r1.4 CoyoteServerSocketFactory.java --- coyote/src/java/org/apache/coyote/tomcat4/CoyoteServerSocketFactory.java 19 Jun 2002 09:25:39 -0000 1.4 +++ coyote/src/java/org/apache/coyote/tomcat4/CoyoteServerSocketFactory.java 11 Jun 2003 20:06:34 -0000 @@ -59,17 +59,8 @@ package org.apache.coyote.tomcat4; import java.io.File; -import java.io.FileInputStream; -import java.io.IOException; import java.net.InetAddress; import java.net.ServerSocket; -import java.security.KeyStore; -import java.security.KeyStoreException; -import java.security.NoSuchAlgorithmException; -import java.security.UnrecoverableKeyException; -import java.security.KeyManagementException; -import java.security.Security; -import java.security.cert.CertificateException; /** @@ -246,6 +237,18 @@ this.sslImplementation = sslImplementation; } + /** + * Cipher suites to use. + */ + private String cipherSuites = null; + + public String getCipherSuites() { + return (this.cipherSuites); + } + + public void setCipherSuites(String cipherSuites) { + this.cipherSuites = cipherSuites; + } // --------------------------------------------------------- Public Methods Index: http11/src/java/org/apache/coyote/http11/Http11Protocol.java =================================================================== RCS file: /home/cvspublic/jakarta-tomcat-connectors/http11/src/java/org/apache/coyote/http11/Http11Protocol.java,v retrieving revision 1.18 diff -u -r1.18 Http11Protocol.java --- http11/src/java/org/apache/coyote/http11/Http11Protocol.java 18 Dec 2002 20:36:58 -0000 1.18 +++ http11/src/java/org/apache/coyote/http11/Http11Protocol.java 11 Jun 2003 20:12:14 -0000 @@ -63,15 +63,9 @@ import java.io.OutputStream; import org.apache.coyote.*; -import java.io.*; import java.net.*; import java.util.*; -import java.text.*; import org.apache.tomcat.util.res.StringManager; -import org.apache.tomcat.util.IntrospectionUtils; -import org.apache.tomcat.util.buf.*; -import org.apache.tomcat.util.http.*; -import org.apache.tomcat.util.log.*; import org.apache.tomcat.util.net.*; @@ -180,6 +174,7 @@ protected Hashtable attributes = new Hashtable(); protected String socketFactoryName=null; protected String sslImplementationName=null; + protected String cipherSuites = null; private int maxKeepAliveRequests=100; // as in Apache HTTPD server private int timeout = 300000; // 5 minutes as in Apache HTTPD server @@ -243,6 +238,11 @@ setAttribute("sslImplementation", valueS); } + public void setCipherSuites(String valueS) { + cipherSuites = valueS; + setAttribute("cipherSuites", valueS); + } + public void setTcpNoDelay( boolean b ) { ep.setTcpNoDelay( b ); setAttribute("tcpNoDelay", "" + b); Index: util/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java =================================================================== RCS file: /home/cvspublic/jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java,v retrieving revision 1.1 diff -u -r1.1 JSSESocketFactory.java --- util/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java 4 Oct 2002 20:03:10 -0000 1.1 +++ util/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java 11 Jun 2003 20:18:32 -0000 @@ -62,15 +62,14 @@ import java.net.*; import java.security.KeyStore; - import java.security.Security; -import javax.net.ServerSocketFactory; + +import java.util.StringTokenizer; + import javax.net.ssl.SSLServerSocket; import javax.net.ssl.SSLSocket; import javax.net.ssl.SSLException; import javax.net.ssl.SSLServerSocketFactory; -import javax.net.ssl.HandshakeCompletedListener; -import javax.net.ssl.HandshakeCompletedEvent; /* 1. Make the JSSE's jars available, either as an installed @@ -245,19 +244,45 @@ return asock; } - /** Set server socket properties ( accepted cipher suites, etc) - */ - private void initServerSocket(ServerSocket ssocket) { - SSLServerSocket socket=(SSLServerSocket)ssocket; + /** Set server socket properties ( accepted cipher suites, etc)*/ + void initServerSocket(ServerSocket ssocket) { + SSLServerSocket socket = (SSLServerSocket) ssocket; + + // We enable cipher suites when the socket is connected + // Enabled cipher suites are set based on settings in the + // following priority order. + // 1. The cipherSuites attribute of the connection factory + // as per server.xml + // 2. The JSSE https.cipherSuites system property + // 3. If none of the above are set, all are enabled + String cipherSuites[]; + String cipherSuitesString = (String) attributes.get("cipherSuites"); + + if (cipherSuitesString == null) { + cipherSuitesString = + (String) System.getProperty("https.cipherSuites"); + } + + if (cipherSuitesString == null) { + cipherSuites = socket.getSupportedCipherSuites(); + } + else { + StringTokenizer sT = + new StringTokenizer(cipherSuitesString, ",", false); + cipherSuites = new String[sT.countTokens()]; + int i = 0; + + while (sT.hasMoreElements()) { + cipherSuites[i] = sT.nextToken(); + i++; + } + } + + socket.setEnabledCipherSuites(cipherSuites); - // We enable all cipher suites when the socket is - // connected - XXX make this configurable - String cipherSuites[] = socket.getSupportedCipherSuites(); - socket.setEnabledCipherSuites(cipherSuites); - - // we don't know if client auth is needed - - // after parsing the request we may re-handshake - socket.setNeedClientAuth(clientAuth); + // we don't know if client auth is needed - + // after parsing the request we may re-handshake + socket.setNeedClientAuth(clientAuth); } private KeyStore initKeyStore( String keystoreFile,