Summary: | NIO and BIO connectors handle unsupported SSL ciphers and sslEnabledProtocols differently | ||
---|---|---|---|
Product: | Tomcat 7 | Reporter: | Tim Whittington <timw> |
Component: | Connectors | Assignee: | Tomcat Developers Mailing List <dev> |
Status: | RESOLVED FIXED | ||
Severity: | major | ||
Priority: | P2 | ||
Version: | trunk | ||
Target Milestone: | --- | ||
Hardware: | PC | ||
OS: | Mac OS X 10.4 |
Description
Tim Whittington
2013-01-10 21:09:19 UTC
+1 There was a post to the users' list recently where a user attempted to configure JSSE using OpenSSL-style cipher names. The result was evidently that the Connector used the default list of ciphers. I assert that this is a security problem. Fixed in trunk and in 7.0.x and will be included in 7.0.36 onwards. The change involved a modification to the org.apache.tomcat.util.net.SSLUtil interface, which will require updates to custom SSLImplementations. |