Summary: | Support SSL_OP_CIPHER_SERVER_PREFERENCE / SSLHonorCipherOrder | ||
---|---|---|---|
Product: | Tomcat Native | Reporter: | Mike Noordermeer <mike> |
Component: | Library | Assignee: | Tomcat Developers Mailing List <dev> |
Status: | RESOLVED FIXED | ||
Severity: | normal | ||
Priority: | P2 | ||
Version: | 1.1.24 | ||
Target Milestone: | --- | ||
Hardware: | All | ||
OS: | All | ||
Bug Depends on: | 53969 | ||
Bug Blocks: | |||
Attachments: | Patch that adds SSLHonorCipherOrder option |
Description
Mike Noordermeer
2012-06-28 14:27:30 UTC
Created attachment 29148 [details]
Patch that adds SSLHonorCipherOrder option
Actually, this can be already supported by current tcnative, but it needs to be added to tomcat itself. I've created a patch (should fit both 7.x and 8.x sources). It is compile-tested only. Perhaps it would be a good idea to reassign this bug to a more appropriate project.
I'm looking at applying this, but I have to check on what SSLContext.setOptions does -- I think the patch will un-set previously-set options when setting SSL_HONOR_CIPHER_ORDER. Once I verify the behavior of SSLContext.setOptions, I'll make any necessary adjustments. Nope, SSL_CTX_set_options (which is what SSLContext.setOptions calls) only flips the bit(s) passed-into it, so the patch is fine. Fixed in trunk and 7.0.x. Will be included in Tomcat 7.0.30. Proposed for 6.0.x. Note that this feature requires an updated version of Tomcat Native. See bug 53969 for details. (In reply to comment #5) > Note that this feature requires an updated version of Tomcat Native. > See bug 53969 for details. Specifically, tcnative 1.1.25 or later. Fixed in Tomcat 6.0.x. Will be in Tomcat 6.0.37. |