tomcatjss

Clone
Source Code
GIT

#9 Problem parsing formatted cipher list
Closed: fixed 6 years ago Opened 6 years ago by edewata.

Closed: fixed
Reopen Issue

In some cases (e.g. in FIPS mode) the admin will need to modify the SSL cipher list in server.xml. Currently the cipher list needs to be specified as a single (and often times long) line without line breaks which makes it difficult to manage and error prone. For example:

<Connector
    sslRangeCiphers="TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256"
    />

To improve usability the cipher list should support the following format:

<Connector
   sslRangeCiphers="TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
       TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
       TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
       TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
       TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
       TLS_RSA_WITH_AES_128_CBC_SHA256,
       TLS_RSA_WITH_AES_256_CBC_SHA256"
    />

However, currently this format is not supported by TomcatJSS, causing the following error:

Error: SSL cipher "                TLS_DHE_RSA_WITH_AES_256_CBC_SHA" not recognized by tomcatjss
Error: SSL cipher "                TLS_DHE_RSA_WITH_AES_128_CBC_SHA256" not recognized by tomcatjss
Error: SSL cipher "                TLS_DHE_RSA_WITH_AES_256_CBC_SHA256" not recognized by tomcatjss
Error: SSL cipher "                TLS_DHE_RSA_WITH_AES_128_GCM_SHA256" not recognized by tomcatjss
Error: SSL cipher "                TLS_RSA_WITH_AES_128_CBC_SHA256" not recognized by tomcatjss
Error: SSL cipher "                TLS_RSA_WITH_AES_256_CBC_SHA256" not recognized by tomcatjss

The cipher list parser needs to be modified to support spaces and line breaks.

Metadata Update from @mharmsen:
- Custom field component adjusted to ''
- Custom field feature adjusted to ''
- Custom field origin adjusted to Community
- Custom field proposedmilestone adjusted to ''
- Custom field proposedpriority adjusted to ''
- Custom field reviewer adjusted to ''
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1457524
- Custom field type adjusted to defect
- Custom field version adjusted to ''
6 years ago

Metadata Update from @edewata:
- Custom field rhbz reset (from https://bugzilla.redhat.com/show_bug.cgi?id=1457524)
6 years ago

Metadata Update from @edewata:
- Issue assigned to edewata
6 years ago

Metadata Update from @edewata:
- Issue close_status updated to: fixed
- Issue priority set to: major
- Issue status updated to: Closed (was: Open)
6 years ago

Metadata Update from @edewata:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1457524
6 years ago

Metadata Update from @mharmsen:
- Custom field fixedinversion adjusted to tomcatjss-7.2.3-1.fc27
6 years ago

Metadata Update from @mharmsen:
- Custom field fixedinversion adjusted to tomcatjss-7.2.3-4.fc27 (was: tomcatjss-7.2.3-1.fc27)
6 years ago

Metadata Update from @mharmsen:
- Custom field fixedinversion adjusted to tomcatjss-7.2.3-1.fc27 (was: tomcatjss-7.2.3-4.fc27)
6 years ago

Login to comment on this ticket.

Metadata
None
None
None
major
None
''
''
defect
''
None
None
None
''
Community
''
''
tomcatjss-7.2.3-1.fc27
None
None
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.