Author: jfrederic.clere(a)jboss.com Date: 2013-12-09 10:25:05 -0500 (Mon, 09 Dec 2013) New Revision: 2322 Modified: branches/7.4.x/src/main/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java branches/7.4.x/src/main/java/org/apache/tomcat/util/net/jsse/NioJSSESocketChannelFactory.java branches/7.4.x/webapps/docs/config/ssl.xml Log: Arrange doc and make sure the JSSE behaviour mimics the openssl one. Modified: branches/7.4.x/src/main/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java =================================================================== --- branches/7.4.x/src/main/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java 2013-12-09 11:40:09 UTC (rev 2321) +++ branches/7.4.x/src/main/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java 2013-12-09 15:25:05 UTC (rev 2322) @@ -200,7 +200,7 @@ * requested ciphers are supported */ protected String[] getEnabledCiphers(String requestedCiphers, - String[] supportedCiphers) { + String[] supportedCiphers) throws IOException { String[] enabledCiphers = null; @@ -257,6 +257,8 @@ if (vec != null) { enabledCiphers = new String[vec.size()]; vec.copyInto(enabledCiphers); + } else { + throw new IOException("no cipher match"); // Like openssl. } } else { enabledCiphers = sslProxy.getDefaultCipherSuites(); Modified: branches/7.4.x/src/main/java/org/apache/tomcat/util/net/jsse/NioJSSESocketChannelFactory.java =================================================================== --- branches/7.4.x/src/main/java/org/apache/tomcat/util/net/jsse/NioJSSESocketChannelFactory.java 2013-12-09 11:40:09 UTC (rev 2321) +++ branches/7.4.x/src/main/java/org/apache/tomcat/util/net/jsse/NioJSSESocketChannelFactory.java 2013-12-09 15:25:05 UTC (rev 2322) @@ -340,7 +340,7 @@ * @return Array of SSL cipher suites to be enabled, or null if none of the * requested ciphers are supported */ - protected String[] getEnabledCiphers(String requestedCiphers, String[] supportedCiphers) { + protected String[] getEnabledCiphers(String requestedCiphers, String[] supportedCiphers) throws IOException { String[] enabledCiphers = null; SSLServerSocketFactory sslProxy = sslContext.getServerSocketFactory(); @@ -395,7 +395,9 @@ if (vec != null) { enabledCiphers = new String[vec.size()]; vec.copyInto(enabledCiphers); - } + } else { + throw new IOException("no cipher match"); // Like openssl. + } } else { enabledCiphers = sslProxy.getDefaultCipherSuites(); } Modified: branches/7.4.x/webapps/docs/config/ssl.xml =================================================================== --- branches/7.4.x/webapps/docs/config/ssl.xml 2013-12-09 11:40:09 UTC (rev 2321) +++ branches/7.4.x/webapps/docs/config/ssl.xml 2013-12-09 15:25:05 UTC (rev 2322) @@ -186,7 +186,7 @@ the default is "<code>ALL</code>".</p> </attribute> - <attribute name="ciphers" required="false"> + <attribute name="cipher-suite" required="false"> <p>A comma seperated list of the encryption ciphers that may be used, that MUST NOT be the JVM default in of JSSE as contains weak ciphers. that is SSLCipherSuite when using OpenSSL (APR).