Move sslProtocol to SSLHostConfig

git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@1678141 13f79535-47bb-0310-9956-ffa450edef68
apache · May 7, 2015 · 99163fc · 99163fc
1 parent a5cb7cc
commit 99163fc
Show file tree

Hide file tree

Showing 6 changed files with 39 additions and 34 deletions.
diff --git a/java/org/apache/coyote/http11/AbstractHttp11JsseProtocol.java b/java/org/apache/coyote/http11/AbstractHttp11JsseProtocol.java
@@ -25,9 +25,6 @@ public AbstractHttp11JsseProtocol(AbstractEndpoint<S> endpoint) {
         super(endpoint);
     }
 
-    public String getSslProtocol() { return getEndpoint().getSslProtocol();}
-    public void setSslProtocol(String s) { getEndpoint().setSslProtocol(s);}
-
     public void setSessionCacheSize(String s){getEndpoint().setSessionCacheSize(s);}
     public String getSessionCacheSize(){ return getEndpoint().getSessionCacheSize();}
 

diff --git a/java/org/apache/coyote/http11/AbstractHttp11Protocol.java b/java/org/apache/coyote/http11/AbstractHttp11Protocol.java
@@ -506,6 +506,12 @@ public void setTruststoreProvider(String truststoreProvider){
     }
 
 
+    public void setSslProtocol(String sslProtocol) {
+        registerDefaultSSLHostConfig();
+        defaultSSLHostConfig.setSslProtocol(sslProtocol);
+    }
+
+
     // ------------------------------------------------------------- Common code
 
     // Common configuration required for all new HTTP11 processors

diff --git a/java/org/apache/tomcat/util/net/AbstractEndpoint.java b/java/org/apache/tomcat/util/net/AbstractEndpoint.java
@@ -963,10 +963,6 @@ public void setSslImplementationName(String s) {
         this.sslImplementationName = s;
     }
 
-    private String sslProtocol = "TLS";
-    public String getSslProtocol() { return sslProtocol;}
-    public void setSslProtocol(String s) { sslProtocol = s;}
-
     private String sessionCacheSize = null;
     public String getSessionCacheSize() { return sessionCacheSize;}
     public void setSessionCacheSize(String s) { sessionCacheSize = s;}

diff --git a/java/org/apache/tomcat/util/net/SSLHostConfig.java b/java/org/apache/tomcat/util/net/SSLHostConfig.java
@@ -64,6 +64,7 @@ public class SSLHostConfig {
     private String certificateKeystoreProvider = System.getProperty("javax.net.ssl.keyStoreProvider");
     private String certificateKeystoreType = System.getProperty("javax.net.ssl.keyStoreType");
     private String keyManagerAlgorithm = KeyManagerFactory.getDefaultAlgorithm();
+    private String sslProtocol = "TLS";
     private String trustManagerClassName;
     private String truststoreAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
     private String truststoreFile = System.getProperty("javax.net.ssl.trustStore");
@@ -315,6 +316,17 @@ public String getKeyManagerAlgorithm() {
     }
 
 
+    public void setSslProtocol(String sslProtocol) {
+        setProperty("sslProtocol", Type.JSSE);
+        this.sslProtocol = sslProtocol;
+    }
+
+
+    public String getSslProtocol() {
+        return sslProtocol;
+    }
+
+
     public void setTrustManagerClassName(String trustManagerClassName) {
         setProperty("trustManagerClassName", Type.JSSE);
         this.trustManagerClassName = trustManagerClassName;

diff --git a/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java b/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
@@ -81,8 +81,6 @@ public class JSSESocketFactory implements SSLUtil {
     private static final StringManager sm =
         StringManager.getManager("org.apache.tomcat.util.net.jsse.res");
 
-    // Defaults - made public where re-used
-    private static final String defaultProtocol = "TLS";
     private static final int defaultSessionCacheSize = 0;
     private static final int defaultSessionTimeout = 86400;
 
@@ -96,15 +94,10 @@ public JSSESocketFactory (AbstractEndpoint<?> endpoint, SSLHostConfig sslHostCon
         this.endpoint = endpoint;
         this.sslHostConfig = sslHostConfig;
 
-        String sslProtocol = endpoint.getSslProtocol();
+        SSLContext context;
-        if (sslProtocol == null) {
-            sslProtocol = defaultProtocol;
-        }
-
-        javax.net.ssl.SSLContext context;
         try {
-             context = javax.net.ssl.SSLContext.getInstance(sslProtocol);
+            context = createSSLContext();
-             context.init(null,  null,  null);
+            context.init(null,  null,  null);
         } catch (NoSuchAlgorithmException | KeyManagementException e) {
             // This is fatal for the connector so throw an exception to prevent
             // it from starting
@@ -268,16 +261,10 @@ private KeyStore getStore(String type, String provider, String path,
         return ks;
     }
 
-    @Override
-    public SSLContext createSSLContext() throws Exception {
-
-        // SSL protocol variant (e.g., TLS, SSL v3, etc.)
-        String protocol = endpoint.getSslProtocol();
-        if (protocol == null) {
-            protocol = defaultProtocol;
-        }
 
-        return new JSSESSLContext(protocol);
+    @Override
+    public SSLContext createSSLContext() throws NoSuchAlgorithmException {
+        return new JSSESSLContext(sslHostConfig.getSslProtocol());
     }
 
 

diff --git a/webapps/docs/config/http.xml b/webapps/docs/config/http.xml
@@ -1197,6 +1197,18 @@
       used.</p>
     </attribute>
 
+    <attribute name="sslProtocol" required="false">
+      <p>JSSE only.</p>
+      <p>The the SSL protocol(s) to use (a single value may enable multiple
+      protocols - see the JVM documentation for details). If not specified, the
+      default is <code>TLS</code>. The permitted values may be obtained from the
+      JVM documentation for the allowed values for algorithm when creating an
+      <code>SSLContext</code> instance e.g.
+      <a href="http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#SSLContext">
+      Oracle Java 7</a>. Note: There is overlap between this attribute and
+      <code>protocols</code>.</p>
+    </attribute>
+
     <attribute name="trustManagerClassName" required="false">
       <p>JSSE only.</p>
       <p>The name of a custom trust manager class to use to validate client
@@ -1349,14 +1361,9 @@
     </attribute>
 
     <attribute name="sslProtocol" required="false">
-      <p>The the SSL protocol(s) to use (a single value may enable multiple
+      <p>This is an alias for the <code>sslProtocol</code> attribute of the
-      protocols - see the JVM documentation for details). If not specified, the
+      default <a href="#SSL_Support_-_SSLHostConfig">SSLHostConfig</a>
-      default is <code>TLS</code>. The permitted values may be obtained from the
+      element.</p>
-      JVM documentation for the allowed values for algorithm when creating an
-      <code>SSLContext</code> instance e.g.
-      <a href="http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#SSLContext">
-      Oracle Java 7</a>. Note: There is overlap between this attribute and
-      <code>sslEnabledProtocols</code>.</p>
     </attribute>
 
     <attribute name="trustManagerClassName" required="false">