From 085ec933c5fce3e2e8d8a3f83b1b083fce9d0020 Mon Sep 17 00:00:00 2001
From: Greg Wilkins <gregw@webtide.com>
Date: Thu, 23 Jul 2015 09:36:19 +1000
Subject: [PATCH] 473294 - Fixed include cipher suites support for wildcards

---
 .../org/eclipse/jetty/util/ssl/SslContextFactory.java    | 9 ++++++---
 .../eclipse/jetty/util/ssl/SslContextFactoryTest.java    | 8 +++++---
 2 files changed, 11 insertions(+), 6 deletions(-)

diff --git a/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java b/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java
index f448f43d7fc..6f982352f8d 100644
--- a/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java
+++ b/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java
@@ -1247,19 +1247,22 @@ public class SslContextFactory extends AbstractLifeCycle
 
     protected void processIncludeCipherSuites(String[] supportedCipherSuites, List<String> selected_ciphers)
     {
-        ciphers: for (String cipherSuite : _includeCipherSuites)
+        for (String cipherSuite : _includeCipherSuites)
         {
             Pattern p = Pattern.compile(cipherSuite);
+            boolean added=false;
             for (String supportedCipherSuite : supportedCipherSuites)
             {
                 Matcher m = p.matcher(supportedCipherSuite);
                 if (m.matches())
                 {
+                    added=true;
                     selected_ciphers.add(supportedCipherSuite);
-                    continue ciphers;
                 }
+                
             }
-            LOG.info("Cipher {} not supported",cipherSuite);
+            if (!added)
+                LOG.info("No Cipher matching '{}' is supported",cipherSuite);
         }
     }
 
diff --git a/jetty-util/src/test/java/org/eclipse/jetty/util/ssl/SslContextFactoryTest.java b/jetty-util/src/test/java/org/eclipse/jetty/util/ssl/SslContextFactoryTest.java
index 4cd305eed22..35bc5738544 100644
--- a/jetty-util/src/test/java/org/eclipse/jetty/util/ssl/SslContextFactoryTest.java
+++ b/jetty-util/src/test/java/org/eclipse/jetty/util/ssl/SslContextFactoryTest.java
@@ -28,6 +28,7 @@ import static org.junit.Assert.assertTrue;
 import java.io.IOException;
 import java.io.InputStream;
 import java.security.KeyStore;
+import java.util.Arrays;
 
 import javax.net.ssl.SSLEngine;
 
@@ -204,13 +205,14 @@ public class SslContextFactoryTest
     @Test
     public void testSetIncludeCipherSuitesRegex() throws Exception
     {
-        cf.setIncludeCipherSuites(".*RC4.*");
+        Log.getLogger(SslContextFactory.class).setDebugEnabled(true);
+        cf.setIncludeCipherSuites(".*ECDHE.*",".*WIBBLE.*");
         cf.start();
         SSLEngine sslEngine = cf.newSSLEngine();
         String[] enabledCipherSuites = sslEngine.getEnabledCipherSuites();
-        assertThat("At least 1 cipherSuite is enabled", enabledCipherSuites.length, greaterThan(0));
+        assertThat("At least 1 cipherSuite is enabled", enabledCipherSuites.length, greaterThan(1));
         for (String enabledCipherSuite : enabledCipherSuites)
-            assertThat("CipherSuite contains RC4", enabledCipherSuite.contains("RC4"), is(true));
+            assertThat("CipherSuite contains ECDHE", enabledCipherSuite.contains("ECDHE"), is(true));
     }
 
     @Test