diff options
author | Christina Fu <cfu@redhat.com> | 2012-08-23 14:21:23 -0700 |
---|---|---|
committer | Christina Fu <cfu@redhat.com> | 2012-08-23 14:21:23 -0700 |
commit | b0476b964e03c23e028c22c51a75af1e82cfd673 (patch) | |
tree | 06bd0cfe27fb7636109142fb6c6a9c5362d9a9c7 | |
parent | e00930c078ce665753c29f65b23b9128de776984 (diff) | |
download | pki-b0476b964e03c23e028c22c51a75af1e82cfd673.tar.gz pki-b0476b964e03c23e028c22c51a75af1e82cfd673.tar.xz pki-b0476b964e03c23e028c22c51a75af1e82cfd673.zip |
https://fedorahosted.org/pki/ticket/241
TPS ECC: when TPS server acts as an ECC SSL client to CA, TKS, or DRM, it needs to support ECC ciphers
-rw-r--r-- | base/tps/src/httpClient/engine.cpp | 20 |
1 files changed, 12 insertions, 8 deletions
diff --git a/base/tps/src/httpClient/engine.cpp b/base/tps/src/httpClient/engine.cpp index 621a37244..0e0897e62 100644 --- a/base/tps/src/httpClient/engine.cpp +++ b/base/tps/src/httpClient/engine.cpp @@ -183,21 +183,22 @@ int ssl3Suites[] = { }; int tlsSuites[] = { -// TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, -// TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, -// TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, + TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, + TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, + TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, -// TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, -// TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, -// TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, + TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, + TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, - TLS_DHE_RSA_WITH_AES_256_CBC_SHA + TLS_DHE_RSA_WITH_AES_256_CBC_SHA, + 0 }; void disableAllCiphersOnSocket(PRFileDesc* sock) { @@ -539,6 +540,9 @@ void __EXPORT setDefaultAllTLSCiphers() { alg); SSL_CipherPrefSetDefault(tlsSuites[i++], PR_TRUE); } + RA::Debug( LL_PER_PDU, + "setDefaultAllTLSCiphers", + "number of ciphers set:%d", i); } /** @@ -557,7 +561,6 @@ PRFileDesc * Engine::_doConnect(PRNetAddr *addr, PRBool SSLOn, PRFileDesc *tcpsock = NULL; PRFileDesc *sock = NULL; - SSL_CipherPrefSetDefault(0xC005 /* TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA */, PR_TRUE); setDefaultAllTLSCiphers(); tcpsock = PR_OpenTCPSocket(addr->raw.family); @@ -734,6 +737,7 @@ PSHttpResponse * HttpEngine::makeRequest( PSHttpRequest &request, char *nickName = request.getCertNickName(); char *serverName = (char *)server.getAddr(); + sock = _doConnect( &addr, request.isSSL(), 0, 0,nickName, 0, serverName ); if ( sock != NULL) { |