diff options
| author | Endi S. Dewata <edewata@redhat.com> | 2017-03-17 09:11:52 +0100 |
|---|---|---|
| committer | Endi S. Dewata <edewata@redhat.com> | 2017-03-17 17:43:13 +0100 |
| commit | d06e291b25087dfd4cd70e6f97e2c0f4f84bd121 (patch) | |
| tree | 60c63168214a7a490485b36df8ddd6eda7273d1a | |
| parent | 8b85ace2a2761c8451a11b4df8f142bd291cd6d4 (diff) | |
| download | pki-d06e291b25087dfd4cd70e6f97e2c0f4f84bd121.tar.gz pki-d06e291b25087dfd4cd70e6f97e2c0f4f84bd121.tar.xz pki-d06e291b25087dfd4cd70e6f97e2c0f4f84bd121.zip | |
Moved default SSL configuration out of PKIConnection.
To prevent conflicts, the code that configures the default SSL
version ranges and ciphers for all SSL sockets created afterwards
has been moved out of PKIConnection into the main program (i.e.
PKI CLI).
| -rw-r--r-- | base/common/src/com/netscape/certsrv/client/PKIConnection.java | 6 | ||||
| -rw-r--r-- | base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java | 5 |
2 files changed, 5 insertions, 6 deletions
diff --git a/base/common/src/com/netscape/certsrv/client/PKIConnection.java b/base/common/src/com/netscape/certsrv/client/PKIConnection.java index 2c979eac2..b75e3326e 100644 --- a/base/common/src/com/netscape/certsrv/client/PKIConnection.java +++ b/base/common/src/com/netscape/certsrv/client/PKIConnection.java @@ -83,8 +83,6 @@ import org.mozilla.jss.ssl.SSLCertificateApprovalCallback; import org.mozilla.jss.ssl.SSLSocket; import com.netscape.certsrv.base.PKIException; -import com.netscape.cmsutil.crypto.CryptoUtil; -import com.netscape.cmsutil.crypto.CryptoUtil.SSLVersion; public class PKIConnection { @@ -332,10 +330,6 @@ public class PKIConnection { localAddr = localAddress.getAddress(); } - CryptoUtil.setSSLStreamVersionRange(SSLVersion.TLS_1_0, SSLVersion.TLS_1_2); - CryptoUtil.setSSLDatagramVersionRange(SSLVersion.TLS_1_1, SSLVersion.TLS_1_2); - CryptoUtil.setClientCiphers(); - SSLSocket socket; if (sock == null) { socket = new SSLSocket(InetAddress.getByName(hostName), diff --git a/base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java b/base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java index 75904edc6..4c0a91823 100644 --- a/base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java @@ -59,6 +59,7 @@ import com.netscape.cmstools.pkcs12.PKCS12CLI; import com.netscape.cmstools.system.SecurityDomainCLI; import com.netscape.cmstools.user.UserCLI; import com.netscape.cmsutil.crypto.CryptoUtil; +import com.netscape.cmsutil.crypto.CryptoUtil.SSLVersion; /** * @author Endi S. Dewata @@ -518,6 +519,10 @@ public class MainCLI extends CLI { } + CryptoUtil.setSSLStreamVersionRange(SSLVersion.TLS_1_0, SSLVersion.TLS_1_2); + CryptoUtil.setSSLDatagramVersionRange(SSLVersion.TLS_1_1, SSLVersion.TLS_1_2); + CryptoUtil.setClientCiphers(); + client = new PKIClient(config, null); client.setVerbose(verbose); |