bugzilla 871171 (client-side code) Provide Tomcat support for TLS v1.1 and TLS v1.2

author: Christina Fu <cfu@redhat.com> 2014-11-18 18:28:53 -0800
committer: Christina Fu <cfu@redhat.com> 2014-11-21 09:55:33 -0800
commit: 46d7be6f5d24e025df30b382065addfb30c8032f (patch)
tree: e025247ed79d9a9c99614a24e1d26fb9a7d320b4 /base/common/src/com
parent: 99d571cee64846e8e1cfbc129aa0081b2f1f95e0 (diff)
1 files changed, 19 insertions, 0 deletions
diff --git a/base/common/src/com/netscape/certsrv/client/PKIConnection.java b/base/common/src/com/netscape/certsrv/client/PKIConnection.java
index 50e6f6458..0ecee4d8e 100644
--- a/base/common/src/com/netscape/certsrv/client/PKIConnection.java
+++ b/base/common/src/com/netscape/certsrv/client/PKIConnection.java
@@ -476,6 +476,23 @@ public class PKIConnection {
                 localAddr = localAddress.getAddress();
             }
 
+            org.mozilla.jss.ssl.SSLSocket.SSLVersionRange stream_range =
+                new org.mozilla.jss.ssl.SSLSocket.SSLVersionRange(
+                    org.mozilla.jss.ssl.SSLSocket.SSLVersionRange.tls1_0,
+                    org.mozilla.jss.ssl.SSLSocket.SSLVersionRange.tls1_2);
+
+            SSLSocket.setSSLVersionRangeDefault(
+                    org.mozilla.jss.ssl.SSLSocket.SSLProtocolVariant.STREAM,
+                    stream_range);
+
+            org.mozilla.jss.ssl.SSLSocket.SSLVersionRange datagram_range =
+                new org.mozilla.jss.ssl.SSLSocket.SSLVersionRange(
+                    org.mozilla.jss.ssl.SSLSocket.SSLVersionRange.tls1_1,
+                    org.mozilla.jss.ssl.SSLSocket.SSLVersionRange.tls1_2);
+
+            SSLSocket.setSSLVersionRangeDefault(
+                    org.mozilla.jss.ssl.SSLSocket.SSLProtocolVariant.DATA_GRAM,
+                    datagram_range);
             SSLSocket socket;
             if (sock == null) {
                 socket = new SSLSocket(InetAddress.getByName(hostName),
@@ -488,6 +505,8 @@ public class PKIConnection {
             } else {
                 socket = new SSLSocket(sock, hostName, new ServerCertApprovalCB(), null);
             }
+// setSSLVersionRange needs to be exposed in jss
+//            socket.setSSLVersionRange(org.mozilla.jss.ssl.SSLSocket.SSLVersionRange.tls1_0, org.mozilla.jss.ssl.SSLSocket.SSLVersionRange.tls1_2);
 
             String certNickname = config.getCertNickname();
             if (certNickname != null) {
author	Christina Fu <cfu@redhat.com>	2014-11-18 18:28:53 -0800
committer	Christina Fu <cfu@redhat.com>	2014-11-21 09:55:33 -0800
commit	46d7be6f5d24e025df30b382065addfb30c8032f (patch)
tree	e025247ed79d9a9c99614a24e1d26fb9a7d320b4 /base/common/src/com
parent	99d571cee64846e8e1cfbc129aa0081b2f1f95e0 (diff)