diff options
author | Christina Fu <cfu@redhat.com> | 2014-11-21 18:03:01 -0800 |
---|---|---|
committer | Christina Fu <cfu@redhat.com> | 2014-11-24 11:48:24 -0800 |
commit | c0e3716fe43b87139bae57dba992fe0376bd215d (patch) | |
tree | 8c60a8ea4325ba354f83a6ad8db0a4aeeb07220a /base/console | |
parent | 4f5b0e0094c1be9bdda63ae82dcfe52a3d036751 (diff) | |
download | pki-c0e3716fe43b87139bae57dba992fe0376bd215d.tar.gz pki-c0e3716fe43b87139bae57dba992fe0376bd215d.tar.xz pki-c0e3716fe43b87139bae57dba992fe0376bd215d.zip |
Ticket 1206 (java console) TLS range support: code change needed for cs when acting as client
Diffstat (limited to 'base/console')
-rw-r--r-- | base/console/src/com/netscape/admin/certsrv/connection/JSSConnection.java | 53 |
1 files changed, 17 insertions, 36 deletions
diff --git a/base/console/src/com/netscape/admin/certsrv/connection/JSSConnection.java b/base/console/src/com/netscape/admin/certsrv/connection/JSSConnection.java index e606cd5c4..a686a5af1 100644 --- a/base/console/src/com/netscape/admin/certsrv/connection/JSSConnection.java +++ b/base/console/src/com/netscape/admin/certsrv/connection/JSSConnection.java @@ -96,43 +96,24 @@ public class JSSConnection implements IConnection, SSLCertificateApprovalCallbac } catch (Exception e) { } - // SSLSocket needs to be set before getting an instance - // to get the ciphers - SSLSocket.enableSSL2Default(false); - SSLSocket.enableSSL3Default(true); - int TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA = 0xC005; - int TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = 0xC00A; - - int ciphers[] = SSLSocket.getImplementedCipherSuites(); - for (int i = 0; ciphers != null && i < ciphers.length; i++) { - // make sure SSLv2 ciphers are not enabled - if ((ciphers[i] & 0xfff0) !=0xff00) { - Debug.println("JSSConnection Debug: non-SSL2 NSS Cipher Supported '0x" + - Integer.toHexString(ciphers[i]) + "'"); - SSLSocket.setCipherPreferenceDefault(ciphers[i], true); - } else { - Debug.println("JSSConnection Debug: SSL2 (turned off) NSS Cipher Supported '0x" + - Integer.toHexString(ciphers[i]) + "'"); - SSLSocket.setCipherPreferenceDefault(ciphers[i], false); - } - - /* Enable ECC Cipher */ - - if (ciphers[i] == TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA) { - Debug.println("JSSConnection Debug: found TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, setting preference"); - SSLSocket.setCipherPreferenceDefault(TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, true); - } - if (ciphers[i] == TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA) { - Debug.println("JSSConnection Debug: found TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, setting preference"); - SSLSocket.setCipherPreferenceDefault(TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, true); - } - } + org.mozilla.jss.ssl.SSLSocket.SSLVersionRange stream_range = + new org.mozilla.jss.ssl.SSLSocket.SSLVersionRange( + org.mozilla.jss.ssl.SSLSocket.SSLVersionRange.tls1_0, + org.mozilla.jss.ssl.SSLSocket.SSLVersionRange.tls1_2); + + SSLSocket.setSSLVersionRangeDefault( + org.mozilla.jss.ssl.SSLSocket.SSLProtocolVariant.STREAM, + stream_range); + + org.mozilla.jss.ssl.SSLSocket.SSLVersionRange datagram_range = + new org.mozilla.jss.ssl.SSLSocket.SSLVersionRange( + org.mozilla.jss.ssl.SSLSocket.SSLVersionRange.tls1_1, + org.mozilla.jss.ssl.SSLSocket.SSLVersionRange.tls1_2); + + SSLSocket.setSSLVersionRangeDefault( + org.mozilla.jss.ssl.SSLSocket.SSLProtocolVariant.DATA_GRAM, + datagram_range); s = new SSLSocket(host, port, null, 0, this, this); - s.enableSSL2(false); - s.enableSSL2Default(false); - s.enableV2CompatibleHello(false); - s.enableSSL3(true); - s.enableSSL3Default(true); // Initialze Http Input and Output Streams httpIn = s.getInputStream(); |