Added configuration parameters for SSL version ranges.

The hard-coded SSL version ranges in PKI CLI have been converted
into configurable parameters in the pki.conf.

1 files changed, 18 insertions, 2 deletions

diff --git a/base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java b/base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java
index 8f575dbf7..b3de8757f 100644
--- a/base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java
+++ b/base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java
@@ -519,8 +519,24 @@ public class MainCLI extends CLI {
 
         }
 
-        CryptoUtil.setSSLStreamVersionRange(SSLVersion.TLS_1_0, SSLVersion.TLS_1_2);
-        CryptoUtil.setSSLDatagramVersionRange(SSLVersion.TLS_1_1, SSLVersion.TLS_1_2);
+        // See default SSL configuration in /usr/share/pki/etc/pki.conf.
+
+        String streamVersionMin = System.getenv("SSL_STREAM_VERSION_MIN");
+        String streamVersionMax = System.getenv("SSL_STREAM_VERSION_MAX");
+
+        CryptoUtil.setSSLStreamVersionRange(
+                SSLVersion.valueOf(streamVersionMin),
+                SSLVersion.valueOf(streamVersionMax)
+        );
+
+        String datagramVersionMin = System.getenv("SSL_DATAGRAM_VERSION_MIN");
+        String datagramVersionMax = System.getenv("SSL_DATAGRAM_VERSION_MAX");
+
+        CryptoUtil.setSSLDatagramVersionRange(
+                SSLVersion.valueOf(datagramVersionMin),
+                SSLVersion.valueOf(datagramVersionMax)
+        );
+
         CryptoUtil.setClientCiphers();
     }