summaryrefslogtreecommitdiffstats
path: root/base
diff options
context:
space:
mode:
authorChristina Fu <cfu@redhat.com>2012-08-23 14:34:24 -0700
committerChristina Fu <cfu@redhat.com>2012-08-23 14:34:24 -0700
commit358fdea85e8bcb482c40a9dc2c7fa72db03974cd (patch)
treebad6ff50038128a0799b90ba4e1e31b7b6cc2a36 /base
parenta7c3ff60550cab8cb7c398987d242f35048741ad (diff)
downloadpki-358fdea85e8bcb482c40a9dc2c7fa72db03974cd.tar.gz
pki-358fdea85e8bcb482c40a9dc2c7fa72db03974cd.tar.xz
pki-358fdea85e8bcb482c40a9dc2c7fa72db03974cd.zip
https://fedorahosted.org/pki/ticket/241
TPS ECC: when TPS server acts as an ECC SSL client to CA, TKS, or DRM, it needs to support ECC ciphers
Diffstat (limited to 'base')
-rw-r--r--base/tps/src/httpClient/engine.cpp20
1 files changed, 12 insertions, 8 deletions
diff --git a/base/tps/src/httpClient/engine.cpp b/base/tps/src/httpClient/engine.cpp
index 621a37244..0e0897e62 100644
--- a/base/tps/src/httpClient/engine.cpp
+++ b/base/tps/src/httpClient/engine.cpp
@@ -183,21 +183,22 @@ int ssl3Suites[] = {
};
int tlsSuites[] = {
-// TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
-// TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
-// TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
+ TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
+ TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
+ TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
TLS_RSA_WITH_AES_128_CBC_SHA,
TLS_RSA_WITH_AES_256_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
-// TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
-// TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
-// TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+ TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
+ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
- TLS_DHE_RSA_WITH_AES_256_CBC_SHA
+ TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
+ 0
};
void disableAllCiphersOnSocket(PRFileDesc* sock) {
@@ -539,6 +540,9 @@ void __EXPORT setDefaultAllTLSCiphers() {
alg);
SSL_CipherPrefSetDefault(tlsSuites[i++], PR_TRUE);
}
+ RA::Debug( LL_PER_PDU,
+ "setDefaultAllTLSCiphers",
+ "number of ciphers set:%d", i);
}
/**
@@ -557,7 +561,6 @@ PRFileDesc * Engine::_doConnect(PRNetAddr *addr, PRBool SSLOn,
PRFileDesc *tcpsock = NULL;
PRFileDesc *sock = NULL;
- SSL_CipherPrefSetDefault(0xC005 /* TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA */, PR_TRUE);
setDefaultAllTLSCiphers();
tcpsock = PR_OpenTCPSocket(addr->raw.family);
@@ -734,6 +737,7 @@ PSHttpResponse * HttpEngine::makeRequest( PSHttpRequest &request,
char *nickName = request.getCertNickName();
char *serverName = (char *)server.getAddr();
+
sock = _doConnect( &addr, request.isSSL(), 0, 0,nickName, 0, serverName );
if ( sock != NULL) {