Bug 651977 - turn off ssl2 for java servers (server.xml) - patch 2

git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@1583 c9f7a03b-bd48-0410-a16d-cbbf54688b0b

1 files changed, 3 insertions, 0 deletions

diff --git a/pki/base/common/src/com/netscape/cmscore/security/JssSubsystem.java b/pki/base/common/src/com/netscape/cmscore/security/JssSubsystem.java
index 08615264e..cf63a770b 100644
--- a/pki/base/common/src/com/netscape/cmscore/security/JssSubsystem.java
+++ b/pki/base/common/src/com/netscape/cmscore/security/JssSubsystem.java
@@ -131,6 +131,7 @@ public final class JssSubsystem implements ICryptoSubsystem {
     static {
 
         /* set ssl cipher string names. */
+        /* disallowing SSL2 ciphers to be turned on
         mCipherNames.put(Constants.PR_SSL2_RC4_128_WITH_MD5,
             Integer.valueOf(SSLSocket.SSL2_RC4_128_WITH_MD5));
         mCipherNames.put(Constants.PR_SSL2_RC4_128_EXPORT40_WITH_MD5,
@@ -143,6 +144,7 @@ public final class JssSubsystem implements ICryptoSubsystem {
             Integer.valueOf(SSLSocket.SSL2_DES_64_CBC_WITH_MD5));
         mCipherNames.put(Constants.PR_SSL2_DES_192_EDE3_CBC_WITH_MD5,
             Integer.valueOf(SSLSocket.SSL2_DES_192_EDE3_CBC_WITH_MD5));
+        */
         mCipherNames.put(Constants.PR_SSL3_RSA_WITH_NULL_MD5,
             Integer.valueOf(SSLSocket.SSL3_RSA_WITH_NULL_MD5));
         mCipherNames.put(Constants.PR_SSL3_RSA_EXPORT_WITH_RC4_40_MD5,
@@ -389,6 +391,7 @@ public final class JssSubsystem implements ICryptoSubsystem {
                 if (sslcipher != null) {
                     String msg = "setting ssl cipher " + cipher;
 
+                    CMS.debug("JSSSubsystem: initSSL(): "+msg);
                     log(ILogger.LL_INFO, msg);
                     if (Debug.ON)
                         Debug.trace(msg);