diff options
author | cfu <cfu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2010-11-22 17:13:41 +0000 |
---|---|---|
committer | cfu <cfu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2010-11-22 17:13:41 +0000 |
commit | 5b0a67e97e403b9529b0aeb1f28a34fcafd4c564 (patch) | |
tree | 1f2fabcb90f4f7eab19c7b175fb3e7c051930e80 /pki/base/console/src/com | |
parent | 9d7cd2e5956a8d5fe7ae3b3c7a6b6c91fd4e3c1e (diff) | |
download | pki-5b0a67e97e403b9529b0aeb1f28a34fcafd4c564.tar.gz pki-5b0a67e97e403b9529b0aeb1f28a34fcafd4c564.tar.xz pki-5b0a67e97e403b9529b0aeb1f28a34fcafd4c564.zip |
Bug 651977 - turn off ssl2 for java servers (server.xml) - patch 2
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@1583 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
Diffstat (limited to 'pki/base/console/src/com')
-rw-r--r-- | pki/base/console/src/com/netscape/admin/certsrv/connection/JSSConnection.java | 21 |
1 files changed, 16 insertions, 5 deletions
diff --git a/pki/base/console/src/com/netscape/admin/certsrv/connection/JSSConnection.java b/pki/base/console/src/com/netscape/admin/certsrv/connection/JSSConnection.java index bc9b8dd94..27292b3d9 100644 --- a/pki/base/console/src/com/netscape/admin/certsrv/connection/JSSConnection.java +++ b/pki/base/console/src/com/netscape/admin/certsrv/connection/JSSConnection.java @@ -98,15 +98,23 @@ public class JSSConnection implements IConnection, SSLCertificateApprovalCallbac // SSLSocket needs to be set before getting an instance // to get the ciphers + SSLSocket.enableSSL2Default(false); SSLSocket.enableSSL3Default(true); int TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA = 0xC005; int TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = 0xC00A; int ciphers[] = SSLSocket.getImplementedCipherSuites(); for (int i = 0; ciphers != null && i < ciphers.length; i++) { - Debug.println("JSSConnection Debug: NSS Cipher Supported '0x" + - Integer.toHexString(ciphers[i]) + "'"); - SSLSocket.setCipherPreferenceDefault(ciphers[i], true); + // make sure SSLv2 ciphers are not enabled + if ((ciphers[i] & 0xfff0) !=0xff00) { + Debug.println("JSSConnection Debug: non-SSL2 NSS Cipher Supported '0x" + + Integer.toHexString(ciphers[i]) + "'"); + SSLSocket.setCipherPreferenceDefault(ciphers[i], true); + } else { + Debug.println("JSSConnection Debug: SSL2 (turned off) NSS Cipher Supported '0x" + + Integer.toHexString(ciphers[i]) + "'"); + SSLSocket.setCipherPreferenceDefault(ciphers[i], false); + } /* Enable ECC Cipher */ @@ -120,8 +128,11 @@ public class JSSConnection implements IConnection, SSLCertificateApprovalCallbac } } s = new SSLSocket(host, port, null, 0, this, this); -// s.enableSSL3(true); -// s.enableSSL3Default(true); + s.enableSSL2(false); + s.enableSSL2Default(false); + s.enableV2CompatibleHello(false); + s.enableSSL3(true); + s.enableSSL3Default(true); // Initialze Http Input and Output Streams httpIn = s.getInputStream(); |