Bugzilla 730146 - SSL handshake picks non-FIPS ciphers in FIPS mode

git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@2180 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
author: cfu <cfu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> 2011-08-26 00:02:29 +0000
committer: cfu <cfu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> 2011-08-26 00:02:29 +0000
commit: 4f6928cc0493ede41e90b6fa4e1cde570bd17336 (patch)
tree: f73d03580d02af6455a388366474cdc98c4e0819 /pki/base/tks/shared/conf
parent: e90d291d9a737369587711eb6a879d700a3c5d7b (diff)
download: pki-4f6928cc0493ede41e90b6fa4e1cde570bd17336.tar.gz
pki-4f6928cc0493ede41e90b6fa4e1cde570bd17336.tar.xz
pki-4f6928cc0493ede41e90b6fa4e1cde570bd17336.zip
1 files changed, 6 insertions, 3 deletions
diff --git a/pki/base/tks/shared/conf/server.xml b/pki/base/tks/shared/conf/server.xml
index ff33b9aa4..6217ce1d9 100644
--- a/pki/base/tks/shared/conf/server.xml
+++ b/pki/base/tks/shared/conf/server.xml
@@ -128,11 +128,12 @@ Tomcat Port         = [TOMCAT_SERVER_PORT] (for shutdown)
 	       ocspMinCacheEntryDuration="60"
 	       ocspMaxCacheEntryDuration="120"
 	       ocspTimeout="10"
+           strictCiphers="false"
 	       clientAuth="[PKI_AGENT_CLIENTAUTH]"
 	       sslOptions="[TOMCAT_SSL_OPTIONS]"
 	       ssl2Ciphers="[TOMCAT_SSL2_CIPHERS]"
 	       ssl3Ciphers="[TOMCAT_SSL3_CIPHERS]"
-	       tls3Ciphers="[TOMCAT_TLS3_CIPHERS]"
+	       tlsCiphers="[TOMCAT_TLS_CIPHERS]"
 	       serverCertNickFile="[PKI_INSTANCE_PATH]/conf/serverCertNick.conf"
 	       passwordFile="[PKI_INSTANCE_PATH]/conf/password.conf"
 	       passwordClass="org.apache.tomcat.util.net.jss.PlainPasswordFile"
@@ -146,11 +147,12 @@ Tomcat Port         = [TOMCAT_SERVER_PORT] (for shutdown)
 	       acceptCount="100" maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
 	       enableLookups="false" disableUploadTimeout="true"
 	       SSLImplementation="org.apache.tomcat.util.net.jss.JSSImplementation"
+           strictCiphers="false"
 	       clientAuth="false"
 	       sslOptions="[TOMCAT_SSL_OPTIONS]"
 	       ssl2Ciphers="[TOMCAT_SSL2_CIPHERS]"
 	       ssl3Ciphers="[TOMCAT_SSL3_CIPHERS]"
-	       tls3Ciphers="[TOMCAT_TLS3_CIPHERS]"
+	       tlsCiphers="[TOMCAT_TLS_CIPHERS]"
 	       serverCertNickFile="[PKI_INSTANCE_PATH]/conf/serverCertNick.conf"
 	       passwordFile="[PKI_INSTANCE_PATH]/conf/password.conf"
 	       passwordClass="org.apache.tomcat.util.net.jss.PlainPasswordFile"
@@ -163,11 +165,12 @@ Tomcat Port         = [TOMCAT_SERVER_PORT] (for shutdown)
 	       acceptCount="100" maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
 	       enableLookups="false" disableUploadTimeout="true"
 	       SSLImplementation="org.apache.tomcat.util.net.jss.JSSImplementation"
+           strictCiphers="false"
 	       clientAuth="false"
 	       sslOptions="[TOMCAT_SSL_OPTIONS]"
 	       ssl2Ciphers="[TOMCAT_SSL2_CIPHERS]"
 	       ssl3Ciphers="[TOMCAT_SSL3_CIPHERS]"
-	       tls3Ciphers="[TOMCAT_TLS3_CIPHERS]"
+	       tlsCiphers="[TOMCAT_TLS_CIPHERS]"
 	       serverCertNickFile="[PKI_INSTANCE_PATH]/conf/serverCertNick.conf"
 	       passwordFile="[PKI_INSTANCE_PATH]/conf/password.conf"
 	       passwordClass="org.apache.tomcat.util.net.jss.PlainPasswordFile"
author	cfu <cfu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b>	2011-08-26 00:02:29 +0000
committer	cfu <cfu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b>	2011-08-26 00:02:29 +0000
commit	4f6928cc0493ede41e90b6fa4e1cde570bd17336 (patch)
tree	f73d03580d02af6455a388366474cdc98c4e0819 /pki/base/tks/shared/conf
parent	e90d291d9a737369587711eb6a879d700a3c5d7b (diff)
download	pki-4f6928cc0493ede41e90b6fa4e1cde570bd17336.tar.gz pki-4f6928cc0493ede41e90b6fa4e1cde570bd17336.tar.xz pki-4f6928cc0493ede41e90b6fa4e1cde570bd17336.zip