diff options
author | cfu <cfu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2010-11-22 17:13:41 +0000 |
---|---|---|
committer | cfu <cfu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2010-11-22 17:13:41 +0000 |
commit | 5b0a67e97e403b9529b0aeb1f28a34fcafd4c564 (patch) | |
tree | 1f2fabcb90f4f7eab19c7b175fb3e7c051930e80 /pki/base/util/src/com/netscape | |
parent | 9d7cd2e5956a8d5fe7ae3b3c7a6b6c91fd4e3c1e (diff) | |
download | pki-5b0a67e97e403b9529b0aeb1f28a34fcafd4c564.tar.gz pki-5b0a67e97e403b9529b0aeb1f28a34fcafd4c564.tar.xz pki-5b0a67e97e403b9529b0aeb1f28a34fcafd4c564.zip |
Bug 651977 - turn off ssl2 for java servers (server.xml) - patch 2
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@1583 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
Diffstat (limited to 'pki/base/util/src/com/netscape')
-rw-r--r-- | pki/base/util/src/com/netscape/cmsutil/http/JssSSLSocketFactory.java | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/pki/base/util/src/com/netscape/cmsutil/http/JssSSLSocketFactory.java b/pki/base/util/src/com/netscape/cmsutil/http/JssSSLSocketFactory.java index 91cf9ca43..e24fbb0aa 100644 --- a/pki/base/util/src/com/netscape/cmsutil/http/JssSSLSocketFactory.java +++ b/pki/base/util/src/com/netscape/cmsutil/http/JssSSLSocketFactory.java @@ -60,15 +60,16 @@ public class JssSSLSocketFactory implements ISocketFactory { for (i = SSLSocket.SSL2_RC4_128_WITH_MD5; i <= SSLSocket.SSL2_RC2_128_CBC_EXPORT40_WITH_MD5; ++i) { try { - SSLSocket.setCipherPreferenceDefault(i, true); + SSLSocket.setCipherPreferenceDefault(i, false); } catch( SocketException e) { } } + //skip SSL_EN_IDEA_128_EDE3_CBC_WITH_MD5 for (i = SSLSocket.SSL2_DES_64_CBC_WITH_MD5; i <= SSLSocket.SSL2_DES_192_EDE3_CBC_WITH_MD5; ++i) { try { - SSLSocket.setCipherPreferenceDefault(i, true); + SSLSocket.setCipherPreferenceDefault(i, false); } catch( SocketException e) { } } @@ -94,6 +95,9 @@ public class JssSSLSocketFactory implements ISocketFactory { s = new SSLSocket(host, port, null, 0, certApprovalCallback, clientCertCallback); s.setUseClientMode(true); + s.enableSSL2(false); + s.enableSSL2Default(false); + s.enableV2CompatibleHello(false); SSLHandshakeCompletedListener listener = null; |