From d06e291b25087dfd4cd70e6f97e2c0f4f84bd121 Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" <edewata@redhat.com>
Date: Fri, 17 Mar 2017 09:11:52 +0100
Subject: Moved default SSL configuration out of PKIConnection.

To prevent conflicts, the code that configures the default SSL
version ranges and ciphers for all SSL sockets created afterwards
has been moved out of PKIConnection into the main program (i.e.
PKI CLI).
---
 base/common/src/com/netscape/certsrv/client/PKIConnection.java | 6 ------
 1 file changed, 6 deletions(-)

(limited to 'base/common/src')

diff --git a/base/common/src/com/netscape/certsrv/client/PKIConnection.java b/base/common/src/com/netscape/certsrv/client/PKIConnection.java
index 2c979eac2..b75e3326e 100644
--- a/base/common/src/com/netscape/certsrv/client/PKIConnection.java
+++ b/base/common/src/com/netscape/certsrv/client/PKIConnection.java
@@ -83,8 +83,6 @@ import org.mozilla.jss.ssl.SSLCertificateApprovalCallback;
 import org.mozilla.jss.ssl.SSLSocket;
 
 import com.netscape.certsrv.base.PKIException;
-import com.netscape.cmsutil.crypto.CryptoUtil;
-import com.netscape.cmsutil.crypto.CryptoUtil.SSLVersion;
 
 public class PKIConnection {
 
@@ -332,10 +330,6 @@ public class PKIConnection {
                 localAddr = localAddress.getAddress();
             }
 
-            CryptoUtil.setSSLStreamVersionRange(SSLVersion.TLS_1_0, SSLVersion.TLS_1_2);
-            CryptoUtil.setSSLDatagramVersionRange(SSLVersion.TLS_1_1, SSLVersion.TLS_1_2);
-            CryptoUtil.setClientCiphers();
-
             SSLSocket socket;
             if (sock == null) {
                 socket = new SSLSocket(InetAddress.getByName(hostName),
-- 
cgit