From c0e3716fe43b87139bae57dba992fe0376bd215d Mon Sep 17 00:00:00 2001
From: Christina Fu <cfu@redhat.com>
Date: Fri, 21 Nov 2014 18:03:01 -0800
Subject: Ticket 1206 (java console) TLS range support: code change needed for
 cs when acting as client

---
 .../admin/certsrv/connection/JSSConnection.java    | 53 +++++++---------------
 1 file changed, 17 insertions(+), 36 deletions(-)

(limited to 'base/console')

diff --git a/base/console/src/com/netscape/admin/certsrv/connection/JSSConnection.java b/base/console/src/com/netscape/admin/certsrv/connection/JSSConnection.java
index e606cd5c4..a686a5af1 100644
--- a/base/console/src/com/netscape/admin/certsrv/connection/JSSConnection.java
+++ b/base/console/src/com/netscape/admin/certsrv/connection/JSSConnection.java
@@ -96,43 +96,24 @@ public class JSSConnection implements IConnection, SSLCertificateApprovalCallbac
         } catch (Exception e) {
         }
 
-        // SSLSocket needs to be set before getting an instance
-        // to get the ciphers
-        SSLSocket.enableSSL2Default(false);
-        SSLSocket.enableSSL3Default(true);
-        int TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA = 0xC005;
-        int TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = 0xC00A;
-
-        int ciphers[] = SSLSocket.getImplementedCipherSuites();
-        for (int i = 0; ciphers != null && i < ciphers.length; i++) {
-            // make sure SSLv2 ciphers are not enabled
-            if ((ciphers[i] & 0xfff0) !=0xff00) {
-                Debug.println("JSSConnection Debug: non-SSL2 NSS Cipher Supported '0x" +
-                Integer.toHexString(ciphers[i]) + "'");
-                SSLSocket.setCipherPreferenceDefault(ciphers[i], true);
-            } else {
-                Debug.println("JSSConnection Debug: SSL2 (turned off) NSS Cipher Supported '0x" +
-                Integer.toHexString(ciphers[i]) + "'");
-                SSLSocket.setCipherPreferenceDefault(ciphers[i], false);
-            }
-
-           /* Enable ECC Cipher */
-
-           if (ciphers[i] == TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA) {
-             Debug.println("JSSConnection Debug: found TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, setting preference");
-             SSLSocket.setCipherPreferenceDefault(TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, true);
-           }
-           if (ciphers[i] == TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA) {
-             Debug.println("JSSConnection Debug: found TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, setting preference");
-             SSLSocket.setCipherPreferenceDefault(TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, true);
-           }
-        }
+                org.mozilla.jss.ssl.SSLSocket.SSLVersionRange stream_range =
+                    new org.mozilla.jss.ssl.SSLSocket.SSLVersionRange(
+                        org.mozilla.jss.ssl.SSLSocket.SSLVersionRange.tls1_0,
+                        org.mozilla.jss.ssl.SSLSocket.SSLVersionRange.tls1_2);
+
+                SSLSocket.setSSLVersionRangeDefault(
+                    org.mozilla.jss.ssl.SSLSocket.SSLProtocolVariant.STREAM,
+                    stream_range);
+
+                org.mozilla.jss.ssl.SSLSocket.SSLVersionRange datagram_range =
+                    new org.mozilla.jss.ssl.SSLSocket.SSLVersionRange(
+                        org.mozilla.jss.ssl.SSLSocket.SSLVersionRange.tls1_1,
+                        org.mozilla.jss.ssl.SSLSocket.SSLVersionRange.tls1_2);
+
+                SSLSocket.setSSLVersionRangeDefault(
+                    org.mozilla.jss.ssl.SSLSocket.SSLProtocolVariant.DATA_GRAM,
+                    datagram_range);
 		s = new SSLSocket(host, port, null, 0, this, this);
-        s.enableSSL2(false);
-        s.enableSSL2Default(false);
-        s.enableV2CompatibleHello(false);
-        s.enableSSL3(true);
-        s.enableSSL3Default(true);
 
 		// Initialze Http Input and Output Streams
 		httpIn = s.getInputStream();
-- 
cgit