From 46d7be6f5d24e025df30b382065addfb30c8032f Mon Sep 17 00:00:00 2001
From: Christina Fu <cfu@redhat.com>
Date: Tue, 18 Nov 2014 18:28:53 -0800
Subject: bugzilla 871171 (client-side code) Provide Tomcat support for TLS
 v1.1 and TLS v1.2

---
 .../src/com/netscape/cmscore/ldapconn/LdapJssSSLSocketFactory.java | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

(limited to 'base/server/cmscore/src/com/netscape/cmscore/ldapconn')

diff --git a/base/server/cmscore/src/com/netscape/cmscore/ldapconn/LdapJssSSLSocketFactory.java b/base/server/cmscore/src/com/netscape/cmscore/ldapconn/LdapJssSSLSocketFactory.java
index 4d9e60251..720882a15 100644
--- a/base/server/cmscore/src/com/netscape/cmscore/ldapconn/LdapJssSSLSocketFactory.java
+++ b/base/server/cmscore/src/com/netscape/cmscore/ldapconn/LdapJssSSLSocketFactory.java
@@ -51,12 +51,11 @@ public class LdapJssSSLSocketFactory implements LDAPSSLSocketFactoryExt {
         SSLSocket s = null;
 
         try {
-            SSLSocket.enableSSL2Default(false);
+            /*
+             * let inherit TLS range and cipher settings
+             */
             s = new SSLSocket(host, port);
             s.setUseClientMode(true);
-            s.enableSSL2(false);
-            //TODO Do we really want to set the default each time?
-            SSLSocket.enableSSL2Default(false);
             s.enableV2CompatibleHello(false);
 
             SSLHandshakeCompletedListener listener = null;
-- 
cgit