From 1c868bcb61c48f71b92c4a6f4ceac3f4a23cd476 Mon Sep 17 00:00:00 2001
From: Noriko Hosoi <nhosoi@redhat.com>
Date: Thu, 12 Mar 2015 14:18:41 -0700
Subject: [PATCH] Ticket #48130 - Add "+all" and
 "-TLS_RSA_WITH_AES_128_GCM_SHA256" to Console Cipher Preference for TLS

Description: Console needs to adjust the cipher settings in nsSSL3Ciphers
(cn=encryption,cn=config) to the server side's SSL updates.
---
 src/com/netscape/admin/dirserv/panel/EncryptionPanel.java | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/src/com/netscape/admin/dirserv/panel/EncryptionPanel.java b/src/com/netscape/admin/dirserv/panel/EncryptionPanel.java
index 6b2cbc3..4985cff 100644
--- a/src/com/netscape/admin/dirserv/panel/EncryptionPanel.java
+++ b/src/com/netscape/admin/dirserv/panel/EncryptionPanel.java
@@ -415,8 +415,8 @@ public class EncryptionPanel extends BlankPanel
 		Frame f = getModel().getFrame();
 		CipherPreferenceDialog dlg;
 
-		Debug.println(4, 
-			"EncryptionPanel.showCipherPreferenceDialog: cipher = " + cipher);
+		Debug.println(4, "EncryptionPanel.showCipherPreferenceDialog: cipher = " + cipher);
+		Debug.println(4, "EncryptionPanel.showCipherPreferenceDialog: TLS_OFF = " + _configData.CIPHER_TLS_OFF);
 		dlg = new CipherPreferenceDialog(f, null, _configData.CIPHER_SSL3_OFF, _configData.CIPHER_TLS_OFF);
 		dlg.setCipherEnabled(dlg.SSL_V3, _configData.cipherPrefs);
 		dlg.setCipherEnabled(dlg.SSL_TLS, _configData.cipherPrefs);
@@ -774,11 +774,13 @@ class EncryptionConfigData {
 										  "-fortezza_null";
 
 	// Cipher list to build the TLS tab in the cipher dialog
-	static final String CIPHER_TLS_OFF =  "-tls_rsa_export1024_with_rc4_56_sha," +
+	static final String CIPHER_TLS_OFF =  "+all," +
+	                                      "-tls_rsa_export1024_with_rc4_56_sha," +
 	                                      "-tls_rsa_export1024_with_des_cbc_sha," +
 	                                      "-tls_rsa_aes_128_sha," +
-	                                      "-tls_rsa_aes_256_sha";
-										  
+	                                      "-tls_rsa_aes_256_sha," +
+	                                      "-TLS_RSA_WITH_AES_128_GCM_SHA256";
+
 	// Reads the directory and initializes this instance
 	public void readFromDirectory(LDAPConnection ldc, LDAPConnection sieldc, String sieDn)
 	throws LDAPException {
-- 
1.9.3