Karthik Krishnamoorthy wrote: > > Thanks for your help with this, I see what you mean and looking at the > JSS libraries it looks like only a subset of NSS has been implemented in > JSS. Currently it seems like there is no option to implement an > equivalent of the above with JSS.
You are right. There are options to enable/disable SSLv2 and SSLv3 but not TLS. I just filed an RFE: http://bugzilla.mozilla.org/show_bug.cgi?id=208193. So, the only way to disable TLS right now is to disable all the TLS cipher suites individually. See http://www.mozilla.org/projects/security/pki/jss/javadoc/org/mozilla/jss/ssl/SSLSocket.html for a list of all the ciphers, then call SSLSocket.setCipherPreference on all the TLS_ ciphers to turn them off. (Or you can call setCipherPreferenceDefault, and all sockets created subsequently will have it disabled.) The best solution is to fix the TLS intolerant web server or use another web server. If the web server is still being maintained, could you submit a bug report to its maintainers? Wan-Teh
