Karthik Krishnamoorthy wrote:
> Wan-Teh Chang wrote: > > Karthik Krishnamoorthy wrote: > > > > > > > > Thanks for your help with this, I see what you mean and looking > at the > > > JSS libraries it looks like only a subset of NSS has been > implemented in > > > JSS. Currently it seems like there is no option to implement an > > > equivalent of the above with JSS. > > > > You are right. There are options to enable/disable SSLv2 > > and SSLv3 but not TLS. I just filed an RFE: > > http://bugzilla.mozilla.org/show_bug.cgi?id=208193. > > > > So, the only way to disable TLS right now is to disable > > all the TLS cipher suites individually. See > > > http://www.mozilla.org/projects/security/pki/jss/javadoc/org/mozilla/jss/ssl/SSLSocket.html > > > for a list of all the ciphers, then call > > SSLSocket.setCipherPreference on all the TLS_ ciphers > > to turn them off. (Or you can call > > setCipherPreferenceDefault, and all sockets created > > subsequently will have it disabled.) > > Thanks, I tried this and the TLS ciphers seem to be disabled but it > still seems to use version 3.1. The stack trace confirms this. I used > the setCipherPreferenceDefault method. You are right. My suggestion doesn't work. So you'll need to either fix the web server or wait for a new JSS release with the enableTLS method. Wan-Teh
