[Pki-devel] [PATCH] 975 Moved default SSL configuration out of PKIConnection.

Fri, 17 Mar 2017 10:33:58 -0700 

To prevent conflicts, the code that configures the default SSL
version ranges and ciphers for all SSL sockets created afterwards
has been moved out of PKIConnection into the main program (i.e.
PKI CLI).

Pushed to master under trivial rule.

--
Endi S. Dewata

>From d06e291b25087dfd4cd70e6f97e2c0f4f84bd121 Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" <[email protected]>
Date: Fri, 17 Mar 2017 09:11:52 +0100
Subject: [PATCH] Moved default SSL configuration out of PKIConnection.

To prevent conflicts, the code that configures the default SSL
version ranges and ciphers for all SSL sockets created afterwards
has been moved out of PKIConnection into the main program (i.e.
PKI CLI).
---
 base/common/src/com/netscape/certsrv/client/PKIConnection.java | 6 ------
 base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java     | 5 +++++
 2 files changed, 5 insertions(+), 6 deletions(-)

diff --git a/base/common/src/com/netscape/certsrv/client/PKIConnection.java b/base/common/src/com/netscape/certsrv/client/PKIConnection.java
index 2c979eac22db32036b2653a510a561e0a979d7a9..b75e3326ec4509cff25dcf148230c909fa00177b 100644
--- a/base/common/src/com/netscape/certsrv/client/PKIConnection.java
+++ b/base/common/src/com/netscape/certsrv/client/PKIConnection.java
@@ -83,8 +83,6 @@ import org.mozilla.jss.ssl.SSLCertificateApprovalCallback;
 import org.mozilla.jss.ssl.SSLSocket;
 
 import com.netscape.certsrv.base.PKIException;
-import com.netscape.cmsutil.crypto.CryptoUtil;
-import com.netscape.cmsutil.crypto.CryptoUtil.SSLVersion;
 
 public class PKIConnection {
 
@@ -332,10 +330,6 @@ public class PKIConnection {
                 localAddr = localAddress.getAddress();
             }
 
-            CryptoUtil.setSSLStreamVersionRange(SSLVersion.TLS_1_0, SSLVersion.TLS_1_2);
-            CryptoUtil.setSSLDatagramVersionRange(SSLVersion.TLS_1_1, SSLVersion.TLS_1_2);
-            CryptoUtil.setClientCiphers();
-
             SSLSocket socket;
             if (sock == null) {
                 socket = new SSLSocket(InetAddress.getByName(hostName),
diff --git a/base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java b/base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java
index 75904edc69b822b56007c0935f66d8b1b20960a3..4c0a9182341f62b8718f4202b0825a7cdc2068d4 100644
--- a/base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java
+++ b/base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java
@@ -59,6 +59,7 @@ import com.netscape.cmstools.pkcs12.PKCS12CLI;
 import com.netscape.cmstools.system.SecurityDomainCLI;
 import com.netscape.cmstools.user.UserCLI;
 import com.netscape.cmsutil.crypto.CryptoUtil;
+import com.netscape.cmsutil.crypto.CryptoUtil.SSLVersion;
 
 /**
  * @author Endi S. Dewata
@@ -518,6 +519,10 @@ public class MainCLI extends CLI {
 
         }
 
+        CryptoUtil.setSSLStreamVersionRange(SSLVersion.TLS_1_0, SSLVersion.TLS_1_2);
+        CryptoUtil.setSSLDatagramVersionRange(SSLVersion.TLS_1_1, SSLVersion.TLS_1_2);
+        CryptoUtil.setClientCiphers();
+
         client = new PKIClient(config, null);
         client.setVerbose(verbose);
 
-- 
2.9.3


_______________________________________________
Pki-devel mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/pki-devel

Reply via email to