This tomcatjss patch is for the following bug:
*Bug 871171* <
https://bugzilla.redhat.com/show_bug.cgi?id=871171>
-Provide Tomcat support for TLS v1.1 and TLS v1.2 (Tomcatjss)
It provides the minimum code to support setting the ssl version range
from tomcatjss server.
The tlsv1.1 and 1.2 ciphers are made available as well.
This patch works in conjunction with the JSS patch that was sent out for
review.
Three are three new variables introduced in the server.xml :
sslVersionRangeStream - for stream protocol type. it takes a format of
"min:max" where min/max values can be "ssl3, tls1_0, tls1_1, or
tls1_2"
sslVersionRangeDatagram - for datagram protocol type. it takes a format
of "min:max" where min/max values can be "tls1_1, or tls1_2"
sslRangeCiphers - a complete list of ciphers you wish to support
(provided supported by NSS) in such ssl version range.
When the new *range* parameters are set, the old sslOptions parameter is
ignored, as it is obsolete. However, if the *range* parameters are not
specified, the sslOptions will be supported as before.
thanks,
Christina