This tomcatjss patch is for the following bug:
Bug 871171
- Provide Tomcat support for TLS
v1.1 and TLS v1.2 (Tomcatjss)
It provides the minimum code
to support setting the ssl version range from tomcatjss
server.
The tlsv1.1 and 1.2 ciphers are made available as well.
This patch works in
conjunction with the JSS patch that was sent out for review.
Three are three new variables introduced in the server.xml :
sslVersionRangeStream - for stream protocol type. it takes a
format of "min:max" where min/max values can be "ssl3, tls1_0,
tls1_1, or tls1_2"
sslVersionRangeDatagram - for datagram protocol type. it takes a format of
"min:max" where min/max values can be "tls1_1, or tls1_2"
sslRangeCiphers - a complete list of ciphers
you wish to support (provided supported by NSS) in such ssl
version range.
When the new *range* parameters are set, the old sslOptions
parameter is ignored, as it is obsolete. However, if the
*range* parameters are not specified, the sslOptions will be
supported as before.
thanks,
Christina
_______________________________________________
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel