This tomcatjss patch is for the following bug:
Bug 871171
- Provide Tomcat support for TLS
v1.1 and TLS v1.2 (Tomcatjss)
It provides the minimum code to
support setting the ssl version range from tomcatjss server.
The tlsv1.1 and 1.2 ciphers are made available as well.
This patch works in conjunction
with the JSS patch that was sent out for review.
Three are three new variables introduced in the server.xml :
sslVersionRangeStream - for stream protocol type. it takes a
format of "min:max" where min/max values can be "ssl3, tls1_0,
tls1_1, or tls1_2"
sslVersionRangeDatagram - for datagram protocol type. it takes a format of
"min:max" where min/max values can be "tls1_1, or tls1_2"
sslRangeCiphers - a complete list of ciphers you
wish to support (provided supported by NSS) in such ssl version
range.
When the new *range* parameters are set, the old sslOptions
parameter is ignored, as it is obsolete. However, if the
*range* parameters are not specified, the sslOptions will be
supported as before.
thanks,
Christina