helpcrypto: Thank you great code samples...but...I'm stuck with using JSS and the
org.mozilla.jss.ssl hierarchy. Your snippits are using either JSSE or apache libraries no? Unless I'm missing something obvious. Colin On Thursday, 15 January 2015 04:37:01 UTC-5, helpcrypto helpcrypto wrote: > To debug client-server SSL/TLS (mostly to check SSL3 issues after POODLE) > I'm just using this: > > http://pastebin.com/fytQq79y > http://pastebin.com/veVBqdx5 > > Hope it helps. > > > > > > > My bad, I wasn't clear (I think) that I'm talking about server side code, > > not client, i.e. essentially a Java based web server with the SSL Socket > > handled by JSS. > > > > so at this point all I have is > > SSLSocket.enableDefaultCipher(SSLSocket.xxxx) > > > > and socket.enableTLS(true) > > socket.disableSSLv3(true) > > > > type stuff. I can't seem to see anyway other than these methods to control > > protocols. > > > > Sincerely > > > > > > > > On Tuesday, 13 January 2015 13:14:05 UTC-5, helpcrypto helpcrypto wrote: > > > On Mon, Jan 12, 2015 at 11:10 PM,wrote: > > > > > > > Folks, > > > > > > > > Sorry for the totally newbie question but I've hunted high and low. > > > > > > > > I am supporting some Java code that uses JSS4, NSS to provide SSL > > Server > > > > side services. > > > > > > > > In response to Poodle I've been looking this code and was able to > > Enable > > > > TLS explicitly and disable SSL to mitigate that in it's most basic > > form. > > > > > > > > However I was hoping to be able to add at least TLS 1.1 if not 1.2 > > support. > > > > > > > Java 8 enabled by default TLS 1.1 and TLS 1.2 on Java's control panel > > > This raised dome problems tieh the protocol negotation with our legacy > > OAS > > > servers. Seems Oracle didnt honor cypherHonors :P > > > > > > > > > I cannot find how this is done or if possible. > > > > > > > > I've build the latest NSS code base which seemingly supports these > > > > protocols, and build JSS around it but can't seem to get a TLS 1.1/1.2 > > > > connection. > > > > > > > > The JSS source code also doesn't show any of the SHA256 ciphers etc > > that > > > > imply TLS 1.2..so I've come the conclusion that I cannot use JSS to > > execute > > > > TLS 1.1/1.2 server side connections. > > > > > > > > > > Probably im confused but you could try: > > > - disabling everything but TLS1.1/1.2 and see if that works -> protocol > > > are supported but not used or are not supported at all > > > - using -Djdk.tls.client.protocols="TLSv1,..." > > > - create a custom sslFactory and enjoy > > > > -- > > dev-tech-crypto mailing list > > dev-tech-crypto@lists.mozilla.org > > https://lists.mozilla.org/listinfo/dev-tech-crypto > > -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
