diff --git a/src/org/apache/tomcat/util/net/jss/TomcatJSS.java b/src/org/apache/tomcat/util/net/jss/TomcatJSS.java index c2d5e2d..7719ee3 100644 --- a/src/org/apache/tomcat/util/net/jss/TomcatJSS.java +++ b/src/org/apache/tomcat/util/net/jss/TomcatJSS.java @@ -37,11 +37,12 @@ import org.mozilla.jss.ssl.SSLAlertEvent; import org.mozilla.jss.ssl.SSLCipher; import org.mozilla.jss.ssl.SSLHandshakeCompletedEvent; +import org.mozilla.jss.ssl.SSLProtocolVariant; import org.mozilla.jss.ssl.SSLServerSocket; import org.mozilla.jss.ssl.SSLSocket; -import org.mozilla.jss.ssl.SSLSocket.SSLProtocolVariant; -import org.mozilla.jss.ssl.SSLSocket.SSLVersionRange; import org.mozilla.jss.ssl.SSLSocketListener; +import org.mozilla.jss.ssl.SSLVersion; +import org.mozilla.jss.ssl.SSLVersionRange; import org.mozilla.jss.util.IncorrectPasswordException; import org.mozilla.jss.util.Password; import org.slf4j.Logger; @@ -584,14 +585,10 @@ public void setSSLVersionRangeDefault( logger.debug("* min: " + min_s); logger.debug("* max: " + max_s); - int min = getSSLVersionRangeEnum(min_s); - int max = getSSLVersionRangeEnum(max_s); + SSLVersion minVersion = SSLVersion.findByAlias(min_s); + SSLVersion maxVersion = SSLVersion.findByAlias(max_s); - if (min == -1 || max == -1) { - throw new SocketException("SSL version range format error: " + sslVersionRange_s); - } - - SSLVersionRange range = new SSLVersionRange(min, max); + SSLVersionRange range = new SSLVersionRange(minVersion, maxVersion); range = SSLSocket.boundSSLVersionRange(SSLProtocolVariant.STREAM, range); logger.debug("Actual SSL version range for " + type + " after system policy correction:"); @@ -600,35 +597,6 @@ public void setSSLVersionRangeDefault( SSLSocket.setSSLVersionRangeDefault(protoVariant, range); } - int getSSLVersionRangeEnum(String range) { - - if (range == null) { - return -1; - } - - if (range.equals("ssl3")) { - return SSLVersionRange.ssl3; - } - - if (range.equals("tls1_0")) { - return SSLVersionRange.tls1_0; - } - - if (range.equals("tls1_1")) { - return SSLVersionRange.tls1_1; - } - - if (range.equals("tls1_2")) { - return SSLVersionRange.tls1_2; - } - - if (range.equals("tls1_3")) { - return SSLVersionRange.tls1_3; - } - - return -1; - } - public void setSSLCiphers(String attr, String ciphers) throws SocketException, IOException { if (StringUtils.isEmpty(ciphers)) { diff --git a/tomcatjss.spec.in b/tomcatjss.spec.in index aa41fa1..7d93b05 100644 --- a/tomcatjss.spec.in +++ b/tomcatjss.spec.in @@ -7,7 +7,7 @@ URL: http://www.dogtagpki.org/wiki/TomcatJSS License: LGPLv2+ BuildArch: noarch -Version: 7.3.3 +Version: 7.3.4 Release: 1%{?_timestamp}%{?_commit_id}%{?dist} # global _phase -a1 @@ -57,7 +57,7 @@ BuildRequires: slf4j-jdk14 %if 0%{?rhel} && 0%{?rhel} <= 7 BuildRequires: jss >= 4.4.0-7 %else -BuildRequires: jss >= 4.5.0-0.4 +BuildRequires: jss >= 4.5.0-0.6 %endif # Tomcat @@ -100,7 +100,7 @@ Requires: slf4j-jdk14 %if 0%{?rhel} && 0%{?rhel} <= 7 Requires: jss >= 4.4.0-7 %else -Requires: jss >= 4.5.0-0.4 +Requires: jss >= 4.5.0-0.6 %endif # Tomcat @@ -125,7 +125,7 @@ Requires: tomcat >= 1:9.0.7 Conflicts: tomcat-native # PKI -Conflicts: pki-base < 10.6.3 +Conflicts: pki-base < 10.6.5 %if 0%{?rhel}