My bad, I wasn't clear (I think) that I'm talking about server side code, not client, i.e. essentially a Java based web server with the SSL Socket handled by JSS.
so at this point all I have is SSLSocket.enableDefaultCipher(SSLSocket.xxxx) and socket.enableTLS(true) socket.disableSSLv3(true) type stuff. I can't seem to see anyway other than these methods to control protocols. Sincerely On Tuesday, 13 January 2015 13:14:05 UTC-5, helpcrypto helpcrypto wrote: > On Mon, Jan 12, 2015 at 11:10 PM, <deepr...@gmail.com> wrote: > > > Folks, > > > > Sorry for the totally newbie question but I've hunted high and low. > > > > I am supporting some Java code that uses JSS4, NSS to provide SSL Server > > side services. > > > > In response to Poodle I've been looking this code and was able to Enable > > TLS explicitly and disable SSL to mitigate that in it's most basic form. > > > > However I was hoping to be able to add at least TLS 1.1 if not 1.2 support. > > > Java 8 enabled by default TLS 1.1 and TLS 1.2 on Java's control panel > This raised dome problems tieh the protocol negotation with our legacy OAS > servers. Seems Oracle didnt honor cypherHonors :P > > > I cannot find how this is done or if possible. > > > > I've build the latest NSS code base which seemingly supports these > > protocols, and build JSS around it but can't seem to get a TLS 1.1/1.2 > > connection. > > > > The JSS source code also doesn't show any of the SHA256 ciphers etc that > > imply TLS 1.2..so I've come the conclusion that I cannot use JSS to execute > > TLS 1.1/1.2 server side connections. > > > > Probably im confused but you could try: > - disabling everything but TLS1.1/1.2 and see if that works -> protocol > are supported but not used or are not supported at all > - using -Djdk.tls.client.protocols="TLSv1,..." > - create a custom sslFactory and enjoy -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto