To debug client-server SSL/TLS (mostly to check SSL3 issues after POODLE) I'm just using this:
http://pastebin.com/fytQq79y http://pastebin.com/veVBqdx5 Hope it helps. On Wed, Jan 14, 2015 at 11:50 PM, <deepr...@gmail.com> wrote: > My bad, I wasn't clear (I think) that I'm talking about server side code, > not client, i.e. essentially a Java based web server with the SSL Socket > handled by JSS. > > so at this point all I have is > SSLSocket.enableDefaultCipher(SSLSocket.xxxx) > > and socket.enableTLS(true) > socket.disableSSLv3(true) > > type stuff. I can't seem to see anyway other than these methods to control > protocols. > > Sincerely > > > > On Tuesday, 13 January 2015 13:14:05 UTC-5, helpcrypto helpcrypto wrote: > > On Mon, Jan 12, 2015 at 11:10 PM, <deepr...@gmail.com> wrote: > > > > > Folks, > > > > > > Sorry for the totally newbie question but I've hunted high and low. > > > > > > I am supporting some Java code that uses JSS4, NSS to provide SSL > Server > > > side services. > > > > > > In response to Poodle I've been looking this code and was able to > Enable > > > TLS explicitly and disable SSL to mitigate that in it's most basic > form. > > > > > > However I was hoping to be able to add at least TLS 1.1 if not 1.2 > support. > > > > > Java 8 enabled by default TLS 1.1 and TLS 1.2 on Java's control panel > > This raised dome problems tieh the protocol negotation with our legacy > OAS > > servers. Seems Oracle didnt honor cypherHonors :P > > > > > > I cannot find how this is done or if possible. > > > > > > I've build the latest NSS code base which seemingly supports these > > > protocols, and build JSS around it but can't seem to get a TLS 1.1/1.2 > > > connection. > > > > > > The JSS source code also doesn't show any of the SHA256 ciphers etc > that > > > imply TLS 1.2..so I've come the conclusion that I cannot use JSS to > execute > > > TLS 1.1/1.2 server side connections. > > > > > > > Probably im confused but you could try: > > - disabling everything but TLS1.1/1.2 and see if that works -> protocol > > are supported but not used or are not supported at all > > - using -Djdk.tls.client.protocols="TLSv1,..." > > - create a custom sslFactory and enjoy > > -- > dev-tech-crypto mailing list > dev-tech-crypto@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-tech-crypto > -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto