Author: rmeggins
Update of /cvs/dirsec/console/src/com/netscape/management/client/security
In directory
cvs-int.fedora.redhat.com:/tmp/cvs-serv15441/console/src/com/netscape/management/client/security
Modified Files:
CipherPreferenceDialog.java
Log Message:
Bump version to 1.1.2
Disable SSLv2 ciphers by default - they are disabled on the server side anyway, so you
can't enable them, but this just makes it clear what's going on
Do not use thread.stop - this causes threading issues with modern JVMs
Added support for debugging in Eclipse
Added more debugging log information
Index: CipherPreferenceDialog.java
===================================================================
RCS file:
/cvs/dirsec/console/src/com/netscape/management/client/security/CipherPreferenceDialog.java,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- CipherPreferenceDialog.java 18 Jul 2005 00:34:16 -0000 1.1.1.1
+++ CipherPreferenceDialog.java 15 Jul 2008 17:26:58 -0000 1.2
@@ -103,6 +103,8 @@
public final static String RSA_RC4_128_MD5 = "rsa_rc4_128_md5";
/**SSL3 Domestic - Triple DES with 168 bit encryption and SHA message
authentication*/
public final static String RSA_3DES_SHA = "rsa_3des_sha";
+ /**SSL3 Domestic - RC4 with 128 bit encryption and SHA message authentication*/
+ public final static String RSA_RC4_128_SHA = "rsa_rc4_128_sha";
// fortezza ciphers
/**SSL3 Domestic - Fortezza with 80 bit encryption and SHA message authentication */
@@ -117,14 +119,14 @@
public final static String RSA_FIPS_3DES_SHA = "fips_3des_sha";
/* default SSL V2 export ciphers */
- final static String V2EXPORT = "+"+RC4EXPORT+
- ",+"+RC2EXPORT;
+ final static String V2EXPORT = "-"+RC4EXPORT+
+ ",-"+RC2EXPORT;
/* default SSL V2 domestic ciphers */
- final static String V2DOMESTIC = "+"+RC4+
- ",+"+RC2+
- ",+"+DES+
- ",+"+DES3;
+ final static String V2DOMESTIC = "-"+RC4+
+ ",-"+RC2+
+ ",-"+DES+
+ ",-"+DES3;
/* default SSL V3 domestic ciphers */
final static String V3EXPORT = "+"+RSA_RC4_40_MD5+
@@ -523,6 +525,9 @@
cipherEntry = new CipherEntry(cipher, true, des, 56, md5, SSL_V2);
} else if (cipher.equals(DES3)) {
cipherEntry = new CipherEntry(cipher, true, des, 168, md5, SSL_V2);
+ } else {
+ Debug.println("CipherPreferenceDialog.createCipherEntry(): " +
+ "Unknown SSLv2 cipher: " + cipher);
}
//V3/TLS Cipher
@@ -551,6 +556,9 @@
cipherEntry = new CipherEntry(cipher, true, rc4+" "+fortezza, 128, sha,
SSL_V3);
} else if (cipher.equals(FORTEZZA_NULL)) {
cipherEntry = new CipherEntry(cipher, false, none+" "+fortezza, 0, sha,
SSL_V3);
+ } else {
+ Debug.println("CipherPreferenceDialog.createCipherEntry(): " +
+ "Unknown SSLv3 cipher: " + cipher);
}
//TLS ciphers
@@ -559,7 +567,10 @@
cipherEntry = new CipherEntry(cipher, true, des, 56, sha, SSL_V3, true);
} else if (cipher.equals(TLS_RSA_RC4_SHA)) {
cipherEntry = new CipherEntry(cipher, true, rc4, 56, sha, SSL_V3, true);
- }
+ } else {
+ Debug.println("CipherPreferenceDialog.createCipherEntry(): " +
+ "Unknown TLSv1 cipher: " + cipher);
+ }
}
}