<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
</head>
<body bgcolor="#FFFFFF" text="#000000">
This tomcatjss patch is for the following bug:<br>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=871171"><b>Bug 871171</b></a>
-<span id="summary_alias_container"> <span
id="short_desc_nonedit_display">Provide Tomcat support for TLS
v1.1 and TLS v1.2 (Tomcatjss)</span>
<br>
</span><br>
<span id="summary_alias_container"><span
id="short_desc_nonedit_display">It provides the minimum code to
support setting the ssl version range from tomcatjss server.<br>
The tlsv1.1 and 1.2 ciphers are made available as well.<br>
<br>
</span></span><span id="summary_alias_container"><span
id="short_desc_nonedit_display">This patch works in conjunction
with the JSS patch that was sent out for review.<br>
<br>
Three are three new variables introduced in the server.xml :<br>
sslVersionRangeStream - for stream protocol type. it takes a
format of "min:max" where min/max values can be "ssl3, tls1_0,
tls1_1, or tls1_2"<br>
sslVersionRangeDatagram - for datagram protocol type. </span></span><span
id="summary_alias_container"><span id="short_desc_nonedit_display"><span
id="summary_alias_container"><span
id="short_desc_nonedit_display">it takes a format of
"min:max" where min/max values can be "tls1_1, or tls1_2"<br>
</span></span>sslRangeCiphers - a complete list of ciphers you
wish to support (provided supported by NSS) in such ssl version
range.<br>
<br>
When the new *range* parameters are set, the old sslOptions
parameter is ignored, as it is obsolete. However, if the
*range* parameters are not specified, the sslOptions will be
supported as before.<br>
<br>
thanks,<br>
Christina<br>
<br>
<br>
</span></span>
</body>
</html>