<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
This version addressed one missed comment regarding one common
function to set ciphers.<br>
thanks,<br>
Christina<br>
<br>
<div class="moz-cite-prefix">On 07/13/2015 05:00 PM, Christina Fu
wrote:<br>
</div>
<blockquote cite="mid:55A4512E.1020308@redhat.com" type="cite">Thank
you jack for the review.
<br>
Also, thanks to Matt for helping out with the console dependency
issue.
<br>
<br>
Please see the attached revision that addressed the comments.
<br>
It has been tested to work on all three types of clients.
<br>
<br>
thanks,
<br>
Christina
<br>
<br>
On 07/10/2015 03:59 PM, John Magne wrote:
<br>
<blockquote type="cite">Functionality looks good,
<br>
just a few minor suggestions:
<br>
<br>
<br>
1. This code:
<br>
<br>
+
<br>
+ static final Integer[] clientECCciphers = {
<br>
+ SSLSocket.TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
<br>
+ SSLSocket.TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
<br>
+ SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
<br>
+ SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
<br>
+ SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
<br>
+ SSLSocket.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
<br>
+ SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
<br>
+ };
<br>
+ ArrayList<Integer> eccCiphers = new
ArrayList(Arrays.asList(clientECCciphers));
<br>
<br>
<br>
<br>
For the ArrayList declaration:
<br>
<br>
Eclipse is complaining about unsafe conversions, it suggests
something like:
<br>
<br>
ArrayList<Integer> eccCiphers = new
ArrayList<Integer>(Arrays.asList(clientECCciphers));
<br>
<br>
Also, I think we can declare this with a more general Collection
such as "List" and leave the ArrayList implementation, since
<br>
that appears to be the convention.
<br>
<br>
Also, due to the final suggestion, we can make List static,
since nothing changes and one would do.
<br>
<br>
2. I see the similar code to instantiate all this data and
ensure the ciphers are legit is copied around 3 times.
<br>
I think we can move this stuff to a common class and have
everyone use it, so if it needs to change it will only change in
one place.
<br>
<br>
<br>
<br>
<br>
<br>
----- Original Message -----
<br>
<blockquote type="cite">From: "Christina Fu"
<a class="moz-txt-link-rfc2396E" href="mailto:cfu@redhat.com"><cfu@redhat.com></a>
<br>
To: <a class="moz-txt-link-abbreviated" href="mailto:pki-devel@redhat.com">pki-devel@redhat.com</a>
<br>
Sent: Friday, July 10, 2015 11:51:08 AM
<br>
Subject: [Pki-devel] [PATCH]
pki-cfu-0084-Ticket-1459-Dogtag-clients-cannot-connect-when-CS-is.patch
<br>
<br>
These patches address the following ticket:
<br>
<a class="moz-txt-link-freetext" href="https://fedorahosted.org/pki/ticket/1459">https://fedorahosted.org/pki/ticket/1459</a> Dogtag clients cannot
connect
<br>
when CS is configured with ECC
<br>
<br>
the first patch is just to clean up the tabs in the
constructor of the
<br>
file JSSConnection in preparation for code changes :
<br>
pki-cfu-0083-ecc-Console-1.-clean-up-the-tabs-in-the-JSSConnectio.patch
<br>
<br>
The second patch addresses the ECC ssl connection issue from
the
<br>
- java console
<br>
- cli clients
<br>
- HttpClient
<br>
<br>
They have been tested to work with ECC ca.
<br>
<br>
thanks,
<br>
Christina
<br>
<br>
_______________________________________________
<br>
Pki-devel mailing list
<br>
<a class="moz-txt-link-abbreviated" href="mailto:Pki-devel@redhat.com">Pki-devel@redhat.com</a>
<br>
<a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/pki-devel">https://www.redhat.com/mailman/listinfo/pki-devel</a>
<br>
</blockquote>
</blockquote>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Pki-devel mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Pki-devel@redhat.com">Pki-devel@redhat.com</a>
<a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/pki-devel">https://www.redhat.com/mailman/listinfo/pki-devel</a></pre>
</blockquote>
<br>
</body>
</html>