diff --git a/SOURCES/jss-RC4-strengh-verify.patch b/SOURCES/jss-RC4-strengh-verify.patch
new file mode 100644
index 0000000..59b6577
--- /dev/null
+++ b/SOURCES/jss-RC4-strengh-verify.patch
@@ -0,0 +1,12 @@
+diff -up jss-4.2.6/mozilla/security/jss/org/mozilla/jss/crypto/KeyGenAlgorithm.java.nkinderSaved jss-4.2.6/mozilla/security/jss/org/mozilla/jss/crypto/KeyGenAlgorithm.java
+--- jss-4.2.6/mozilla/security/jss/org/mozilla/jss/crypto/KeyGenAlgorithm.java.nkinderSaved 2014-09-26 14:40:03.452845047 -0700
++++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/crypto/KeyGenAlgorithm.java 2014-09-26 14:41:02.101598146 -0700
+@@ -127,7 +127,7 @@ public class KeyGenAlgorithm extends Alg
+ RC4 = new KeyGenAlgorithm(CKM_RC4_KEY_GEN, "RC4",
+ new KeyStrengthValidator() {
+ public boolean isValidKeyStrength(int strength) {
+- return true;
++ return strength>=40 && strength <= (256*8);
+ }
+ }, null, null);
+
diff --git a/SOURCES/jss-SHA-OID-fix.patch b/SOURCES/jss-SHA-OID-fix.patch
new file mode 100644
index 0000000..fdda50f
--- /dev/null
+++ b/SOURCES/jss-SHA-OID-fix.patch
@@ -0,0 +1,12 @@
+diff -up jss-4.2.6/mozilla/security/jss/org/mozilla/jss/asn1/OBJECT_IDENTIFIER.java.jn jss-4.2.6/mozilla/security/jss/org/mozilla/jss/asn1/OBJECT_IDENTIFIER.java
+--- jss-4.2.6/mozilla/security/jss/org/mozilla/jss/asn1/OBJECT_IDENTIFIER.java.jn 2014-09-10 09:21:52.663959115 -0700
++++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/asn1/OBJECT_IDENTIFIER.java 2014-09-10 09:22:38.662788747 -0700
+@@ -117,7 +117,7 @@ public class OBJECT_IDENTIFIER implement
+ * The OID space for FIPS-180-2 SHA256/SHA384/SHA512 standardized algorithms.
+ */
+ public static final OBJECT_IDENTIFIER HASH_ALGORITHM =
+- new OBJECT_IDENTIFIER( new long[] {2, 16, 840, 1, 101, 3, 4 } );
++ new OBJECT_IDENTIFIER( new long[] {2, 16, 840, 1, 101, 3, 4, 2 } );
+
+
+ /**
diff --git a/SOURCES/jss-support-TLS1_1-TLS1_2.patch b/SOURCES/jss-support-TLS1_1-TLS1_2.patch
new file mode 100644
index 0000000..7fd2207
--- /dev/null
+++ b/SOURCES/jss-support-TLS1_1-TLS1_2.patch
@@ -0,0 +1,345 @@
+diff -up jss-4.2.6/mozilla/security/jss/lib/jss.def.cfuSaved jss-4.2.6/mozilla/security/jss/lib/jss.def
+--- jss-4.2.6/mozilla/security/jss/lib/jss.def.cfuSaved 2014-09-29 14:12:27.560206348 -0700
++++ jss-4.2.6/mozilla/security/jss/lib/jss.def 2014-09-29 14:12:34.376194464 -0700
+@@ -334,6 +334,8 @@ Java_org_mozilla_jss_CryptoManager_setOC
+ Java_org_mozilla_jss_CryptoManager_verifyCertificateNowNative;
+ Java_org_mozilla_jss_CryptoManager_verifyCertificateNowCUNative;
+ Java_org_mozilla_jss_asn1_ASN1Util_getTagDescriptionByOid;
++Java_org_mozilla_jss_ssl_SocketBase_setSSLVersionRange;
++Java_org_mozilla_jss_ssl_SSLSocket_setSSLVersionRangeDefault;
+ ;+ local:
+ ;+ *;
+ ;+};
+diff -up jss-4.2.6/mozilla/security/jss/org/mozilla/jss/ssl/SSLSocket.c.cfuSaved jss-4.2.6/mozilla/security/jss/org/mozilla/jss/ssl/SSLSocket.c
+--- jss-4.2.6/mozilla/security/jss/org/mozilla/jss/ssl/SSLSocket.c.cfuSaved 2014-09-29 14:12:27.565206339 -0700
++++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/ssl/SSLSocket.c 2014-09-29 14:13:33.222091053 -0700
+@@ -56,6 +56,105 @@
+ #endif
+
+
++/*
++ * support TLS v1.1 and v1.2
++ * sets default SSL version range for sockets created after this call
++ */
++JNIEXPORT void JNICALL
++Java_org_mozilla_jss_ssl_SSLSocket_setSSLVersionRangeDefault(JNIEnv *env,
++ jclass clazz, jint ssl_variant, jint min, jint max)
++{
++ SECStatus status;
++ SSLVersionRange vrange;
++
++ if (ssl_variant <0 || ssl_variant >= JSSL_enums_size||
++ min <0 || min >= JSSL_enums_size ||
++ max <0 || max >= JSSL_enums_size) {
++ char buf[128];
++ PR_snprintf(buf, 128, "JSS setSSLVersionRangeDefault(): for variant=%d min=%d max=%d failed - out of range for array JSSL_enums size: %d", JSSL_enums[ssl_variant], min, max, JSSL_enums_size);
++ JSSL_throwSSLSocketException(env, buf);
++ goto finish;
++ }
++
++ vrange.min = JSSL_enums[min];
++ vrange.max = JSSL_enums[max];
++
++ /* get supported range */
++ SSLVersionRange supported_range;
++ status = SSL_VersionRangeGetSupported(JSSL_enums[ssl_variant],
++ &supported_range);
++ if( status != SECSuccess ) {
++ char buf[128];
++ PR_snprintf(buf, 128, "SSL_VersionRangeGetSupported() for variant=%d failed: %d", JSSL_enums[ssl_variant], PR_GetError());
++ JSSL_throwSSLSocketException(env, buf);
++ goto finish;
++ }
++ /* now check the min and max */
++ if (vrange.min < supported_range.min ||
++ vrange.max > supported_range.max) {
++ char buf[128];
++ PR_snprintf(buf, 128, "SSL_VersionRangeSetDefault() for variant=%d with min=%d max=%d out of range (%d:%d): %d", JSSL_enums[ssl_variant], vrange.min, vrange.max, supported_range.min, supported_range.max, PR_GetError());
++ JSSL_throwSSLSocketException(env, buf);
++ goto finish;
++ }
++
++ /* set the default SSL Version Range */
++ status = SSL_VersionRangeSetDefault(JSSL_enums[ssl_variant],
++ &vrange);
++ if( status != SECSuccess ) {
++ char buf[128];
++ PR_snprintf(buf, 128, "SSL_VersionRangeSetDefault() for variant=%d with min=%d max=%d failed: %d", JSSL_enums[ssl_variant], vrange.min, vrange.max, PR_GetError());
++ JSSL_throwSSLSocketException(env, buf);
++ goto finish;
++ }
++
++finish:
++ return;
++}
++
++/*
++ * support TLS v1.1 and v1.2
++ * sets SSL version range for this socket
++ */
++JNIEXPORT void JNICALL
++Java_org_mozilla_jss_ssl_SocketBase_setSSLVersionRange
++ (JNIEnv *env, jobject self, jint min, jint max)
++{
++ SECStatus status;
++ JSSL_SocketData *sock = NULL;
++ SSLVersionRange vrange;
++
++ if ( min <0 || min >= JSSL_enums_size ||
++ max <0 || max >= JSSL_enums_size) {
++ char buf[128];
++ PR_snprintf(buf, 128, "JSS setSSLVersionRange(): for max=%d failed - out of range for array JSSL_enums size: %d", min, max, JSSL_enums_size);
++ JSSL_throwSSLSocketException(env, buf);
++ goto finish;
++ }
++
++ /* get my fd */
++ if( JSSL_getSockData(env, self, &sock) != PR_SUCCESS ) {
++ goto finish;
++ }
++
++ vrange.min = JSSL_enums[min];
++ vrange.max = JSSL_enums[max];
++
++ /*
++ * set the SSL Version Range
++ * The validity of the range will be checked by this NSS call
++ */
++ status = SSL_VersionRangeSet(sock->fd, &vrange);
++ if( status != SECSuccess ) {
++ JSSL_throwSSLSocketException(env, "SSL_VersionRangeSet failed");
++ goto finish;
++ }
++
++finish:
++ EXCEPTION_CHECK(env, sock)
++ return;
++}
++
+ JNIEXPORT void JNICALL
+ Java_org_mozilla_jss_ssl_SSLSocket_setSSLDefaultOption(JNIEnv *env,
+ jclass clazz, jint joption, jint on)
+diff -up jss-4.2.6/mozilla/security/jss/org/mozilla/jss/ssl/SSLSocket.java.cfuSaved jss-4.2.6/mozilla/security/jss/org/mozilla/jss/ssl/SSLSocket.java
+--- jss-4.2.6/mozilla/security/jss/org/mozilla/jss/ssl/SSLSocket.java.cfuSaved 2014-09-29 14:12:27.566206338 -0700
++++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/ssl/SSLSocket.java 2014-09-29 14:12:34.377194462 -0700
+@@ -36,6 +36,7 @@
+
+ package org.mozilla.jss.ssl;
+
++import java.lang.IllegalArgumentException;
+ import java.net.*;
+ import java.net.SocketException;
+ import java.net.SocketTimeoutException;
+@@ -948,6 +949,63 @@ public class SSLSocket extends java.net.
+ setSSLDefaultOption(SocketBase.SSL_NO_CACHE, !b);
+ }
+
++ /*
++ * _min_enum and _max_enum should be one of the following:
++ * SocketBase.SSL_LIBRARY_VERSION_3_0
++ * SocketBase.SSL_LIBRARY_VERSION_TLS_1_0
++ * SocketBase.SSL_LIBRARY_VERSION_TLS_1_1
++ * SocketBase.SSL_LIBRARY_VERSION_TLS_1_2
++ */
++ public static class SSLVersionRange {
++ private int _min_enum;
++ private int _max_enum;
++ public static final int ssl3 = SocketBase.SSL_LIBRARY_VERSION_3_0;
++ public static final int tls1_0 = SocketBase.SSL_LIBRARY_VERSION_TLS_1_0;
++ public static final int tls1_1 = SocketBase.SSL_LIBRARY_VERSION_TLS_1_1;
++ public static final int tls1_2 = SocketBase.SSL_LIBRARY_VERSION_TLS_1_2;
++ public SSLVersionRange(int min_enum, int max_enum)
++ throws IllegalArgumentException {
++ if ((min_enum >= SocketBase.SSL_LIBRARY_VERSION_3_0) &&
++ (max_enum <= SocketBase.SSL_LIBRARY_VERSION_TLS_1_2) &&
++ (min_enum <= max_enum)) {
++ _min_enum = min_enum;
++ _max_enum = max_enum;
++ } else {
++ throw new IllegalArgumentException("JSS SSLSocket SSLVersionRange: arguments out of range");
++ }
++ }
++
++ int getMinEnum() { return _min_enum; }
++ int getMaxEnum() { return _max_enum; }
++
++ }
++
++ public static class SSLProtocolVariant {
++ private int _enum;
++ private SSLProtocolVariant(int val) { _enum = val; }
++
++ int getEnum() { return _enum; }
++
++ public static final SSLProtocolVariant STREAM =
++ new SSLProtocolVariant(SocketBase.SSL_Variant_Stream);
++ public static final SSLProtocolVariant DATA_GRAM =
++ new SSLProtocolVariant(SocketBase.SSL_Variant_Datagram);
++
++ }
++
++ public static void setSSLVersionRangeDefault(SSLProtocolVariant ssl_variant, SSLVersionRange range)
++ throws SocketException
++ {
++ if (range == null)
++ throw new SocketException("setSSLVersionRangeDefault: range null");
++ setSSLVersionRangeDefault(ssl_variant.getEnum(), range.getMinEnum(), range.getMaxEnum());
++ }
++
++ /**
++ * Sets SSL Version Range Default
++ */
++ private static native void setSSLVersionRangeDefault(int ssl_variant, int min, int max)
++ throws SocketException;
+
+ private static void setSSLDefaultOption(int option, boolean on)
+ throws SocketException
+@@ -1221,6 +1279,8 @@ public class SSLSocket extends java.net.
+ public final static int TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA = 0x0063;
+ public final static int TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA = 0x0065;
+ public final static int TLS_DHE_DSS_WITH_RC4_128_SHA = 0x0066;
++ public final static int TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 0x0067;
++ public final static int TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 0x006B;
+
+ // New TLS cipher suites in NSS 3.4
+ public final static int TLS_RSA_WITH_AES_128_CBC_SHA = 0x002F;
+@@ -1236,6 +1296,10 @@ public class SSLSocket extends java.net.
+ public final static int TLS_DHE_DSS_WITH_AES_256_CBC_SHA = 0x0038;
+ public final static int TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x0039;
+ public final static int TLS_DH_ANON_WITH_AES_256_CBC_SHA = 0x003A;
++ public final static int TLS_RSA_WITH_NULL_SHA256 = 0x003B;
++ public final static int TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x003C;
++ public final static int TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x003D;
++
+
+ public final static int TLS_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x0041;
+ public final static int TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA = 0x0042;
+@@ -1251,6 +1315,12 @@ public class SSLSocket extends java.net.
+ public final static int TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x0088;
+ public final static int TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA = 0x0089;
+
++ public final static int TLS_RSA_WITH_SEED_CBC_SHA = 0x0096;
++
++ public final static int TLS_RSA_WITH_AES_128_GCM_SHA256 = 0x009C;
++ public final static int TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = 0x009E;
++ public final static int TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 = 0x00A2;
++
+ public final static int TLS_ECDH_ECDSA_WITH_NULL_SHA = 0xc001;
+ public final static int TLS_ECDH_ECDSA_WITH_RC4_128_SHA = 0xc002;
+ public final static int TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA = 0xc003;
+@@ -1281,5 +1351,13 @@ public class SSLSocket extends java.net.
+ public final static int TLS_ECDH_anon_WITH_AES_128_CBC_SHA = 0xc018;
+ public final static int TLS_ECDH_anon_WITH_AES_256_CBC_SHA = 0xc019;
+
++ public final static int TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = 0xc023;
++ public final static int TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = 0xc027;
++
++ public final static int TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 0xc02B;
++ public final static int TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 = 0xc02D;
++ public final static int TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 0xc02F;
++ public final static int TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 = 0xc031;
++
+ }
+
+diff -up jss-4.2.6/mozilla/security/jss/org/mozilla/jss/ssl/SocketBase.java.cfuSaved jss-4.2.6/mozilla/security/jss/org/mozilla/jss/ssl/SocketBase.java
+--- jss-4.2.6/mozilla/security/jss/org/mozilla/jss/ssl/SocketBase.java.cfuSaved 2014-09-29 14:12:27.564206341 -0700
++++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/ssl/SocketBase.java 2014-09-29 14:12:34.378194460 -0700
+@@ -114,6 +114,15 @@ class SocketBase {
+ static final int SSL_REQUIRE_ALWAYS = 19;
+ static final int SSL_REQUIRE_FIRST_HANDSHAKE = 20;
+ static final int SSL_REQUIRE_NO_ERROR = 21;
++ /* ssl/sslproto.h for supporting SSLVersionRange */
++ static final int SSL_LIBRARY_VERSION_2 = 22;
++ static final int SSL_LIBRARY_VERSION_3_0 = 23;
++ static final int SSL_LIBRARY_VERSION_TLS_1_0 = 24;
++ static final int SSL_LIBRARY_VERSION_TLS_1_1 = 25;
++ static final int SSL_LIBRARY_VERSION_TLS_1_2 = 26;
++ /* ssl/sslt.h */
++ static final int SSL_Variant_Stream = 27;
++ static final int SSL_Variant_Datagram = 28;
+
+
+ static final int SSL_AF_INET = 50;
+@@ -190,6 +199,18 @@ class SocketBase {
+ native void setSSLOption(int option, int on)
+ throws SocketException;
+
++ void setSSLVersionRange(org.mozilla.jss.ssl.SSLSocket.SSLVersionRange range)
++ throws SocketException
++ {
++ setSSLVersionRange(range.getMinEnum(), range.getMaxEnum());
++ }
++
++ /**
++ * Sets SSL Version Range for this socket to support TLS v1.1 and v1.2
++ */
++ native void setSSLVersionRange(int min, int max)
++ throws SocketException;
++
+ /**
+ * Sets the SSL option setting mode value use for options
+ * that have more values than just enable/diasable.
+diff -up jss-4.2.6/mozilla/security/jss/org/mozilla/jss/ssl/common.c.cfuSaved jss-4.2.6/mozilla/security/jss/org/mozilla/jss/ssl/common.c
+--- jss-4.2.6/mozilla/security/jss/org/mozilla/jss/ssl/common.c.cfuSaved 2014-09-29 14:12:27.562206345 -0700
++++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/ssl/common.c 2014-09-29 14:12:34.378194460 -0700
+@@ -38,6 +38,7 @@
+ #include <pk11func.h>
+ #include <ssl.h>
+ #include <sslerr.h>
++#include <sslproto.h>
+
+ #include <jssutil.h>
+ #include <jss_exceptions.h>
+@@ -407,8 +408,16 @@ PRInt32 JSSL_enums[] = {
+ SSL_REQUIRE_ALWAYS, /* 19 */ /* ssl.h */
+ SSL_REQUIRE_FIRST_HANDSHAKE,/* 20 */ /* ssl.h */
+ SSL_REQUIRE_NO_ERROR, /* 21 */ /* ssl.h */
++ SSL_LIBRARY_VERSION_2, /* 22 */ /* sslproto.h */
++ SSL_LIBRARY_VERSION_3_0, /* 23 */ /* sslproto.h */
++ SSL_LIBRARY_VERSION_TLS_1_0, /* 24 */ /* sslproto.h */
++ SSL_LIBRARY_VERSION_TLS_1_1, /* 25 */ /* sslproto.h */
++ SSL_LIBRARY_VERSION_TLS_1_2, /* 26 */ /* sslproto.h */
++ ssl_variant_stream, /* 27 */ /* sslt.h */
++ ssl_variant_datagram, /* 28 */ /* sslt.h */
+ 0
+ };
++
+
+
+ JNIEXPORT void JNICALL
+diff -up jss-4.2.6/mozilla/security/jss/org/mozilla/jss/ssl/jssl.h.cfuSaved jss-4.2.6/mozilla/security/jss/org/mozilla/jss/ssl/jssl.h
+--- jss-4.2.6/mozilla/security/jss/org/mozilla/jss/ssl/jssl.h.cfuSaved 2014-09-29 14:12:27.563206343 -0700
++++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/ssl/jssl.h 2014-09-29 14:13:59.605044228 -0700
+@@ -111,6 +111,7 @@ JSSL_DestroySocketData(JNIEnv *env, JSSL
+
+
+ extern PRInt32 JSSL_enums[];
++#define JSSL_enums_size 29
+
+ JSSL_SocketData*
+ JSSL_CreateSocketData(JNIEnv *env, jobject sockObj, PRFileDesc* newFD,
+diff -up jss-4.2.6/mozilla/security/jss/org/mozilla/jss/tests/Constants.java.cfuSaved jss-4.2.6/mozilla/security/jss/org/mozilla/jss/tests/Constants.java
+--- jss-4.2.6/mozilla/security/jss/org/mozilla/jss/tests/Constants.java.cfuSaved 2014-09-29 14:12:27.567206336 -0700
++++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/tests/Constants.java 2014-09-29 14:12:34.379194458 -0700
+@@ -149,6 +149,21 @@ public interface Constants {
+ /*52*/ new cipher(SSLSocket.SSL2_DES_64_CBC_WITH_MD5, "SSL2_DES_64_CBC_WITH_MD5"),
+ /*53*/ new cipher(SSLSocket.SSL2_RC4_128_EXPORT40_WITH_MD5, "SSL2_RC4_128_EXPORT40_WITH_MD5"),
+ /*54*/ new cipher(SSLSocket.SSL2_RC2_128_CBC_EXPORT40_WITH_MD5, "SSL2_RC2_128_CBC_EXPORT40_WITH_MD5"),
++/*55*/ new cipher(SSLSocket.TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256"),
++/*56*/ new cipher(SSLSocket.TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"),
++/*57*/ new cipher(SSLSocket.TLS_RSA_WITH_NULL_SHA256, "TLS_RSA_WITH_NULL_SHA256"),
++/*58*/ new cipher(SSLSocket.TLS_RSA_WITH_AES_128_CBC_SHA256, "TLS_RSA_WITH_AES_128_CBC_SHA256"),
++/*59*/ new cipher(SSLSocket.TLS_RSA_WITH_AES_256_CBC_SHA256, "TLS_RSA_WITH_AES_256_CBC_SHA256"),
++/*60*/ new cipher(SSLSocket.TLS_RSA_WITH_SEED_CBC_SHA, "TLS_RSA_WITH_SEED_CBC_SHA"),
++/*61*/ new cipher(SSLSocket.TLS_RSA_WITH_AES_128_GCM_SHA256, "TLS_RSA_WITH_AES_128_GCM_SHA256"),
++/*62*/ new cipher(SSLSocket.TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256"),
++/*63*/ new cipher(SSLSocket.TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256"),
++/*64*/ new cipher(SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256"),
++/*65*/ new cipher(SSLSocket.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"),
++/*66*/ new cipher(SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"),
++/*67*/ new cipher(SSLSocket.TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256"),
++/*68*/ new cipher(SSLSocket.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"),
++/*69*/ new cipher(SSLSocket.TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256")
+ };
+
+ /** Cipher supported by JSSE (JDK 1.5.x) */
diff --git a/SPECS/jss.spec b/SPECS/jss.spec
index 53409fc..3948e6a 100644
--- a/SPECS/jss.spec
+++ b/SPECS/jss.spec
@@ -1,6 +1,6 @@
Name: jss
Version: 4.2.6
-Release: 33%{?dist}
+Release: 35%{?dist}
Summary: Java Security Services (JSS)
Group: System Environment/Libraries
@@ -45,7 +45,9 @@ Patch20: jss-ECC-Phase2KeyArchivalRecovery.patch
Patch21: jss-undo-JCA-deprecations.patch
Patch22: jss-undo-BadPaddingException-deprecation.patch
Patch23: jss-fixed-build-issue-on-F17-or-newer.patch
-
+Patch24: jss-SHA-OID-fix.patch
+Patch25: jss-RC4-strengh-verify.patch
+Patch26: jss-support-TLS1_1-TLS1_2.patch
%description
Java Security Services (JSS) is a java native interface which provides a bridge
@@ -85,6 +87,9 @@ This package contains the API documentation for JSS.
%patch21 -p1
%patch22 -p1
%patch23 -p1
+%patch24 -p1
+%patch25 -p1
+%patch26 -p1
%build
[ -z "$JAVA_HOME" ] && export JAVA_HOME=%{_jvmdir}/java
@@ -189,6 +194,14 @@ rm -rf $RPM_BUILD_ROOT
%changelog
+* Mon Sep 29 2014 Christina Fu <cfu@redhat.com> - 4.2.6-35
+- Bugzilla Bug #1040640 - Incorrect OIDs for SHA2 algorithms
+ (cfu for jnimeh@gmail.com)
+- Bugzilla Bug #1133718 - Key strength validation is not performed for RC4
+ algorithm (nkinder)
+- Bugzilla Bug #816396 - Provide Tomcat support for TLS v1.1 and
+ TLS v1.2 via NSS through JSS (cfu)
+
* Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 4.2.6-33
- Mass rebuild 2014-01-24