diff -up src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java.cfu src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java

--- src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java.cfu	2016-06-29 18:54:38.498127146 -0600

+++ src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java	2016-06-29 18:56:38.646778769 -0600

@@ -96,8 +96,12 @@ public class JSSSocketFactory implements

                 SSLSocket.SSL3_RSA_EXPORT_WITH_DES40_CBC_SHA);

         cipherMap.put("SSL3_RSA_WITH_DES_CBC_SHA",

                 SSLSocket.SSL3_RSA_WITH_DES_CBC_SHA);

+

         cipherMap.put("SSL3_RSA_WITH_3DES_EDE_CBC_SHA",

                 SSLSocket.SSL3_RSA_WITH_3DES_EDE_CBC_SHA);

+        // deprecated SSL3.0 names replaced by IANA-registered TLS names

+        cipherMap.put("TLS_RSA_WITH_3DES_EDE_CBC_SHA",

+                SSLSocket.SSL3_RSA_WITH_3DES_EDE_CBC_SHA);

         cipherMap.put("SSL3_DH_DSS_EXPORT_WITH_DES40_CBC_SHA",

                 SSLSocket.SSL3_DH_DSS_EXPORT_WITH_DES40_CBC_SHA);

@@ -116,14 +120,23 @@ public class JSSSocketFactory implements

                 SSLSocket.SSL3_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA);

         cipherMap.put("SSL3_DHE_DSS_WITH_DES_CBC_SHA",

                 SSLSocket.SSL3_DHE_DSS_WITH_DES_CBC_SHA);

+

         cipherMap.put("SSL3_DHE_DSS_WITH_3DES_EDE_CBC_SHA",

                 SSLSocket.SSL3_DHE_DSS_WITH_3DES_EDE_CBC_SHA);

+        // deprecated SSL3.0 names replaced by IANA-registered TLS names

+        cipherMap.put("TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA",

+                SSLSocket.SSL3_DHE_DSS_WITH_3DES_EDE_CBC_SHA);

+

         cipherMap.put("SSL3_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",

                 SSLSocket.SSL3_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA);

         cipherMap.put("SSL3_DHE_RSA_WITH_DES_CBC_SHA",

                 SSLSocket.SSL3_DHE_RSA_WITH_DES_CBC_SHA);

+

         cipherMap.put("SSL3_DHE_RSA_WITH_3DES_EDE_CBC_SHA",

                 SSLSocket.SSL3_DHE_RSA_WITH_3DES_EDE_CBC_SHA);

+        // deprecated SSL3.0 names replaced by IANA-registered TLS names

+        cipherMap.put("TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA",

+                SSLSocket.SSL3_DHE_RSA_WITH_3DES_EDE_CBC_SHA);

         cipherMap.put("SSL3_DH_ANON_EXPORT_WITH_RC4_40_MD5",

                 SSLSocket.SSL3_DH_ANON_EXPORT_WITH_RC4_40_MD5);

@@ -264,6 +277,12 @@ public class JSSSocketFactory implements

         cipherMap.put("TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256",

                 SSLSocket.TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256);

+        cipherMap.put("TLS_ECDH_RSA_WITH_AES_256_CBC_SHA",

+                SSLSocket.TLS_ECDH_RSA_WITH_AES_256_CBC_SHA);

+        cipherMap.put("TLS_ECDH_RSA_WITH_AES_128_CBC_SHA",

+                SSLSocket.TLS_ECDH_RSA_WITH_AES_128_CBC_SHA);

+        cipherMap.put("TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA",

+                SSLSocket.TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA);

     }

     private static HashMap<Integer, String> eccCipherMap = new HashMap<Integer, String>();

@@ -308,6 +327,8 @@ public class JSSSocketFactory implements

                 "TLS_ECDH_RSA_WITH_NULL_SHA");

         eccCipherMap.put(SSLSocket.TLS_ECDH_ECDSA_WITH_NULL_SHA,

                 "TLS_ECDH_ECDSA_WITH_NULL_SHA");

+        eccCipherMap.put(SSLSocket.TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,

+                "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256");

     }

     private AbstractEndpoint endpoint;

@@ -393,6 +414,7 @@ public class JSSSocketFactory implements

                             + ": 0x" + Integer.toHexString(cipherid) + "\n");

                     SSLSocket.setCipherPreferenceDefault(cipherid, state);

                 } catch (Exception e) {

+                    System.err.println("SSLSocket.setCipherPreferenceDefault exception:" +e);

                     if (eccCipherMap.containsKey(cipherid)) {

                         System.err

                                 .println("Warning: SSL ECC cipher \""