diff --git a/SOURCES/tomcatjss-Build-Tomcat-7.0.68.patch b/SOURCES/tomcatjss-Build-Tomcat-7.0.68.patch
new file mode 100644
index 0000000..b3eb8dc
--- /dev/null
+++ b/SOURCES/tomcatjss-Build-Tomcat-7.0.68.patch
@@ -0,0 +1,13 @@
+--- src/org/apache/tomcat/util/net/jss/JSSSupport.java 2015-04-20 12:34:46.000000000 -0600
++++ src/org/apache/tomcat/util/net/jss/JSSSupport.java 2015-08-05 15:10:53.000000000 -0600
+@@ -97,6 +97,10 @@ class JSSSupport implements SSLSupport {
+ return null;
+ }
+
++ public String getProtocol() throws IOException {
++ return null;
++ }
++
+ public String getSessionId() throws IOException {
+ return null;
+ }
diff --git a/SOURCES/tomcatjss-missing-ciphers.patch b/SOURCES/tomcatjss-missing-ciphers.patch
new file mode 100644
index 0000000..953b20c
--- /dev/null
+++ b/SOURCES/tomcatjss-missing-ciphers.patch
@@ -0,0 +1,70 @@
+diff -up src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java.cfu src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java
+--- src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java.cfu 2016-06-29 18:54:38.498127146 -0600
++++ src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java 2016-06-29 18:56:38.646778769 -0600
+@@ -96,8 +96,12 @@ public class JSSSocketFactory implements
+ SSLSocket.SSL3_RSA_EXPORT_WITH_DES40_CBC_SHA);
+ cipherMap.put("SSL3_RSA_WITH_DES_CBC_SHA",
+ SSLSocket.SSL3_RSA_WITH_DES_CBC_SHA);
++
+ cipherMap.put("SSL3_RSA_WITH_3DES_EDE_CBC_SHA",
+ SSLSocket.SSL3_RSA_WITH_3DES_EDE_CBC_SHA);
++ // deprecated SSL3.0 names replaced by IANA-registered TLS names
++ cipherMap.put("TLS_RSA_WITH_3DES_EDE_CBC_SHA",
++ SSLSocket.SSL3_RSA_WITH_3DES_EDE_CBC_SHA);
+
+ cipherMap.put("SSL3_DH_DSS_EXPORT_WITH_DES40_CBC_SHA",
+ SSLSocket.SSL3_DH_DSS_EXPORT_WITH_DES40_CBC_SHA);
+@@ -116,14 +120,23 @@ public class JSSSocketFactory implements
+ SSLSocket.SSL3_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA);
+ cipherMap.put("SSL3_DHE_DSS_WITH_DES_CBC_SHA",
+ SSLSocket.SSL3_DHE_DSS_WITH_DES_CBC_SHA);
++
+ cipherMap.put("SSL3_DHE_DSS_WITH_3DES_EDE_CBC_SHA",
+ SSLSocket.SSL3_DHE_DSS_WITH_3DES_EDE_CBC_SHA);
++ // deprecated SSL3.0 names replaced by IANA-registered TLS names
++ cipherMap.put("TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA",
++ SSLSocket.SSL3_DHE_DSS_WITH_3DES_EDE_CBC_SHA);
++
+ cipherMap.put("SSL3_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
+ SSLSocket.SSL3_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA);
+ cipherMap.put("SSL3_DHE_RSA_WITH_DES_CBC_SHA",
+ SSLSocket.SSL3_DHE_RSA_WITH_DES_CBC_SHA);
++
+ cipherMap.put("SSL3_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
+ SSLSocket.SSL3_DHE_RSA_WITH_3DES_EDE_CBC_SHA);
++ // deprecated SSL3.0 names replaced by IANA-registered TLS names
++ cipherMap.put("TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
++ SSLSocket.SSL3_DHE_RSA_WITH_3DES_EDE_CBC_SHA);
+
+ cipherMap.put("SSL3_DH_ANON_EXPORT_WITH_RC4_40_MD5",
+ SSLSocket.SSL3_DH_ANON_EXPORT_WITH_RC4_40_MD5);
+@@ -264,6 +277,12 @@ public class JSSSocketFactory implements
+ cipherMap.put("TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256",
+ SSLSocket.TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256);
+
++ cipherMap.put("TLS_ECDH_RSA_WITH_AES_256_CBC_SHA",
++ SSLSocket.TLS_ECDH_RSA_WITH_AES_256_CBC_SHA);
++ cipherMap.put("TLS_ECDH_RSA_WITH_AES_128_CBC_SHA",
++ SSLSocket.TLS_ECDH_RSA_WITH_AES_128_CBC_SHA);
++ cipherMap.put("TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA",
++ SSLSocket.TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA);
+ }
+
+ private static HashMap<Integer, String> eccCipherMap = new HashMap<Integer, String>();
+@@ -308,6 +327,8 @@ public class JSSSocketFactory implements
+ "TLS_ECDH_RSA_WITH_NULL_SHA");
+ eccCipherMap.put(SSLSocket.TLS_ECDH_ECDSA_WITH_NULL_SHA,
+ "TLS_ECDH_ECDSA_WITH_NULL_SHA");
++ eccCipherMap.put(SSLSocket.TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
++ "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256");
+ }
+
+ private AbstractEndpoint endpoint;
+@@ -393,6 +414,7 @@ public class JSSSocketFactory implements
+ + ": 0x" + Integer.toHexString(cipherid) + "\n");
+ SSLSocket.setCipherPreferenceDefault(cipherid, state);
+ } catch (Exception e) {
++ System.err.println("SSLSocket.setCipherPreferenceDefault exception:" +e);
+ if (eccCipherMap.containsKey(cipherid)) {
+ System.err
+ .println("Warning: SSL ECC cipher \""
diff --git a/SPECS/tomcatjss.spec b/SPECS/tomcatjss.spec
index 5485c88..fb80df3 100644
--- a/SPECS/tomcatjss.spec
+++ b/SPECS/tomcatjss.spec
@@ -1,6 +1,6 @@
Name: tomcatjss
Version: 7.1.2
-Release: 1%{?dist}
+Release: 3%{?dist}
Summary: JSSE implementation using JSS for Tomcat
URL: http://pki.fedoraproject.org/
License: LGPLv2+
@@ -22,7 +22,7 @@ BuildRequires: jss >= 4.2.6-35
%if 0%{?fedora} >= 23
BuildRequires: tomcat >= 8.0.18
%else
-BuildRequires: tomcat >= 7.0.40
+BuildRequires: tomcat >= 7.0.68
%endif
Requires: apache-commons-lang
@@ -36,9 +36,13 @@ Requires: jss >= 4.2.6-35
%if 0%{?fedora} >= 23
Requires: tomcat >= 8.0.18
%else
-Requires: tomcat >= 7.0.40
+Requires: tomcat >= 7.0.68
%endif
+## tomcatjss-7.1.2-2
+Patch1: tomcatjss-Build-Tomcat-7.0.68.patch
+Patch2: tomcatjss-missing-ciphers.patch
+
# The 'tomcatjss' package conflicts with the 'tomcat-native' package
# because it uses an underlying NSS security model rather than the
# OpenSSL security model, so these two packages may not co-exist.
@@ -61,6 +65,8 @@ NOTE: The 'tomcatjss' package conflicts with the 'tomcat-native' package
%prep
%setup -q
+%patch1 -p0
+%patch2 -p0
chmod -c -x LICENSE README
%build
@@ -91,6 +97,14 @@ rm -rf %{buildroot}
%{_javadir}/*
%changelog
+* Wed Jun 29 2016 Christina Fu <cfu@redhat.com> 7.1.2-3
+- Bugzilla Bug #1203407 - missing ciphers (cfu)
+
+* Wed Mar 16 2016 Endi Sukma Dewata <edewata@redhat.com> 7.1.2-2
+- Bugzilla Bug #1344804 - Build failure on RHEL 7.3
+ (patch for Bugzilla Bug #1245786 - Build failure on F23 was backported to
+ RHEL 7 to coincide with Tomcat version change to 7.0.68+)
+
* Wed Mar 4 2015 Endi Sukma Dewata <edewata@redhat.com> 7.1.2-1
- Bugzilla Bug #1198450 - Support for Tomcat 8
- Bugzilla Bug #1214858 - Add nuxwdog support (alee)