diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..e655dd6
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+SOURCES/tomcatjss-7.2.1.tar.gz
diff --git a/.tomcatjss.metadata b/.tomcatjss.metadata
new file mode 100644
index 0000000..f50e322
--- /dev/null
+++ b/.tomcatjss.metadata
@@ -0,0 +1 @@
+45e28de0d84a01b8e8dd4ee72737fa9426ac7109 SOURCES/tomcatjss-7.2.1.tar.gz
diff --git a/README.md b/README.md
deleted file mode 100644
index 0e7897f..0000000
--- a/README.md
+++ /dev/null
@@ -1,5 +0,0 @@
-The master branch has no content
- 
-Look at the c7 branch if you are working with CentOS-7, or the c4/c5/c6 branch for CentOS-4, 5 or 6
- 
-If you find this file in a distro specific branch, it means that no content has been checked in yet
diff --git a/SOURCES/tomcatjss-Comply-with-ASF-trademark-rules.patch b/SOURCES/tomcatjss-Comply-with-ASF-trademark-rules.patch
new file mode 100644
index 0000000..f2ed9ba
--- /dev/null
+++ b/SOURCES/tomcatjss-Comply-with-ASF-trademark-rules.patch
@@ -0,0 +1,56 @@
+From 7ace773ac5a46704c131bd1cc788d6db4568e401 Mon Sep 17 00:00:00 2001
+From: Matthew Harmsen <mharmsen@redhat.com>
+Date: Mon, 12 Jun 2017 16:05:21 -0600
+Subject: [PATCH] Comply with ASF trademark rules
+
+- tomcatjss Pagure Issue #10 - Comply with ASF trademark rules (mharmsen)
+---
+ README         | 26 ++++++++++++++++----------
+ 1 file changed, 16 insertions(+), 10 deletions(-)
+
+diff --git a/README b/README
+index b8f3860..b3912ba 100644
+--- a/README
++++ b/README
+@@ -1,23 +1,29 @@
+-tomcatjss, a JSSE module for Tomcat that uses JSS, a Java interface to
+-Network Security Services(NSS). 
++JSS Connector for Apache Tomcat, installed via the tomcatjss package,
++is a Java Secure Socket Extension (JSSE) module for Apache Tomcat that
++uses Java Security Services (JSS), a Java interface to Network Security
++Services (NSS).
+ 
+-tomcatjss defines a number of attributes for a Connector including:
++JSS Connector for Apache Tomcat defines a number of attributes for a Connector
++including:
+ 
+ clientauth: specify if client authentication is required in the connector (or
+ port), it can be true or false. If true then client authentication is required.
+ 
+ sslOptions: specify a comma-delimited list of ssl options to pass into the ssl
+ implementation. Each option takes the form of: option=[true|false].
+-tomcatjss supports the options: ssl2, ssl3, tls.
++JSS Connector for Apache Tomcat supports the options: ssl2, ssl3, tls.
+ 
+-ssl2Ciphers: specify a list of SSL2 ciphers that tomcatjss should  accept 
+-or reject from the client. You can use + to denote "accept", - means "reject".
++ssl2Ciphers: specify a list of SSL2 ciphers that JSS Connector for
++Apache Tomcat should accept or reject from the client. You can use + to
++denote "accept", - means "reject"
+ 
+-ssl3Ciphers: specifies a list of SSL3 ciphers that tomcatjss should accept
+-or reject from the client. You can use + to denote "accept", - means "reject".
++ssl3Ciphers: specifies a list of SSL3 ciphers that JSS Connector for
++Apache Tomcat should accept or reject from the client. You can use + to
++denote "accept", - means "reject".
+ 
+-tlsCiphers: specifies a list of TLS ciphers that tomcatjss should accept
+-or reject from the client. You can use + to denote "accept", - means "reject".
++tlsCiphers: specifies a list of TLS ciphers that JSS Connector for
++Apache Tomcat should accept or reject from the client. You can use + to
++denote "accept", - means "reject".
+ 
+ serverCertNickFile: a file in which specify the nickname of the
+ server certificate. The file should contain a single line that contains
+-- 
+2.9.4
diff --git a/SOURCES/tomcatjss-Fixed-SSL-cipher-list-parser.patch b/SOURCES/tomcatjss-Fixed-SSL-cipher-list-parser.patch
new file mode 100644
index 0000000..f948210
--- /dev/null
+++ b/SOURCES/tomcatjss-Fixed-SSL-cipher-list-parser.patch
@@ -0,0 +1,94 @@
+From c14c8ec6b077721eddeddb125b9a4b0141e5e4aa Mon Sep 17 00:00:00 2001
+From: "Endi S. Dewata" <edewata@redhat.com>
+Date: Thu, 1 Jun 2017 00:29:37 +0200
+Subject: [PATCH] Fixed SSL cipher list parser.
+
+The SSL cipher list parsers have been modified to ignore spaces
+to allow more user-friendly formatting.
+
+https://pagure.io/tomcatjss/issue/9
+
+Change-Id: Ic21f0347e06e20f64ef37de95f9d1f1ac3d1f0d2
+---
+ .../apache/tomcat/util/net/jss/JSSImplementation.java    |  5 +++--
+ src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java | 16 ++++++++++++++--
+ 2 files changed, 17 insertions(+), 4 deletions(-)
+
+diff --git a/src/org/apache/tomcat/util/net/jss/JSSImplementation.java b/src/org/apache/tomcat/util/net/jss/JSSImplementation.java
+index 42dc8d2..8721844 100644
+--- a/src/org/apache/tomcat/util/net/jss/JSSImplementation.java
++++ b/src/org/apache/tomcat/util/net/jss/JSSImplementation.java
+@@ -25,6 +25,8 @@ import java.io.IOException;
+ import java.net.Socket;
+ import java.util.Properties;
+ 
++import org.apache.commons.logging.Log;
++import org.apache.commons.logging.LogFactory;
+ import org.apache.tomcat.util.net.AbstractEndpoint;
+ import org.apache.tomcat.util.net.SSLImplementation;
+ import org.apache.tomcat.util.net.SSLSupport;
+@@ -35,8 +37,7 @@ public class JSSImplementation extends SSLImplementation {
+     static final String JSSFactory = "org.apache.tomcat.util.net.jss.JSSFactory";
+     static final String SSLSocketClass = "org.mozilla.jss.ssl.SSLSocket";
+ 
+-    static org.apache.commons.logging.Log logger = org.apache.commons.logging.LogFactory
+-            .getLog(JSSImplementation.class);
++    static Log logger = LogFactory.getLog(JSSImplementation.class);
+ 
+     private JSSFactory factory = null;
+ 
+diff --git a/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java b/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java
+index 4992600..f974a89 100644
+--- a/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java
++++ b/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java
+@@ -42,6 +42,8 @@ import javax.net.ssl.SSLContext;
+ import javax.net.ssl.TrustManager;
+ 
+ import org.apache.commons.lang.StringUtils;
++import org.apache.commons.logging.Log;
++import org.apache.commons.logging.LogFactory;
+ // Imports required to "implement" Tomcat 7 Interface
+ import org.apache.tomcat.util.net.AbstractEndpoint;
+ import org.mozilla.jss.CertDatabaseException;
+@@ -61,6 +63,8 @@ public class JSSSocketFactory implements
+         org.apache.tomcat.util.net.ServerSocketFactory,
+         org.apache.tomcat.util.net.SSLUtil {
+ 
++    static Log logger = LogFactory.getLog(JSSSocketFactory.class);
++
+     private static HashMap<String, Integer> cipherMap = new HashMap<String, Integer>();
+     static {
+         // SSLv2
+@@ -382,9 +386,13 @@ public class JSSSocketFactory implements
+             debugWrite("JSSSocketFactory setSSLCiphers: " + attr + " not found");
+             return;
+         }
+-        StringTokenizer st = new StringTokenizer(ciphers, ",");
++
++        logger.debug("Processing " + attr + ":");
++        StringTokenizer st = new StringTokenizer(ciphers, ", ");
+         while (st.hasMoreTokens()) {
+             String cipherstr = st.nextToken();
++            logger.debug(" - " + cipherstr);
++
+             int cipherid = 0;
+             String text;
+             boolean state;
+@@ -456,9 +464,13 @@ public class JSSSocketFactory implements
+             debugWrite("no sslOptions specified");
+             return;
+         }
+-        StringTokenizer st = new StringTokenizer(options, ",");
++
++        logger.debug("Processing sslOptions:");
++        StringTokenizer st = new StringTokenizer(options, ", ");
+         while (st.hasMoreTokens()) {
+             String option = st.nextToken();
++            logger.debug(" - " + option);
++
+             StringTokenizer st1 = new StringTokenizer(option, "=");
+             String name = st1.nextToken();
+             String value = st1.nextToken();
+-- 
+1.8.3.1
+
diff --git a/SOURCES/tomcatjss-add-TLS-SHA384-ciphers.patch b/SOURCES/tomcatjss-add-TLS-SHA384-ciphers.patch
new file mode 100644
index 0000000..bf55593
--- /dev/null
+++ b/SOURCES/tomcatjss-add-TLS-SHA384-ciphers.patch
@@ -0,0 +1,98 @@
+From 1970d6bf47e4ce3a43de370ada5c3e882d7a7cb0 Mon Sep 17 00:00:00 2001
+From: Christina Fu <cfu@redhat.com>
+Date: Fri, 29 Jun 2018 15:04:43 -0700
+Subject: [PATCH] Ticket #11 Add support for TLS_*_SHA384 ciphers
+
+This patch adds support for TLS_*_SHA384 ciphers which NSS now supports.
+
+fixes: https://pagure.io/tomcatjss/issue/11
+---
+ .../tomcat/util/net/jss/JSSSocketFactory.java      | 43 +++++++++++++++++++++-
+ 1 file changed, 41 insertions(+), 2 deletions(-)
+
+diff --git a/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java b/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java
+index f974a89..b38b091 100644
+--- a/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java
++++ b/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java
+@@ -290,6 +290,22 @@ public class JSSSocketFactory implements
+                 SSLSocket.TLS_ECDH_RSA_WITH_AES_128_CBC_SHA);
+         cipherMap.put("TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA",
+                 SSLSocket.TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA);
++
++        // TLS_*_SHA384
++        cipherMap.put("TLS_RSA_WITH_AES_256_GCM_SHA384",
++                SSLSocket.TLS_RSA_WITH_AES_256_GCM_SHA384);
++        cipherMap.put("TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",
++                SSLSocket.TLS_DHE_RSA_WITH_AES_256_GCM_SHA384);
++        cipherMap.put("TLS_DHE_DSS_WITH_AES_256_GCM_SHA384",
++                SSLSocket.TLS_DHE_DSS_WITH_AES_256_GCM_SHA384);
++        cipherMap.put("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
++                SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384);
++        cipherMap.put("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
++                SSLSocket.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384);
++        cipherMap.put("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
++                SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384);
++        cipherMap.put("TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
++                SSLSocket.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384);
+     }
+ 
+     private static HashMap<Integer, String> eccCipherMap = new HashMap<Integer, String>();
+@@ -338,6 +354,22 @@ public class JSSSocketFactory implements
+         eccCipherMap.put(SSLSocket.TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
+                 "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256");
+ */
++
++        // TLS_*_SHA384
++        eccCipherMap.put(SSLSocket.TLS_RSA_WITH_AES_256_GCM_SHA384,
++                "TLS_RSA_WITH_AES_256_GCM_SHA384");
++        eccCipherMap.put(SSLSocket.TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
++                "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384");
++        eccCipherMap.put(SSLSocket.TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,
++                "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384");
++        eccCipherMap.put(SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
++                "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384");
++        eccCipherMap.put(SSLSocket.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
++                "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384");
++        eccCipherMap.put(SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
++                "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384");
++        eccCipherMap.put(SSLSocket.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
++                "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384");
+     }
+ 
+     private AbstractEndpoint endpoint;
+@@ -429,23 +461,30 @@ public class JSSSocketFactory implements
+             }
+             if (cipherid != 0) {
+                 try {
+-                    debugWrite("JSSSocketFactory setSSLCiphers:  " + cipherstr
++                    debugWrite("JSSSocketFactory setSSLCiphers: setting: " + cipherstr
+                             + ": 0x" + Integer.toHexString(cipherid) + "\n");
+                     SSLSocket.setCipherPreferenceDefault(cipherid, state);
++                    debugWrite("JSSSocketFactory setSSLCiphers: done setting: " + cipherstr
++                            + ": 0x" + Integer.toHexString(cipherid) + "\n");
+                 } catch (Exception e) {
+-                    System.err.println("SSLSocket.setCipherPreferenceDefault exception:" +e);
++                    String errMsg = "SSLSocket.setCipherPreferenceDefault exception on: " + cipherstr + " : " +e;
++                    System.err.println(errMsg);
++                    debugWrite("JSSSocketFactory setSSLCiphers: " + errMsg);
+                     if (eccCipherMap.containsKey(cipherid)) {
++                        debugWrite("JSSSocketFactory setSSLCiphers: Warning: cipher exists in eccCipherMap");
+                         System.err
+                                 .println("Warning: SSL ECC cipher \""
+                                         + text
+                                         + "\" unsupported by NSS. "
+                                         + "This is probably O.K. unless ECC support has been installed.");
+                     } else {
++                        debugWrite("JSSSocketFactory setSSLCiphers: Error: cipher does not exist in eccCipherMap");
+                         System.err.println("Error: SSL cipher \"" + text
+                                 + "\" unsupported by NSS");
+                     }
+                 }
+             } else {
++                debugWrite("JSSSocketFactory setSSLCiphers: Error: cipher not recognized by tomcatjss");
+                 System.err.println("Error: SSL cipher \"" + text
+                         + "\" not recognized by tomcatjss");
+             }
+-- 
+2.14.4
+
diff --git a/SOURCES/tomcatjss-support-for-event-API.patch b/SOURCES/tomcatjss-support-for-event-API.patch
new file mode 100644
index 0000000..f38a2f1
--- /dev/null
+++ b/SOURCES/tomcatjss-support-for-event-API.patch
@@ -0,0 +1,294 @@
+From c410c7a35b4aa78e7c35d11a72cc96ff932df982 Mon Sep 17 00:00:00 2001
+From: "Endi S. Dewata" <edewata@redhat.com>
+Date: Fri, 3 Mar 2017 09:19:58 +0100
+Subject: [PATCH 1/2] Renamed getEndpointAttribute().
+
+The getEndpointAttribute() in JSSSocketFactory has been renamed
+to getProperty() for clarity.
+---
+ .../tomcat/util/net/jss/JSSSocketFactory.java      | 44 +++++++++++-----------
+ 1 file changed, 22 insertions(+), 22 deletions(-)
+
+diff --git a/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java b/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java
+index ebf5505..bc096c1 100644
+--- a/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java
++++ b/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java
+@@ -377,7 +377,7 @@ public class JSSSocketFactory implements
+     }
+ 
+     public void setSSLCiphers(String attr) throws SocketException, IOException {
+-        String ciphers = getEndpointAttribute(attr);
++        String ciphers = getProperty(attr);
+         if (StringUtils.isEmpty(ciphers)) {
+             debugWrite("JSSSocketFactory setSSLCiphers: " + attr + " not found");
+             return;
+@@ -451,7 +451,7 @@ public class JSSSocketFactory implements
+      * parameter is ignored.
+      */
+     public void setSSLOptions() throws SocketException, IOException {
+-        String options = getEndpointAttribute("sslOptions");
++        String options = getProperty("sslOptions");
+         if (StringUtils.isEmpty(options)) {
+             debugWrite("no sslOptions specified");
+             return;
+@@ -562,7 +562,7 @@ public class JSSSocketFactory implements
+         return -1;
+     }
+ 
+-    String getEndpointAttribute(String tag) {
++    String getProperty(String tag) {
+ 
+         // check <catalina.base>/conf/server.xml
+         String value = (String)endpoint.getAttribute(tag);
+@@ -575,8 +575,8 @@ public class JSSSocketFactory implements
+         return value;
+     }
+ 
+-    String getEndpointAttribute(String tag, String defaultValue) {
+-        String value = getEndpointAttribute(tag);
++    String getProperty(String tag, String defaultValue) {
++        String value = getProperty(tag);
+         if (value == null) {
+             return defaultValue;
+         }
+@@ -585,7 +585,7 @@ public class JSSSocketFactory implements
+ 
+     void init() throws IOException {
+         // debug enabled?
+-        String deb = getEndpointAttribute("debug");
++        String deb = getProperty("debug");
+         if (StringUtils.equals(deb, "true")) {
+             debug = true;
+             debugFile = new FileWriter("/tmp/tomcatjss.log", true);
+@@ -613,14 +613,14 @@ public class JSSSocketFactory implements
+ 
+             // MUST look for "clientauth" (ALL lowercase) since "clientAuth"
+             // (camel case) has already been processed by Tomcat 7
+-            String clientAuthStr = getEndpointAttribute("clientauth");
++            String clientAuthStr = getProperty("clientauth");
+             if (clientAuthStr == null) {
+                 debugWrite("JSSSocketFactory init - \"clientauth\" not found, default to want.");
+                 clientAuthStr = "want";
+             }
+             File file = null;
+             try {
+-                mServerCertNickPath = getEndpointAttribute("serverCertNickFile");
++                mServerCertNickPath = getProperty("serverCertNickFile");
+                 if (mServerCertNickPath == null) {
+                     throw new IOException("serverCertNickFile not specified");
+                 }
+@@ -656,7 +656,7 @@ public class JSSSocketFactory implements
+                         "JSSSocketFactory: no serverCertNickFile defined");
+             }
+ 
+-            // serverCertNick = (String)getEndpointAttribute("serverCert");
++            // serverCertNick = (String)getProperty("serverCert");
+             if (clientAuthStr.equalsIgnoreCase("true")
+                     || clientAuthStr.equalsIgnoreCase("yes")) {
+                 requireClientAuth = true;
+@@ -670,7 +670,7 @@ public class JSSSocketFactory implements
+                     && ocspConfigured == false) {
+                 debugWrite("JSSSocketFactory init - checking for OCSP settings. \n");
+                 boolean enableOCSP = false;
+-                String doOCSP = getEndpointAttribute("enableOCSP");
++                String doOCSP = getProperty("enableOCSP");
+ 
+                 debugWrite("JSSSocketFactory init - doOCSP flag:" + doOCSP + " \n");
+ 
+@@ -682,10 +682,10 @@ public class JSSSocketFactory implements
+                         + "\n");
+ 
+                 if (enableOCSP == true) {
+-                    String ocspResponderURL = getEndpointAttribute("ocspResponderURL");
++                    String ocspResponderURL = getProperty("ocspResponderURL");
+                     debugWrite("JSSSocketFactory init - ocspResponderURL "
+                             + ocspResponderURL + "\n");
+-                    String ocspResponderCertNickname = getEndpointAttribute(
++                    String ocspResponderCertNickname = getProperty(
+                             "ocspResponderCertNickname");
+                     debugWrite("JSSSocketFactory init - ocspResponderCertNickname"
+                             + ocspResponderCertNickname + "\n");
+@@ -700,9 +700,9 @@ public class JSSSocketFactory implements
+                             int ocspMinCacheEntryDuration_i = 3600;
+                             int ocspMaxCacheEntryDuration_i = 86400;
+ 
+-                            String ocspCacheSize = getEndpointAttribute("ocspCacheSize");
+-                            String ocspMinCacheEntryDuration = getEndpointAttribute("ocspMinCacheEntryDuration");
+-                            String ocspMaxCacheEntryDuration = getEndpointAttribute("ocspMaxCacheEntryDuration");
++                            String ocspCacheSize = getProperty("ocspCacheSize");
++                            String ocspMinCacheEntryDuration = getProperty("ocspMinCacheEntryDuration");
++                            String ocspMaxCacheEntryDuration = getProperty("ocspMaxCacheEntryDuration");
+ 
+                             if (ocspCacheSize != null
+                                     || ocspMinCacheEntryDuration != null
+@@ -729,7 +729,7 @@ public class JSSSocketFactory implements
+                             }
+ 
+                             // defualt to 60 seconds;
+-                            String ocspTimeout = getEndpointAttribute("ocspTimeout");
++                            String ocspTimeout = getProperty("ocspTimeout");
+                             if (ocspTimeout != null) {
+                                 debugWrite("JSSSocketFactory init - ocspTimeout= \n" + ocspTimeout);
+                                 int ocspTimeout_i = Integer.parseInt(ocspTimeout);
+@@ -760,7 +760,7 @@ public class JSSSocketFactory implements
+             // 12 hours = 43200 seconds
+             SSLServerSocket.configServerSessionIDCache(0, 43200, 43200, null);
+ 
+-            String strictCiphersStr = getEndpointAttribute("strictCiphers");
++            String strictCiphersStr = getProperty("strictCiphers");
+             if (StringUtils.equalsIgnoreCase(strictCiphersStr, "true")
+                     || StringUtils.equalsIgnoreCase(strictCiphersStr, "yes")) {
+                 mStrictCiphers = true;
+@@ -773,7 +773,7 @@ public class JSSSocketFactory implements
+                 debugWrite("SSSocketFactory init - before setSSLCiphers, strictCiphers is false\n");
+             }
+ 
+-            String sslVersionRangeStream = getEndpointAttribute("sslVersionRangeStream");
++            String sslVersionRangeStream = getProperty("sslVersionRangeStream");
+             if ((sslVersionRangeStream != null)
+                     && !sslVersionRangeStream.equals("")) {
+                 debugWrite("SSSocketFactory init - calling setSSLVersionRangeDefault() for type STREAM\n");
+@@ -783,7 +783,7 @@ public class JSSSocketFactory implements
+                 debugWrite("SSSocketFactory init - after setSSLVersionRangeDefault() for type STREAM\n");
+             }
+ 
+-            String sslVersionRangeDatagram = getEndpointAttribute("sslVersionRangeDatagram");
++            String sslVersionRangeDatagram = getProperty("sslVersionRangeDatagram");
+             if ((sslVersionRangeDatagram != null)
+                     && !sslVersionRangeDatagram.equals("")) {
+                 debugWrite("SSSocketFactory init - calling setSSLVersionRangeDefault() for type DATA_GRAM\n");
+@@ -854,11 +854,11 @@ public class JSSSocketFactory implements
+ 
+     private void initializePasswordStore() throws InstantiationException, IllegalAccessException,
+             ClassNotFoundException, IOException {
+-        mPwdClass = getEndpointAttribute("passwordClass");
++        mPwdClass = getProperty("passwordClass");
+         if (mPwdClass == null) {
+             throw new IOException("Misconfiguration: passwordClass is not defined");
+         }
+-        mPwdPath = getEndpointAttribute("passwordFile");
++        mPwdPath = getProperty("passwordFile");
+ 
+         mPasswordStore = (IPasswordStore) Class.forName(mPwdClass).newInstance();
+         debugWrite("JSSSocketFactory init - password reader initialized\n");
+@@ -869,7 +869,7 @@ public class JSSSocketFactory implements
+ 
+     private CryptoManager getCryptoManager() throws KeyDatabaseException, CertDatabaseException,
+             GeneralSecurityException, NotInitializedException, IOException {
+-        String certDir = getEndpointAttribute("certdbDir");
++        String certDir = getProperty("certdbDir");
+         if (certDir == null) {
+             throw new IOException("Misconfiguration: certdir not defined");
+         }
+-- 
+1.8.3.1
+
+
+From 7612272aa337c413ac4b96cd13d5a1384b80b5aa Mon Sep 17 00:00:00 2001
+From: "Endi S. Dewata" <edewata@redhat.com>
+Date: Fri, 27 Jan 2017 04:31:41 +0100
+Subject: [PATCH 2/2] Added SSLSocketListener registry.
+
+A new TomcatJSS class has been added as a mechanism to register
+SSLSocketListeners for all SSLSockets created by TomcatJSS.
+
+https://pagure.io/tomcatjss/issue/4
+---
+ .../tomcat/util/net/jss/JSSSocketFactory.java      |  4 ++
+ src/org/apache/tomcat/util/net/jss/TomcatJSS.java  | 69 ++++++++++++++++++++++
+ 2 files changed, 73 insertions(+)
+ create mode 100644 src/org/apache/tomcat/util/net/jss/TomcatJSS.java
+
+diff --git a/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java b/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java
+index bc096c1..4992600 100644
+--- a/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java
++++ b/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java
+@@ -934,6 +934,10 @@ public class JSSSocketFactory implements
+         SSLSocket asock = null;
+         try {
+             asock = (SSLSocket) socket.accept();
++
++            TomcatJSS tomcatjss = TomcatJSS.getInstance();
++            asock.addSocketListener(tomcatjss);
++
+             if (wantClientAuth || requireClientAuth) {
+                 asock.requestClientAuth(true);
+                 if (requireClientAuth == true) {
+diff --git a/src/org/apache/tomcat/util/net/jss/TomcatJSS.java b/src/org/apache/tomcat/util/net/jss/TomcatJSS.java
+new file mode 100644
+index 0000000..9717921
+--- /dev/null
++++ b/src/org/apache/tomcat/util/net/jss/TomcatJSS.java
+@@ -0,0 +1,69 @@
++/* BEGIN COPYRIGHT BLOCK
++ * This library is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU Lesser General Public
++ * License as published by the Free Software Foundation; either
++ * version 2.1 of the License, or (at your option) any later version.
++ *
++ * This library is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++ * Lesser General Public License for more details.
++ *
++ * You should have received a copy of the GNU Lesser General Public
++ * License along with this library; if not, write to the Free Software
++ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
++ *
++ * Copyright (C) 2017 Red Hat, Inc.
++ * All rights reserved.
++ * END COPYRIGHT BLOCK */
++
++package org.apache.tomcat.util.net.jss;
++
++import java.util.ArrayList;
++import java.util.Collection;
++
++import org.mozilla.jss.ssl.SSLAlertEvent;
++import org.mozilla.jss.ssl.SSLHandshakeCompletedEvent;
++import org.mozilla.jss.ssl.SSLSocketListener;
++
++public class TomcatJSS implements SSLSocketListener {
++
++    public final static TomcatJSS INSTANCE = new TomcatJSS();
++
++    public static TomcatJSS getInstance() { return INSTANCE; }
++
++    Collection<SSLSocketListener> socketListeners = new ArrayList<SSLSocketListener>();
++
++    public void addSocketListener(SSLSocketListener listener) {
++        socketListeners.add(listener);
++    }
++
++    public void removeSocketListener(SSLSocketListener listener) {
++        socketListeners.remove(listener);
++    }
++
++    public Collection<SSLSocketListener> getSocketListeners() {
++        return socketListeners;
++    }
++
++    @Override
++    public void alertReceived(SSLAlertEvent event) {
++        for (SSLSocketListener listener : socketListeners) {
++            listener.alertReceived(event);
++        }
++    }
++
++    @Override
++    public void alertSent(SSLAlertEvent event) {
++        for (SSLSocketListener listener : socketListeners) {
++            listener.alertSent(event);
++        }
++    }
++
++    @Override
++    public void handshakeCompleted(SSLHandshakeCompletedEvent event) {
++        for (SSLSocketListener listener : socketListeners) {
++            listener.handshakeCompleted(event);
++        }
++    }
++}
+-- 
+1.8.3.1
+
diff --git a/SPECS/tomcatjss.spec b/SPECS/tomcatjss.spec
new file mode 100644
index 0000000..e3bcced
--- /dev/null
+++ b/SPECS/tomcatjss.spec
@@ -0,0 +1,238 @@
+Name:     tomcatjss
+Version:  7.2.1
+Release:  7%{?dist}
+Summary:  JSS Connector for Apache Tomcat, a JSSE module for Apache Tomcat that uses JSS
+URL:      http://pki.fedoraproject.org/
+License:  LGPLv2+
+Group:    System Environment/Libraries
+
+BuildArch:      noarch
+BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-buildroot
+
+Source0:  http://pki.fedoraproject.org/pki/sources/%{name}/%{name}-%{version}.tar.gz
+
+# jpackage-utils requires versioning to meet both build and runtime requirements
+# jss requires versioning to meet both build and runtime requirements
+# tomcat requires versioning to meet both build and runtime requirements
+Conflicts:        pki-base < 10.4.0
+BuildRequires:    ant
+BuildRequires:    apache-commons-lang
+BuildRequires:    java-devel
+BuildRequires:    jpackage-utils >= 0:1.7.5-15
+%if 0%{?fedora}
+BuildRequires:    jss >= 4.4.4-3
+%else
+BuildRequires:    jss >= 4.4.0-13
+%endif
+%if 0%{?fedora} >= 23
+BuildRequires:    tomcat >= 8.0.18
+%else
+BuildRequires:    tomcat >= 7.0.68
+%endif
+
+Requires:         apache-commons-lang
+%if 0%{?fedora} >= 21
+Requires:         java-headless
+%else
+Requires:         java
+%endif
+Requires:         jpackage-utils >= 0:1.7.5-15
+%if 0%{?fedora}
+Requires:         jss >= 4.4.4-3
+%else
+Requires:         jss >= 4.4.0-13
+%endif
+%if 0%{?fedora} >= 23
+Requires:         tomcat >= 8.0.18
+%else
+Requires:         tomcat >= 7.0.68
+%endif
+
+#######################
+## tomcatjss-7.2.1-3
+#######################
+Patch1:           tomcatjss-support-for-event-API.patch
+#######################
+## tomcatjss-7.2.1-4
+#######################
+Patch2:           tomcatjss-Fixed-SSL-cipher-list-parser.patch
+#######################
+## tomcatjss-7.2.1-5
+#######################
+Patch3:           tomcatjss-Comply-with-ASF-trademark-rules.patch
+#######################
+## tomcatjss-7.2.1-7
+#######################
+Patch4:           tomcatjss-add-TLS-SHA384-ciphers.patch
+
+# The 'tomcatjss' package conflicts with the 'tomcat-native' package
+# because it uses an underlying NSS security model rather than the
+# OpenSSL security model, so these two packages may not co-exist.
+# (see Bugzilla Bug #441974 for details)
+Conflicts:        tomcat-native
+
+%if 0%{?rhel}
+# For EPEL, override the '_sharedstatedir' macro on RHEL
+%define           _sharedstatedir    /var/lib
+%endif
+
+%description
+JSS Connector for Apache Tomcat, installed via the tomcatjss package,
+is a Java Secure Socket Extension (JSSE) module for Apache Tomcat that
+uses Java Security Services (JSS), a Java interface to Network Security
+Services (NSS).
+
+NOTE:  The 'tomcatjss' package conflicts with the 'tomcat-native' package
+       because it uses an underlying NSS security model rather than the
+       OpenSSL security model, so these two packages may not co-exist.
+
+%prep
+
+%setup -q
+%patch1 -p1
+%patch2 -p1
+%patch3 -p1
+%patch4 -p1
+chmod -c -x LICENSE README
+
+%build
+
+ant -f build.xml -Djnidir=%{_jnidir}
+ant -f build.xml -Djnidir=%{_jnidir} dist
+
+%install
+rm -rf %{buildroot}
+
+# Unpack the files we just built
+cd dist/binary
+unzip %{name}-%{version}.zip -d %{buildroot}
+
+# Install our files
+cd %{buildroot}%{_javadir}
+%if 0%{?rhel} || 0%{?fedora} < 21
+mv %{name}.jar %{name}-%{version}.jar
+ln -s %{name}-%{version}.jar %{name}.jar
+%endif
+
+%clean
+rm -rf %{buildroot}
+
+%files
+%defattr(-,root,root)
+%doc README LICENSE
+%{_javadir}/*
+
+%changelog
+* Mon Jul  2 2018 Matthew Harmsen <mharmsen@redhat.com> 7.2.1-7
+- Updated jss build and runtime dependencies
+- Bugzilla Bug #1597180 - Tomcatjss: Add support for TLS_*_SHA384 ciphers
+  [rhel-7.5.z] (cfu)
+
+* Mon Jun 12 2017 Matthew Harmsen <mharmsen@redhat.com> 7.2.1-6
+- Bugzilla Bug #1460040 - Comply with ASF trademark rules (mharmsen)
+
+* Mon Jun 12 2017 Matthew Harmsen <mharmsen@redhat.com> 7.2.1-5
+- Bugzilla Bug #1460037 - Comply with ASF trademark rules (mharmsen)
+
+* Mon Jun  5 2017 Endi Sukma Dewata <edewata@redhat.com> 7.2.1-4
+- Bugzilla Bug #1457524 - Problem parsing formatted cipher list (edewata)
+
+* Mon Mar 27 2017 Matthew Harmsen <mharmsen@redhat.com> - 7.2.1-3
+- Bugzilla Bug #1394416 - Rebase tomcatjss to 7.2.x in RHEL 7.4 (mharmsen)
+- ## 'tomcatjss-support-for-event-API.patch' resolves the following issues
+  ## ported from upstream:
+- tomcatjss Pagure Issue #4 - Support for Event API (edewata)
+
+* Tue Mar 21 2017 Matthew Harmsen <mharmsen@redhat.com> - 7.2.1-2
+- Added Conflicts statement due to incompatibility with pki-base < 10.4.0
+
+* Tue Mar 14 2017 Matthew Harmsen <mharmsen@redhat.com> 7.2.1-1
+- Updated jss build and runtime dependencies
+- Bumped version due to corrupted tarball
+
+* Mon Mar 13 2017 Matthew Harmsen <mharmsen@redhat.com> 7.2.0-2
+- Changed build so that it did not package and depend upon the specfile being
+  included inside the tarball
+
+* Sun Mar 12 2017 Matthew Harmsen <mharmsen@redhat.com> 7.2.0-1
+- tomcatjss Pagure Issue #6 - Rebase tomcatjss to 7.2.0 in Fedora 25+ (mharmsen)
+- Bugzilla Bug #1394416 - Rebase tomcatjss to 7.2.0 in RHEL 7.4 (mharmsen)
+
+* Wed Jun 29 2016 Christina Fu <cfu@redhat.com> 7.1.2-3
+- Bugzilla Bug #1203407 - missing ciphers (cfu)
+
+* Wed Mar 16 2016 Endi Sukma Dewata <edewata@redhat.com> 7.1.2-2
+- Bugzilla Bug #1344804 - Build failure on RHEL 7.3
+  (patch for Bugzilla Bug #1245786 - Build failure on F23 was backported to
+   RHEL 7 to coincide with Apache Tomcat version change to 7.0.68+)
+
+* Wed Mar  4 2015 Endi Sukma Dewata <edewata@redhat.com> 7.1.2-1
+- Bugzilla Bug #1198450 - Support for Apache Tomcat 8
+- Bugzilla Bug #1214858 - Add nuxwdog support (alee)
+
+* Tue Sep 30 2014 Christina Fu <cfu@redhat.com> 7.1.1-1
+- Bugzilla Bug #1058366 NullPointerException in tomcatjss searching
+  for attribute "clientauth" (cfu)
+- Bugzilla Bug #871171 - Provide Apache Tomcat support for TLS v1.1 and
+  TLS v1.2 (cfu)
+- Bumped revision to 7.1.1
+
+* Sun Jun 08 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 7.1.0-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
+
+* Tue Mar 25 2014 Mikolaj Izdebski <mizdebsk@redhat.com> - 7.1.0-5
+- Move to java-headless
+- Resolves: rhbz#1068567
+
+* Tue Jan 07 2014 Michael Simacek <msimacek@redhat.com> - 7.1.0-5
+- Remove versioned symlink (rhbz#1022167)
+
+* Fri Aug  2 2013 Ville Skyttä <ville.skytta@iki.fi> - 7.1.0-4
+- Simplify installation of docs.
+
+* Thu Jun 13 2013 Matthew Harmsen <mharmsen@redhat.com> 7.1.0-3
+- Updated tomcatjss to utilize tomcat-7.0.40.
+- Updated JNIDIR to /usr/lib/java.
+
+* Fri Feb 15 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 7.1.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
+
+* Wed Dec 19 2012 Christina Fu <cfu@redhat.com> 7.1.0-1
+- Bugzila Bug #819554 tomcatjss: Please migrate from tomcat6 to tomcat7
+
+* Thu Aug  2 2012 Matthew Harmsen <mharmsen@redhat.com> 7.0.0-3
+- PKI TRAC Ticket #283 - Dogtag 10: Integrate Apache Tomcat 6 'tomcatjss.jar'
+  and Apache Tomcat 7 'tomcat7jss.jar' in Fedora 18 tomcatjss package
+
+* Thu Jul 26 2012 Matthew Harmsen <mharmsen@redhat.com> 7.0.0-2
+- Fixed runtime 'Requires' cut/paste typos
+
+* Wed Jun 06 2012 Matthew Harmsen <mharmsen@redhat.com> 7.0.0-1
+- Bugzilla Bug #819554 - tomcatjss: Please migrate from tomcat6 to tomcat7
+
+* Thu Sep 22 2011 Matthew Harmsen <mharmsen@redhat.com> 6.0.2-1
+- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . (mharmsen)
+- Bugzilla Bug #699809 - Convert CS to use systemd (alee)
+
+* Mon Sep 12 2011 Matthew Harmsen <mharmsen@redhat.com> 6.0.1-1
+- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .
+
+* Thu Jul 14 2011 Matthew Harmsen <mharmsen@redhat.com> - 6.0.0-1
+- Bugzilla Bug #702716 - rhcs80 cannot do client auth with pkiconsole
+  (ok with 7.3) (jmagne)
+- Require "jss >= 4.2.6-17" as a build and runtime requirement
+- Bump version 2.1.1 --> 6.0.0 (to better coincide with tomcat6)
+
+* Fri Mar 25 2011 Matthew Harmsen <mharmsen@redhat.com> - 2.1.1-1
+- Require "jss >= 4.2.6-15" as a build and runtime requirement
+- Require "tomcat6 >= 6.0.30-6" as a build and runtime requirement
+  for Fedora 15 and later platforms
+
+* Wed Jan 12 2011 John Dennis <jdennis@redhat.com> - 2.1.0-1
+- bump version to 2.1.0
+  Bug #588323 - Failed to enable cipher 0xc001 (svn rev 105)
+  Bug #634375 - Build tomcatjss against tomcat6 (svn rev 106)
+  Bug #655915 - Disable socket timeouts when socket is first created. (svn rev 107)
+
+* Tue Dec 14 2010 John Dennis <jdennis@redhat.com> 
+- Updated 'tomcatjss' to utilize 'tomcat6'.