diff options
author | Endi S. Dewata <edewata@redhat.com> | 2017-03-19 20:23:23 +0100 |
---|---|---|
committer | Endi S. Dewata <edewata@redhat.com> | 2017-03-21 04:08:49 +0100 |
commit | f0bc2e5cf6bcce46d1b09ef9a0b5c497ce60a3bf (patch) | |
tree | a7b0c579e3c32bb8f0486dcea6ac3dc28af6d1bc | |
parent | 516e9360f96721bdbd0301b12120c9d47225e5e4 (diff) | |
download | pki-f0bc2e5cf6bcce46d1b09ef9a0b5c497ce60a3bf.tar.gz pki-f0bc2e5cf6bcce46d1b09ef9a0b5c497ce60a3bf.tar.xz pki-f0bc2e5cf6bcce46d1b09ef9a0b5c497ce60a3bf.zip |
Added support for hex cipher IDs in pki.conf.
The CryptoUtil.setSSLCipher() has been modified to support ciphers
specified using hex ID.
-rw-r--r-- | base/common/share/etc/pki.conf | 2 | ||||
-rw-r--r-- | base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java | 12 |
2 files changed, 10 insertions, 4 deletions
diff --git a/base/common/share/etc/pki.conf b/base/common/share/etc/pki.conf index 9f4df6371..4bb874f63 100644 --- a/base/common/share/etc/pki.conf +++ b/base/common/share/etc/pki.conf @@ -39,7 +39,7 @@ export SSL_DEFAULT_CIPHERS # SSL ciphers # This parameter lists SSL ciphers to enable in addition to the default ciphers. -# The list contains IANA-registered cipher names separated by white spaces. +# The list contains IANA-registered cipher names or hex IDs separated by white spaces. # https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4 SSL_CIPHERS="" export SSL_CIPHERS diff --git a/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java b/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java index fd7b1bb23..5e6659363 100644 --- a/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java +++ b/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java @@ -961,9 +961,15 @@ public class CryptoUtil { public static void setSSLCipher(String cipher, boolean enabled) throws SocketException { - Integer cipherID = cipherMap.get(cipher); - if (cipherID == null) { - throw new SocketException("Unsupported cipher: " + cipher); + Integer cipherID; + if (cipher.toLowerCase().startsWith("0x")) { + cipherID = Integer.parseInt(cipher.substring(2), 16); + + } else { + cipherID = cipherMap.get(cipher); + if (cipherID == null) { + throw new SocketException("Unsupported cipher: " + cipher); + } } SSLSocket.setCipherPreferenceDefault(cipherID, enabled); |