Added support for hex cipher IDs in pki.conf.

The CryptoUtil.setSSLCipher() has been modified to support ciphers
specified using hex ID.

2 files changed, 10 insertions, 4 deletions

diff --git a/base/common/share/etc/pki.conf b/base/common/share/etc/pki.conf
index 9f4df6371..4bb874f63 100644
--- a/base/common/share/etc/pki.conf
+++ b/base/common/share/etc/pki.conf
@@ -39,7 +39,7 @@ export SSL_DEFAULT_CIPHERS
 
 # SSL ciphers
 # This parameter lists SSL ciphers to enable in addition to the default ciphers.
-# The list contains IANA-registered cipher names separated by white spaces.
+# The list contains IANA-registered cipher names or hex IDs separated by white spaces.
 # https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4
 SSL_CIPHERS=""
 export SSL_CIPHERS
diff --git a/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java b/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java
index fd7b1bb23..5e6659363 100644
--- a/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java
+++ b/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java
@@ -961,9 +961,15 @@ public class CryptoUtil {
 
     public static void setSSLCipher(String cipher, boolean enabled) throws SocketException {
 
-        Integer cipherID = cipherMap.get(cipher);
-        if (cipherID == null) {
-            throw new SocketException("Unsupported cipher: " + cipher);
+        Integer cipherID;
+        if (cipher.toLowerCase().startsWith("0x")) {
+            cipherID = Integer.parseInt(cipher.substring(2), 16);
+
+        } else {
+            cipherID = cipherMap.get(cipher);
+            if (cipherID == null) {
+                throw new SocketException("Unsupported cipher: " + cipher);
+            }
         }
 
         SSLSocket.setCipherPreferenceDefault(cipherID, enabled);