diff options
author | Endi S. Dewata <edewata@redhat.com> | 2017-03-17 05:11:42 +0100 |
---|---|---|
committer | Endi S. Dewata <edewata@redhat.com> | 2017-03-17 16:21:14 +0100 |
commit | 3eb6742e8d376277d0f3e163dab36359071ea5a6 (patch) | |
tree | d8b9e356740ccacd1bb9f2462dd2ff14b168e68d /base/util | |
parent | 4d6e6d05d5270a0e81ae12e2583cae9c49667c88 (diff) | |
download | pki-3eb6742e8d376277d0f3e163dab36359071ea5a6.tar.gz pki-3eb6742e8d376277d0f3e163dab36359071ea5a6.tar.xz pki-3eb6742e8d376277d0f3e163dab36359071ea5a6.zip |
Cleaned up CryptoUtil.setClientCiphers().
The CryptoUtil.setClientCiphers() has been reformatted to simplify
future refactoring.
Diffstat (limited to 'base/util')
-rw-r--r-- | base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java | 42 |
1 files changed, 23 insertions, 19 deletions
diff --git a/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java b/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java index f7395308d..8bf4c27af 100644 --- a/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java +++ b/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java @@ -956,30 +956,34 @@ public class CryptoUtil { } } - public static void setClientCiphers() - throws SocketException { + public static void setClientCiphers() throws SocketException { + int ciphers[] = SSLSocket.getImplementedCipherSuites(); - for (int j = 0; ciphers != null && j < ciphers.length; j++) { - boolean enabled = SSLSocket.getCipherPreferenceDefault(ciphers[j]); + if (ciphers == null) return; + + for (int cipher : ciphers) { + + boolean enabled = SSLSocket.getCipherPreferenceDefault(cipher); //System.out.println("CryptoUtil: cipher '0x" + // Integer.toHexString(ciphers[j]) + "'" + " enabled? " + // enabled); + // make sure SSLv2 ciphers are not enabled - if ((ciphers[j] & 0xfff0) ==0xff00) { - if (enabled) { - //System.out.println("CryptoUtil: disabling SSL2 NSS Cipher '0x" + - // Integer.toHexString(ciphers[j]) + "'"); - SSLSocket.setCipherPreferenceDefault(ciphers[j], false); - } - } else { - /* - * unlike RSA ciphers, ECC ciphers are not enabled by default - */ - if ((!enabled) && clientECCipherList.contains(ciphers[j])) { - //System.out.println("CryptoUtil: enabling ECC NSS Cipher '0x" + - // Integer.toHexString(ciphers[j]) + "'"); - SSLSocket.setCipherPreferenceDefault(ciphers[j], true); - } + if ((cipher & 0xfff0) == 0xff00) { + + if (!enabled) continue; + + //System.out.println("CryptoUtil: disabling SSLv2 NSS Cipher '0x" + + // Integer.toHexString(ciphers[j]) + "'"); + SSLSocket.setCipherPreferenceDefault(cipher, false); + continue; + } + + // unlike RSA ciphers, ECC ciphers are not enabled by default + if (!enabled && clientECCipherList.contains(cipher)) { + //System.out.println("CryptoUtil: enabling ECC NSS Cipher '0x" + + // Integer.toHexString(ciphers[j]) + "'"); + SSLSocket.setCipherPreferenceDefault(cipher, true); } } } |