diff options
| author | Endi S. Dewata <edewata@redhat.com> | 2017-03-17 19:25:07 +0100 |
|---|---|---|
| committer | Endi S. Dewata <edewata@redhat.com> | 2017-03-21 04:08:57 +0100 |
| commit | f40e0d002e57cadd5dc254d096db52de439ed900 (patch) | |
| tree | 8d6557855fc2da02cf42b72b533892f9be281ee5 /base/util | |
| parent | f0bc2e5cf6bcce46d1b09ef9a0b5c497ce60a3bf (diff) | |
| download | pki-f40e0d002e57cadd5dc254d096db52de439ed900.tar.gz pki-f40e0d002e57cadd5dc254d096db52de439ed900.tar.xz pki-f40e0d002e57cadd5dc254d096db52de439ed900.zip | |
Added support for disabling SSL ciphers in pki.conf.
The CryptoUtil.setSSLCiphers() has been modified to support a "-"
sign in front of the cipher name or ID to disable the cipher.
Diffstat (limited to 'base/util')
| -rw-r--r-- | base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java b/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java index 5e6659363..c436b4d02 100644 --- a/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java +++ b/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java @@ -955,7 +955,14 @@ public class CryptoUtil { while (st.hasMoreTokens()) { String cipher = st.nextToken(); - setSSLCipher(cipher, true); + boolean enabled = true; + + if (cipher.startsWith("-")) { + enabled = false; + cipher = cipher.substring(1); + } + + setSSLCipher(cipher, enabled); } } |