diff options
-rw-r--r-- | base/common/share/etc/pki.conf | 7 | ||||
-rw-r--r-- | base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java | 3 | ||||
-rw-r--r-- | base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java | 12 |
3 files changed, 22 insertions, 0 deletions
diff --git a/base/common/share/etc/pki.conf b/base/common/share/etc/pki.conf index 617c07f9c..e6d53714d 100644 --- a/base/common/share/etc/pki.conf +++ b/base/common/share/etc/pki.conf @@ -31,3 +31,10 @@ export SSL_DATAGRAM_VERSION_MIN SSL_DATAGRAM_VERSION_MAX="TLS_1_2" export SSL_DATAGRAM_VERSION_MAX + +# SSL ciphers +# This parameter lists SSL ciphers to enable in addition to the default ciphers. +# The list contains IANA-registered cipher names separated by white spaces. +# https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4 +SSL_CIPHERS="" +export SSL_CIPHERS diff --git a/base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java b/base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java index f2e0d08d9..053d72c4e 100644 --- a/base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java @@ -538,6 +538,9 @@ public class MainCLI extends CLI { ); CryptoUtil.setDefaultSSLCiphers(); + + String ciphers = System.getenv("SSL_CIPHERS"); + CryptoUtil.setSSLCiphers(ciphers); } public PKIClient getClient() throws Exception { diff --git a/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java b/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java index d708230e3..fd7b1bb23 100644 --- a/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java +++ b/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java @@ -947,6 +947,18 @@ public class CryptoUtil { } } + public static void setSSLCiphers(String ciphers) throws SocketException { + + if (ciphers == null) return; + + StringTokenizer st = new StringTokenizer(ciphers); + + while (st.hasMoreTokens()) { + String cipher = st.nextToken(); + setSSLCipher(cipher, true); + } + } + public static void setSSLCipher(String cipher, boolean enabled) throws SocketException { Integer cipherID = cipherMap.get(cipher); |