[Pki-devel] [PATCH] 990 Added support for hex cipher IDs in pki.conf.

Mon, 20 Mar 2017 20:12:28 -0700 

The CryptoUtil.setSSLCipher() has been modified to support ciphers
specified using hex ID.

Pushed to master under trivial rule.

--
Endi S. Dewata

>From bc6ad11480c4d5185cf70334b4cbc03e3a1cff61 Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" <edew...@redhat.com>
Date: Sun, 19 Mar 2017 20:23:23 +0100
Subject: [PATCH] Added support for hex cipher IDs in pki.conf.

The CryptoUtil.setSSLCipher() has been modified to support ciphers
specified using hex ID.
---
 base/common/share/etc/pki.conf                            |  2 +-
 base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java | 12 +++++++++---
 2 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/base/common/share/etc/pki.conf b/base/common/share/etc/pki.conf
index 9f4df6371fea716c9e6097aedfd79486bc91dc5b..4bb874f63f7ad70f14eb8c019e38d3d3d2865543 100644
--- a/base/common/share/etc/pki.conf
+++ b/base/common/share/etc/pki.conf
@@ -39,7 +39,7 @@ export SSL_DEFAULT_CIPHERS
 
 # SSL ciphers
 # This parameter lists SSL ciphers to enable in addition to the default ciphers.
-# The list contains IANA-registered cipher names separated by white spaces.
+# The list contains IANA-registered cipher names or hex IDs separated by white spaces.
 # https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4
 SSL_CIPHERS=""
 export SSL_CIPHERS
diff --git a/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java b/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java
index fd7b1bb23ff9af9049822cf6714c48e4386e3e0f..5e6659363ae209080225342ddc2c2e97d9367bca 100644
--- a/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java
+++ b/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java
@@ -961,9 +961,15 @@ public class CryptoUtil {
 
     public static void setSSLCipher(String cipher, boolean enabled) throws SocketException {
 
-        Integer cipherID = cipherMap.get(cipher);
-        if (cipherID == null) {
-            throw new SocketException("Unsupported cipher: " + cipher);
+        Integer cipherID;
+        if (cipher.toLowerCase().startsWith("0x")) {
+            cipherID = Integer.parseInt(cipher.substring(2), 16);
+
+        } else {
+            cipherID = cipherMap.get(cipher);
+            if (cipherID == null) {
+                throw new SocketException("Unsupported cipher: " + cipher);
+            }
         }
 
         SSLSocket.setCipherPreferenceDefault(cipherID, enabled);
-- 
2.9.3


_______________________________________________
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel

Reply via email to