The CryptoUtil.setClientCiphers() has been reformatted to simplify future refactoring.
Pushed to master under trivial rule. -- Endi S. Dewata
>From a234e993409fa5c26c92b9ede970e94c9dc932d9 Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" <[email protected]> Date: Fri, 17 Mar 2017 05:11:42 +0100 Subject: [PATCH] Cleaned up CryptoUtil.setClientCiphers(). The CryptoUtil.setClientCiphers() has been reformatted to simplify future refactoring. --- .../com/netscape/cmsutil/crypto/CryptoUtil.java | 42 ++++++++++++---------- 1 file changed, 23 insertions(+), 19 deletions(-) diff --git a/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java b/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java index f7395308ddb2beb9a93b8d66af1f2a5ceaea7507..8bf4c27afc6b7f000d84c29d3a4500e3cbb65c7f 100644 --- a/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java +++ b/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java @@ -956,30 +956,34 @@ public class CryptoUtil { } } - public static void setClientCiphers() - throws SocketException { + public static void setClientCiphers() throws SocketException { + int ciphers[] = SSLSocket.getImplementedCipherSuites(); - for (int j = 0; ciphers != null && j < ciphers.length; j++) { - boolean enabled = SSLSocket.getCipherPreferenceDefault(ciphers[j]); + if (ciphers == null) return; + + for (int cipher : ciphers) { + + boolean enabled = SSLSocket.getCipherPreferenceDefault(cipher); //System.out.println("CryptoUtil: cipher '0x" + // Integer.toHexString(ciphers[j]) + "'" + " enabled? " + // enabled); + // make sure SSLv2 ciphers are not enabled - if ((ciphers[j] & 0xfff0) ==0xff00) { - if (enabled) { - //System.out.println("CryptoUtil: disabling SSL2 NSS Cipher '0x" + - // Integer.toHexString(ciphers[j]) + "'"); - SSLSocket.setCipherPreferenceDefault(ciphers[j], false); - } - } else { - /* - * unlike RSA ciphers, ECC ciphers are not enabled by default - */ - if ((!enabled) && clientECCipherList.contains(ciphers[j])) { - //System.out.println("CryptoUtil: enabling ECC NSS Cipher '0x" + - // Integer.toHexString(ciphers[j]) + "'"); - SSLSocket.setCipherPreferenceDefault(ciphers[j], true); - } + if ((cipher & 0xfff0) == 0xff00) { + + if (!enabled) continue; + + //System.out.println("CryptoUtil: disabling SSLv2 NSS Cipher '0x" + + // Integer.toHexString(ciphers[j]) + "'"); + SSLSocket.setCipherPreferenceDefault(cipher, false); + continue; + } + + // unlike RSA ciphers, ECC ciphers are not enabled by default + if (!enabled && clientECCipherList.contains(cipher)) { + //System.out.println("CryptoUtil: enabling ECC NSS Cipher '0x" + + // Integer.toHexString(ciphers[j]) + "'"); + SSLSocket.setCipherPreferenceDefault(cipher, true); } } } -- 2.9.3
_______________________________________________ Pki-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/pki-devel
