[Pki-devel] [PATCH] 984 Added pki.conf parameter for default SSL ciphers.

Sun, 19 Mar 2017 14:59:53 -0700 

A new parameter has been added to pki.conf to enable/disable the
default SSL ciphers for PKI CLI.

Pushed to master under trivial rule.

--
Endi S. Dewata

>From de4b48b9e4523a865e74f8122e130e976b124410 Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" <edew...@redhat.com>
Date: Sun, 19 Mar 2017 21:47:08 +0100
Subject: [PATCH] Added pki.conf parameter for default SSL ciphers.

A new parameter has been added to pki.conf to enable/disable the
default SSL ciphers for PKI CLI.
---
 base/common/share/etc/pki.conf                             | 5 +++++
 base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java | 7 ++++++-
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/base/common/share/etc/pki.conf b/base/common/share/etc/pki.conf
index e6d53714d6378ffa04327363f8089b819b67ae39..9f4df6371fea716c9e6097aedfd79486bc91dc5b 100644
--- a/base/common/share/etc/pki.conf
+++ b/base/common/share/etc/pki.conf
@@ -32,6 +32,11 @@ export SSL_DATAGRAM_VERSION_MIN
 SSL_DATAGRAM_VERSION_MAX="TLS_1_2"
 export SSL_DATAGRAM_VERSION_MAX
 
+# SSL default ciphers
+# This boolean parameter determines whether to enable default SSL ciphers.
+SSL_DEFAULT_CIPHERS="true"
+export SSL_DEFAULT_CIPHERS
+
 # SSL ciphers
 # This parameter lists SSL ciphers to enable in addition to the default ciphers.
 # The list contains IANA-registered cipher names separated by white spaces.
diff --git a/base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java b/base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java
index 053d72c4e55dfe125fb110044acc048f48939ea1..83090a108a15997039fe217aa0a0296a54f59cf9 100644
--- a/base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java
+++ b/base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java
@@ -537,7 +537,12 @@ public class MainCLI extends CLI {
                 SSLVersion.valueOf(datagramVersionMax)
         );
 
-        CryptoUtil.setDefaultSSLCiphers();
+        String defaultCiphers = System.getenv("SSL_DEFAULT_CIPHERS");
+        if (Boolean.parseBoolean(defaultCiphers)) {
+            CryptoUtil.setDefaultSSLCiphers();
+        } else {
+            CryptoUtil.unsetSSLCiphers();
+        }
 
         String ciphers = System.getenv("SSL_CIPHERS");
         CryptoUtil.setSSLCiphers(ciphers);
-- 
2.9.3


_______________________________________________
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel

Reply via email to