SSL/TLS cipher selection
Matthew Hall
mhall at mhcomputing.net
Thu May 9 18:38:41 PDT 2013
Hello,
I discovered some unexpected behavior in how Java chooses cipher suites for
SSL/TLS. I wanted to know if its method of cipher suite selection is
documented somewhere so I could understand why it's not working right for me
in certain cases. Notably, if I configure this preference list:
public static String[] CIPHERS = {
"TLS_RSA_WITH_AES_128_CBC_SHA",
"SSL_RSA_WITH_3DES_EDE_CBC_SHA",
"TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
"TLS_DHE_DSS_WITH_AES_128_CBC_SHA",
"SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA",
"TLS_RSA_WITH_AES_256_CBC_SHA",
"TLS_DHE_RSA_WITH_AES_256_CBC_SHA"
};
and then use the default "openssl ciphers" list for OpenSSL 1.0.1e, only
SSL_RSA_WITH_3DES_EDE_CBC_SHA gets selected even though the server preference
places it below TLS_RSA_WITH_AES_128_CBC_SHA, which, while allowed by the RFC,
is not what is normally done, and will reduce performance quite a bit.
When you look at the "openssl ciphers" list, you can see that they ranked 3DES
above AES128 on their side, but it would really be better if the server
preference took precedence instead of the client preference.
Another thing which would be nice to fix, would be if the javax.net.debug=ssl
output would print the server-side cipher preferences in effect as well as the
client-side ones like it does presently.
Thoughts?
Matthew.
More information about the net-dev
mailing list