JSSE patches for HonorCipherOrder and preventing client-initiated renegotiations

Brad Wetmore bradford.wetmore at oracle.com
Mon Mar 26 17:17:22 PDT 2012



On 3/23/2012 11:19 PM, Neale Rudd wrote:
> Hi Guys,
> Just joined the list, nice to meet you.
> I have developed two changes for JSSE which add the ability to use an 
> HonorCipherOrder feature (an option in openssl)

I'm not an expert in OpenSSL configs, but are you referring to OpenSSL's
SSL_OP_CIPHER_SERVER_PREFERENCE option:

    http://www.openssl.org/docs/ssl/SSL_CTX_set_options.html

or Apache's mod_ssl config option SSLHONORCIPHERORDER:

    http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslhonorcipherorder
    http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslciphersuite

Brad




More information about the security-dev mailing list