JSSE patches for HonorCipherOrder and preventing client-initiated renegotiations
Brad Wetmore
bradford.wetmore at oracle.com
Tue Mar 27 00:17:22 UTC 2012
On 3/23/2012 11:19 PM, Neale Rudd wrote:
> Hi Guys,
> Just joined the list, nice to meet you.
> I have developed two changes for JSSE which add the ability to use an
> HonorCipherOrder feature (an option in openssl)
I'm not an expert in OpenSSL configs, but are you referring to OpenSSL's
SSL_OP_CIPHER_SERVER_PREFERENCE option:
http://www.openssl.org/docs/ssl/SSL_CTX_set_options.html
or Apache's mod_ssl config option SSLHONORCIPHERORDER:
http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslhonorcipherorder
http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslciphersuite
Brad
More information about the security-dev
mailing list