There should be a way to reorder the JSSE ciphers

Xuelei Fan xuelei.fan at oracle.com
Mon Aug 5 18:53:49 PDT 2013


Hi,

We are thinking about to support cipher suites preference in JSSE by
defining new methods in javax.net.ssl.SSLParameters.

----------------------------------------------------
+    /**
+     * Sets whether the cipher suites preference should be honored.
+     *
+     * @param on whether local cipher suites order in
+     *         {@code #getCipherSuites}
+     *        should be honored during SSL/TLS handshaking.
+     */
+    public final void setUseCipherSuitesOrder(boolean on);


+    /**
+     * Returns whether the cipher suites preference should be honored.
+     *
+     * @return whether local cipher suites order in
+               {@code #getCipherSuites}
+     *         should be honored during SSL/TLS handshaking.
+     */
+    public final boolean getUseCipherSuitesOrder();
----------------------------------------------------


By default, Oracle JSSE provider still honors the client's preference.
The behavior can be changed by calling
SSLParameters.setUseCipherSuitesOrder(true) in server side.

We have had the cipher suites preference ordering in client side for
many years, but we never said how to actually do it in specification and
JSSE Reference Guide.  With this update, the client side can enforce to
honor cipher suite preference with the new method,
SSLParameters.setUseCipherSuitesOrder(true).  Other providers should
also comply with this specification.

Any feedback are welcome.

Thanks,
Xuelei


More information about the security-dev mailing list