There should be a way to reorder the JSSE ciphers

Bernd Eckenfels bernd-2013 at eckenfels.net
Wed Aug 7 02:57:39 UTC 2013


Hello Xuelei,

I dont get the Idea behind this. There are quite a few aspects of the SSL  
handshake which could/should be dynamically configurable and we don't have  
an option for today (for example the renegotiation).

For SSL Cipher order there is no real demand to make it configurable (and  
it seems there is not even an alternative implementation which differs  
 from the RFC method). So why would one make it configurable?

If there is a specification gap, I would fix it there and simply specify  
that client implementations SHOULD honor the cipher sequence for sending  
the handshake and servers SHOULD be RFC compliant. I think major  
implementations expect exactly this anyway (there are FAQs on what ciphers  
to select).

If a server implementation choses to differ from the RFC because it thinks  
it can better decide on a cipher (for example by calculating strength/cost  
for all pairs and picking the best combination or by having a prefered and  
acceptable list - (which is I guess what google servers do)) it is  
implementation specific if and when it uses it.

(One could think about a generic CipherSelector interface or a decide  
method in the HandshakeListener if you really want to make this  
configurable independend of the implementations. I somewhat doubt that  
there are a lot of users who implement high-performance SSL servers in  
pure Java anyway).

Am 07.08.2013, 04:26 Uhr, schrieb Xuelei Fan <xuelei.fan at oracle.com>:
> The tricky is that we need to think about the parameters from the
> viewpoint of server side here. In server side,
> SSLParameter.getCipherSuites() defines what kind of cipher suites are
> supported in server side, and the order.

I can imagine one wants to influence the picking of ciphers on the server  
in a way that it is not RFC compliant but more performant/secure. A  
ordered list on the server is not a method I would chose. Instead I would  
have a list of prefered ciphers (pick the first prefered cipher from the  
client and only if there are none pick the first otherwise supported  
cipher from the client). For this to work a SSL implementation needs more  
than a ordered list, so it would do something implementation dependend  
anyway, why would one need a standardized boolean in addition?

Bernd



More information about the security-dev mailing list