There should be a way to reorder the JSSE ciphers
Matthew Hall
mhall at mhcomputing.net
Wed Aug 7 06:57:30 UTC 2013
On Wed, Aug 07, 2013 at 08:54:15AM +0200, Bernd Eckenfels wrote:
> Well yes, if you think there is a bad cipher in the default enabled suite
> then it is good to disable it (The default enabled list is better these
> days). You can do that without setting a new boolean flag which is ignored
> by the default implementation.
I don't think disabling ciphers on the server side works that great in Java
since the client can still screw up the ordering. I have seen some bugs from
this myself, regardless what it might claim in the RFC.
> If the JDK JSSE implementation will offer different server side stategies to
> pick the cipher it would be most helpfull to have a (string) option to
> specify the strategy. This option name can be standadized and others then
> can pick it up as well. You could even specify "RFC" and "ServerOrder" as
> the two mandatory supported options.
Yes, I agree with your and others' suggestions on this. It should use Enum or
String or even Integer constants of some sort instead of anything hard-coded
like invididual Booleans.
> Greetings
> Bernd
Matthew.
More information about the security-dev
mailing list