There should be a way to reorder the JSSE ciphers
Bernd Eckenfels
bernd-2013 at eckenfels.net
Wed Aug 7 07:45:01 UTC 2013
Am 07.08.2013, 08:57 Uhr, schrieb Matthew Hall <mhall at mhcomputing.net>:
> I don't think disabling ciphers on the server side works that great in
> Java since the client can still screw up the ordering.
Hmm.. do you mean the disabled cipher is used anyway or do you mean it
will pick a suboptimal enabled cipher? I dont know about bugs who allow to
negotiate disabled ciphers. Picking suboptimal ciphers from the point of
view of the server operator can of course still happen with a short(er)
list. It would be good if JDK JSSE can provide a different selector
strategy.
Gruss
Bernd
More information about the security-dev
mailing list