Servlet should determine CipherSuites provided by Browser
Hi there,
Maybe this is absolute nonsense but still...
I am currently trying to develop a servlet, which should do the following task(s):
A browser (IE, Netscape, whatever) connects via https to a webserver (WebLogic 6.1 SP2) on which the servlet resides.
The servlet itself should now determine, which CipherSuites the Browser supports. I know that the JSSE has some methods like getCipherSuite() but can I use it just right away? and if yes: How?
Or does one have to perform an entire SSL handshake again? I must admitt I am a bit confused ;o)
Or, as the ultimate solution, isn't this possible at all?
Appreciateing for any help!
Jan
[693 byte] By [
JanMQ] at [2007-9-27 18:39:54]
I don't think you can do what you're asking for - not from the servlet, at any rate. Part of the initial SSL handshake is the client telling the server what cipher-suites it supports, and the server telling the client which one they're going to use (I think that's the order, anyway). The webserver is the thing that handles that conversation - by the time your servlet wakes up, I don't think you even have access to the socket, do you?
At any rate - there might be a way for an applet inside the client browser to get that info, and send it to your servlet. Haven't tried it myself - but it's the only way I can think of to get what you want in your environment.
If you were writing your own webserver, and implementing SSL "from scratch," then you'd be able to get at the data.
Good luck!
