Sun Crypto accelerator 6000 + Sun One Web Server 6.1
hi,
I want 3des to be the firts of ciphers for clients to utilize my Crypto Accelerator. Also, I want RC4 to be the second one.
But all browsers uses RC4 by default!
This string doesn't work in server.xml, what did i miss?
<SSLPARAMS servercertnickname="Sun Metaslot:Server-Cert" ssl2="off" ssl2ciphers="-desede3,-rc4,-rc4export,-rc2,-rc2export,-des" ssl3="on" tls="on" ssl3tlsciphers="+rsa_3des_sha,+rsa_rc4_128_sha" tlsrollback="on" clientauth="off"/>
Resume: Why I need crypto accelerator if all traffic is RC4 ? :)
Message was edited by:
mpech
[604 byte] By [
mpecha] at [2007-11-26 12:55:38]
# 1
You cannot get that behavior.
When an SSL client and server negotiate the connection, the client sends a list of all the cipher suites it supports. From that list the server will pick the most secure cipher suite which it also supports (if the server doesn't support any of the cipher suites proposed by the client, the connection establishment will fail).
RC4 (128bit) is more secure than 3DES (112 bit). Thus, a server will never pick 3DES above RC4_128 if both are valid options (i.e. when both client and server support both). If you really wanted to force use of 3DES you need to disable RC4_128 in the server (or all the clients; or both).
jyria at 2007-7-7 16:49:21 >
