Home.... | log in.... | Pub my question! | Sign-up....

SSL cipher

Hello,I was wondering if is there any way to force a specific cipher in SSL connections.Because in the examples that I have read I have not seen any thing about that.

[187 byte] By [Pedpanoa] at [2007-11-27 6:23:48]

«« Changing timeouts on both the Client and Server side..
»» Adding into a file without Overwriting it

# 1

Certainly, set the enabled cipher suites to just the one(s) you want at either end. Wy do you want to do this? SSL automatically negotiates the strongest cipher suite it can.

ejpa at 2007-7-12 17:42:04 >

top of Java-index,Security,Cryptography...

# 2

How can I set the enable ciphers?I need to set an specific cipher because I must do some analises in many ssl ciphers.

Pedpanoa at 2007-7-12 17:42:04 >

# 3

[url] http://java.sun.com/j2se/1.5.0/docs/api/javax/net/ssl/SSLSocket.html#setEnabledCipherSuites(java.lang.String[])[/url]

ejpa at 2007-7-12 17:42:04 >

# 4

Do you know other way to set a specific cipher suite instead of build an ssl server? I have a J2me client which download some files from a Tomcat server.

I have tried set a cipher suite using the tag "ciphers" in the connector of the tomcat configuration file:

<Connector port="8443" maxHttpHeaderSize="8192" ciphers="TLS_RSA_WITH_RC4_128_MD5"

maxThreads="150" minSpareThreads="25" maxSpareThreads="75"

enableLookups="false" disableUploadTimeout="true"

acceptCount="100" scheme="https" secure="true"

clientAuth="false" sslProtocol="TLS" />

But it did not work. Any other ideas?

Pedpanoa at 2007-7-12 17:42:04 >

# 5

Didn't work how? Didn't establish the SSL session? Used a different cipher suite?

ejpa at 2007-7-12 17:42:04 >

# 6

I could establish a HTTPS connection with no problem.But in theory it was suppose to work with the cipher suite that I have specified, but it didn`t.

Pedpanoa at 2007-7-12 17:42:04 >

# 7

What cipher suite did it use instead?

ejpa at 2007-7-12 17:42:04 >

# 8

It used the cipher:TLS_RSA_WITH_RC4_128_SHA

Pedpanoa at 2007-7-12 17:42:04 >

# 9

Hmm, bizarre, are you sure there are no other Connectors defined with more liberal ideas about cipher suites?

ejpa at 2007-7-12 17:42:04 >

# 10

No... my Server.xml has just this connector specified:

<Connector port="8443" maxHttpHeaderSize="8192" ciphers="RSA_RC4_ 128_ MD5

maxThreads="150" minSpareThreads="25" maxSpareThreads="75"

enableLookups="false" disableUploadTimeout="true"

acceptCount="100" scheme="https" secure="true"

clientAuth="false" sslProtocol="TLS" />

Pedpanoa at 2007-7-12 17:42:04 >

# 11

OK, next question, are you sure you detected the cipher suite correctly?

ejpa at 2007-7-12 17:42:04 >

# 12

Can you try it agains the following server instead of Tomcat:

SSLServerSocketss = (SSLServerSocket)SSLServerSocketFactory.getDefault().createServerSocket(8443);

ss.setEnabledCipherSuites(new String[]{"TLS_RSA_WITH_RC4_128_MD5"});

SSLSockets = (SSLSocket)ss.accept();

System.out.println("Accepted session cipher suite="+s.getSession().getCipherSuite());

s.close();

ss.close();

ejpa at 2007-7-12 17:42:04 >

# 13

ejp,

Finally I got it!

What I needed to do was use "SSL_RSA_WITH_RC4_128_MD5" cipher suite in the tomcat connector instead of "TLS_RSA_WITH_RC4_128_MD5".

But I am not able to work with any cipher suite. I am gonna find out now what cipher suites are mandatory in J2ME ssl`s implementations.

thanks.

Message was edited by:

Pedpano

Pedpanoa at 2007-7-12 17:42:04 >

# 14

http://www.ietf.org/rfc/rfc2246.txt gives a list of cipher suites that are mandatory in any TLS implementation.

ejpa at 2007-7-12 17:42:04 >

Java programming resources: FAQs, tutorials, compiler and browser download sites, documentation, books lists, IDEs, etc.

SSL cipher

Security Hot Topic

Security

All Classified