users@grizzly.java.net

Re: SSLSelectorThread setEnabledCipherSuites not working as expected.

From: Sabyasachi Biswas <sabyforjava_at_gmail.com>
Date: Mon, 23 Apr 2012 18:42:40 +0200

Hi,

Please can someone help me with this problem
Thanks a lot in advance.

Regards,
Saby..

On Sat, Apr 21, 2012 at 11:54 AM, Sabyasachi Biswas
<sabyforjava_at_gmail.com>wrote:

>
> Hello All,
>
> I am using Grizzly 1.9.46 for a SOAP Messaging server. I have configured
> the server to run with SSL , now in this SSL configuration I wish to
> disable a few Cipher suites
> and enable only a few Cipher suites. For that, I did the following
>
> GrizzlyWebServer grizzlyWebServer = new GrizzlyWebServer(port,
> WEB_APP_ROOT, true);
> //rest of the config
> SSLSelectorThread sslSelectorThread=(SSLSelectorThread)
> grizzlyWebServer.getSelectorThread();
> String[]
> enabledCipherSuites={"SSL_RSA_WITH_RC4_128_SHA,TLS_KRB5_WITH_RC4_128_SHA"};
> sslSelectorThread.setEnabledCipherSuites(enabledCipherSuites);
>
> Now, when I scan the port with a SSL scanning tool like "SSLScanner" , I
> see more cipher suites enabled than I wished to enable.
> The same effect is also visible when I connect it with sockets:
>
> SSLSocketFactory sslsf=(SSLSocketFactory) SSLSocketFactory.getDefault();
> SSLSocket sslSocket=(SSLSocket) sslsf.createSocket("myhost", 443);
> String[] cipherSuites=sslSocket.getEnabledCipherSuites();
>
> for (String ciphers : cipherSuites) {
>
> LOGGER.debug("Available ciphers ::" +ciphers);
> }
>
> Please can you tell me why this is not working, what am I doing wrong.
> Thank you in advance.
>
> Regards,
> Saby..
>
>
>