users@grizzly.java.net

Re: SSLSelectorThread setEnabledCipherSuites not working as expected.

From: Sabyasachi Biswas <sabyforjava_at_gmail.com>
Date: Wed, 25 Apr 2012 13:35:22 +0200

Hi Alexey,

Thank you it helped, and I apologise for the inconvenience caused by my bug.

Regards,
Saby..

On 4/24/12, Oleksiy Stashok <oleksiy.stashok_at_oracle.com> wrote:
> Hi Saby,
>
> pls. change this
>
> enabledCipherSuites={"SSL_RSA_WITH_RC4_128_SHA,TLS_KRB5_WITH_RC4_128_SHA"};
>
>
> to
>
> enabledCipherSuites={"SSL_RSA_WITH_RC4_128_SHA",
> "TLS_KRB5_WITH_RC4_128_SHA"};
>
>
> regarding scanning tool etc...
> It properly shows you *all* cipher suites available for client
> regardless of server SSL configuration.
> But after SSL handshake is complete check the current ciphersuite:
>
> System.out.println("CipherSuite=" +
> sslSocket.getSession().getCipherSuite());
>
> It has to be the one allowed for both client and server.
>
> Hope this will help.
>
> WBR,
> Alexey.
>
> On 04/24/2012 01:03 PM, Sabyasachi Biswas wrote:
>> Hi Alexey,
>>
>> Ok,thank you. I will wait to hear from you.
>>
>> Regards,
>> Saby..
>>
>>
>> On 4/23/12, Oleksiy Stashok<oleksiy.stashok_at_oracle.com> wrote:
>>> Hi Saby,
>>>
>>> sorry I didn't have time today. Will reply tomorrow asap.
>>>
>>> WBR,
>>> Alexey.
>>>
>>> On 04/23/2012 06:42 PM, Sabyasachi Biswas wrote:
>>>> Hi,
>>>>
>>>> Please can someone help me with this problem
>>>> Thanks a lot in advance.
>>>>
>>>> Regards,
>>>> Saby..
>>>>
>>>> On Sat, Apr 21, 2012 at 11:54 AM, Sabyasachi Biswas
>>>> <sabyforjava_at_gmail.com<mailto:sabyforjava_at_gmail.com>> wrote:
>>>>
>>>>
>>>> Hello All,
>>>>
>>>> I am using Grizzly 1.9.46 for a SOAP Messaging server. I have
>>>> configured the server to run with SSL , now in this SSL
>>>> configuration I wish to disable a few Cipher suites
>>>> and enable only a few Cipher suites. For that, I did the following
>>>>
>>>> GrizzlyWebServer grizzlyWebServer = new GrizzlyWebServer(port,
>>>> WEB_APP_ROOT, true);
>>>> //rest of the config
>>>> SSLSelectorThread sslSelectorThread=(SSLSelectorThread)
>>>> grizzlyWebServer.getSelectorThread();
>>>> String[]
>>>>
>>>> enabledCipherSuites={"SSL_RSA_WITH_RC4_128_SHA,TLS_KRB5_WITH_RC4_128_SHA"};
>>>> sslSelectorThread.setEnabledCipherSuites(enabledCipherSuites);
>>>>
>>>> Now, when I scan the port with a SSL scanning tool like
>>>> "SSLScanner" , I see more cipher suites enabled than I wished to
>>>> enable.
>>>> The same effect is also visible when I connect it with sockets:
>>>>
>>>> SSLSocketFactory sslsf=(SSLSocketFactory)
>>>> SSLSocketFactory.getDefault();
>>>> SSLSocket sslSocket=(SSLSocket) sslsf.createSocket("myhost", 443);
>>>> String[] cipherSuites=sslSocket.getEnabledCipherSuites();
>>>>
>>>> for (String ciphers : cipherSuites) {
>>>>
>>>> LOGGER.debug("Available ciphers ::" +ciphers);
>>>> }
>>>>
>>>> Please can you tell me why this is not working, what am I doing
>>>> wrong.
>>>> Thank you in advance.
>>>>
>>>> Regards,
>>>> Saby..
>>>>
>>>>
>>>>
>>>
>
>