users@grizzly.java.net

Re: Controlling the order of cipher suites in TLS

From: Ryan Lubke <ryan.lubke_at_oracle.com>
Date: Wed, 27 Jul 2016 09:32:48 -0700

>From what I understand, the server will pick the first enabled suite
requested in the client hello. Ordering of the array is irrelevant.
However, it does matter when configuring the suites on the client side.

As far as protocols, there is no preference order. The the client states
the maximum protocol version it supports; the server selects its own
maximum or the client's, whichever is lower, resulting in the highest
supported by both endpoints.

> elad <mailto:esarver_at_cisco.com>
> July 27, 2016 at 08:58
> Hi,
>
> If I use the method SSLEngineConfigurator.setEnabledCipherSuites(String[]
> ciphers), is the array ordered by priority?
>
> i.e. when establishing the connection will the server choose the
> cipher with
> the lowest index in the array (from those supported by the client)?
>
> Same question for setEnabledProtocols()
>
>
>
> --
> View this message in context:
> http://grizzly.1045725.n5.nabble.com/Controlling-the-order-of-cipher-suites-in-TLS-tp5711064.html
> Sent from the Grizzly - Users mailing list archive at Nabble.com.