Re: [jetty-users] keystore

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [jetty-users] keystore

From: Lothar Kimmeringer <job@xxxxxxxxxxxxxx>
Date: Wed, 14 Mar 2018 17:36:34 +0100
Delivered-to: jetty-users@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/jetty-users>
List-help: <mailto:jetty-users-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=unsubscribe>
User-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0

Hi,

Am 14.03.2018 um 17:24 schrieb Joakim Erdfelt:

* The IBM JVM is not sane, look into its cipher suites and protocols.

A quick comparison shows that it has half the cipher suites that oracle jvm or openjdk has.


Not necessarily. At least the JVM for i Series has more or less the same
ciphers but the textual representation is not starting with TLS_... but SSL_...
so filters based on the textual representation will filter out most
of them (in my case where I found that out, all ciphers were filtered).

Here as an example -Djavax.net.debug=ssl:handshake output for a ClientHello
sent by an AS/400:

Cipher Suites: [
 TLS_EMPTY_RENEGOTIATION_INFO_SCSV,
 SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
 SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
 SSL_RSA_WITH_AES_256_CBC_SHA256,
 SSL_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
 SSL_ECDH_RSA_WITH_AES_256_CBC_SHA384,
 SSL_DHE_RSA_WITH_AES_256_CBC_SHA256,
 SSL_DHE_DSS_WITH_AES_256_CBC_SHA256,
 SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
 SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA,
 SSL_RSA_WITH_AES_256_CBC_SHA,
 SSL_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
 SSL_ECDH_RSA_WITH_AES_256_CBC_SHA,
 SSL_DHE_RSA_WITH_AES_256_CBC_SHA,
 SSL_DHE_DSS_WITH_AES_256_CBC_SHA,
 SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
 SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
 SSL_RSA_WITH_AES_128_CBC_SHA256,
 SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
 SSL_ECDH_RSA_WITH_AES_128_CBC_SHA256,
 SSL_DHE_RSA_WITH_AES_128_CBC_SHA256,
 SSL_DHE_DSS_WITH_AES_128_CBC_SHA256,
 SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
 SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA,
 SSL_RSA_WITH_AES_128_CBC_SHA,
 SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
 SSL_ECDH_RSA_WITH_AES_128_CBC_SHA,
 SSL_DHE_RSA_WITH_AES_128_CBC_SHA,
 SSL_DHE_DSS_WITH_AES_128_CBC_SHA,
 SSL_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
 SSL_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
 SSL_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
 SSL_RSA_WITH_AES_256_GCM_SHA384,
 SSL_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
 SSL_ECDH_RSA_WITH_AES_256_GCM_SHA384,
 SSL_DHE_DSS_WITH_AES_256_GCM_SHA384,
 SSL_DHE_RSA_WITH_AES_256_GCM_SHA384,
 SSL_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
 SSL_RSA_WITH_AES_128_GCM_SHA256,
 SSL_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
 SSL_ECDH_RSA_WITH_AES_128_GCM_SHA256,
 SSL_DHE_RSA_WITH_AES_128_GCM_SHA256,
 SSL_DHE_DSS_WITH_AES_128_GCM_SHA256]


Cheers, Lothar

Follow-Ups:
- Re: [jetty-users] keystore
  - From: Silvio Bierman
- Re: [jetty-users] keystore
  - From: Joakim Erdfelt

References:
- [jetty-users] keystore
  - From: Lou DeGenaro
- Re: [jetty-users] keystore
  - From: John English
- Re: [jetty-users] keystore
  - From: Lou DeGenaro
- Re: [jetty-users] keystore
  - From: Greg Wilkins
- Re: [jetty-users] keystore
  - From: Lou DeGenaro
- Re: [jetty-users] keystore
  - From: Joakim Erdfelt
- Re: [jetty-users] keystore
  - From: Lou DeGenaro
- Re: [jetty-users] keystore
  - From: Joakim Erdfelt
- Re: [jetty-users] keystore
  - From: Lou DeGenaro
- Re: [jetty-users] keystore
  - From: Joakim Erdfelt

Prev by Date: Re: [jetty-users] keystore
Next by Date: Re: [jetty-users] keystore
Previous by thread: Re: [jetty-users] keystore
Next by thread: Re: [jetty-users] keystore
Index(es):
- Date
- Thread

Breadcrumbs