Re: [jetty-users] keystore

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [jetty-users] keystore

From: Lou DeGenaro <lou.degenaro@xxxxxxxxx>
Date: Wed, 14 Mar 2018 15:15:35 -0400
Delivered-to: jetty-users@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/jetty-users>
List-help: <mailto:jetty-users-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=unsubscribe>

Unfortunately no. I could only supply an IP address (which it seems is not allowed) and is only accessible internally anyway.

Lou.

On Wed, Mar 14, 2018 at 3:04 PM, Jesse McConnell <jesse.mcconnell@xxxxxxxxx> wrote:

That is an interesting nugget Lou, any chance you can report results from here: https://www.ssllabs.com/ssltest/ ?

--
jesse mcconnell
jesse.mcconnell@xxxxxxxxx

On Wed, Mar 14, 2018 at 1:53 PM, Lou DeGenaro <lou.degenaro@xxxxxxxxx> wrote:
Looking here: https://www.ibm.com/support/knowledgecenter/en/SSYKE2_8.0.0/com.ibm.java.security.component.80.doc/security-component/jsse2Docs/matchsslcontext_tls.html

I added -Dcom.ibm.jsse2.overrideDefaultTLS=true to the launch of my Jetty server and much joy resulted.

Lou.

On Wed, Mar 14, 2018 at 2:45 PM, Lothar Kimmeringer <job@xxxxxxxxxxxxxx> wrote:

Am 14.03.2018 um 17:53 schrieb Silvio Bierman:

Those are ciphers for the SSL protocol instead of TLS. You do not want to use those...

I'm not defending IBM here for their decision to follow the NIH-principle.
The ciphers are for TLS, the session where this trace came from was an
OFTP2-connection that is restricted to TLS and was using TLSv1.2 for the
handshake:

OFTP TLS-ReceiveThread2 (Thread nr. 6, for server-socket listening on address /x.x.x.x on port 6619), READ: TLSv1.2 Handshake, length = 181
JsseJCE: Using AlgorithmParameters EC from provider IBMJCE version 1.8
JsseJCE: Using AlgorithmParameters EC from provider IBMJCE version 1.8
JsseJCE: Using AlgorithmParameters EC from provider IBMJCE version 1.8
JsseJCE: Using AlgorithmParameters EC from provider IBMJCE version 1.8
*** ClientHello, TLSv1.2
RandomCookie: GMT: 1491538846 bytes = { 239, 0, 205, 234, 239, 135, 27, 62, 91, 187, 205, 216, 254, 230, 62, 170, 127, 69, 1, 60, 88, 75, 88, 14, 181, 116, 137, 40 }
Session ID: {}
Cipher Suites:
[...]

The corresponding Wireshark trace showed the cipher-list with the names
you're used to, so there really are no SSL-ciphers here, "just" a
different naming scheme.

Cheers, Lothar
_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users

_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users

_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users

Follow-Ups:
- Re: [jetty-users] keystore
  - From: Jesse McConnell

References:
- Re: [jetty-users] keystore
  - From: Silvio Bierman
- Re: [jetty-users] keystore
  - From: Lothar Kimmeringer
- Re: [jetty-users] keystore
  - From: Lou DeGenaro
- Re: [jetty-users] keystore
  - From: Jesse McConnell

Prev by Date: Re: [jetty-users] keystore
Next by Date: Re: [jetty-users] keystore
Previous by thread: Re: [jetty-users] keystore
Next by thread: Re: [jetty-users] keystore
Index(es):
- Date
- Thread

Breadcrumbs