Re: [jetty-users] keystore

Silvio Bierman Wed, 14 Mar 2018 09:53:59 -0700

Those are ciphers for the SSL protocol instead of TLS. You do not want to use 
those...



Sent from my Samsung Galaxy smartphone.
-------- Original message --------From: Lothar Kimmeringer 
<[email protected]> Date: 3/14/18  17:36  (GMT+01:00) To: 
[email protected] Subject: Re: [jetty-users] keystore 
Hi,

Am 14.03.2018 um 17:24 schrieb Joakim Erdfelt:

> * The IBM JVM is not sane, look into its cipher suites and protocols.
>
> A quick comparison shows that it has half the cipher suites that oracle jvm 
> or openjdk has.

Not necessarily. At least the JVM for i Series has more or less the same
ciphers but the textual representation is not starting with TLS_... but SSL_...
so filters based on the textual representation will filter out most
of them (in my case where I found that out, all ciphers were filtered).

Here as an example -Djavax.net.debug=ssl:handshake output for a ClientHello
sent by an AS/400:

Cipher Suites: [
  TLS_EMPTY_RENEGOTIATION_INFO_SCSV,
  SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
  SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
  SSL_RSA_WITH_AES_256_CBC_SHA256,
  SSL_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
  SSL_ECDH_RSA_WITH_AES_256_CBC_SHA384,
  SSL_DHE_RSA_WITH_AES_256_CBC_SHA256,
  SSL_DHE_DSS_WITH_AES_256_CBC_SHA256,
  SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
  SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA,
  SSL_RSA_WITH_AES_256_CBC_SHA,
  SSL_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
  SSL_ECDH_RSA_WITH_AES_256_CBC_SHA,
  SSL_DHE_RSA_WITH_AES_256_CBC_SHA,
  SSL_DHE_DSS_WITH_AES_256_CBC_SHA,
  SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
  SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
  SSL_RSA_WITH_AES_128_CBC_SHA256,
  SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
  SSL_ECDH_RSA_WITH_AES_128_CBC_SHA256,
  SSL_DHE_RSA_WITH_AES_128_CBC_SHA256,
  SSL_DHE_DSS_WITH_AES_128_CBC_SHA256,
  SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
  SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA,
  SSL_RSA_WITH_AES_128_CBC_SHA,
  SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
  SSL_ECDH_RSA_WITH_AES_128_CBC_SHA,
  SSL_DHE_RSA_WITH_AES_128_CBC_SHA,
  SSL_DHE_DSS_WITH_AES_128_CBC_SHA,
  SSL_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
  SSL_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
  SSL_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
  SSL_RSA_WITH_AES_256_GCM_SHA384,
  SSL_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
  SSL_ECDH_RSA_WITH_AES_256_GCM_SHA384,
  SSL_DHE_DSS_WITH_AES_256_GCM_SHA384,
  SSL_DHE_RSA_WITH_AES_256_GCM_SHA384,
  SSL_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
  SSL_RSA_WITH_AES_128_GCM_SHA256,
  SSL_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
  SSL_ECDH_RSA_WITH_AES_128_GCM_SHA256,
  SSL_DHE_RSA_WITH_AES_128_GCM_SHA256,
  SSL_DHE_DSS_WITH_AES_128_GCM_SHA256]


Cheers, Lothar
_______________________________________________
jetty-users mailing list
[email protected]
To change your delivery options, retrieve your password, or unsubscribe from 
this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users

_______________________________________________
jetty-users mailing list
[email protected]
To change your delivery options, retrieve your password, or unsubscribe from 
this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users

Re: [jetty-users] keystore

Reply via email to