That is an interesting nugget Lou, any chance you can report results from here: https://www.ssllabs.com/ssltest/ ?
-- jesse mcconnell [email protected] On Wed, Mar 14, 2018 at 1:53 PM, Lou DeGenaro <[email protected]> wrote: > Looking here: https://www.ibm.com/support/knowledgecenter/en/SSYKE2_8.0. > 0/com.ibm.java.security.component.80.doc/security-component/jsse2Docs/ > matchsslcontext_tls.html > > I added -Dcom.ibm.jsse2.overrideDefaultTLS=true to the launch of my Jetty > server and much joy resulted. > > Lou. > > On Wed, Mar 14, 2018 at 2:45 PM, Lothar Kimmeringer <[email protected]> > wrote: > >> >> >> Am 14.03.2018 um 17:53 schrieb Silvio Bierman: >> >>> Those are ciphers for the SSL protocol instead of TLS. You do not want >>> to use those... >>> >> >> I'm not defending IBM here for their decision to follow the NIH-principle. >> The ciphers are for TLS, the session where this trace came from was an >> OFTP2-connection that is restricted to TLS and was using TLSv1.2 for the >> handshake: >> >> OFTP TLS-ReceiveThread2 (Thread nr. 6, for server-socket listening on >> address /x.x.x.x on port 6619), READ: TLSv1.2 Handshake, length = 181 >> JsseJCE: Using AlgorithmParameters EC from provider IBMJCE version 1.8 >> JsseJCE: Using AlgorithmParameters EC from provider IBMJCE version 1.8 >> JsseJCE: Using AlgorithmParameters EC from provider IBMJCE version 1.8 >> JsseJCE: Using AlgorithmParameters EC from provider IBMJCE version 1.8 >> *** ClientHello, TLSv1.2 >> RandomCookie: GMT: 1491538846 bytes = { 239, 0, 205, 234, 239, 135, 27, >> 62, 91, 187, 205, 216, 254, 230, 62, 170, 127, 69, 1, 60, 88, 75, 88, 14, >> 181, 116, 137, 40 } >> Session ID: {} >> Cipher Suites: >> [...] >> >> The corresponding Wireshark trace showed the cipher-list with the names >> you're used to, so there really are no SSL-ciphers here, "just" a >> different naming scheme. >> >> >> >> Cheers, Lothar >> _______________________________________________ >> jetty-users mailing list >> [email protected] >> To change your delivery options, retrieve your password, or unsubscribe >> from this list, visit >> https://dev.eclipse.org/mailman/listinfo/jetty-users >> > > > _______________________________________________ > jetty-users mailing list > [email protected] > To change your delivery options, retrieve your password, or unsubscribe > from this list, visit > https://dev.eclipse.org/mailman/listinfo/jetty-users >
_______________________________________________ jetty-users mailing list [email protected] To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://dev.eclipse.org/mailman/listinfo/jetty-users
