Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-8267

Elytron use-cipher-suites-order has no effect on IBM java

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Blocker Blocker
    • None
    • 7.1.0.DR10
    • Security
    • Elytron server ssl context use-cipher-suites-order attribute has no effect on IBM java. Fixed in IBM Java 8 SR4 FP6.

      Reproducer:

      • Create server ssl context with cipher-suite-filter = "SSL_RSA_WITH_AES_128_GCM_SHA256,SSL_RSA_WITH_AES_128_CBC_SHA256"
        • use-cipher-suites-order = true
        • use-cipher-suites-order = false
      • Try connect 
        openssl s_client -connect localhost:8443 -cipher AES128-GCM-SHA256:AES128-SHA256

        SSLSesison for AES128-SHA256 is created

      • Note, SSL_RSA_WITH_AES_128_GCM_SHA256 is valid cipher suite for IBM when I try 
        openssl s_client -connect localhost:8443 -cipher AES128-GCM-SHA256

        SSLSesison for AES128-GCM-SHA256 is created

      It seems IBM java always honor server order. And comes with predefined order [1], ignores ordering in cipher-suite-filter.

      [1] http://www.ibm.com/support/knowledgecenter/SSYKE2_8.0.0/com.ibm.java.security.component.80.doc/security-component/jsse2Docs/ciphersuites.html

              jgreene@redhat.com Jason Greene
              mchoma@redhat.com Martin Choma
              Votes:
              0 Vote for this issue
              Watchers:
              10 Start watching this issue

                Created:
                Updated:
                Resolved: