Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-8267

Elytron use-cipher-suites-order has no effect on IBM java

    XMLWordPrintable

Details

    Description

      Reproducer:

      • Create server ssl context with cipher-suite-filter = "SSL_RSA_WITH_AES_128_GCM_SHA256,SSL_RSA_WITH_AES_128_CBC_SHA256"
        • use-cipher-suites-order = true
        • use-cipher-suites-order = false
      • Try connect 
        openssl s_client -connect localhost:8443 -cipher AES128-GCM-SHA256:AES128-SHA256

        SSLSesison for AES128-SHA256 is created

      • Note, SSL_RSA_WITH_AES_128_GCM_SHA256 is valid cipher suite for IBM when I try 
        openssl s_client -connect localhost:8443 -cipher AES128-GCM-SHA256

        SSLSesison for AES128-GCM-SHA256 is created

      It seems IBM java always honor server order. And comes with predefined order [1], ignores ordering in cipher-suite-filter.

      [1] http://www.ibm.com/support/knowledgecenter/SSYKE2_8.0.0/com.ibm.java.security.component.80.doc/security-component/jsse2Docs/ciphersuites.html

      Attachments

        Activity

          People

            jgreene@redhat.com Jason Greene
            mchoma@redhat.com Martin Choma
            Votes:
            0 Vote for this issue
            Watchers:
            10 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: