[bctls-jdk15on-167b05] Disable TLS ciphersuites.

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

[bctls-jdk15on-167b05] Disable TLS ciphersuites.

CBroeter
Hi *,
we are using bctls-jdk15on-167b05 for implementation of our TLS Server.
The server shall only provide following cipherSuites:
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
but even though the above suites are set several other suites are enabled.
We use objServerSocket.setEnabledCipherSuites(String[]) to make the above suites prominent.

How can we archive that only the above suites will be used by the server?
objServerSocket.getEnabledCipherSuites() will provide following suites:
Server.enabledCipherSuites: [TLS_CHACHA20_POLY1305_SHA256, TLS_AES_256_GCM_SHA384, TLS_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA]

Thanks!

This E-Mail (including any attachments) is confidential and may be legally privileged. Access to this email by anyone else than the addressee is unauthorized. If you are not the intended recipient of this e-mail, any disclosure, copying, distribution or use of it is strictly prohibited.
Reply | Threaded
Open this post in threaded view
|

Re: [bctls-jdk15on-167b05] Disable TLS ciphersuites.

Lothar Kimmeringer-4


Am 04.03.2021 um 16:57 schrieb Christoph Bröter:

> we are using bctls-jdk15on-167b05 for implementation of our TLS Server.
> The server shall only provide following cipherSuites:
> TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
> TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
> TLS_DHE_RSA_WITH_AES_256_CBC_SHA
> but even though the above suites are set several other suites are enabled.
> We use objServerSocket.setEnabledCipherSuites(String[]) to make the above suites prominent.
>
> How can we archive that only the above suites will be used by the server?
> objServerSocket.getEnabledCipherSuites() will provide following suites:
> [many suites]

Can you show the source that you used for testing? I regularly restrict
suites in my unit tests to have control over the specific handshake and
never had issues that it was ignored.


Cheers, Lothar