Quantcast

Controlling the order of cipher suites in TLS

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Controlling the order of cipher suites in TLS

elad
Hi,

If I use the method SSLEngineConfigurator.setEnabledCipherSuites(String[] ciphers), is the array ordered by priority?

i.e. when establishing the connection will the server choose the cipher with the lowest index in the array (from those supported by the client)?

Same question for setEnabledProtocols()
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Controlling the order of cipher suites in TLS

Ryan Lubke-2
From what I understand, the server will pick the first enabled suite requested in the client hello.  Ordering of the array is irrelevant.
However, it does matter when configuring the suites on the client side.

As far as protocols, there is no preference order. The the client states the maximum protocol version it supports; the server selects its own maximum or the client's, whichever is lower, resulting in the highest supported by both endpoints.

July 27, 2016 at 08:58
Hi,

If I use the method SSLEngineConfigurator.setEnabledCipherSuites(String[]
ciphers), is the array ordered by priority?

i.e. when establishing the connection will the server choose the cipher with
the lowest index in the array (from those supported by the client)?

Same question for setEnabledProtocols()



--
View this message in context: http://grizzly.1045725.n5.nabble.com/Controlling-the-order-of-cipher-suites-in-TLS-tp5711064.html
Sent from the Grizzly - Users mailing list archive at Nabble.com.

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Controlling the order of cipher suites in TLS

elad
Ryan Lubke-2 wrote
>From what I understand, the server will pick the first enabled suite
requested in the client hello.  Ordering of the array is irrelevant.
However, it does matter when configuring the suites on the client side.
Unfortunately my clients are diverse and I only have full control over the server.
Is there a way to force the server's order instead of the client's?
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Controlling the order of cipher suites in TLS

Ryan Lubke-2
There doesn't appear to be.

July 27, 2016 at 09:54
Ryan Lubke-2 wrote

Unfortunately my clients are diverse and I only have full control over the
server.
Is there a way to force the server's order instead of the client's?



--
View this message in context: http://grizzly.1045725.n5.nabble.com/Controlling-the-order-of-cipher-suites-in-TLS-tp5711064p5711066.html
Sent from the Grizzly - Users mailing list archive at Nabble.com.
July 27, 2016 at 09:32
From what I understand, the server will pick the first enabled suite requested in the client hello.  Ordering of the array is irrelevant.
However, it does matter when configuring the suites on the client side.

As far as protocols, there is no preference order. The the client states the maximum protocol version it supports; the server selects its own maximum or the client's, whichever is lower, resulting in the highest supported by both endpoints.


July 27, 2016 at 08:58
Hi,

If I use the method SSLEngineConfigurator.setEnabledCipherSuites(String[]
ciphers), is the array ordered by priority?

i.e. when establishing the connection will the server choose the cipher with
the lowest index in the array (from those supported by the client)?

Same question for setEnabledProtocols()



--
View this message in context: http://grizzly.1045725.n5.nabble.com/Controlling-the-order-of-cipher-suites-in-TLS-tp5711064.html
Sent from the Grizzly - Users mailing list archive at Nabble.com.

Loading...