You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@qpid.apache.org by "Keith Wall (JIRA)" <ji...@apache.org> on 2016/02/26 18:09:18 UTC
[jira] [Commented] (QPID-7113) [Java Broker] Add ability to select
cipher suite during TLS negotiation based on Broker side cipher suite order
[ https://issues.apache.org/jira/browse/QPID-7113?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15169336#comment-15169336 ]
Keith Wall commented on QPID-7113:
----------------------------------
This will involve enabling using the JDK 8 only feature:
https://docs.oracle.com/javase/8/docs/api/javax/net/ssl/SSLParameters.html#setUseCipherSuitesOrder-boolean-
This call needs to be made in the reflective way, so to maintain compatibility with JDK7.
> [Java Broker] Add ability to select cipher suite during TLS negotiation based on Broker side cipher suite order
> ---------------------------------------------------------------------------------------------------------------
>
> Key: QPID-7113
> URL: https://issues.apache.org/jira/browse/QPID-7113
> Project: Qpid
> Issue Type: Improvement
> Components: Java Broker
> Reporter: Alex Rudyy
> Fix For: qpid-java-6.1
>
>
> During TLS handshaking, the client requests to negotiate a cipher suite from a list of cryptographic options that it supports, starting with its first preference. Then, the server selects a single cipher suite from the list of cipher suites requested by the client. Normally, the selection honors the client's preference.
> Broker should be able to select cipher suites based on its own preference rather than the client's preference in order to mitigate the risks of using weak cipher suites.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org