Re: SSLHonorCipherOrder not working as expected

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This has nothing to do with sslhonorcipherorder

Java 1.4 certainly does not support any ecdhe cipher and even less anything greater than tlv1.0 if I remember correctly.

Java even tends to accept ciphers it can't deal later on once the ssl negotiation has started

So,for such a dated client you should stick to tlsv1.0 max and RSA ciphers for the time being.

It will be better if you check Java 1.4 compatibility table to know which ciphers will work or not and not enable the most insecure ones you are enabling right now.

Either that or migrate your client to a recent Java version


El 28/7/2016 4:36 p. m., "Michele Mase'" <michele.mase@xxxxxxxxx> escribió:
I've a reverse proxy based on apache 2.2.x (centos6.x) with soma name based virtualhosts; trying to connect with an old app axis and java1.4.2.x based, it only works with the following configuration:

SSLProtocol ALL -SSLv2 -SSLv3
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS +RC4 RC4"
SSLHonorCipherOrder off #Default

Turning SSLHonorCipherOrder On it doesn't work, I receive an error tls internal error 80.
An internal error unrelated to the peer or the correctness of the protocol makes it impossible to continue, such as a memory allocation failure. The error is not related to protocol. This message is always fatal.

Following  the SSLHonorCipherOrder directive: you can set in
server config and virtual host, but it seems not to work.

The problem:
If I set it on in the main server (or the first virtualhost), I cannot deactivate it in the second virtualhost.
The same If I set it of in the main server (or the first virtualhost) and I want to activate it in the second virtualhost. I cannot.

Could It be a bug or it is made by design?
How could I set the SSLHonorCipherOrder directive per virtualhost?

Regards
Michele Masè

[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux