This has nothing to do with sslhonorcipherorder
Java 1.4 certainly does not support any ecdhe cipher and even less anything greater than tlv1.0 if I remember correctly.
Java even tends to accept ciphers it can't deal later on once the ssl negotiation has started
So,for such a dated client you should stick to tlsv1.0 max and RSA ciphers for the time being.
It will be better if you check Java 1.4 compatibility table to know which ciphers will work or not and not enable the most insecure ones you are enabling right now.
Either that or migrate your client to a recent Java version
El 28/7/2016 4:36 p. m., "Michele Mase'" <michele.mase@xxxxxxxxx> escribió:Michele MasèCould It be a bug or it is made by design?The same If I set it of in the main server (or the first virtualhost) and I want to activate it in the second virtualhost. I cannot.If I set it on in the main server (or the first virtualhost), I cannot deactivate it in the second virtualhost.The problem:Following the SSLHonorCipherOrder directive: you can set inI've a reverse proxy based on apache 2.2.x (centos6.x) with soma name based virtualhosts; trying to connect with an old app axis and java1.4.2.x based, it only works with the following configuration:Turning SSLHonorCipherOrder On it doesn't work, I receive an error tls internal error 80.
SSLProtocol ALL -SSLv2 -SSLv3
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS +RC4 RC4"
SSLHonorCipherOrder off #Default
An internal error unrelated to the peer or the correctness of the protocol makes it impossible to continue, such as a memory allocation failure. The error is not related to protocol. This message is always fatal.
server config and virtual host, but it seems not to work.How could I set the SSLHonorCipherOrder directive per virtualhost?Regards
|