Le 22/01/15 00:07, Kiran Ayyagari a écrit :
> On Thu, Jan 22, 2015 at 6:45 AM, Emmanuel Lécharny <[email protected]>
> wrote:
>
>> Some update :
>>
>> I have now set a list of existing and supported Cipher for the user to
>> select. It looks like this :
>>
>> .--------------------------------.
>> |V SSL Advanced Settings |
>> +--------------------------------+
>> | [X] Require Client Auth |
>> | [X] Request Client Auth |
>> | Ciphers suite : |
>> | +--------------------------+ |
>> | |[X] xyz | |
>> | |[X] abc | |
>> | |[X] def | |
>> | +--------------------------+ |
>> | Enabled protocols : |
>> | [X] SSLv3 [X] TLSv1 |
>> | [X] TLSv1.1 [X] TLSv1.2 |
>> +--------------------------------+
>>
>> You can select one or more ciphers, all of them are selected by default.
>> The selection is done based on the underlying JAVA version used on the
>> server, so I have to add a checkbox to select either Java 7 or Java 8.
>>
>> this setting can quickly become stale, especially at the pace java
> versions are EOLed
>
> Instead I suggest we provide a textbox (in the advance options) to let the
> user key in
> the desired cipher if none is needed beside the default ciphers.
Ok, let's face reality here :
do you really want users to type things like
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 ?
When using SSL, the security provider to use is JSSE, which comes with a
list of supported ciphers, which are either enabled or disabled. This is
quite a long list, and there is no mean to add some cipher from this
list, because they won't be supported anyway.
The issue is what list of ciphers will Java 9 support ? We don't know
yet. But adding a support for those ciphers is just a matter of adding
them to the SupportedCipher enum, and add a new JavaVersion in the combo
I'm currently adding in this tab.
