Enoch,
What operating system, version of Java are you using, and what version
of Jetty and Restlet are you using?
What you're doing should work. My server application does something
very similar. One thing to be aware of is the names of the ciphers.
OpenSSL uses different names than Java uses.
This is my list of weak ciphers:
private static String _weakCiphers =
"EXP-EDH-RSA-DES-CBC-SHA EXP-DES-CBC-SHA EXP-RC4-MD5 " +
"EDH-RSA-DES-CBC-SHA EXP-DES-CBC-SHA EXP-RC4-MD5 ";
This is my list of acceptable ciphers:
private static String _mediumStrongCiphers =
"SSL_RSA_WITH_RC4_128_MD5 " +
"SSL_RSA_WITH_RC4_128_SHA " +
"TLS_RSA_WITH_AES_128_CBC_SHA " +
"TLS_RSA_WITH_AES_256_CBC_SHA " +
"TLS_DHE_RSA_WITH_AES_128_CBC_SHA " +
"TLS_DHE_RSA_WITH_AES_256_CBC_SHA " +
"TLS_DHE_DSS_WITH_AES_128_CBC_SHA " +
"TLS_DHE_DSS_WITH_AES_256_CBC_SHA " +
"SSL_RSA_WITH_3DES_EDE_CBC_SHA " +
"SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA " +
"SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA " +
"SSL_DHE_DSS_WITH_DES_CBC_SHA";
Some of the HTTP connector packages understand disabling ciphers, some
understand enabling listed ciphers.
My server application runs on Ubuntu 10.04 LTS using openJDK 6, and I'm
still using Restlet 1.1.7. Yes, I know I should upgrade... Sometime in
March 2012 there was a OpenJDK6 update that effected my ability disable
weak ciphers using Jetty. I ended up switching my HTTP connector to
Grizzly and that made things work again.
--
Timothy Aanerud
On 6/20/2012 8:56 PM, Enoch wrote:
> Im using Restlet with embedded Jetty. I have a requirement of being able to
> enable only selected cipher suites.
>
> I primarily use embedded Jetty anyway I have also tried Simple HTTP Server
> but both does not appear to work. I am unable to find any examples in this
> regard.
> Even Restlet In Action book did not have any info in this regard. Any help
> will be greatly Any help will be greatly appreciated..
>
> Server Code for embedded Simple HTTP Server(Similar code for JETTY was tried)
> ----------------------------------------------------------------------------
>
> org.restlet.Server serverObj = new
> org.restlet.Server(Protocol.HTTPS);
>
> HttpServerHelper serverHelper = new HttpServerHelper(
> serverObj);
> Engine.getInstance().getRegisteredServers().add(0,
> serverHelper);
>
> org.restlet.Component component = new Component();
> org.restlet.Server server =
> component.getServers().add(Protocol.HTTPS,8080);
> component.getDefaultHost().attach(vtnURLResource, new
> VTNApplication());
>
> org.restlet.ext.simple.HttpsServerHelper httpsServerHelper =
> new HttpsServerHelper(server);
> Context workingCtx = serverHelper.getContext();
>
> workingCtx.getParameters().add("disabledCipherSuites",
>
> "SSL_RSA_WITH_RC4_128_MD5 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
> TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_256_CBC_SHA ......");
> workingCtx.getParameters().add("enabledCipherSuites",
> "SSL_RSA_WITH_RC4_128_SHA");
> workingCtx.getParameters().add("sslContextFactory",
>
> "org.restlet.engine.security.DefaultSslContextFactory");
>
> workingCtx.getParameters().add("keystorePath",
>
> "C:\\openadrkeystore\\bouncykeys\\VTN_QLI.bks");
> workingCtx.getParameters().add("keystorePassword", "password");
> workingCtx.getParameters().add("keystoreType", "BKS");
> workingCtx.getParameters().add("keyPassword", "password");
>
> workingCtx.getParameters().add("truststorePath",
> "C:\\Program
> Files\\Java\\jre6\\lib\\security\\cacerts");
> workingCtx.getParameters().add("truststorePassword",
> "changeit");
>
> workingCtx.getParameters().add("needClientAuthentication",
> "true");
>
> component.start();
>
>
>
> Client Code
> -----------
> Client client = new Client(ctx,Protocol.HTTPS);
> client.setConnectTimeout(50000);
>
> Context workingCtx = client.getContext();
>
> System.setProperty("javax.net.ssl.trustStore","C:\\Program
> Files\\Java\\jre6\\lib\\security\\cacerts");
> System.setProperty("javax.net.ssl.trustStorePassword",
> "changeit");
> workingCtx.getParameters().add("keystorePath",
> "C:\\openadrkeystore\\bouncykeys\\VEN_QLI.bks");
> workingCtx.getParameters().add("keystorePassword",
> "password");
> workingCtx.getParameters().add("keystoreType", "BKS");
> workingCtx.getParameters().add("keyPassword",
> "password");
> workingCtx.getParameters().add("disabledCipherSuites",
> "SSL_RSA_WITH_RC4_128_MD5
> TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_AES_128_CBC_SHA .....");
> workingCtx.getParameters().add("enabledCipherSuites",
> "SSL_RSA_WITH_RC4_128_SHA");
>
> workingCtx.getParameters().add("needClientAuthentication", "true");
>
>
> ClientResource resource = new
> ClientResource(propFilePreader.get("serverURL"));
> resource.setNext(client);
> ..................
> ..................
> resource.post(data);
>
> ------------------------------------------------------
> http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2972321
------------------------------------------------------
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2972334
