When using JSSE it seems the cipher order is predetermined. http://docs.oracle.com/javase/8/docs/technotes/guides/security/SunProviders.html
"cipher suites supported by SunJSSE in preference order and the release in which they were introduced." 2014-05-24 1:15 GMT+02:00 Igor Cicimov <icici...@gmail.com>: > On 24/05/2014 1:15 AM, "Sverre Moe" <sverre....@gmail.com> wrote: > > > > NIO does support them according to the java documentation. > > I was refering to cipher order and tomcat7 connector documentation where > only the apr connector supports the option SSLHonorCipherOrder > > http://tomcat.apache.org/tomcat-7.0-doc/config/http.html > > These ciphers > > have been implemented in the JSSE provider. > > I have no problem making a connection to Tomcat via a Java program using > a > > HttpsConnection and are getting the highest cipher (TLS_ECDHE_RSA_WITH_ > > AES_256_GCM_SHA384). > > > > > > 2014-05-23 10:00 GMT+02:00 Igor Cicimov <icici...@gmail.com>: > > > > > On 23/05/2014 5:43 PM, "Sverre Moe" <sverre....@gmail.com> wrote: > > > > > > > > I am using the following ciphers in Tomcat: > > > > > > > > > > > > ciphers="TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA" > > > > > > > > Somehow Chromium uses the last in that list. That is > > > > TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA > > > > Though it should support all these ciphers. Is there an ordering I > could > > > > set so that i picks the first one? > > > > > > I think thats supported in APR only but not in BIO/NIO. But doublecheck > > > that in the Connector docs please. > > > >
