This is not really a CXF issue, Jason - it's determined by the JSSE
(Java Secure Sockets Extension), and AFAIK we're stuck with only CBC for
AES encryption. You can see the list of JSSE cipher suites here:
http://docs.oracle.com/javase/7/docs/technotes/guides/security/SunProviders.html#SunJSSEProvider
Incidentally, I just published an article on InfoQ that discusses some
of the issues around keeping your data communications secure with some
discussion of TLS/SSL: http://www.infoq.com/articles/keeping-your-secrets
- Dennis
On 10/10/2013 12:27 PM, Jason Pell wrote:
Hi,
Is there such a list in the docs for cxf somewhere?
