cipherSuites Filtering

James Y. Li Thu, 23 Jul 2015 21:14:35 -0700

Hi All,
I am trying to write a cipherSuitesFilter which excludes DH ciphers and
includes the following ciphers:


*AES256-SHA (*SSLv3 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA1*)*

*DES-CBC3-SHA (*SSLv3 Kx=RSA      Au=RSA  Enc=3DES(168) Mac=SHA1*)*

*AES128-SHA (*SSLv3 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA1*)*

And I referred to the example at
http://cxf.apache.org/docs/client-http-transport-including-ssl-support.html#ClientHTTPTransport(includingSSLsupport)-ConfiguringSSLSupport

So should my filter look like this? Should I include more restrictions on
'Au', 'Mac' as above?

     <sec:cipherSuitesFilter>
        <sec:include>.*_WITH_AES_.*</sec:include>
        <sec:include>.*_WITH_DES_.*</sec:include>
        <sec:exclude>.*_DH_.*</sec:exclude>
      </sec:cipherSuitesFilter>

Thanks!

cipherSuites Filtering

Reply via email to