This has nothing to do with sslhonorcipherorder Java 1.4 certainly does not support any ecdhe cipher and even less anything greater than tlv1.0 if I remember correctly.
Java even tends to accept ciphers it can't deal later on once the ssl negotiation has started So,for such a dated client you should stick to tlsv1.0 max and RSA ciphers for the time being. It will be better if you check Java 1.4 compatibility table to know which ciphers will work or not and not enable the most insecure ones you are enabling right now. Either that or migrate your client to a recent Java version El 28/7/2016 4:36 p. m., "Michele Mase'" <[email protected]> escribió: > I've a reverse proxy based on apache 2.2.x (centos6.x) with soma name > based virtualhosts; trying to connect with an old app axis and java1.4.2.x > based, it only works with the following configuration: > > SSLProtocol ALL -SSLv2 -SSLv3 > SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 > EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH > EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS +RC4 RC4" > SSLHonorCipherOrder off #Default > > Turning SSLHonorCipherOrder On it doesn't work, I receive an error tls > internal error 80. > An internal error unrelated to the peer or the correctness of the protocol > makes it impossible to continue, such as a memory allocation failure. The > error is not related to protocol. This message is always fatal. > > Following the SSLHonorCipherOrder directive: you can set in > server config and virtual host, but it seems not to work. > > The problem: > If I set it on in the main server (or the first virtualhost), I cannot > deactivate it in the second virtualhost. > The same If I set it of in the main server (or the first virtualhost) and > I want to activate it in the second virtualhost. I cannot. > > Could It be a bug or it is made by design? > How could I set the SSLHonorCipherOrder directive per virtualhost? > > Regards > Michele Masè >
