0 Replies Latest reply on May 8, 2008 5:07 PM by Sim Tran

    SSL Ciphers

    Sim Tran Newbie

      OS: Linux
      Test1: JBoss-4.0.2 with jdk 1.4
      Test2: JBoss-4.3.0-eap with jdk 1.5

      I tested both setup and SSL ciphers for 256-bit was not seen by the security scan. I currently have the following SSL ciphers in the server.xml file:

      ciphers="SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA"

      When the server is scanned, the 128-bit is picked up. However, when I change it to use 256-bit, the scan doesn't see the 256-bit. What do I need to use the 256-bit ciphers? Are there any other ciphers I am missing, beside the anonymous ciphers?