OS: Linux
Test1: JBoss-4.0.2 with jdk 1.4
Test2: JBoss-4.3.0-eap with jdk 1.5
I tested both setup and SSL ciphers for 256-bit was not seen by the security scan. I currently have the following SSL ciphers in the server.xml file:
ciphers="SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA"
When the server is scanned, the 128-bit is picked up. However, when I change it to use 256-bit, the scan doesn't see the 256-bit. What do I need to use the 256-bit ciphers? Are there any other ciphers I am missing, beside the anonymous ciphers?