Topic
1 reply Latest Post - ‏2012-01-28T07:09:30Z by Ivan.Xu
alesiolp
alesiolp
1 Post
ACCEPTED ANSWER

Pinned topic WAS CE support for mod_ssl SSLCipherSuite Directive and SSLHonorCipherOrder

‏2012-01-21T00:31:10Z |
Hello,

Does WAS CE support anything similar to what Apache Module mod_ssl provides via SSLCipherSuite Directive where we can configure the Cipher Suite the client is permitted to negotiate in the SSL handshake phase? (more info on the SSLCipherSuite directive can be find here : http://httpd.apache.org/docs/2.0/mod/mod_ssl.html#sslciphersuite).

Looking around I found some beans/properties in webapps/META-INF/geronimo-application.xml that may be helpful, but I'm not sure.
<gbean name="HTTP-8082" class="org.apache.geronimo.tomcat.HttpsConnectorGBean"> which contains attributes like:
1. algorithm : values I see can be used are default/IbmX509/????
2. sslProtocol: TLS/SSL... not sure about these values
3. ciphers: comma separated list of the encryption cipher that may be used.

Another property existing in mod_ssl and I'm looking for support in WAS CE is SSLHonorCipherOrder (http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslhonorcipherorder - When choosing a cipher during an SSLv3 or TLSv1 handshake, normally the client's preference is used. If this directive is enabled, the server's preference will be used instead.)

Any information about this topic is appreciated.

Thanks,

Alesio
Updated on 2012-01-28T07:09:30Z at 2012-01-28T07:09:30Z by Ivan.Xu
  • Ivan.Xu
    Ivan.Xu
    14 Posts
    ACCEPTED ANSWER

    Re: WAS CE support for mod_ssl SSLCipherSuite Directive and SSLHonorCipherOrder

    ‏2012-01-28T07:09:30Z  in response to alesiolp
    Did not have detailed checking with those in mod_ssl, while WAS CE uses Tomcat as its webcontainer provider, and you may refer to the doc here and get the answers.
    a. http://tomcat.apache.org/tomcat-7.0-doc/config/http.html