Does WAS CE support anything similar to what Apache Module mod_ssl provides via SSLCipherSuite Directive where we can configure the Cipher Suite the client is permitted to negotiate in the SSL handshake phase? (more info on the SSLCipherSuite directive can be find here : http://httpd.apache.org/docs/2.0/mod/mod_ssl.html#sslciphersuite).
Looking around I found some beans/properties in webapps/META-INF/geronimo-application.xml that may be helpful, but I'm not sure.
<gbean name="HTTP-8082" class="org.apache.geronimo.tomcat.HttpsConnectorGBean"> which contains attributes like:
1. algorithm : values I see can be used are default/IbmX509/????
2. sslProtocol: TLS/SSL... not sure about these values
3. ciphers: comma separated list of the encryption cipher that may be used.
Another property existing in mod_ssl and I'm looking for support in WAS CE is SSLHonorCipherOrder (http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslhonorcipherorder - When choosing a cipher during an SSLv3 or TLSv1 handshake, normally the client's preference is used. If this directive is enabled, the server's preference will be used instead.)
Any information about this topic is appreciated.
Pinned topic WAS CE support for mod_ssl SSLCipherSuite Directive and SSLHonorCipherOrder
Answered question This question has been answered.
Unanswered question This question has not been answered yet.
Updated on 2012-01-28T07:09:30Z at 2012-01-28T07:09:30Z by Ivan.Xu
Ivan.Xu 270000R77P14 Posts
Re: WAS CE support for mod_ssl SSLCipherSuite Directive and SSLHonorCipherOrder2012-01-28T07:09:30ZThis is the accepted answer. This is the accepted answer.Did not have detailed checking with those in mod_ssl, while WAS CE uses Tomcat as its webcontainer provider, and you may refer to the doc here and get the answers.