Am 07.08.2013, 08:57 Uhr, schrieb Matthew Hall <mh...@mhcomputing.net>:
I don't think disabling ciphers on the server side works that great in Java since the client can still screw up the ordering.
Hmm.. do you mean the disabled cipher is used anyway or do you mean it will pick a suboptimal enabled cipher? I dont know about bugs who allow to negotiate disabled ciphers. Picking suboptimal ciphers from the point of view of the server operator can of course still happen with a short(er) list. It would be good if JDK JSSE can provide a different selector strategy.
Gruss Bernd
