I need some help understanding how the InvokeHTTP processor negotiates SSL Ciphers with the remote host. I've got a remote system that only supports a weak cipher in this case ECDHE-RSA-AES256-SHA384. I've enabled Java SSL debugging with -Djavax.net.debug=ssl:handshake:verbose and I've noticed that the ClientHello logged does not list that cipher in the "cipher suites" value for that processor call however if I look at other ClientHello messages logged I see a much larger list of "cipher suites" listed including the one above. I'm trying to figure out what exactly is restricting the list of ciphers that are negotiated. I've tried using InvokeHTTP with a Restricted and Non Restricted SSL Controller. I'm not running Java in export mode so I have all the ciphers. I've also been doing some testing with the openssl s_client command and I've confirmed that only the cipher above is supported and any other cipher gives an error.
Thanks Shawn
