aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at
diff options
context:
space:
mode:
authorkstranacher_eGovL <kstranacher_eGovL@d688527b-c9ab-4aba-bd8d-4036d912da1d>2012-10-11 13:02:47 +0000
committerkstranacher_eGovL <kstranacher_eGovL@d688527b-c9ab-4aba-bd8d-4036d912da1d>2012-10-11 13:02:47 +0000
commit557e2e7053680b6611f312fff132b6eb94c4a8c6 (patch)
tree3881a0d9e5b4871af380ac610514fc13506bfca7 /id/server/idserverlib/src/main/java/at
parentd8ed73430137efe2fc01c46da6197ab88501ef64 (diff)
downloadmoa-id-spss-557e2e7053680b6611f312fff132b6eb94c4a8c6.tar.gz
moa-id-spss-557e2e7053680b6611f312fff132b6eb94c4a8c6.tar.bz2
moa-id-spss-557e2e7053680b6611f312fff132b6eb94c4a8c6.zip
Update https.cipherSuites
git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1299 d688527b-c9ab-4aba-bd8d-4036d912da1d
Diffstat (limited to 'id/server/idserverlib/src/main/java/at')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java30
1 files changed, 28 insertions, 2 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
index 924e9d643..cf5615a13 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
@@ -85,9 +85,35 @@ public class MOAIDAuthInitializer {
Session session = Session.getDefaultInstance(props, null);
// Restricts TLS cipher suites
+// System.setProperty(
+// "https.cipherSuites",
+// "SSL_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_3DES_EDE_CBC_SHA");
+//
+ // actual HIGH cipher suites from OpenSSL
+// Mapping OpenSSL - Java
+// OpenSSL Java
+// http://www.openssl.org/docs/apps/ciphers.html http://docs.oracle.com/javase/6/docs/technotes/guides/security/SunProviders.html
+// via “openssl ciphers -tls1 HIGH –v”
+//
+// ADH-AES256-SHA TLS_DH_anon_WITH_AES_256_CBC_SHA
+// DHE-RSA-AES256-SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA
+// DHE-DSS-AES256-SHA TLS_DHE_DSS_WITH_AES_256_CBC_SHA
+// AES256-SHA TLS_RSA_WITH_AES_256_CBC_SHA
+// ADH-AES128-SHA TLS_DH_anon_WITH_AES_128_CBC_SHA
+// DHE-RSA-AES128-SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA
+// DHE-DSS-AES128-SHA TLS_DHE_DSS_WITH_AES_128_CBC_SHA
+// AES128-SHA TLS_RSA_WITH_AES_128_CBC_SHA
+// ADH-DES-CBC3-SHA SSL_DH_anon_WITH_3DES_EDE_CBC_SHA
+// EDH-RSA-DES-CBC3-SHA -
+// EDH-DSS-DES-CBC3-SHA -
+// DES-CBC3-SHA SSL_RSA_WITH_3DES_EDE_CBC_SHA
+
System.setProperty(
- "https.cipherSuites",
- "SSL_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_3DES_EDE_CBC_SHA");
+ "https.cipherSuites",
+ "TLS_DH_anon_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,SSL_DH_anon_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA");
+
+
+
// load some jsse classes so that the integrity of the jars can be
// verified
// before the iaik jce is installed as the security provider