-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mark,
On 10/26/2009 12:44 PM, Mark Thomas wrote: > Christopher Schultz wrote: >> It's clear to me that the list of available ciphers is different than >> the list of enabled ciphers. >> >> Is there a way to get this list programmatically? I have a small Java >> program that dumps everything about a Provider (see below for the code), >> but it doesn't dump the ciphers in the format you have shown above (and >> doesn't indicate which items are enabled by default). > > Take a look at javax.net.ssl.SSLServerSocketFactory and how it is used > in org.apache.tomcat.util.net.jsse.JSSESocketFactory Thanks for the pointer. It hadn't occurred to me that, since the SSL server socket factory must be initialized somewhere, it will pick its own set of acceptable ciphers instead of just, I dunno, randomly applying all possible ones :) The following is good to know: " The minimum quality of service for these defaults requires confidentiality protection and server authentication (that is, no anonymous cipher suites). " So it won't allow things like NullCipher and other stupid things like that. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkrl1ewACgkQ9CaO5/Lv0PA4yQCfXxPqEI0rp2v7X95zLsRETJg+ G1IAoLkr9S6RIiuZnSSow4M2GYf8HuWE =khTM -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
