wood burning stoves 2.0*
The moose likes Tomcat and the fly likes Apache web server with mod-SSL for HTTPS Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of OCA/OCP Java SE 7 Programmer I & II Study Guide this week in the OCPJP forum!
JavaRanch » Java Forums » Products » Tomcat
Bookmark "Apache web server with mod-SSL for HTTPS" Watch "Apache web server with mod-SSL for HTTPS" New topic
Author

Apache web server with mod-SSL for HTTPS

Ganapathi Srinivasan
Greenhorn

Joined: Jan 17, 2003
Posts: 11
Hi,
We are facing a peculiar problem while establishing a HTTPS communication with Apache web server + mod_ssl. The web server is on Unix and the client toolkit we use is Entrust v6.0 sp2.
While connecting if I specify the list of enabled cipher suites to CipherSuiteList.L_ALL then during communication a 40-bit cipher is selected. This is contrary to the spec that during negotiation the client and server choose the strongest of the ciphers supported.
Whereas when I specify CipherSuiteList.L_DEFAULT that has only 128 bit keys (provided by Entrust) a stronger cipher suite is selected!
Since I feel that it is the web server that selects the cipher suite, is this a bug in mod_ssl? Or am I missing something?
Thanks,
GanP.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Apache web server with mod-SSL for HTTPS