This week's book giveaway is in the OCAJP 8 forum. We're giving away four copies of OCA Java SE 8 Programmer I Study Guide and have Edward Finegan & Robert Liguori on-line! See this thread for details.
Hi, We are facing a peculiar problem while establishing a HTTPS communication with Apache web server + mod_ssl. The web server is on Unix and the client toolkit we use is Entrust v6.0 sp2. While connecting if I specify the list of enabled cipher suites to CipherSuiteList.L_ALL then during communication a 40-bit cipher is selected. This is contrary to the spec that during negotiation the client and server choose the strongest of the ciphers supported. Whereas when I specify CipherSuiteList.L_DEFAULT that has only 128 bit keys (provided by Entrust) a stronger cipher suite is selected! Since I feel that it is the web server that selects the cipher suite, is this a bug in mod_ssl? Or am I missing something? Thanks, GanP.