Granny's Programming Pearls
"inside of every large program is a small program struggling to get out"
The moose likes Tomcat and the fly likes Apache web server with mod-SSL for HTTPS Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Products » Tomcat
Bookmark "Apache web server with mod-SSL for HTTPS" Watch "Apache web server with mod-SSL for HTTPS" New topic

Apache web server with mod-SSL for HTTPS

Ganapathi Srinivasan

Joined: Jan 17, 2003
Posts: 11
We are facing a peculiar problem while establishing a HTTPS communication with Apache web server + mod_ssl. The web server is on Unix and the client toolkit we use is Entrust v6.0 sp2.
While connecting if I specify the list of enabled cipher suites to CipherSuiteList.L_ALL then during communication a 40-bit cipher is selected. This is contrary to the spec that during negotiation the client and server choose the strongest of the ciphers supported.
Whereas when I specify CipherSuiteList.L_DEFAULT that has only 128 bit keys (provided by Entrust) a stronger cipher suite is selected!
Since I feel that it is the web server that selects the cipher suite, is this a bug in mod_ssl? Or am I missing something?
It is sorta covered in the JavaRanch Style Guide.
subject: Apache web server with mod-SSL for HTTPS
Similar Threads
JSP:Redirection based on Cipher Strength of Browser
Ciphers Suites in java
Root CA Certificate Or Single Certificate
Unable to get Client IP
Apache HTTP Server is not responding on 100 User Load