[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

AW: [iaik-ssl] iSaSiLk w/o RSA talking to SSL web server



> I do not wish to deal with patent issues with RSA, so I'm trying to use
> a cipher suite that does not involve RC4 encryption.  I'm assuming the
> following subset of the previous list would suffice:
>
>     Triple DES with 168 bit encryption and SHA message authentication
>     DES with 56 bit encryption and SHA message authentication
>
But they still will use RSA most probably (I think these are the only thing
Netscape provided and I am not aware if that changed)

> So I need to enable a cipher suite in the JCE/iSaSiLk that will match
> one of these two cipher suites defined in the Enterprise web server.
> Unfortunately, I do not know how to do this.
There is a sslcontext.setEnabledCiphersuites method that does that for you.

> I assume this exception is being thrown because the server did not like
> any of the cipher suites sent to it.  I do not know, however, what to do
> about.  I believe I might be able to just define a new CipherSuite (much
> like the "myBlowfish" example in SSLClient.java) to define the
> parameters of one of the cipher suites accepted by my web server, but
> again, I don't know how to do this.
Which ciphersuites does your webserver accept? Defining a new Ciphersuite is
unlikely to work as we should support all ciphersuites around and I don't
think Netscape uses others.

> start talking with RSA to see about using their SSL-J package, although
> I'd really rather not do that.  :-(
I can understand that. One other option would be to switch to another
webserver, but I assume this might not really be an option.

Peter
______________________________________
Dr. Peter Lipp
IAIK, TU Graz
Inffeldgasse 16a, A-8010 Graz, Austria
Tel: +43 316 873 5513
Fax: +43 316 873 5520
Web: www.iaik.at




smime.p7s