[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[iaik-ssl]cu|| SSL Cipher Suites


I'm using IAIK SSL 3.04 and JCE 3.0. I observed the following behaviors.

1) The SSL debug message still shows version 3.03.

    ssl_debug(1): Starting handshake (iSaSiLk 3.03 Evaluation Version)...

2) The default cipher suites do not include the suites using the new AES
    algorithm. I use the default settings for SSLContexts.

3) If I add CS_DH_ANON explicitly on both client and server, AES suites
    are added and cause a problem because they are not allowed by the
    default crypto strength policy set by J2SE.

java.io.IOException: Fatal SSL handshake error: 
java.lang.RuntimeException: Unable to create cipher AES/CBC/NoPadding: 
java.lang.SecurityException: Unsupported keysize or algorithm parameters
     at Socket.getInputStream

To me it seems that iSaSiLk 3.04 selects available cipher suites only 
based on implementation, but not the crypto strength policies set by 
Sun's JCE.

Besides, in cipher suites negotiation, if a client fails to getInstance 
for the top suite, can the client automatically tries other suites 
available to both client and server?

Joncheng Kuo

Mailinglist-archive at http://jcewww.iaik.at/mailarchive/iaik-ssl/sslthreads.html

To unsubscribe send an email to listserv@iaik.at with the folowing content: UNSUBSCRIBE iaik-ssl