Good morning all,
Does anybody have any clue how to specify a set of cipher suites for SSL/TLS in Openfire? I am using version 3.4.5 and have SSL working but it appears that the first available cipher suite is being used (see ssldump below). Tomcat and WebLogic Server allow you to specify a specific set of available suites in the configuration files and I have not been able to find anything online that helps.
Thanks,
Dan
1 1 0.7488 (0.7488) C>S SSLv2 compatible client hello
Version 3.1
cipher suites
TLS_RSA_WITH_RC4_128_MD5
SSL2_CK_RC4
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
SSL2_CK_3DES
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_DES_CBC_SHA
SSL2_CK_DES
TLS_DHE_RSA_WITH_DES_CBC_SHA
TLS_DHE_DSS_WITH_DES_CBC_SHA
TLS_RSA_EXPORT_WITH_RC4_40_MD5
SSL2_CK_RC4_EXPORT40
TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
1 2 0.7519 (0.0030) S>C Handshake
ServerHello
Version 3.1
session_id[32]=
47 bc 4e e5 4c 5a 18 cd 5b 8e 54 cd 0c db 22 cf
3b 9b da 3d 8d 1a 2b c3 dd 1c ab 3c fb 7d 3b 43
cipherSuite TLS_RSA_WITH_RC4_128_MD5
compressionMethod NULL
Certificate
ServerHelloDone
1 3 0.7610 (0.0091) C>S Handshake
ClientKeyExchange
1 4 0.8014 (0.0403) C>S ChangeCipherSpec
1 5 0.8014 (0.0000) C>S Handshake
1 6 0.8048 (0.0034) S>C ChangeCipherSpec
1 7 0.9781 (0.1733) S>C Handshake
1 8 0.9797 (0.0015) C>S application_data