powered by Jive Software

3DES or AES Channel Encryption

Good morning all,

Does anybody have any clue how to specify a set of cipher suites for SSL/TLS in Openfire? I am using version 3.4.5 and have SSL working but it appears that the first available cipher suite is being used (see ssldump below). Tomcat and WebLogic Server allow you to specify a specific set of available suites in the configuration files and I have not been able to find anything online that helps.

Thanks,

Dan

1 1 0.7488 (0.7488) C>S SSLv2 compatible client hello

Version 3.1

cipher suites

TLS_RSA_WITH_RC4_128_MD5

SSL2_CK_RC4

TLS_RSA_WITH_RC4_128_SHA

TLS_RSA_WITH_AES_128_CBC_SHA

TLS_DHE_RSA_WITH_AES_128_CBC_SHA

TLS_DHE_DSS_WITH_AES_128_CBC_SHA

TLS_RSA_WITH_3DES_EDE_CBC_SHA

SSL2_CK_3DES

TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA

TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA

TLS_RSA_WITH_DES_CBC_SHA

SSL2_CK_DES

TLS_DHE_RSA_WITH_DES_CBC_SHA

TLS_DHE_DSS_WITH_DES_CBC_SHA

TLS_RSA_EXPORT_WITH_RC4_40_MD5

SSL2_CK_RC4_EXPORT40

TLS_RSA_EXPORT_WITH_DES40_CBC_SHA

TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA

TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA

1 2 0.7519 (0.0030) S>C Handshake

ServerHello

Version 3.1

session_id[32]=

47 bc 4e e5 4c 5a 18 cd 5b 8e 54 cd 0c db 22 cf

3b 9b da 3d 8d 1a 2b c3 dd 1c ab 3c fb 7d 3b 43

cipherSuite TLS_RSA_WITH_RC4_128_MD5

compressionMethod NULL

Certificate

ServerHelloDone

1 3 0.7610 (0.0091) C>S Handshake

ClientKeyExchange

1 4 0.8014 (0.0403) C>S ChangeCipherSpec

1 5 0.8014 (0.0000) C>S Handshake

1 6 0.8048 (0.0034) S>C ChangeCipherSpec

1 7 0.9781 (0.1733) S>C Handshake

1 8 0.9797 (0.0015) C>S application_data