This discussion is archived
3 Replies Latest reply: May 13, 2013 4:33 PM by EJP RSS

can you use different cipher suites use different certificates in SSL?

910573 Newbie
Currently Being Moderated
So, using JSSE to do SSL, we first do javax.net.ssl.SSLContext.init() where you specify the KeyManagers[]. Here I specify an X509KeyManager where I specify the list of X509 certificates I would like to use while doing SSL communication with an SSL peer. I then make an SSLSocket from the context using SSLContext.getSocketFactory.createSocket() where the SSL socket created uses the KeyManager created in the earlier step.

However, when I use this socket to negotiate SSL, I do not have any control of which cert is used with which cipher suite is chosen during the SSL handshake. For example, if i have two certificates in the KeyManager, say A and B, I might want to use A only when the cipher suite chosen in the SSL handshake is TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA while I might like to use B when the cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA (The cipher suites are as per RFC 5264 for TLS 1.2).

Is there a way to have this kind of control while using JSSE in Java?

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points