1 Reply Latest reply on Mar 31, 2011 12:58 PM by 851040

    Additional cipher being added to the list of enabled ciphers


      The following code below sets the list of enabled ciphers for the TLS negotiation:

      this.tlsResponse = (StartTlsResponse) ((InitialLdapContext) ctx).extendedOperation(new StartTlsRequest());
      SSLSession sess = this.tlsResponse.negotiate(factory);

      where FIPS_APPROVED_CIPHER_LIST is defined as:
      private static final String[] FIPS_APPROVED_CIPHER_LIST = new String[] { "TLS_RSA_WITH_AES_128_CBC_SHA",

      But when I do a packet trace (using wireshark) of the handshake between my client and the LDAP server, I see the list of supported ciphers offered by the client includes:

      Cipher Spec: SSL2_DES_192_EDE3_CBC_WITH_MD5 (0x0700c0)

      which is not in the list of enabled ciphers that I specified for the handshake. I notice that this gratuitous cipher is added whenever I enable the "SSL_RSA_WITH_3DES_EDE_CBC_SHA" cipher.

      Any idea why this is happening?

      Thanks in advance.