3 Replies Latest reply: May 13, 2013 6:33 PM by EJP RSS

    can you use different cipher suites use different certificates in SSL?

    910573
      So, using JSSE to do SSL, we first do javax.net.ssl.SSLContext.init() where you specify the KeyManagers[]. Here I specify an X509KeyManager where I specify the list of X509 certificates I would like to use while doing SSL communication with an SSL peer. I then make an SSLSocket from the context using SSLContext.getSocketFactory.createSocket() where the SSL socket created uses the KeyManager created in the earlier step.

      However, when I use this socket to negotiate SSL, I do not have any control of which cert is used with which cipher suite is chosen during the SSL handshake. For example, if i have two certificates in the KeyManager, say A and B, I might want to use A only when the cipher suite chosen in the SSL handshake is TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA while I might like to use B when the cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA (The cipher suites are as per RFC 5264 for TLS 1.2).

      Is there a way to have this kind of control while using JSSE in Java?