Horcrux7
Reputation: 24467
Why not all cipher suites are enabled by default in Java?
What is the disadvantage of:
sslSocket.setEnabledCipherSuites( sslSocket.getSupportedCipherSuites() );
Why is this not the default setting? Are there some security risk with some of it?
Upvotes: 2
Views: 708
Answers (1)
Eugene Mayevski 'Callback
Reputation: 46080
Not all cipher suites are equal. The list of supported cipher suites can include NULL ciphersuites (no encryption or no authentication or both) or other weak cipher suites and you probably don't want this to be enabled?
Upvotes: 4
Related Questions
- Which Cipher Suites to enable for SSL Socket?
- Java SSLHandshakeException "no cipher suites in common"
- Java SSLHandshakeException: no cipher suites in common
- Java - no cipher suites in common
- javax.net.ssl.SSLHandshakeException: no cipher suites in common no cipher suites in common
- Java cipher suites
- No cipher suites in common java sockets
- How to configure SSL Cipher Suites for https in Java
- Enabled ciphers on Ubuntu OpenJDK 7
- Java "no cipher suites in common" issue when trying to securely connect to server