Ask Your Question

Difference in used cipher suites

asked 2021-09-12 20:41:33 +0000

Hi guys,

I’ve been wondering how applications determine which cipher suites they offer to the server. In particular I would like to know if there is a difference between Microsoft Edge browser and Java JRE because it looks like both offer a different set of cipher suites as a client. In my trace it looks like Edge is sending 43 cipher suites (one of them is matched by the server) whereas Java JRE only sends a set of 12 and being denied because there is no match with any of the cipher suites that the server supports.

So why this difference (IT doesn’t seem to have limited anything on the JRE side configuration) and how can I make Java JRE offer the correct (TLS1.2) cipher suites that my server will support?

I’d be happy to provide detailed information if that’s required.

edit retag flag offensive close merge delete

1 Answer

Sort by » oldest newest most voted

answered 2021-09-13 07:50:46 +0000

grahamb gravatar image

updated 2021-09-13 07:51:22 +0000

Ms Edge (and many other Windows applications) uses the SChannel TLS config data from the registry to determine which TLS versions and ciphers to be offered, see here.

Java uses property settings from <java home>/conf/security/ along with the defaults of the provider being used.

In both cases the ciphers offered by a client an be modified from the defaults by an individual application.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2021-09-12 20:41:33 +0000

Seen: 286 times

Last updated: Sep 13 '21