Dose ICESSL support 3DES encryption algorithm?

ren-wei

Hi,i need some help for Icessl.
I want to use Icessl in my project,but i' m not clear which encryption algorithm ice support.whether it support 3DES OR MD5?
Thank you for you help！

mes

Hi,

You can set the property IceSSL.Trace.Security=1 to see a list of the cipher suites that are enabled by default. In a server, this list isn't printed until a client establishes an SSL connection. For example, here is the output from a Java server:

-- Server: Security: enabling SSL ciphersuites:
     SSL_RSA_WITH_RC4_128_MD5
     SSL_RSA_WITH_RC4_128_SHA
     TLS_RSA_WITH_AES_128_CBC_SHA
     TLS_DHE_RSA_WITH_AES_128_CBC_SHA
     TLS_DHE_DSS_WITH_AES_128_CBC_SHA
     SSL_RSA_WITH_3DES_EDE_CBC_SHA
     SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
     SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
     SSL_RSA_WITH_DES_CBC_SHA
     SSL_DHE_RSA_WITH_DES_CBC_SHA
     SSL_DHE_DSS_WITH_DES_CBC_SHA
     SSL_RSA_EXPORT_WITH_RC4_40_MD5
     SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
     SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
     SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
-- Server: Security: SSL summary for incoming connection
   cipher = SSL_RSA_WITH_RC4_128_MD5
   protocol = TLSv1
   local address = 127.0.0.1:10001
   remote address = 127.0.0.1:44303

If you want to restrict the SSL connections so that they only use 3DES ciphersuites, you can set the following property:

IceSSL.Ciphers=NONE (.*3DES.*)

With this property defined, the Java server output now looks as follows:

-- Server: Security: enabling SSL ciphersuites:
     TLS_KRB5_WITH_3DES_EDE_CBC_MD5
     TLS_KRB5_WITH_3DES_EDE_CBC_SHA
     SSL_DH_anon_WITH_3DES_EDE_CBC_SHA
     SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
     SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
     SSL_RSA_WITH_3DES_EDE_CBC_SHA
-- Server: Security: SSL summary for incoming connection
   cipher = SSL_RSA_WITH_3DES_EDE_CBC_SHA
   protocol = TLSv1
   local address = 127.0.0.1:10001
   remote address = 127.0.0.1:45940

Hope that helps,
Mark

ren-wei

thanks for you help