Home Help Center

Dose ICESSL support 3DES encryption algorithm?

ren-weiren-wei Member wei renOrganization: Hainan AirlineProject: support external system connect ticketsalesystem
Hi,i need some help for Icessl.
I want to use Icessl in my project,but i' m not clear which encryption algorithm ice support.whether it support 3DES OR MD5?
Thank you for you help!

Comments

  • mesmes CaliforniaAdministrators, ZeroC Staff Mark SpruiellOrganization: ZeroC, Inc.Project: Ice Developer ZeroC Staff
    Hi,

    You can set the property IceSSL.Trace.Security=1 to see a list of the cipher suites that are enabled by default. In a server, this list isn't printed until a client establishes an SSL connection. For example, here is the output from a Java server:
    -- Server: Security: enabling SSL ciphersuites:
         SSL_RSA_WITH_RC4_128_MD5
         SSL_RSA_WITH_RC4_128_SHA
         TLS_RSA_WITH_AES_128_CBC_SHA
         TLS_DHE_RSA_WITH_AES_128_CBC_SHA
         TLS_DHE_DSS_WITH_AES_128_CBC_SHA
         SSL_RSA_WITH_3DES_EDE_CBC_SHA
         SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
         SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
         SSL_RSA_WITH_DES_CBC_SHA
         SSL_DHE_RSA_WITH_DES_CBC_SHA
         SSL_DHE_DSS_WITH_DES_CBC_SHA
         SSL_RSA_EXPORT_WITH_RC4_40_MD5
         SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
         SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
         SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
    -- Server: Security: SSL summary for incoming connection
       cipher = SSL_RSA_WITH_RC4_128_MD5
       protocol = TLSv1
       local address = 127.0.0.1:10001
       remote address = 127.0.0.1:44303
    
    If you want to restrict the SSL connections so that they only use 3DES ciphersuites, you can set the following property:
    IceSSL.Ciphers=NONE (.*3DES.*)
    
    With this property defined, the Java server output now looks as follows:
    -- Server: Security: enabling SSL ciphersuites:
         TLS_KRB5_WITH_3DES_EDE_CBC_MD5
         TLS_KRB5_WITH_3DES_EDE_CBC_SHA
         SSL_DH_anon_WITH_3DES_EDE_CBC_SHA
         SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
         SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
         SSL_RSA_WITH_3DES_EDE_CBC_SHA
    -- Server: Security: SSL summary for incoming connection
       cipher = SSL_RSA_WITH_3DES_EDE_CBC_SHA
       protocol = TLSv1
       local address = 127.0.0.1:10001
       remote address = 127.0.0.1:45940
    
    Hope that helps,
    Mark
  • ren-weiren-wei Member wei renOrganization: Hainan AirlineProject: support external system connect ticketsalesystem
    :) thanks for you help
Sign In or Register to comment.