I’m using Java’s SSLSocket to secure communications between a client and a server program. The server program also serves up HTTPS requests from web browsers.
According to “Beginning Cryptography with Java“, page 371, you should always call setEnabledCipherSuites on your SSLSocket / SSLServerSocket to ensure that the cipher suite that ends up being negotiated is sufficiently strong for your purposes.
That being said, a call to my SSLSocketFactory‘s getDefaultCipherSuites method yields some 180 options. These options range from TLS_RSA_WITH_AES_256_CBC_SHA (which I think is fairly secure) to SSL_RSA_WITH_RC4_128_MD5 (not so sure if that’s secure, given MD5’s current status) to SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA (not entirely sure what that does).
What’s a sensible list of cipher suites to restrict the sockets to?
Note that the client and server have access to the Bouncy Castle service provider, and that they may or may not have unlimited cryptographic policy files installed.
Don’t use anything with export in it. That’s crippleware due to export restrictions on strong cryptography.
EDIT: Changed to use 2009 document.
A 2009 NIST recommendation lists the following, incluing TLS_RSA_WITH_AES_256_CBC_SHA (which you mentioned):
TLS_RSA_WITH_NULL_SHA(don’t use this unless you’re sure you don’t need any privacy/confidentiality).