2

I'm running an application on a GlassFish 4.0 server that I want to secure with the strongest encryption possible (or at least as close to this as possible).

In the GlassFish Network Listeners screen in the Administration Console it appears that the strongest cipher suite available is 128-bit.

Is it possible to install a stronger cipher suite or is there some other way to enable 256-bit encryption over SSL?

hurleytom
  • 103
  • 1
  • 1
  • 9

1 Answers1

3

Yes, it is possible.

GlassFish essentially uses what is supported by the underlying JSSE.

In general it should be there by default, if you only see 128bit ciphers this indicates you have a "restricted" JVM/JDK.

Go to http://www.oracle.com/technetwork/java/javase/downloads/index.html and download the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files (at the bottom of the page). Put these files into ${java.home}/jre/lib/security. Make sure you get the right one for the Java version you have (probably 6 or 7).

That should allow you to use the 256bit cipher suites.

See also:

Community
  • 1
  • 1
unwichtich
  • 13,712
  • 4
  • 53
  • 66
  • 1
    I replaced the `local_policy.jar` and the `US_export_policy.jar` files in `${java.home}/jdk1.7.0_45/jre/lib/security` with the Unlimited JCE versions. I then restarted GlassFish and the 256-bit cipher suites are now available. Many thanks. – hurleytom Jan 27 '14 at 22:29