I'm running a server that requires a blacklist of weak cipher suites.
So which of the following are weak? http://java.sun.com/javase/6/docs/technotes/guides/security/SunProviders.html#SunJSSEProvider
Why do you need to exclude the bad ones? Why not only include the good ones?
For starters, I'd follow the NSA Suite B guidelines, specifically RFC 5430
2.1m questions
2.1m answers
60 comments
57.0k users
