From XML Firewall to API Server

It is very interesting to see the development of Vordel products. More precisely how they are marketing their products.

The "XML Firewall" was like a "Layer 7 Firewall", focusing on the application level.

Then it evolved to XML Gateway, SOA Gateway and now: here is how they define their "API Server": http://www.soatothecloud.com/2012/06/vordel-introduces-api-server.html.

As a side note, I can't resist a little quote against SOAP: http://www.soatothecloud.com/2012/07/what-scales-better-internet-or-esb.html

TLS: Disabling legacy cipher suites

First: "A cipher suite is a named combination of authentication, encryption, and message authentication code (MAC) algorithms".

If you are using TLS (for HTTPS typicaly) you may want to remove some Cipher Suites.

You maybe a little bit less compatible, but also a bit more secure. Things will be better when TLS1.2 is implemented everywhere.

You can also claim to be FIPS 140 compliant: http://csrc.nist.gov/publications/nistpubs/800-52/SP800-52.pdf !

How to do it:

• From the command line:  http://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/JSSERefGuide.html#Customization
• From code:  http://docs.oracle.com/javase/7/docs/api/javax/net/ssl/SSLSocket.html#setEnabledCipherSuites(java.lang.String%5B%5D)
• Jetty: http://wiki.eclipse.org/Jetty/Howto/CipherSuites
• Tomcat: Look at the "ciphers" attribute in  http://tomcat.apache.org/tomcat-7.0-doc/config/http.html#SSL_Support

If someone knows how to do it on the IBM J9 via configuration, I am interested.