IdP 3.2 - ECDHE cipher

John Horne john.horne at
Fri Dec 4 17:03:39 EST 2015

On Fri, 2015-12-04 at 19:04 +0000, Cantor, Scott wrote:
> On 12/4/15, 2:00 PM, "users on behalf of Marvin Addison" <users-bounc
> es at on behalf of marvin.addison at> wrote:
> > That's a notable difference between the 9.2 and 9.3 docs. I'm not
> > using that syntax (we use an explicit list of cipher suites) and
> > our 9.3 IdP supports ECDHE just fine.
> The reason they're different is that initially I couldn't get the
> regex stuff working on 9.2, even though Jetty documented it that way.
> It did work on 9.3. It's possible that's a Java 8 issue because I did
> make it work on Java 8 + 9.2 (or 9.3).
> Anyway, for 9.3 and Java 8, it should work fine. But the error
> message does suggest that's applying the expression too literally. I
> don't know why it does that.
With the logging set to debug level, the log file shows the ciphers
available and the ones that will be used. The regex does work in only
selecting the TLS_RSA ciphers (in my case). If I change the regex to
use '.*', then all the ciphers are selected (as expected).

As Marvin Addison said '...and our 9.3 IdP supports ECDHE just fine'.
That's what I can't understand. For some reason in our case ECDHE is
not seen as being available, and hence we get the 'No cipher
matching...' message. If I can't find the reason soon, then I'll see
about asking on the Jetty mailing list (I assume there is one).


John Horne                   Tel: +44 (0)1752 587287
Plymouth University, UK

More information about the users mailing list