How to specify the ciphersuite to be used in SSL session

Question

I have created a socket on port 443 as in the following line:

socket = (SSLSocket) factory.createSocket(hostName, port);

Then, I wanted to

Answer 1

I found out that I added socket.getsession() before the setEnableCipherSuite() in order to print out the enabled cipheres before setting them. When I removed it, the cipher has been set. why is that ?

As documented in the SSLSocket JavaDoc:

The initial handshake on this connection can be initiated in one of three ways:

• calling startHandshake which explicitly begins handshakes, or
• any attempt to read or write application data on this socket causes an implicit handshake, or
• a call to getSession tries to set up a session if there is no currently valid session, and an implicit handshake is done.

If you call getSession() before calling setEnabledCipherSuite(), the handshake has already been done when you try to set the enabled cipher suites, so this session's cipher suite has already been selected.