I would like to prioritize cipher suites so I can implement perfect forward secrecy. I am not sure if this is feasible in GlassFish or Payara. We are currently running Payara Server 4.1.1.154.
SnapOverflow
You can do that by selecting which cipher suites should be used. You have to specify the suites in the order of priority.
The Admin Console doesn't provide UI to order the selected cipher suites but you can work around it by selecting cipher suites one by one - additional suites are added at the end of the list and the order is preserved. If you want to use all available suites, you still need to select all of them one by one.
For HTTPS listeners, you would configure it with Admin Console in the SSL tab of HTTP Service -> Http Listeners -> http-listener-2 (or another listener):
Alternatively, you can specify the cipher suites using the
asadmintool:asadmin set configs.config.server-config.network-config.protocols.protocol.http-listener-2.ssl.ssl3-tls-ciphers=+SSL_RSA_WITH_3DES_EDE_CBC_SHA,+TLS_RSA_WITH_AES_128_CBC_SHAAgain, the order of suites is preserved.
In case you need to set the order of ciphers for communication with the cluster of servers, you should configure the Admin Service instead.