Define cipher suite for TLS in JCA

Question

I want the support of the following cipher suites in TLS using JCA:

• TLS_PSK_WITH_3DES_EDE_CBC_SHA
• TLS_PSK_WITH_AES_128_CBC_SHA
• TLS_PSK_WITH_NULL_SHA
• TLS_PSK_WITH_AES_128_CBC_SHA256
• TLS_PSK_WITH_NULL_SHA256

They are available in JDK7 but not JDK6, neither BouncyCastle.

If I want the support in JDK6, could I extends JCA to implement the support of these PSK extensions, using SPI, providers and callback methods of JSSE. I can already redefine or add new cipher implementations on runtime, but I'm not sure JCA offers enough granularity to add new cipher suites in TLS.

Answer 1

The clean way would be to implement your own SSLSocketFactory.

If you want to try adding I only see the way to modify the internal classes via reflection.

The relevant class is:

com.sun.net.ssl.internal.ssl.CipherSuite

It has an overloaded private static method "add" for adding cipher implementations to the supported list. May be worth a try.

Answer 2

Still not sure it is possible or not, but we found an implementation of several TLS PSK cipher suites for the Jessie Library.