Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Java cipher suites

Tags:

java

ssl

I'm trying to work out the order that cipher suites are returned using SSLSocketFactory.getSupportedCipherSuites() - it seems to differ between Java 1.6 & Java 1.7.

I thought this would be easy to determine but have run into a few problems. First, though, here is the code I'm using:

SSLContext context = SSLContext.getDefault();
SSLSocketFactory sf = context.getSocketFactory();
String[] cipherSuites = sf.getSupportedCipherSuites();

Pretty straight forward (do correct me if I've done something stupid). So, I thought (using eclipse) that I'd be able to step into the getSupportedCipherSuites() method, but it seems the source code isn't there to do that (is there a reason for that?). I found the class in jsse.jar and decompiled it using JD-Eclipse. This however gives me an abstract class and I've not been able to see the concrete implementation of the abstract class (I've discovered that the class can be set using a property "ssl.SocketFactory.provider" but this hasn't been specified in java.security). I've also not been able to determine how to turn logging on using the "javax.net.debug" property (this disappears into a native method).

Could someone point out where I'm going wrong?

like image 799
Amadeus1756 Avatar asked May 07 '12 19:05

Amadeus1756


People also ask

What is cipher suite in Java?

Cipher suites define the key exchange, data encryption, and hash algorithms used for an SSL session between a client and server. Cipher suites define the key exchange, data encryption, and hash algorithms used for an SSL session between a client and server.

What is a TLS 1.2 cipher suite?

What is a TLS 1.2 Cipher Suite? As we covered in the last section, a Cipher Suite is a combination of algorithms used to negotiate security settings during the SSL/TLS handshake. When the ClientHello and ServerHello messages are exchanged the client sends a prioritized list of cipher suites it supports.


1 Answers

The list of supported (and enabled) cipher suites are available in the SunJSSE provider documentation: for Java 6 and for Java 7. The list order differ indeed.

I must admit I have never really paid attention to the order in the supported cipher suite list. The one that matters is the *enabled" cipher suites list.

If you're interested in the code itself, you should find it in sun.security.ssl.SSLContextImpl and sun.security.ssl.CipherSuite. Note that these classes are part of the Sun JSSE implementation and not part of the public Java API.

Regarding debugging, you'll find the required parameters in the Debugging section of the JSSE Reference Guide.

like image 183
Bruno Avatar answered Sep 20 '22 15:09

Bruno