Java cipher suites

Question

I'm trying to work out the order that cipher suites are returned using SSLSocketFactory.getSupportedCipherSuites() - it seems to differ between Java 1.6 & Java 1.7.

I thought this would be easy to determine but have run into a few problems. First, though, here is the code I'm using:

SSLContext context = SSLContext.getDefault();
SSLSocketFactory sf = context.getSocketFactory();
String[] cipherSuites = sf.getSupportedCipherSuites();

Pretty straight forward (do correct me if I've done something stupid). So, I thought (using eclipse) that I'd be able to step into the getSupportedCipherSuites() method, but it seems the source code isn't there to do that (is there a reason for that?). I found the class in jsse.jar and decompiled it using JD-Eclipse. This however gives me an abstract class and I've not been able to see the concrete implementation of the abstract class (I've discovered that the class can be set using a property "ssl.SocketFactory.provider" but this hasn't been specified in java.security). I've also not been able to determine how to turn logging on using the "javax.net.debug" property (this disappears into a native method).

Could someone point out where I'm going wrong?

Answer 1

The list of supported (and enabled) cipher suites are available in the SunJSSE provider documentation: for Java 6 and for Java 7. The list order differ indeed.

I must admit I have never really paid attention to the order in the supported cipher suite list. The one that matters is the *enabled" cipher suites list.

If you're interested in the code itself, you should find it in sun.security.ssl.SSLContextImpl and sun.security.ssl.CipherSuite. Note that these classes are part of the Sun JSSE implementation and not part of the public Java API.

Regarding debugging, you'll find the required parameters in the Debugging section of the JSSE Reference Guide.