Skip to content

Instantly share code, notes, and snippets.

@unserializable

unserializable/JdkTlsCipherSuiteList.java

Last active January 9, 2017 22:33
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save unserializable/c797bbd7d7680433d05f3ceb33c0163f to your computer and use it in GitHub Desktop.
Save unserializable/c797bbd7d7680433d05f3ceb33c0163f to your computer and use it in GitHub Desktop.
Download ZIP
Lists the enabled / available ciphersuites from the running JDK
Raw
JdkTlsCipherSuiteList.java
import javax.net.ssl.SSLSocketFactory;
import java.util.Set;
import static java.util.Arrays.stream;
import static java.util.stream.Collectors.toSet;
/**
* @author Taimo Peelo
*/
public class JdkTlsCipherSuiteList {
private static final void printJVMInfo() {
System.out.println("Java vendor " + System.getProperty("java.vendor"));
System.out.println("Java vendor url " + System.getProperty("java.vendor.url"));
System.out.println("Java version " + System.getProperty("java.version"));
System.out.println("OS architecture " + System.getProperty("os.arch"));
System.out.println("OS name " + System.getProperty("os.name"));
System.out.println("OS version " + System.getProperty("os.version"));
System.out.println("----------------------------");
}
public static void main(String[] args) {
printJVMInfo();
String hsTargetCS = "TLS_RSA_WITH_AES_128_CBC_SHA256";
SSLSocketFactory ssf = (SSLSocketFactory) SSLSocketFactory.getDefault();
Set<String> enabledSuites = stream(ssf.getDefaultCipherSuites()).collect(toSet());
Set<String> availableSuites = stream(ssf.getSupportedCipherSuites()).collect(toSet());
availableSuites.removeAll(enabledSuites);
System.out.println("Enabled by default");
enabledSuites.forEach(cs ->
System.out.println(" * " + cs)
);
System.out.println("Available (but not enabled)!");
availableSuites.forEach(cs ->
System.out.println(" _ " + cs)
);
if (enabledSuites.contains(hsTargetCS))
System.out.println(
"* Client using the current SDK is able to " +
"handshake+talk to server using '" + hsTargetCS + "'"
);
if (availableSuites.contains(hsTargetCS))
System.out.println(
"_ Client with the current SDK WOULD be able to talk to server " +
"when ciphersuite + '" + hsTargetCS + "'' is enabled!"
);
}
}
@unserializable
Copy link
Author

Sample run from Oracle 1.8.0_111 SDK

Java vendor     Oracle Corporation
Java vendor url http://java.oracle.com/
Java version    1.8.0_111
OS architecture amd64
OS name         Linux
OS version      4.0.0-amd64
----------------------------
Enabled by default
 * TLS_RSA_WITH_AES_128_CBC_SHA256
 * SSL_RSA_WITH_3DES_EDE_CBC_SHA
 * TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
 * TLS_RSA_WITH_AES_128_GCM_SHA256
 * TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
 * TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
 * TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
 * TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
 * TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
 * TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
 * TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
 * TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
 * TLS_RSA_WITH_AES_128_CBC_SHA
 * TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
 * TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
 * TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
 * TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
 * SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
 * TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
 * TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
 * TLS_EMPTY_RENEGOTIATION_INFO_SCSV
 * TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
 * TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
 * TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
 * TLS_DHE_RSA_WITH_AES_128_CBC_SHA
 * TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
 * TLS_DHE_DSS_WITH_AES_128_CBC_SHA
 * SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
 * TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
Available (but not enabled)!
 _ TLS_ECDHE_RSA_WITH_NULL_SHA
 _ SSL_RSA_WITH_DES_CBC_SHA
 _ SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
 _ TLS_KRB5_WITH_DES_CBC_MD5
 _ TLS_ECDH_RSA_WITH_NULL_SHA
 _ SSL_DH_anon_WITH_DES_CBC_SHA
 _ TLS_DH_anon_WITH_AES_128_CBC_SHA
 _ TLS_KRB5_WITH_3DES_EDE_CBC_SHA
 _ TLS_KRB5_WITH_DES_CBC_SHA
 _ TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5
 _ SSL_DHE_RSA_WITH_DES_CBC_SHA
 _ TLS_KRB5_WITH_3DES_EDE_CBC_MD5
 _ TLS_ECDHE_ECDSA_WITH_NULL_SHA
 _ TLS_RSA_WITH_NULL_SHA256
 _ SSL_DH_anon_WITH_3DES_EDE_CBC_SHA
 _ TLS_ECDH_anon_WITH_NULL_SHA
 _ SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
 _ SSL_DHE_DSS_WITH_DES_CBC_SHA
 _ SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
 _ TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA
 _ TLS_ECDH_anon_WITH_AES_128_CBC_SHA
 _ TLS_ECDH_ECDSA_WITH_NULL_SHA
 _ TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA
 _ SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA
 _ SSL_RSA_WITH_NULL_SHA
 _ TLS_DH_anon_WITH_AES_128_CBC_SHA256
 _ SSL_RSA_WITH_NULL_MD5
 _ TLS_DH_anon_WITH_AES_128_GCM_SHA256
* Client using the current SDK is able to handshake+talk to server using 'TLS_RSA_WITH_AES_128_CBC_SHA256'

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment