1 /* 2 * Copyright (c) 2002, 2010, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 /* 25 * @test 26 * @bug 4750141 4895631 27 * @summary Check enabled and supported ciphersuites are correct 28 * @ignore JSSE supported cipher suites are changed with CR 6916074, 29 * need to update this test case in JDK 7 soon 30 */ 31 32 import java.util.*; 33 34 import javax.net.ssl.*; 35 36 import javax.crypto.Cipher; 37 import javax.crypto.spec.*; 38 39 public class CheckCipherSuites { 40 41 private final static String[] ENABLED_DEFAULT = { 42 "SSL_RSA_WITH_RC4_128_MD5", 43 "SSL_RSA_WITH_RC4_128_SHA", 44 "TLS_RSA_WITH_AES_128_CBC_SHA", 45 "TLS_ECDH_ECDSA_WITH_RC4_128_SHA", 46 "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", 47 "TLS_ECDH_RSA_WITH_RC4_128_SHA", 48 "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", 49 "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", 50 "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", 51 "TLS_ECDHE_RSA_WITH_RC4_128_SHA", 52 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", 53 "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", 54 "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", 55 "SSL_RSA_WITH_3DES_EDE_CBC_SHA", 56 "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", 57 "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", 58 "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", 59 "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", 60 "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA", 61 "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA", 62 "SSL_RSA_WITH_DES_CBC_SHA", 63 "SSL_DHE_RSA_WITH_DES_CBC_SHA", 64 "SSL_DHE_DSS_WITH_DES_CBC_SHA", 65 "SSL_RSA_EXPORT_WITH_RC4_40_MD5", 66 "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", 67 "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", 68 "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", 69 "TLS_EMPTY_RENEGOTIATION_INFO_SCSV", 70 71 }; 72 73 private final static String[] ENABLED_UNLIMITED = { 74 "SSL_RSA_WITH_RC4_128_MD5", 75 "SSL_RSA_WITH_RC4_128_SHA", 76 "TLS_RSA_WITH_AES_128_CBC_SHA", 77 "TLS_RSA_WITH_AES_256_CBC_SHA", 78 "TLS_ECDH_ECDSA_WITH_RC4_128_SHA", 79 "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", 80 "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", 81 "TLS_ECDH_RSA_WITH_RC4_128_SHA", 82 "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", 83 "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", 84 "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", 85 "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", 86 "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", 87 "TLS_ECDHE_RSA_WITH_RC4_128_SHA", 88 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", 89 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", 90 "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", 91 "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", 92 "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", 93 "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", 94 "SSL_RSA_WITH_3DES_EDE_CBC_SHA", 95 "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", 96 "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", 97 "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", 98 "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", 99 "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA", 100 "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA", 101 "SSL_RSA_WITH_DES_CBC_SHA", 102 "SSL_DHE_RSA_WITH_DES_CBC_SHA", 103 "SSL_DHE_DSS_WITH_DES_CBC_SHA", 104 "SSL_RSA_EXPORT_WITH_RC4_40_MD5", 105 "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", 106 "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", 107 "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", 108 "TLS_EMPTY_RENEGOTIATION_INFO_SCSV", 109 110 }; 111 112 // supported ciphersuites using default JCE policy jurisdiction files 113 // AES/256 unavailable 114 private final static String[] SUPPORTED_DEFAULT = { 115 "SSL_RSA_WITH_RC4_128_MD5", 116 "SSL_RSA_WITH_RC4_128_SHA", 117 "TLS_RSA_WITH_AES_128_CBC_SHA", 118 "TLS_ECDH_ECDSA_WITH_RC4_128_SHA", 119 "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", 120 "TLS_ECDH_RSA_WITH_RC4_128_SHA", 121 "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", 122 "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", 123 "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", 124 "TLS_ECDHE_RSA_WITH_RC4_128_SHA", 125 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", 126 "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", 127 "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", 128 "SSL_RSA_WITH_3DES_EDE_CBC_SHA", 129 "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", 130 "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", 131 "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", 132 "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", 133 "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA", 134 "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA", 135 "SSL_RSA_WITH_DES_CBC_SHA", 136 "SSL_DHE_RSA_WITH_DES_CBC_SHA", 137 "SSL_DHE_DSS_WITH_DES_CBC_SHA", 138 "SSL_RSA_EXPORT_WITH_RC4_40_MD5", 139 "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", 140 "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", 141 "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", 142 "TLS_EMPTY_RENEGOTIATION_INFO_SCSV", 143 144 "SSL_RSA_WITH_NULL_MD5", 145 "SSL_RSA_WITH_NULL_SHA", 146 "TLS_ECDH_ECDSA_WITH_NULL_SHA", 147 "TLS_ECDH_RSA_WITH_NULL_SHA", 148 "TLS_ECDHE_ECDSA_WITH_NULL_SHA", 149 "TLS_ECDHE_RSA_WITH_NULL_SHA", 150 "SSL_DH_anon_WITH_RC4_128_MD5", 151 "TLS_DH_anon_WITH_AES_128_CBC_SHA", 152 "SSL_DH_anon_WITH_3DES_EDE_CBC_SHA", 153 "SSL_DH_anon_WITH_DES_CBC_SHA", 154 "TLS_ECDH_anon_WITH_RC4_128_SHA", 155 "TLS_ECDH_anon_WITH_AES_128_CBC_SHA", 156 "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA", 157 "SSL_DH_anon_EXPORT_WITH_RC4_40_MD5", 158 "SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA", 159 "TLS_ECDH_anon_WITH_NULL_SHA", 160 "TLS_KRB5_WITH_RC4_128_SHA", 161 "TLS_KRB5_WITH_RC4_128_MD5", 162 "TLS_KRB5_WITH_3DES_EDE_CBC_SHA", 163 "TLS_KRB5_WITH_3DES_EDE_CBC_MD5", 164 "TLS_KRB5_WITH_DES_CBC_SHA", 165 "TLS_KRB5_WITH_DES_CBC_MD5", 166 "TLS_KRB5_EXPORT_WITH_RC4_40_SHA", 167 "TLS_KRB5_EXPORT_WITH_RC4_40_MD5", 168 "TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA", 169 "TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5", 170 171 }; 172 173 // supported ciphersuites using unlimited JCE policy jurisdiction files 174 // AES/256 available 175 private final static String[] SUPPORTED_UNLIMITED = { 176 "SSL_RSA_WITH_RC4_128_MD5", 177 "SSL_RSA_WITH_RC4_128_SHA", 178 "TLS_RSA_WITH_AES_128_CBC_SHA", 179 "TLS_RSA_WITH_AES_256_CBC_SHA", 180 "TLS_ECDH_ECDSA_WITH_RC4_128_SHA", 181 "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", 182 "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", 183 "TLS_ECDH_RSA_WITH_RC4_128_SHA", 184 "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", 185 "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", 186 "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", 187 "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", 188 "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", 189 "TLS_ECDHE_RSA_WITH_RC4_128_SHA", 190 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", 191 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", 192 "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", 193 "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", 194 "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", 195 "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", 196 "SSL_RSA_WITH_3DES_EDE_CBC_SHA", 197 "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", 198 "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", 199 "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", 200 "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", 201 "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA", 202 "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA", 203 "SSL_RSA_WITH_DES_CBC_SHA", 204 "SSL_DHE_RSA_WITH_DES_CBC_SHA", 205 "SSL_DHE_DSS_WITH_DES_CBC_SHA", 206 "SSL_RSA_EXPORT_WITH_RC4_40_MD5", 207 "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", 208 "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", 209 "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", 210 "TLS_EMPTY_RENEGOTIATION_INFO_SCSV", 211 212 "SSL_RSA_WITH_NULL_MD5", 213 "SSL_RSA_WITH_NULL_SHA", 214 "TLS_ECDH_ECDSA_WITH_NULL_SHA", 215 "TLS_ECDH_RSA_WITH_NULL_SHA", 216 "TLS_ECDHE_ECDSA_WITH_NULL_SHA", 217 "TLS_ECDHE_RSA_WITH_NULL_SHA", 218 "SSL_DH_anon_WITH_RC4_128_MD5", 219 "TLS_DH_anon_WITH_AES_128_CBC_SHA", 220 "TLS_DH_anon_WITH_AES_256_CBC_SHA", 221 "SSL_DH_anon_WITH_3DES_EDE_CBC_SHA", 222 "SSL_DH_anon_WITH_DES_CBC_SHA", 223 "TLS_ECDH_anon_WITH_RC4_128_SHA", 224 "TLS_ECDH_anon_WITH_AES_128_CBC_SHA", 225 "TLS_ECDH_anon_WITH_AES_256_CBC_SHA", 226 "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA", 227 "SSL_DH_anon_EXPORT_WITH_RC4_40_MD5", 228 "SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA", 229 "TLS_ECDH_anon_WITH_NULL_SHA", 230 "TLS_KRB5_WITH_RC4_128_SHA", 231 "TLS_KRB5_WITH_RC4_128_MD5", 232 "TLS_KRB5_WITH_3DES_EDE_CBC_SHA", 233 "TLS_KRB5_WITH_3DES_EDE_CBC_MD5", 234 "TLS_KRB5_WITH_DES_CBC_SHA", 235 "TLS_KRB5_WITH_DES_CBC_MD5", 236 "TLS_KRB5_EXPORT_WITH_RC4_40_SHA", 237 "TLS_KRB5_EXPORT_WITH_RC4_40_MD5", 238 "TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA", 239 "TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5", 240 241 }; 242 243 private static void showSuites(String[] suites) { 244 if ((suites == null) || (suites.length == 0)) { 245 System.out.println("<none>"); 246 } 247 for (int i = 0; i < suites.length; i++) { 248 System.out.println(" " + suites[i]); 249 } 250 } 251 252 public static void main(String[] args) throws Exception { 253 long start = System.currentTimeMillis(); 254 255 String[] ENABLED; 256 String[] SUPPORTED; 257 try { 258 Cipher c = Cipher.getInstance("AES/CBC/NoPadding"); 259 SecretKeySpec key = new SecretKeySpec(new byte[32], "AES"); 260 c.init(Cipher.ENCRYPT_MODE, key); 261 System.out.println("AES/256 is available"); 262 ENABLED = ENABLED_UNLIMITED; 263 SUPPORTED = SUPPORTED_UNLIMITED; 264 } catch (Exception e) { 265 System.out.println("AES/256 is NOT available (" + e + ")"); 266 ENABLED = ENABLED_DEFAULT; 267 SUPPORTED = SUPPORTED_DEFAULT; 268 } 269 270 SSLSocketFactory factory = (SSLSocketFactory)SSLSocketFactory.getDefault(); 271 SSLSocket socket = (SSLSocket)factory.createSocket(); 272 String[] enabled = socket.getEnabledCipherSuites(); 273 274 System.out.println("Default enabled ciphersuites:"); 275 showSuites(enabled); 276 277 if (Arrays.equals(ENABLED, enabled) == false) { 278 System.out.println("*** MISMATCH, should be ***"); 279 showSuites(ENABLED); 280 throw new Exception("Enabled ciphersuite mismatch"); 281 } 282 System.out.println("OK"); 283 System.out.println(); 284 285 String[] supported = socket.getSupportedCipherSuites(); 286 System.out.println("Supported ciphersuites:"); 287 showSuites(supported); | 1 /* 2 * Copyright (c) 2002, 2019, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 /* 25 * @test 26 * @bug 4750141 4895631 8217579 27 * @summary Check enabled and supported ciphersuites are correct 28 * @run main CheckCipherSuites default 29 * @run main/othervm CheckCipherSuites limited 30 */ 31 32 import java.util.*; 33 import java.security.Security; 34 import javax.net.ssl.*; 35 36 public class CheckCipherSuites { 37 38 // List of enabled cipher suites when the "crypto.policy" security 39 // property is set to "unlimited" (the default value). 40 private final static String[] ENABLED_DEFAULT = { 41 "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", 42 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", 43 "TLS_RSA_WITH_AES_256_CBC_SHA256", 44 "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384", 45 "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384", 46 "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", 47 "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256", 48 "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", 49 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", 50 "TLS_RSA_WITH_AES_256_CBC_SHA", 51 "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", 52 "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", 53 "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", 54 "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", 55 "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", 56 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", 57 "TLS_RSA_WITH_AES_128_CBC_SHA256", 58 "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256", 59 "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256", 60 "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", 61 "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256", 62 "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", 63 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", 64 "TLS_RSA_WITH_AES_128_CBC_SHA", 65 "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", 66 "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", 67 "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", 68 "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", 69 "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", 70 "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", 71 "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", 72 "TLS_RSA_WITH_AES_256_GCM_SHA384", 73 "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384", 74 "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384", 75 "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", 76 "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384", 77 "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", 78 "TLS_RSA_WITH_AES_128_GCM_SHA256", 79 "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256", 80 "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256", 81 "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", 82 "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256", 83 "TLS_EMPTY_RENEGOTIATION_INFO_SCSV" 84 }; 85 86 // List of enabled cipher suites when the "crypto.policy" security 87 // property is set to "limited". 88 private final static String[] ENABLED_LIMITED = { 89 "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", 90 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", 91 "TLS_RSA_WITH_AES_128_CBC_SHA256", 92 "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256", 93 "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256", 94 "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", 95 "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256", 96 "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", 97 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", 98 "TLS_RSA_WITH_AES_128_CBC_SHA", 99 "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", 100 "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", 101 "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", 102 "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", 103 "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", 104 "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", 105 "TLS_RSA_WITH_AES_128_GCM_SHA256", 106 "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256", 107 "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256", 108 "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", 109 "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256", 110 "TLS_EMPTY_RENEGOTIATION_INFO_SCSV" 111 }; 112 113 // List of supported cipher suites when the "crypto.policy" security 114 // property is set to "unlimited" (the default value). 115 private final static String[] SUPPORTED_DEFAULT = { 116 "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", 117 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", 118 "TLS_RSA_WITH_AES_256_CBC_SHA256", 119 "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384", 120 "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384", 121 "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", 122 "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256", 123 "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", 124 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", 125 "TLS_RSA_WITH_AES_256_CBC_SHA", 126 "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", 127 "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", 128 "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", 129 "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", 130 "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", 131 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", 132 "TLS_RSA_WITH_AES_128_CBC_SHA256", 133 "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256", 134 "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256", 135 "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", 136 "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256", 137 "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", 138 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", 139 "TLS_RSA_WITH_AES_128_CBC_SHA", 140 "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", 141 "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", 142 "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", 143 "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", 144 "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", 145 "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", 146 "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", 147 "TLS_RSA_WITH_AES_256_GCM_SHA384", 148 "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384", 149 "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384", 150 "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", 151 "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384", 152 "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", 153 "TLS_RSA_WITH_AES_128_GCM_SHA256", 154 "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256", 155 "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256", 156 "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", 157 "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256", 158 "TLS_EMPTY_RENEGOTIATION_INFO_SCSV" 159 }; 160 161 // List of supported cipher suites when the "crypto.policy" security 162 // property is set to "limited". 163 private final static String[] SUPPORTED_LIMITED = { 164 "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", 165 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", 166 "TLS_RSA_WITH_AES_128_CBC_SHA256", 167 "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256", 168 "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256", 169 "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", 170 "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256", 171 "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", 172 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", 173 "TLS_RSA_WITH_AES_128_CBC_SHA", 174 "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", 175 "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", 176 "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", 177 "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", 178 "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", 179 "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", 180 "TLS_RSA_WITH_AES_128_GCM_SHA256", 181 "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256", 182 "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256", 183 "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", 184 "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256", 185 "TLS_EMPTY_RENEGOTIATION_INFO_SCSV" 186 }; 187 188 private static void showSuites(String[] suites) { 189 if ((suites == null) || (suites.length == 0)) { 190 System.out.println("<none>"); 191 } 192 for (int i = 0; i < suites.length; i++) { 193 System.out.println(" " + suites[i]); 194 } 195 } 196 197 public static void main(String[] args) throws Exception { 198 long start = System.currentTimeMillis(); 199 200 if (args.length != 1) { 201 throw new Exception("One arg required"); 202 } 203 204 String[] ENABLED; 205 String[] SUPPORTED; 206 if (args[0].equals("default")) { 207 ENABLED = ENABLED_DEFAULT; 208 SUPPORTED = SUPPORTED_DEFAULT; 209 } else if (args[0].equals("limited")) { 210 Security.setProperty("crypto.policy", "limited"); 211 ENABLED = ENABLED_LIMITED; 212 SUPPORTED = SUPPORTED_LIMITED; 213 } else { 214 throw new Exception("Illegal argument"); 215 } 216 217 SSLSocketFactory factory = (SSLSocketFactory)SSLSocketFactory.getDefault(); 218 SSLSocket socket = (SSLSocket)factory.createSocket(); 219 String[] enabled = socket.getEnabledCipherSuites(); 220 221 System.out.println("Default enabled ciphersuites:"); 222 showSuites(enabled); 223 224 if (Arrays.equals(ENABLED, enabled) == false) { 225 System.out.println("*** MISMATCH, should be ***"); 226 showSuites(ENABLED); 227 throw new Exception("Enabled ciphersuite mismatch"); 228 } 229 System.out.println("OK"); 230 System.out.println(); 231 232 String[] supported = socket.getSupportedCipherSuites(); 233 System.out.println("Supported ciphersuites:"); 234 showSuites(supported); |