< prev index next >

test/sun/security/ssl/sanity/ciphersuites/CheckCipherSuites.java

Print this page


   1 /*
   2  * Copyright (c) 2002, 2010, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.
   8  *
   9  * This code is distributed in the hope that it will be useful, but WITHOUT
  10  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  11  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  12  * version 2 for more details (a copy is included in the LICENSE file that
  13  * accompanied this code).
  14  *
  15  * You should have received a copy of the GNU General Public License version
  16  * 2 along with this work; if not, write to the Free Software Foundation,
  17  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  18  *
  19  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  20  * or visit www.oracle.com if you need additional information or have any
  21  * questions.
  22  */
  23 
  24 /*
  25  * @test
  26  * @bug 4750141 4895631
  27  * @summary Check enabled and supported ciphersuites are correct
  28  * @ignore JSSE supported cipher suites are changed with CR 6916074,
  29  *     need to update this test case in JDK 7 soon
  30  */
  31 
  32 import java.util.*;
  33 
  34 import javax.net.ssl.*;
  35 
  36 import javax.crypto.Cipher;
  37 import javax.crypto.spec.*;
  38 
  39 public class CheckCipherSuites {
  40 


  41     private final static String[] ENABLED_DEFAULT = {
  42         "SSL_RSA_WITH_RC4_128_MD5",
  43         "SSL_RSA_WITH_RC4_128_SHA",





















  44         "TLS_RSA_WITH_AES_128_CBC_SHA",
  45         "TLS_ECDH_ECDSA_WITH_RC4_128_SHA",
  46         "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA",
  47         "TLS_ECDH_RSA_WITH_RC4_128_SHA",
  48         "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA",
  49         "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
  50         "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
  51         "TLS_ECDHE_RSA_WITH_RC4_128_SHA",
  52         "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
  53         "TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
  54         "TLS_DHE_DSS_WITH_AES_128_CBC_SHA",
  55         "SSL_RSA_WITH_3DES_EDE_CBC_SHA",
  56         "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA",
  57         "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA",
  58         "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA",
  59         "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",
  60         "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
  61         "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA",
  62         "SSL_RSA_WITH_DES_CBC_SHA",
  63         "SSL_DHE_RSA_WITH_DES_CBC_SHA",
  64         "SSL_DHE_DSS_WITH_DES_CBC_SHA",
  65         "SSL_RSA_EXPORT_WITH_RC4_40_MD5",
  66         "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA",
  67         "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
  68         "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA",
  69         "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
  70 
  71     };
  72 
  73     private final static String[] ENABLED_UNLIMITED = {
  74         "SSL_RSA_WITH_RC4_128_MD5",
  75         "SSL_RSA_WITH_RC4_128_SHA",









  76         "TLS_RSA_WITH_AES_128_CBC_SHA",
  77         "TLS_RSA_WITH_AES_256_CBC_SHA",
  78         "TLS_ECDH_ECDSA_WITH_RC4_128_SHA",
  79         "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA",
  80         "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA",
  81         "TLS_ECDH_RSA_WITH_RC4_128_SHA",
  82         "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA",
  83         "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA",
  84         "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
  85         "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
  86         "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
  87         "TLS_ECDHE_RSA_WITH_RC4_128_SHA",
  88         "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
  89         "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
  90         "TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
  91         "TLS_DHE_RSA_WITH_AES_256_CBC_SHA",
  92         "TLS_DHE_DSS_WITH_AES_128_CBC_SHA",
  93         "TLS_DHE_DSS_WITH_AES_256_CBC_SHA",
  94         "SSL_RSA_WITH_3DES_EDE_CBC_SHA",
  95         "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA",
  96         "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA",
  97         "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA",
  98         "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",
  99         "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
 100         "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA",
 101         "SSL_RSA_WITH_DES_CBC_SHA",
 102         "SSL_DHE_RSA_WITH_DES_CBC_SHA",
 103         "SSL_DHE_DSS_WITH_DES_CBC_SHA",
 104         "SSL_RSA_EXPORT_WITH_RC4_40_MD5",
 105         "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA",
 106         "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
 107         "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA",
 108         "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
 109 
 110     };
 111 
 112     // supported ciphersuites using default JCE policy jurisdiction files
 113     // AES/256 unavailable
 114     private final static String[] SUPPORTED_DEFAULT = {
 115         "SSL_RSA_WITH_RC4_128_MD5",
 116         "SSL_RSA_WITH_RC4_128_SHA",





















 117         "TLS_RSA_WITH_AES_128_CBC_SHA",
 118         "TLS_ECDH_ECDSA_WITH_RC4_128_SHA",
 119         "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA",
 120         "TLS_ECDH_RSA_WITH_RC4_128_SHA",
 121         "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA",
 122         "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
 123         "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
 124         "TLS_ECDHE_RSA_WITH_RC4_128_SHA",
 125         "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
 126         "TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
 127         "TLS_DHE_DSS_WITH_AES_128_CBC_SHA",
 128         "SSL_RSA_WITH_3DES_EDE_CBC_SHA",
 129         "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA",
 130         "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA",
 131         "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA",
 132         "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",
 133         "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
 134         "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA",
 135         "SSL_RSA_WITH_DES_CBC_SHA",
 136         "SSL_DHE_RSA_WITH_DES_CBC_SHA",
 137         "SSL_DHE_DSS_WITH_DES_CBC_SHA",
 138         "SSL_RSA_EXPORT_WITH_RC4_40_MD5",
 139         "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA",
 140         "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
 141         "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA",
 142         "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
 143 
 144         "SSL_RSA_WITH_NULL_MD5",
 145         "SSL_RSA_WITH_NULL_SHA",
 146         "TLS_ECDH_ECDSA_WITH_NULL_SHA",
 147         "TLS_ECDH_RSA_WITH_NULL_SHA",
 148         "TLS_ECDHE_ECDSA_WITH_NULL_SHA",
 149         "TLS_ECDHE_RSA_WITH_NULL_SHA",
 150         "SSL_DH_anon_WITH_RC4_128_MD5",
 151         "TLS_DH_anon_WITH_AES_128_CBC_SHA",
 152         "SSL_DH_anon_WITH_3DES_EDE_CBC_SHA",
 153         "SSL_DH_anon_WITH_DES_CBC_SHA",
 154         "TLS_ECDH_anon_WITH_RC4_128_SHA",
 155         "TLS_ECDH_anon_WITH_AES_128_CBC_SHA",
 156         "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA",
 157         "SSL_DH_anon_EXPORT_WITH_RC4_40_MD5",
 158         "SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA",
 159         "TLS_ECDH_anon_WITH_NULL_SHA",
 160         "TLS_KRB5_WITH_RC4_128_SHA",
 161         "TLS_KRB5_WITH_RC4_128_MD5",
 162         "TLS_KRB5_WITH_3DES_EDE_CBC_SHA",
 163         "TLS_KRB5_WITH_3DES_EDE_CBC_MD5",
 164         "TLS_KRB5_WITH_DES_CBC_SHA",
 165         "TLS_KRB5_WITH_DES_CBC_MD5",
 166         "TLS_KRB5_EXPORT_WITH_RC4_40_SHA",
 167         "TLS_KRB5_EXPORT_WITH_RC4_40_MD5",
 168         "TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA",
 169         "TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5",
 170 
 171     };
 172 
 173     // supported ciphersuites using unlimited JCE policy jurisdiction files
 174     // AES/256 available
 175     private final static String[] SUPPORTED_UNLIMITED = {
 176         "SSL_RSA_WITH_RC4_128_MD5",
 177         "SSL_RSA_WITH_RC4_128_SHA",







 178         "TLS_RSA_WITH_AES_128_CBC_SHA",
 179         "TLS_RSA_WITH_AES_256_CBC_SHA",
 180         "TLS_ECDH_ECDSA_WITH_RC4_128_SHA",
 181         "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA",
 182         "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA",
 183         "TLS_ECDH_RSA_WITH_RC4_128_SHA",
 184         "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA",
 185         "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA",
 186         "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
 187         "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
 188         "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
 189         "TLS_ECDHE_RSA_WITH_RC4_128_SHA",
 190         "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
 191         "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
 192         "TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
 193         "TLS_DHE_RSA_WITH_AES_256_CBC_SHA",
 194         "TLS_DHE_DSS_WITH_AES_128_CBC_SHA",
 195         "TLS_DHE_DSS_WITH_AES_256_CBC_SHA",
 196         "SSL_RSA_WITH_3DES_EDE_CBC_SHA",
 197         "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA",
 198         "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA",
 199         "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA",
 200         "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",
 201         "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
 202         "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA",
 203         "SSL_RSA_WITH_DES_CBC_SHA",
 204         "SSL_DHE_RSA_WITH_DES_CBC_SHA",
 205         "SSL_DHE_DSS_WITH_DES_CBC_SHA",
 206         "SSL_RSA_EXPORT_WITH_RC4_40_MD5",
 207         "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA",
 208         "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
 209         "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA",
 210         "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
 211 
 212         "SSL_RSA_WITH_NULL_MD5",
 213         "SSL_RSA_WITH_NULL_SHA",
 214         "TLS_ECDH_ECDSA_WITH_NULL_SHA",
 215         "TLS_ECDH_RSA_WITH_NULL_SHA",
 216         "TLS_ECDHE_ECDSA_WITH_NULL_SHA",
 217         "TLS_ECDHE_RSA_WITH_NULL_SHA",
 218         "SSL_DH_anon_WITH_RC4_128_MD5",
 219         "TLS_DH_anon_WITH_AES_128_CBC_SHA",
 220         "TLS_DH_anon_WITH_AES_256_CBC_SHA",
 221         "SSL_DH_anon_WITH_3DES_EDE_CBC_SHA",
 222         "SSL_DH_anon_WITH_DES_CBC_SHA",
 223         "TLS_ECDH_anon_WITH_RC4_128_SHA",
 224         "TLS_ECDH_anon_WITH_AES_128_CBC_SHA",
 225         "TLS_ECDH_anon_WITH_AES_256_CBC_SHA",
 226         "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA",
 227         "SSL_DH_anon_EXPORT_WITH_RC4_40_MD5",
 228         "SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA",
 229         "TLS_ECDH_anon_WITH_NULL_SHA",
 230         "TLS_KRB5_WITH_RC4_128_SHA",
 231         "TLS_KRB5_WITH_RC4_128_MD5",
 232         "TLS_KRB5_WITH_3DES_EDE_CBC_SHA",
 233         "TLS_KRB5_WITH_3DES_EDE_CBC_MD5",
 234         "TLS_KRB5_WITH_DES_CBC_SHA",
 235         "TLS_KRB5_WITH_DES_CBC_MD5",
 236         "TLS_KRB5_EXPORT_WITH_RC4_40_SHA",
 237         "TLS_KRB5_EXPORT_WITH_RC4_40_MD5",
 238         "TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA",
 239         "TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5",
 240 
 241     };
 242 
 243     private static void showSuites(String[] suites) {
 244         if ((suites == null) || (suites.length == 0)) {
 245             System.out.println("<none>");
 246         }
 247         for (int i = 0; i < suites.length; i++) {
 248             System.out.println("  " + suites[i]);
 249         }
 250     }
 251 
 252     public static void main(String[] args) throws Exception {
 253         long start = System.currentTimeMillis();
 254 




 255         String[] ENABLED;
 256         String[] SUPPORTED;
 257         try {
 258             Cipher c = Cipher.getInstance("AES/CBC/NoPadding");
 259             SecretKeySpec key = new SecretKeySpec(new byte[32], "AES");
 260             c.init(Cipher.ENCRYPT_MODE, key);
 261             System.out.println("AES/256 is available");
 262             ENABLED = ENABLED_UNLIMITED;
 263             SUPPORTED = SUPPORTED_UNLIMITED;
 264         } catch (Exception e) {
 265             System.out.println("AES/256 is NOT available (" + e + ")");
 266             ENABLED = ENABLED_DEFAULT;
 267             SUPPORTED = SUPPORTED_DEFAULT;






 268         }
 269 
 270         SSLSocketFactory factory = (SSLSocketFactory)SSLSocketFactory.getDefault();
 271         SSLSocket socket = (SSLSocket)factory.createSocket();
 272         String[] enabled = socket.getEnabledCipherSuites();
 273 
 274         System.out.println("Default enabled ciphersuites:");
 275         showSuites(enabled);
 276 
 277         if (Arrays.equals(ENABLED, enabled) == false) {
 278             System.out.println("*** MISMATCH, should be ***");
 279             showSuites(ENABLED);
 280             throw new Exception("Enabled ciphersuite mismatch");
 281         }
 282         System.out.println("OK");
 283         System.out.println();
 284 
 285         String[] supported = socket.getSupportedCipherSuites();
 286         System.out.println("Supported ciphersuites:");
 287         showSuites(supported);
   1 /*
   2  * Copyright (c) 2002, 2019, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.
   8  *
   9  * This code is distributed in the hope that it will be useful, but WITHOUT
  10  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  11  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  12  * version 2 for more details (a copy is included in the LICENSE file that
  13  * accompanied this code).
  14  *
  15  * You should have received a copy of the GNU General Public License version
  16  * 2 along with this work; if not, write to the Free Software Foundation,
  17  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  18  *
  19  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  20  * or visit www.oracle.com if you need additional information or have any
  21  * questions.
  22  */
  23 
  24 /*
  25  * @test
  26  * @bug 4750141 4895631 8217579
  27  * @summary Check enabled and supported ciphersuites are correct
  28  * @run main CheckCipherSuites default
  29  * @run main/othervm CheckCipherSuites limited
  30  */
  31 
  32 import java.util.*;
  33 import java.security.Security;
  34 import javax.net.ssl.*;
  35 



  36 public class CheckCipherSuites {
  37 
  38     // List of enabled cipher suites when the "crypto.policy" security
  39     // property is set to "unlimited" (the default value).
  40     private final static String[] ENABLED_DEFAULT = {
  41         "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
  42         "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
  43         "TLS_RSA_WITH_AES_256_CBC_SHA256",
  44         "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384",
  45         "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384",
  46         "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256",
  47         "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256",
  48         "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
  49         "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
  50         "TLS_RSA_WITH_AES_256_CBC_SHA",
  51         "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA",
  52         "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA",
  53         "TLS_DHE_RSA_WITH_AES_256_CBC_SHA",
  54         "TLS_DHE_DSS_WITH_AES_256_CBC_SHA",
  55         "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
  56         "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
  57         "TLS_RSA_WITH_AES_128_CBC_SHA256",
  58         "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256",
  59         "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256",
  60         "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256",
  61         "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256",
  62         "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
  63         "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
  64         "TLS_RSA_WITH_AES_128_CBC_SHA",

  65         "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA",

  66         "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA",




  67         "TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
  68         "TLS_DHE_DSS_WITH_AES_128_CBC_SHA",
  69         "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
  70         "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
  71         "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
  72         "TLS_RSA_WITH_AES_256_GCM_SHA384",
  73         "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384",
  74         "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384",
  75         "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",
  76         "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384",
  77         "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
  78         "TLS_RSA_WITH_AES_128_GCM_SHA256",
  79         "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256",
  80         "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256",
  81         "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
  82         "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256",
  83         "TLS_EMPTY_RENEGOTIATION_INFO_SCSV"

  84     };
  85 
  86     // List of enabled cipher suites when the "crypto.policy" security
  87     // property is set to "limited".
  88     private final static String[] ENABLED_LIMITED = {
  89         "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
  90         "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
  91         "TLS_RSA_WITH_AES_128_CBC_SHA256",
  92         "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256",
  93         "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256",
  94         "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256",
  95         "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256",
  96         "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
  97         "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
  98         "TLS_RSA_WITH_AES_128_CBC_SHA",


  99         "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA",


 100         "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA",







 101         "TLS_DHE_RSA_WITH_AES_128_CBC_SHA",

 102         "TLS_DHE_DSS_WITH_AES_128_CBC_SHA",
 103         "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
 104         "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
 105         "TLS_RSA_WITH_AES_128_GCM_SHA256",
 106         "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256",
 107         "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256",
 108         "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
 109         "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256",
 110         "TLS_EMPTY_RENEGOTIATION_INFO_SCSV"









 111     };
 112 
 113     // List of supported cipher suites when the "crypto.policy" security
 114     // property is set to "unlimited" (the default value).
 115     private final static String[] SUPPORTED_DEFAULT = {
 116         "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
 117         "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
 118         "TLS_RSA_WITH_AES_256_CBC_SHA256",
 119         "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384",
 120         "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384",
 121         "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256",
 122         "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256",
 123         "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
 124         "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
 125         "TLS_RSA_WITH_AES_256_CBC_SHA",
 126         "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA",
 127         "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA",
 128         "TLS_DHE_RSA_WITH_AES_256_CBC_SHA",
 129         "TLS_DHE_DSS_WITH_AES_256_CBC_SHA",
 130         "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
 131         "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
 132         "TLS_RSA_WITH_AES_128_CBC_SHA256",
 133         "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256",
 134         "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256",
 135         "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256",
 136         "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256",
 137         "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
 138         "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
 139         "TLS_RSA_WITH_AES_128_CBC_SHA",

 140         "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA",

 141         "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA",




 142         "TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
 143         "TLS_DHE_DSS_WITH_AES_128_CBC_SHA",
 144         "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
 145         "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
 146         "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
 147         "TLS_RSA_WITH_AES_256_GCM_SHA384",
 148         "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384",
 149         "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384",
 150         "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",
 151         "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384",
 152         "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
 153         "TLS_RSA_WITH_AES_128_GCM_SHA256",
 154         "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256",
 155         "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256",
 156         "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
 157         "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256",
 158         "TLS_EMPTY_RENEGOTIATION_INFO_SCSV"




























 159     };
 160 
 161     // List of supported cipher suites when the "crypto.policy" security
 162     // property is set to "limited".
 163     private final static String[] SUPPORTED_LIMITED = {
 164         "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
 165         "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
 166         "TLS_RSA_WITH_AES_128_CBC_SHA256",
 167         "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256",
 168         "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256",
 169         "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256",
 170         "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256",
 171         "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
 172         "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
 173         "TLS_RSA_WITH_AES_128_CBC_SHA",


 174         "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA",


 175         "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA",







 176         "TLS_DHE_RSA_WITH_AES_128_CBC_SHA",

 177         "TLS_DHE_DSS_WITH_AES_128_CBC_SHA",
 178         "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
 179         "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
 180         "TLS_RSA_WITH_AES_128_GCM_SHA256",
 181         "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256",
 182         "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256",
 183         "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
 184         "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256",
 185         "TLS_EMPTY_RENEGOTIATION_INFO_SCSV"






































 186     };
 187 
 188     private static void showSuites(String[] suites) {
 189         if ((suites == null) || (suites.length == 0)) {
 190             System.out.println("<none>");
 191         }
 192         for (int i = 0; i < suites.length; i++) {
 193             System.out.println("  " + suites[i]);
 194         }
 195     }
 196 
 197     public static void main(String[] args) throws Exception {
 198         long start = System.currentTimeMillis();
 199 
 200         if (args.length != 1) {
 201             throw new Exception("One arg required");
 202         }
 203 
 204         String[] ENABLED;
 205         String[] SUPPORTED;
 206         if (args[0].equals("default")) {








 207             ENABLED = ENABLED_DEFAULT;
 208             SUPPORTED = SUPPORTED_DEFAULT;
 209         } else if (args[0].equals("limited")) {
 210             Security.setProperty("crypto.policy", "limited");
 211             ENABLED = ENABLED_LIMITED;
 212             SUPPORTED = SUPPORTED_LIMITED;
 213         } else {
 214             throw new Exception("Illegal argument");
 215         }
 216 
 217         SSLSocketFactory factory = (SSLSocketFactory)SSLSocketFactory.getDefault();
 218         SSLSocket socket = (SSLSocket)factory.createSocket();
 219         String[] enabled = socket.getEnabledCipherSuites();
 220 
 221         System.out.println("Default enabled ciphersuites:");
 222         showSuites(enabled);
 223 
 224         if (Arrays.equals(ENABLED, enabled) == false) {
 225             System.out.println("*** MISMATCH, should be ***");
 226             showSuites(ENABLED);
 227             throw new Exception("Enabled ciphersuite mismatch");
 228         }
 229         System.out.println("OK");
 230         System.out.println();
 231 
 232         String[] supported = socket.getSupportedCipherSuites();
 233         System.out.println("Supported ciphersuites:");
 234         showSuites(supported);
< prev index next >