VIKEnut'

Pl

РусскийDeutschEspañolPortuguês

Ciemny motyw

Write

Ciemny motyw

Pl

РусскийDeutschEspañolPortuguês
ssljavaubuntuopenjdk

Włączone szyfry na Ubuntu OpenJDK 7

Napisałem następujący program Java w celu zrzucenia włączonych szyfrów w maszynie JVM:

import java.security.KeyStore;

import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManagerFactory;

public class ListCiphers
{
    public static void main(String[] args)
    throws Exception
    {
        SSLContext ctx = SSLContext.getInstance("TLSv1");
        // Create an empty TrustManagerFactory to avoid loading default CA
        KeyStore ks = KeyStore.getInstance("JKS");
        TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
        tmf.init(ks);
        ctx.init(null, tmf.getTrustManagers(), null);
        SSLSocket socket = (SSLSocket) ctx.getSocketFactory().createSocket("mozilla.org", 443);
        printSupportedCiphers(socket);
        printEnabledCiphers(socket);
    }

    private static void printSupportedCiphers(SSLSocket socket)
    {
        printInfos("Supported cipher suites", socket.getSupportedCipherSuites());
    }

    private static void printEnabledCiphers(SSLSocket socket)
    {
        printInfos("Enabled cipher suites", socket.getEnabledCipherSuites());
    }

    private static void printInfos(String prefix, String[] values)
    {
        System.out.println(prefix + ":");
        for (int i = 0; i < values.length; i++)
            System.out.println("  " + values[i]);
    }
}

Kiedy uruchamiam ten program na Ubuntu 12.04.3 z openjdk-7-jre / amd64 7u25-2.3.10-1ubuntu0.12.04.2 (/ usr / lib / jvm / java-7-openjdk-amd64 / jre / bin / java ) przy włączonym debugowaniu otrzymuję następujące dane wyjściowe:

$ /usr/lib/jvm/java-7-openjdk-amd64/jre/bin/java -Djavax.net.debug=all ListCiphers
trigger seeding of SecureRandom
done seeding SecureRandom
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Supported cipher suites:
  TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
  TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
  TLS_RSA_WITH_AES_256_CBC_SHA256
  TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
  TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
  TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
  TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
  TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
  TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
  TLS_RSA_WITH_AES_256_CBC_SHA
  TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
  TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
  TLS_DHE_RSA_WITH_AES_256_CBC_SHA
  TLS_DHE_DSS_WITH_AES_256_CBC_SHA
  TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
  TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
  TLS_RSA_WITH_AES_128_CBC_SHA256
  TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
  TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
  TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
  TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
  TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
  TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
  TLS_RSA_WITH_AES_128_CBC_SHA
  TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
  TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
  TLS_DHE_RSA_WITH_AES_128_CBC_SHA
  TLS_DHE_DSS_WITH_AES_128_CBC_SHA
  TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
  TLS_ECDHE_RSA_WITH_RC4_128_SHA
  SSL_RSA_WITH_RC4_128_SHA
  TLS_ECDH_ECDSA_WITH_RC4_128_SHA
  TLS_ECDH_RSA_WITH_RC4_128_SHA
  TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
  TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
  SSL_RSA_WITH_3DES_EDE_CBC_SHA
  TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
  TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
  SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
  SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
  SSL_RSA_WITH_RC4_128_MD5
  TLS_EMPTY_RENEGOTIATION_INFO_SCSV
  TLS_DH_anon_WITH_AES_256_CBC_SHA256
  TLS_ECDH_anon_WITH_AES_256_CBC_SHA
  TLS_DH_anon_WITH_AES_256_CBC_SHA
  TLS_DH_anon_WITH_AES_128_CBC_SHA256
  TLS_ECDH_anon_WITH_AES_128_CBC_SHA
  TLS_DH_anon_WITH_AES_128_CBC_SHA
  TLS_ECDH_anon_WITH_RC4_128_SHA
  SSL_DH_anon_WITH_RC4_128_MD5
  TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA
  SSL_DH_anon_WITH_3DES_EDE_CBC_SHA
  TLS_RSA_WITH_NULL_SHA256
  TLS_ECDHE_ECDSA_WITH_NULL_SHA
  TLS_ECDHE_RSA_WITH_NULL_SHA
  SSL_RSA_WITH_NULL_SHA
  TLS_ECDH_ECDSA_WITH_NULL_SHA
  TLS_ECDH_RSA_WITH_NULL_SHA
  TLS_ECDH_anon_WITH_NULL_SHA
  SSL_RSA_WITH_NULL_MD5
  SSL_RSA_WITH_DES_CBC_SHA
  SSL_DHE_RSA_WITH_DES_CBC_SHA
  SSL_DHE_DSS_WITH_DES_CBC_SHA
  SSL_DH_anon_WITH_DES_CBC_SHA
  SSL_RSA_EXPORT_WITH_RC4_40_MD5
  SSL_DH_anon_EXPORT_WITH_RC4_40_MD5
  SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
  SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
  SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
  SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA
  TLS_KRB5_WITH_RC4_128_SHA
  TLS_KRB5_WITH_RC4_128_MD5
  TLS_KRB5_WITH_3DES_EDE_CBC_SHA
  TLS_KRB5_WITH_3DES_EDE_CBC_MD5
  TLS_KRB5_WITH_DES_CBC_SHA
  TLS_KRB5_WITH_DES_CBC_MD5
  TLS_KRB5_EXPORT_WITH_RC4_40_SHA
  TLS_KRB5_EXPORT_WITH_RC4_40_MD5
  TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA
  TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5
Enabled cipher suites:
  TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
  TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
  TLS_RSA_WITH_AES_256_CBC_SHA
  TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
  TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
  TLS_DHE_RSA_WITH_AES_256_CBC_SHA
  TLS_DHE_DSS_WITH_AES_256_CBC_SHA
  TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
  TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
  TLS_RSA_WITH_AES_128_CBC_SHA
  TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
  TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
  TLS_DHE_RSA_WITH_AES_128_CBC_SHA
  TLS_DHE_DSS_WITH_AES_128_CBC_SHA
  TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
  TLS_ECDHE_RSA_WITH_RC4_128_SHA
  SSL_RSA_WITH_RC4_128_SHA
  TLS_ECDH_ECDSA_WITH_RC4_128_SHA
  TLS_ECDH_RSA_WITH_RC4_128_SHA
  TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
  TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
  SSL_RSA_WITH_3DES_EDE_CBC_SHA
  TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
  TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
  SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
  SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
  SSL_RSA_WITH_RC4_128_MD5
  TLS_EMPTY_RENEGOTIATION_INFO_SCSV

Dziwne jest to, że dzienniki debugowania informują, że niektóre szyfry są nieobsługiwane, ale nadal są zgłaszane na obsługiwanej liście zwróconej przezgetSupportedCiphersSuites().

Czy coś jest nie tak na mojej platformie?

questionAnswers(1)

yourAnswerToTheQuestion

Popularne pytania

0 odpowiedzi

Jak połączyć importowane i lokalne zasoby w kontroli użytkownika WPF

0 odpowiedzi

jak sprawić, by xcode uruchomił skrypt przed zależnościami?

0 odpowiedzi

Konwertuj dane wierszy na kolumny binarne

0 odpowiedzi

malutki mce nie może być wstawiony, gdy ładuje js dynamicznie

0 odpowiedzi

Jak uruchomić usługę na bootie?