VIKEnut'

Pt

РусскийPolskiDeutschEspañol

Tema escuro

Write

Tema escuro

Pt

РусскийPolskiDeutschEspañol
ssljavaopenjdkubuntu

Cifras ativadas no Ubuntu OpenJDK 7

Eu escrevi o seguinte programa Java para despejar as cifras ativadas na JVM:

import java.security.KeyStore;

import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManagerFactory;

public class ListCiphers
{
    public static void main(String[] args)
    throws Exception
    {
        SSLContext ctx = SSLContext.getInstance("TLSv1");
        // Create an empty TrustManagerFactory to avoid loading default CA
        KeyStore ks = KeyStore.getInstance("JKS");
        TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
        tmf.init(ks);
        ctx.init(null, tmf.getTrustManagers(), null);
        SSLSocket socket = (SSLSocket) ctx.getSocketFactory().createSocket("mozilla.org", 443);
        printSupportedCiphers(socket);
        printEnabledCiphers(socket);
    }

    private static void printSupportedCiphers(SSLSocket socket)
    {
        printInfos("Supported cipher suites", socket.getSupportedCipherSuites());
    }

    private static void printEnabledCiphers(SSLSocket socket)
    {
        printInfos("Enabled cipher suites", socket.getEnabledCipherSuites());
    }

    private static void printInfos(String prefix, String[] values)
    {
        System.out.println(prefix + ":");
        for (int i = 0; i < values.length; i++)
            System.out.println("  " + values[i]);
    }
}

Quando executo este programa no Ubuntu 12.04.3 com openjdk-7-jre / amd64 7u25-2.3.10-1ubuntu0.12.04.2 (/usr/lib/jvm/java-7- openjdk-amd64 / jre / bin / java ) com a depuração ativada, recebo a seguinte saída:

$ /usr/lib/jvm/java-7-openjdk-amd64/jre/bin/java -Djavax.net.debug=all ListCiphers
trigger seeding of SecureRandom
done seeding SecureRandom
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Supported cipher suites:
  TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
  TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
  TLS_RSA_WITH_AES_256_CBC_SHA256
  TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
  TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
  TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
  TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
  TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
  TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
  TLS_RSA_WITH_AES_256_CBC_SHA
  TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
  TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
  TLS_DHE_RSA_WITH_AES_256_CBC_SHA
  TLS_DHE_DSS_WITH_AES_256_CBC_SHA
  TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
  TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
  TLS_RSA_WITH_AES_128_CBC_SHA256
  TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
  TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
  TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
  TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
  TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
  TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
  TLS_RSA_WITH_AES_128_CBC_SHA
  TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
  TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
  TLS_DHE_RSA_WITH_AES_128_CBC_SHA
  TLS_DHE_DSS_WITH_AES_128_CBC_SHA
  TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
  TLS_ECDHE_RSA_WITH_RC4_128_SHA
  SSL_RSA_WITH_RC4_128_SHA
  TLS_ECDH_ECDSA_WITH_RC4_128_SHA
  TLS_ECDH_RSA_WITH_RC4_128_SHA
  TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
  TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
  SSL_RSA_WITH_3DES_EDE_CBC_SHA
  TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
  TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
  SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
  SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
  SSL_RSA_WITH_RC4_128_MD5
  TLS_EMPTY_RENEGOTIATION_INFO_SCSV
  TLS_DH_anon_WITH_AES_256_CBC_SHA256
  TLS_ECDH_anon_WITH_AES_256_CBC_SHA
  TLS_DH_anon_WITH_AES_256_CBC_SHA
  TLS_DH_anon_WITH_AES_128_CBC_SHA256
  TLS_ECDH_anon_WITH_AES_128_CBC_SHA
  TLS_DH_anon_WITH_AES_128_CBC_SHA
  TLS_ECDH_anon_WITH_RC4_128_SHA
  SSL_DH_anon_WITH_RC4_128_MD5
  TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA
  SSL_DH_anon_WITH_3DES_EDE_CBC_SHA
  TLS_RSA_WITH_NULL_SHA256
  TLS_ECDHE_ECDSA_WITH_NULL_SHA
  TLS_ECDHE_RSA_WITH_NULL_SHA
  SSL_RSA_WITH_NULL_SHA
  TLS_ECDH_ECDSA_WITH_NULL_SHA
  TLS_ECDH_RSA_WITH_NULL_SHA
  TLS_ECDH_anon_WITH_NULL_SHA
  SSL_RSA_WITH_NULL_MD5
  SSL_RSA_WITH_DES_CBC_SHA
  SSL_DHE_RSA_WITH_DES_CBC_SHA
  SSL_DHE_DSS_WITH_DES_CBC_SHA
  SSL_DH_anon_WITH_DES_CBC_SHA
  SSL_RSA_EXPORT_WITH_RC4_40_MD5
  SSL_DH_anon_EXPORT_WITH_RC4_40_MD5
  SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
  SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
  SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
  SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA
  TLS_KRB5_WITH_RC4_128_SHA
  TLS_KRB5_WITH_RC4_128_MD5
  TLS_KRB5_WITH_3DES_EDE_CBC_SHA
  TLS_KRB5_WITH_3DES_EDE_CBC_MD5
  TLS_KRB5_WITH_DES_CBC_SHA
  TLS_KRB5_WITH_DES_CBC_MD5
  TLS_KRB5_EXPORT_WITH_RC4_40_SHA
  TLS_KRB5_EXPORT_WITH_RC4_40_MD5
  TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA
  TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5
Enabled cipher suites:
  TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
  TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
  TLS_RSA_WITH_AES_256_CBC_SHA
  TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
  TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
  TLS_DHE_RSA_WITH_AES_256_CBC_SHA
  TLS_DHE_DSS_WITH_AES_256_CBC_SHA
  TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
  TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
  TLS_RSA_WITH_AES_128_CBC_SHA
  TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
  TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
  TLS_DHE_RSA_WITH_AES_128_CBC_SHA
  TLS_DHE_DSS_WITH_AES_128_CBC_SHA
  TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
  TLS_ECDHE_RSA_WITH_RC4_128_SHA
  SSL_RSA_WITH_RC4_128_SHA
  TLS_ECDH_ECDSA_WITH_RC4_128_SHA
  TLS_ECDH_RSA_WITH_RC4_128_SHA
  TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
  TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
  SSL_RSA_WITH_3DES_EDE_CBC_SHA
  TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
  TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
  SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
  SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
  SSL_RSA_WITH_RC4_128_MD5
  TLS_EMPTY_RENEGOTIATION_INFO_SCSV

Eu estou achando estranho que os logs de depuração relatam que algumas cifras não são suportadas, mas elas ainda são relatadas na lista suportada retornada porgetSupportedCiphersSuites().

Há algo de errado na minha plataforma?

questionAnswers(1)

yourAnswerToTheQuestion

Perguntas populares

0 a resposta

CMake: como criar uma única biblioteca compartilhada de todas as bibliotecas estáticas de subprojetos?

0 a resposta

Não autorizado ao ligar para o Google GCM

0 a resposta

Como implodir array com chave e valor sem foreach em PHP

0 a resposta

Como usar a estrutura de entidades para o banco de dados do MS Access

0 a resposta

Como posso representar intervalos inteiros em Jav