JDK 1.6.0_24 and AES256 ciphers

Discussion in 'Java' started by Stone, Jun 14, 2011.

  1. Stone

    Stone Guest

    Dear users,

    I am trying to build up application where following ciphers will be
    available:
    "TLS_RSA_WITH_AES_128_CBC_SHA",
    "TLS_RSA_WITH_AES_256_CBC_SHA",
    "TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
    "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
    "TLS_DHE_RSA_WITH_AES_256_CBC_SHA",
    "TLS_RSA_WITH_3DES_EDE_CBC_SHA"

    but som ciphers are available but ciphers like AES.*256 without any
    success.
    Some hints are: http://java.sun.com/developer/technicalArticles/Security/AES/AES_v1.html

    Java which is used on the my system is: Sun Java jdk1.6.0_24

    Protocols which are available are:
    TLSv1 and SSLv3

    But when I am connecting to the server over SSL I am receiving those
    set:
    SSL_RSA_WITH_RC4_128_MD5
    SSL_RSA_WITH_RC4_128_SHA
    TLS_RSA_WITH_AES_128_CBC_SHA
    TLS_DHE_RSA_WITH_AES_128_CBC_SHA
    TLS_DHE_DSS_WITH_AES_128_CBC_SHA
    SSL_RSA_WITH_3DES_EDE_CBC_SHA
    SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
    SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
    SSL_RSA_WITH_DES_CBC_SHA
    SSL_DHE_RSA_WITH_DES_CBC_SHA
    SSL_DHE_DSS_WITH_DES_CBC_SHA
    SSL_RSA_EXPORT_WITH_RC4_40_MD5
    SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
    SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
    SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
    TLS_EMPTY_RENEGOTIATION_INFO_SCSV
    SSL_RSA_WITH_NULL_MD5
    SSL_RSA_WITH_NULL_SHA
    SSL_DH_anon_WITH_RC4_128_MD5
    TLS_DH_anon_WITH_AES_128_CBC_SHA
    SSL_DH_anon_WITH_3DES_EDE_CBC_SHA
    SSL_DH_anon_WITH_DES_CBC_SHA
    SSL_DH_anon_EXPORT_WITH_RC4_40_MD5
    SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA
    TLS_KRB5_WITH_RC4_128_SHA
    TLS_KRB5_WITH_RC4_128_MD5
    TLS_KRB5_WITH_3DES_EDE_CBC_SHA
    TLS_KRB5_WITH_3DES_EDE_CBC_MD5
    TLS_KRB5_WITH_DES_CBC_SHA
    TLS_KRB5_WITH_DES_CBC_MD5
    TLS_KRB5_EXPORT_WITH_RC4_40_SHA
    TLS_KRB5_EXPORT_WITH_RC4_40_MD5
    TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA
    TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5

    Thank you in advance

    Petr
     
    Stone, Jun 14, 2011
    #1
    1. Advertising

  2. Stone

    Stone Guest

    I have made a list of providers:
    Provider:SUN
    Provider:SunRsaSign
    Provider:SunJSSE
    Provider:SunJCE
    Provider:SunJGSS
    Provider:SunSASL
    Provider:XMLDSig
    Provider:SunPCSC
    Provider:SunMSCAPI

    in java.security is mentioned:
    security.provider.1=sun.security.provider.Sun
    security.provider.2=sun.security.rsa.SunRsaSign
    security.provider.3=com.sun.net.ssl.internal.ssl.Provider
    security.provider.4=com.sun.crypto.provider.SunJCE

    On 14 Ävn, 09:56, Stone <> wrote:
    > Dear users,
    >
    > I am trying to build up application where following ciphers will be
    > available:
    > "TLS_RSA_WITH_AES_128_CBC_SHA",
    > "TLS_RSA_WITH_AES_256_CBC_SHA",
    > "TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
    > "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
    > "TLS_DHE_RSA_WITH_AES_256_CBC_SHA",
    > "TLS_RSA_WITH_3DES_EDE_CBC_SHA"
    >
    > but som ciphers are available but ciphers like AES.*256 without any
    > success.
    > Some hints are:http://java.sun.com/developer/technicalArticles/Security/AES/AES_v1.html
    >
    > Java which is used on the my system is: Sun Java jdk1.6.0_24
    >
    > Protocols which are available are:
    > TLSv1 and SSLv3
    >
    > But when I am connecting to the server over SSL I am receiving those
    > set:
    > SSL_RSA_WITH_RC4_128_MD5
    > SSL_RSA_WITH_RC4_128_SHA
    > TLS_RSA_WITH_AES_128_CBC_SHA
    > TLS_DHE_RSA_WITH_AES_128_CBC_SHA
    > TLS_DHE_DSS_WITH_AES_128_CBC_SHA
    > SSL_RSA_WITH_3DES_EDE_CBC_SHA
    > SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
    > SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
    > SSL_RSA_WITH_DES_CBC_SHA
    > SSL_DHE_RSA_WITH_DES_CBC_SHA
    > SSL_DHE_DSS_WITH_DES_CBC_SHA
    > SSL_RSA_EXPORT_WITH_RC4_40_MD5
    > SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
    > SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
    > SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
    > TLS_EMPTY_RENEGOTIATION_INFO_SCSV
    > SSL_RSA_WITH_NULL_MD5
    > SSL_RSA_WITH_NULL_SHA
    > SSL_DH_anon_WITH_RC4_128_MD5
    > TLS_DH_anon_WITH_AES_128_CBC_SHA
    > SSL_DH_anon_WITH_3DES_EDE_CBC_SHA
    > SSL_DH_anon_WITH_DES_CBC_SHA
    > SSL_DH_anon_EXPORT_WITH_RC4_40_MD5
    > SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA
    > TLS_KRB5_WITH_RC4_128_SHA
    > TLS_KRB5_WITH_RC4_128_MD5
    > TLS_KRB5_WITH_3DES_EDE_CBC_SHA
    > TLS_KRB5_WITH_3DES_EDE_CBC_MD5
    > TLS_KRB5_WITH_DES_CBC_SHA
    > TLS_KRB5_WITH_DES_CBC_MD5
    > TLS_KRB5_EXPORT_WITH_RC4_40_SHA
    > TLS_KRB5_EXPORT_WITH_RC4_40_MD5
    > TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA
    > TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5
    >
    > Thank you in advance
    >
    > Petr
     
    Stone, Jun 14, 2011
    #2
    1. Advertising

  3. Stone

    Roedy Green Guest

    On Tue, 14 Jun 2011 00:56:48 -0700 (PDT), Stone <>
    wrote, quoted or indirectly quoted someone who said :

    >but som ciphers are available but ciphers like AES.*256 without any
    >success.


    The US government does not allow American corporations to export
    software containing high security ciphers, even though the math is
    published and this creates employment opportunities outside the USA,
    e.g. for BouncyCastle. This puts US manufacturers at a disadvantage.

    I believe the standard shipped version is still hobbled and you have
    to get a patch to turn them on.

    See
    https://cds.sun.com/is-bin/INTERSHO...uctRef=jce_policy-6-oth-JPR@CDS-CDS_Developer
    --
    Roedy Green Canadian Mind Products
    http://mindprod.com
    One of the great annoyances in programming derives from the irregularity
    of English spelling especially when you have international teams.
    I want to find a method or variable, but I don't know precisely
    how its is spelled or worded. English is only approximately phonetic.
    Letters are randomly doubled. The dictionary often lists variant spellings.
    British, Canadian and American spellings differ.I would like to see an
    experiment where variable names were spelled in a simplified English, where
    there were no double letters.I also think you could add a number of rules
    about composing variable names so that a variable name for something would
    be highly predictable. You would also need automated enforcement of the
    rules as well as possible.
     
    Roedy Green, Jun 14, 2011
    #3
  4. Stone

    Esmond Pitt Guest

    On 15/06/2011 1:43 AM, Roedy Green wrote:
    >
    > The US government does not allow American corporations to export
    > software containing high security ciphers, even though the math is
    > published and this creates employment opportunities outside the USA,
    > e.g. for BouncyCastle. This puts US manufacturers at a disadvantage.


    Those restrictions were lifted during the Clinton administration.
     
    Esmond Pitt, Jun 15, 2011
    #4
  5. Stone

    Roedy Green Guest

    On Tue, 14 Jun 2011 09:40:14 -0700, Steve Sobol <>
    wrote, quoted or indirectly quoted someone who said :

    >
    >I thought those restrictions were lifted long ago.


    the files in
    See
    https://cds.sun.com/is-bin/INTERSHO...uctRef=jce_policy-6-oth-JPR@CDS-CDS_Developer

    Are dated 2006.

    It is plausible then that Sun is still shipping a hobbled JCE. I
    think some experiments are in order.
    --
    Roedy Green Canadian Mind Products
    http://mindprod.com
    One of the great annoyances in programming derives from the irregularity
    of English spelling especially when you have international teams.
    I want to find a method or variable, but I don't know precisely
    how its is spelled or worded. English is only approximately phonetic.
    Letters are randomly doubled. The dictionary often lists variant spellings.
    British, Canadian and American spellings differ.I would like to see an
    experiment where variable names were spelled in a simplified English, where
    there were no double letters.I also think you could add a number of rules
    about composing variable names so that a variable name for something would
    be highly predictable. You would also need automated enforcement of the
    rules as well as possible.
     
    Roedy Green, Jun 15, 2011
    #5
  6. Stone

    Stone Guest

    I have added that Cryptography extension and it works.

    But I have try to include also following cipher but it is not
    supported.
    TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA

    Is there anyware some another fix?

    best regards
    Petr

    On 15 Ävn, 05:57, Roedy Green <>
    wrote:
    > On Tue, 14 Jun 2011 09:40:14 -0700, Steve Sobol <>
    > wrote, quoted or indirectly quoted someone who said :
    >
    >
    >
    > >I thought those restrictions were lifted long ago.

    >
    > the files in
    > Seehttps://cds.sun.com/is-bin/INTERSHOP.enfinity/WFS/CDS-CDS_Developer-S....
    >
    > Are dated 2006.
    >
    > It is plausible then that Sun is still shipping a hobbled JCE.  I
    > think some experiments are in order.
    > --
    > Roedy Green Canadian Mind Productshttp://mindprod.com
    > One of the great annoyances in programming derives from the irregularity
    > of English spelling especially when you have international teams.  
    > I want to find a method or variable, but I don't know precisely
    > how its is spelled or worded. English is only approximately phonetic.  
    > Letters are randomly doubled.  The dictionary often lists variant spellings.
    > British, Canadian and American spellings differ.I would like to see an
    > experiment where variable names were spelled in a simplified English, where
    > there were no double letters.I also think you could add a number of rules
    > about composing variable names so that a variable name for something would
    > be highly predictable. You would also need automated enforcement of the
    > rules as well as possible.
     
    Stone, Jun 15, 2011
    #6
  7. Stone

    Roedy Green Guest

    On Wed, 15 Jun 2011 00:03:49 -0700 (PDT), Stone <>
    wrote, quoted or indirectly quoted someone who said :

    >But I have try to include also following cipher but it is not
    >supported.
    >TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
    >
    >Is there anyware some another fix?


    you can find out what is supported with the code posted at
    http://mindprod.com/jgloss/jce.html

    The main other supplier is bouncycastle

    See http://mindprod.com/jgloss/bouncycastle.html
    --
    Roedy Green Canadian Mind Products
    http://mindprod.com
    One of the great annoyances in programming derives from the irregularity
    of English spelling especially when you have international teams.
    I want to find a method or variable, but I don't know precisely
    how its is spelled or worded. English is only approximately phonetic.
    Letters are randomly doubled. The dictionary often lists variant spellings.
    British, Canadian and American spellings differ.I would like to see an
    experiment where variable names were spelled in a simplified English, where
    there were no double letters.I also think you could add a number of rules
    about composing variable names so that a variable name for something would
    be highly predictable. You would also need automated enforcement of the
    rules as well as possible.
     
    Roedy Green, Jun 19, 2011
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Luc The Perverse

    Java Source For Asymmetric Key Ciphers

    Luc The Perverse, Jan 16, 2006, in forum: Java
    Replies:
    54
    Views:
    2,129
    WhatIThink
    Feb 8, 2011
  2. mattpryor
    Replies:
    0
    Views:
    1,552
    mattpryor
    Apr 28, 2006
  3. Trevor Perrin

    block ciphers

    Trevor Perrin, Apr 20, 2004, in forum: Python
    Replies:
    4
    Views:
    485
    Ed Suominen
    Apr 20, 2004
  4. AES256 in PyCrypto

    , Jan 7, 2007, in forum: Python
    Replies:
    5
    Views:
    2,787
    Gabriel Genellina
    Jan 8, 2007
  5. Replies:
    0
    Views:
    372
Loading...

Share This Page