JDK 1.6.0_24 and AES256 ciphers

S

Stone

Dear users,

I am trying to build up application where following ciphers will be
available:
"TLS_RSA_WITH_AES_128_CBC_SHA",
"TLS_RSA_WITH_AES_256_CBC_SHA",
"TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
"TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
"TLS_DHE_RSA_WITH_AES_256_CBC_SHA",
"TLS_RSA_WITH_3DES_EDE_CBC_SHA"

but som ciphers are available but ciphers like AES.*256 without any
success.
Some hints are: http://java.sun.com/developer/technicalArticles/Security/AES/AES_v1.html

Java which is used on the my system is: Sun Java jdk1.6.0_24

Protocols which are available are:
TLSv1 and SSLv3

But when I am connecting to the server over SSL I am receiving those
set:
SSL_RSA_WITH_RC4_128_MD5
SSL_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
SSL_RSA_WITH_3DES_EDE_CBC_SHA
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
SSL_RSA_WITH_DES_CBC_SHA
SSL_DHE_RSA_WITH_DES_CBC_SHA
SSL_DHE_DSS_WITH_DES_CBC_SHA
SSL_RSA_EXPORT_WITH_RC4_40_MD5
SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
TLS_EMPTY_RENEGOTIATION_INFO_SCSV
SSL_RSA_WITH_NULL_MD5
SSL_RSA_WITH_NULL_SHA
SSL_DH_anon_WITH_RC4_128_MD5
TLS_DH_anon_WITH_AES_128_CBC_SHA
SSL_DH_anon_WITH_3DES_EDE_CBC_SHA
SSL_DH_anon_WITH_DES_CBC_SHA
SSL_DH_anon_EXPORT_WITH_RC4_40_MD5
SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA
TLS_KRB5_WITH_RC4_128_SHA
TLS_KRB5_WITH_RC4_128_MD5
TLS_KRB5_WITH_3DES_EDE_CBC_SHA
TLS_KRB5_WITH_3DES_EDE_CBC_MD5
TLS_KRB5_WITH_DES_CBC_SHA
TLS_KRB5_WITH_DES_CBC_MD5
TLS_KRB5_EXPORT_WITH_RC4_40_SHA
TLS_KRB5_EXPORT_WITH_RC4_40_MD5
TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA
TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5

Thank you in advance

Petr
 
S

Stone

I have made a list of providers:
Provider:SUN
Provider:SunRsaSign
Provider:SunJSSE
Provider:SunJCE
Provider:SunJGSS
Provider:SunSASL
Provider:XMLDSig
Provider:SunPCSC
Provider:SunMSCAPI

in java.security is mentioned:
security.provider.1=sun.security.provider.Sun
security.provider.2=sun.security.rsa.SunRsaSign
security.provider.3=com.sun.net.ssl.internal.ssl.Provider
security.provider.4=com.sun.crypto.provider.SunJCE
 
R

Roedy Green

but som ciphers are available but ciphers like AES.*256 without any
success.
Click to expand...

The US government does not allow American corporations to export
software containing high security ciphers, even though the math is
published and this creates employment opportunities outside the USA,
e.g. for BouncyCastle. This puts US manufacturers at a disadvantage.

I believe the standard shipped version is still hobbled and you have
to get a patch to turn them on.

See
https://cds.sun.com/is-bin/INTERSHO...uctRef=jce_policy-6-oth-JPR@CDS-CDS_Developer
--
Roedy Green Canadian Mind Products
http://mindprod.com
One of the great annoyances in programming derives from the irregularity
of English spelling especially when you have international teams.
I want to find a method or variable, but I don't know precisely
how its is spelled or worded. English is only approximately phonetic.
Letters are randomly doubled. The dictionary often lists variant spellings.
British, Canadian and American spellings differ.I would like to see an
experiment where variable names were spelled in a simplified English, where
there were no double letters.I also think you could add a number of rules
about composing variable names so that a variable name for something would
be highly predictable. You would also need automated enforcement of the
rules as well as possible.
 
E

Esmond Pitt

The US government does not allow American corporations to export
software containing high security ciphers, even though the math is
published and this creates employment opportunities outside the USA,
e.g. for BouncyCastle. This puts US manufacturers at a disadvantage.
Click to expand...

Those restrictions were lifted during the Clinton administration.
 
R

Roedy Green

I thought those restrictions were lifted long ago.
Click to expand...

the files in
See
https://cds.sun.com/is-bin/INTERSHO...uctRef=jce_policy-6-oth-JPR@CDS-CDS_Developer

Are dated 2006.

It is plausible then that Sun is still shipping a hobbled JCE. I
think some experiments are in order.
--
Roedy Green Canadian Mind Products
http://mindprod.com
One of the great annoyances in programming derives from the irregularity
of English spelling especially when you have international teams.
I want to find a method or variable, but I don't know precisely
how its is spelled or worded. English is only approximately phonetic.
Letters are randomly doubled. The dictionary often lists variant spellings.
British, Canadian and American spellings differ.I would like to see an
experiment where variable names were spelled in a simplified English, where
there were no double letters.I also think you could add a number of rules
about composing variable names so that a variable name for something would
be highly predictable. You would also need automated enforcement of the
rules as well as possible.
 
S

Stone

I have added that Cryptography extension and it works.

But I have try to include also following cipher but it is not
supported.
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA

Is there anyware some another fix?

best regards
Petr
 
R

Roedy Green

But I have try to include also following cipher but it is not
supported.
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA

Is there anyware some another fix?
Click to expand...

you can find out what is supported with the code posted at
http://mindprod.com/jgloss/jce.html

The main other supplier is bouncycastle

See http://mindprod.com/jgloss/bouncycastle.html
--
Roedy Green Canadian Mind Products
http://mindprod.com
One of the great annoyances in programming derives from the irregularity
of English spelling especially when you have international teams.
I want to find a method or variable, but I don't know precisely
how its is spelled or worded. English is only approximately phonetic.
Letters are randomly doubled. The dictionary often lists variant spellings.
British, Canadian and American spellings differ.I would like to see an
experiment where variable names were spelled in a simplified English, where
there were no double letters.I also think you could add a number of rules
about composing variable names so that a variable name for something would
be highly predictable. You would also need automated enforcement of the
rules as well as possible.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Hostname verifier 0
Certificate validation 1
Hostname verifier in JAVA 0
Issue with JDK/JRE Environment Setup 21
EXP(ORT) ciphers and M2Crypto/OpenSSL 0
Windows integration of the JRE and JDK 13
do Firefox and chrome support JDK 7 U 10 for applets? Unable to runapplets 9
SSL client program 20

Members online

Total: 40 (members: 2, guests: 38)
Robots: 339

Forum statistics

Threads
473,755
Messages
2,569,536
Members
45,011
Latest member
AjaUqq1950

Latest Threads

Top