atom feed8 messages in org.apache.tomcat.usersRe: Default SSL ciphers supported by ...
FromSent OnAttachments
uma...@comcast.netOct 22, 2009 7:15 pm 
Caldarale, Charles ROct 22, 2009 8:09 pm 
uma...@comcast.netOct 22, 2009 10:31 pm 
Mark ThomasOct 23, 2009 4:52 am 
Christopher SchultzOct 26, 2009 9:01 am 
Mark ThomasOct 26, 2009 9:44 am 
Christopher SchultzOct 26, 2009 10:01 am 
Christopher SchultzOct 26, 2009 10:32 am 
Subject:Re: Default SSL ciphers supported by Tomcat 6
From:Christopher Schultz (chr@christopherschultz.net)
Date:Oct 26, 2009 10:32:58 am
List:org.apache.tomcat.users

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

All,

To follow-up, the code below can be used to fetch the currently-available ciphers for SSL and will show whether or not they are enabled in your particular JVM. Note that none of this is Tomcat-specific:

import java.util.Iterator; import java.util.Map; import java.util.TreeMap; import javax.net.ssl.SSLServerSocketFactory;

public class SSLInfo { public static void main(String[] args) throws Exception { SSLServerSocketFactory ssf = (SSLServerSocketFactory)SSLServerSocketFactory.getDefault();

String[] defaultCiphers = ssf.getDefaultCipherSuites(); String[] availableCiphers = ssf.getSupportedCipherSuites();

TreeMap ciphers = new TreeMap();

for(int i=0; i<availableCiphers.length; ++i ) ciphers.put(availableCiphers[i], Boolean.FALSE);

for(int i=0; i<defaultCiphers.length; ++i ) ciphers.put(defaultCiphers[i], Boolean.TRUE);

System.out.println("Default\tCipher"); for(Iterator i = ciphers.entrySet().iterator(); i.hasNext(); ) { Map.Entry cipher=(Map.Entry)i.next();

if(Boolean.TRUE.equals(cipher.getValue())) System.out.print('*'); else System.out.print(' ');

System.out.print('\t'); System.out.println(cipher.getKey()); } } }

For my environment, the above code produces:

$ java -showversion SSLInfo java version "1.5.0_13" Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_13-b05) Java HotSpot(TM) Client VM (build 1.5.0_13-b05, mixed mode)

Default Cipher * SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA * SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA * SSL_DHE_DSS_WITH_DES_CBC_SHA * SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA * SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA * SSL_DHE_RSA_WITH_DES_CBC_SHA SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA SSL_DH_anon_EXPORT_WITH_RC4_40_MD5 SSL_DH_anon_WITH_3DES_EDE_CBC_SHA SSL_DH_anon_WITH_DES_CBC_SHA SSL_DH_anon_WITH_RC4_128_MD5 * SSL_RSA_EXPORT_WITH_DES40_CBC_SHA * SSL_RSA_EXPORT_WITH_RC4_40_MD5 * SSL_RSA_WITH_3DES_EDE_CBC_SHA * SSL_RSA_WITH_DES_CBC_SHA SSL_RSA_WITH_NULL_MD5 SSL_RSA_WITH_NULL_SHA * SSL_RSA_WITH_RC4_128_MD5 * SSL_RSA_WITH_RC4_128_SHA * TLS_DHE_DSS_WITH_AES_128_CBC_SHA * TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_DH_anon_WITH_AES_128_CBC_SHA TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5 TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA TLS_KRB5_EXPORT_WITH_RC4_40_MD5 TLS_KRB5_EXPORT_WITH_RC4_40_SHA TLS_KRB5_WITH_3DES_EDE_CBC_MD5 TLS_KRB5_WITH_3DES_EDE_CBC_SHA TLS_KRB5_WITH_DES_CBC_MD5 TLS_KRB5_WITH_DES_CBC_SHA TLS_KRB5_WITH_RC4_128_MD5 TLS_KRB5_WITH_RC4_128_SHA * TLS_RSA_WITH_AES_128_CBC_SHA

The result appears to be the same with:

java version "1.6.0_15" Java(TM) SE Runtime Environment (build 1.6.0_15-b03) Java HotSpot(TM) Client VM (build 14.1-b02, mixed mode, sharing)

I hope this helps others. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkrl3WEACgkQ9CaO5/Lv0PCM6wCgpLtblHUjU4NpWrbt8oS4/JRw 0ycAoK0UL9sA19+7m2dHO6vtfHDavB+J =ASZw -----END PGP SIGNATURE-----