tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: My web application to use SSL (JSSE - RSA)
Date Fri, 10 Jun 2011 20:21:51 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

All,

On 6/10/2011 3:59 PM, Christopher Schultz wrote:
> It's best to find out what your JVM supports and use that.
> 
> I wrote a short bit of code a while back to determine the supported
> algorithms and the default cipher suite for an SSLSocketFactory.

As promised, see below. No warranty. Free license. Attributions appreciated.

- -chris

package com.chadis.tools.security;

import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.Map;
import java.util.TreeMap;

import java.security.Provider;
import java.security.Security;

import javax.net.ssl.SSLServerSocketFactory;

public class SSLInfo
{
    public static void main(String[] args)
        throws Exception
    {
        boolean enumeratedProviders = (null != args && 0 < args.length);

        // Get SSL protocol info
        String providerName = null;
        Provider providers[];
        if(enumeratedProviders)
        {
            providers = new Provider[args.length];
            for(int i = 0; i < args.length; i++)
                providers[i] = Security.getProvider(args[i]);

        } else {
            providers = Security.getProviders();
        }

        System.out.println("Supported SSL Protocols:");
        boolean foundProtocol = false;

        for(int i = 0; i < providers.length; i++)
        {
            Provider p = providers[i];

            // Skip any providers that don't actually exist
            if(null == p) continue;

            ArrayList keys = new ArrayList(p.keySet());
            Collections.sort(keys);
            for(Iterator j = keys.iterator(); j.hasNext(); )
            {
                String key = (String)j.next();

                if(key.startsWith("SSLContext.")
                   && !"SSLContext.Default".equals(key))
                {
                    foundProtocol |= true;
                    System.out.print("  ");
                    System.out.print(key.substring("SSLContext.".length()));
                    System.out.print(" (");
                    System.out.print(p.getName());
                    System.out.println(")");
                }
            }
        }

        if(!foundProtocol)
            if(enumeratedProviders)
                System.out.println(" ! No SSL protocols supported by any
requested provider");
            else
                System.out.println(" ! No SSL protocols supported by any
provider");

        // Get cipher suite info
        SSLServerSocketFactory ssf =
(SSLServerSocketFactory)SSLServerSocketFactory.getDefault();

        String[] defaultCiphers = ssf.getDefaultCipherSuites();
        String[] availableCiphers = ssf.getSupportedCipherSuites();

        TreeMap ciphers = new TreeMap();

        for(int i=0; i<availableCiphers.length; ++i )
            ciphers.put(availableCiphers[i], Boolean.FALSE);

        for(int i=0; i<defaultCiphers.length; ++i )
            ciphers.put(defaultCiphers[i], Boolean.TRUE);

        System.out.println("Default\tCipher Name");

        for(Iterator i = ciphers.entrySet().iterator(); i.hasNext(); ) {
            Map.Entry cipher=(Map.Entry)i.next();

            if(Boolean.TRUE.equals(cipher.getValue()))
                System.out.print('*');
            else
                System.out.print(' ');

            System.out.print('\t');
            System.out.println(cipher.getKey());
        }
    }
}
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk3yfN8ACgkQ9CaO5/Lv0PCLdwCffjuhJ/EznrfRr3EqfGHijSyK
GtQAnAnWSmk8g8luGF73lPWWXdrTssc+
=0/80
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message