Return-Path: X-Original-To: apmail-tomcat-users-archive@www.apache.org Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 724234261 for ; Fri, 10 Jun 2011 20:22:25 +0000 (UTC) Received: (qmail 84134 invoked by uid 500); 10 Jun 2011 20:22:22 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 83926 invoked by uid 500); 10 Jun 2011 20:22:21 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 83917 invoked by uid 99); 10 Jun 2011 20:22:21 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 10 Jun 2011 20:22:21 +0000 X-ASF-Spam-Status: No, hits=0.7 required=5.0 tests=RCVD_IN_DNSWL_NONE,SPF_NEUTRAL X-Spam-Check-By: apache.org Received-SPF: neutral (nike.apache.org: local policy) Received: from [76.96.62.17] (HELO qmta10.westchester.pa.mail.comcast.net) (76.96.62.17) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 10 Jun 2011 20:22:13 +0000 Received: from omta01.westchester.pa.mail.comcast.net ([76.96.62.11]) by qmta10.westchester.pa.mail.comcast.net with comcast id uLJx1g0060EZKEL5ALMsG2; Fri, 10 Jun 2011 20:21:52 +0000 Received: from [192.168.1.201] ([69.143.109.145]) by omta01.westchester.pa.mail.comcast.net with comcast id uLMs1g00H38FjT13MLMsGp; Fri, 10 Jun 2011 20:21:52 +0000 Message-ID: <4DF27CDF.90308@christopherschultz.net> Date: Fri, 10 Jun 2011 16:21:51 -0400 From: Christopher Schultz User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.17) Gecko/20110414 Thunderbird/3.1.10 MIME-Version: 1.0 To: Tomcat Users List Subject: Re: My web application to use SSL (JSSE - RSA) References: <99C8B2929B39C24493377AC7A121E21FAE722D0F9E@USEA-EXCH8.na.uis.unisys.com> <4DF0F46B.5010406@christopherschultz.net> <4DF27792.60308@christopherschultz.net> In-Reply-To: <4DF27792.60308@christopherschultz.net> X-Enigmail-Version: 1.2a1pre Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 All, On 6/10/2011 3:59 PM, Christopher Schultz wrote: > It's best to find out what your JVM supports and use that. > > I wrote a short bit of code a while back to determine the supported > algorithms and the default cipher suite for an SSLSocketFactory. As promised, see below. No warranty. Free license. Attributions appreciated. - -chris package com.chadis.tools.security; import java.util.ArrayList; import java.util.Collections; import java.util.Iterator; import java.util.Map; import java.util.TreeMap; import java.security.Provider; import java.security.Security; import javax.net.ssl.SSLServerSocketFactory; public class SSLInfo { public static void main(String[] args) throws Exception { boolean enumeratedProviders = (null != args && 0 < args.length); // Get SSL protocol info String providerName = null; Provider providers[]; if(enumeratedProviders) { providers = new Provider[args.length]; for(int i = 0; i < args.length; i++) providers[i] = Security.getProvider(args[i]); } else { providers = Security.getProviders(); } System.out.println("Supported SSL Protocols:"); boolean foundProtocol = false; for(int i = 0; i < providers.length; i++) { Provider p = providers[i]; // Skip any providers that don't actually exist if(null == p) continue; ArrayList keys = new ArrayList(p.keySet()); Collections.sort(keys); for(Iterator j = keys.iterator(); j.hasNext(); ) { String key = (String)j.next(); if(key.startsWith("SSLContext.") && !"SSLContext.Default".equals(key)) { foundProtocol |= true; System.out.print(" "); System.out.print(key.substring("SSLContext.".length())); System.out.print(" ("); System.out.print(p.getName()); System.out.println(")"); } } } if(!foundProtocol) if(enumeratedProviders) System.out.println(" ! No SSL protocols supported by any requested provider"); else System.out.println(" ! No SSL protocols supported by any provider"); // Get cipher suite info SSLServerSocketFactory ssf = (SSLServerSocketFactory)SSLServerSocketFactory.getDefault(); String[] defaultCiphers = ssf.getDefaultCipherSuites(); String[] availableCiphers = ssf.getSupportedCipherSuites(); TreeMap ciphers = new TreeMap(); for(int i=0; i