Where are the AES 256-bit cipher suites? Please someone help

Source: Internet
Author: User
Tags hmac

 

Please help me with this simple problem. i'm trying to create an sslserversocket that is enabled with the 2 AES 256-bit cipher suites that are supposed to be available in jdk1.4.2. as you can see in the following code, when the program attempts to enable the sslserversocket, SS, with cipher_suites, an exception occurs. the exception basically says that the tls_dhe_rsa_with_aes_256_cbc_sha cipher Su ITE wasn't found. What's up?

__

String [] Protocols = {"SSLv3", "tlsv1 "};

String [] cipher_suites = {"tls_dhe_rsa_with_aes_256_cbc_sha ",

"Tls_dhe_rsa_with_aes_128_cbc_sha ",

"Ssl_dhe_rsa_with_3des_ede_cbc_sha ",

"Tls_rsa_with_aes_256_cbc_sha ",

"Tls_rsa_with_aes_128_cbc_sha ",

"Ssl_rsa_with_3des_ede_cbc_sha "};

// Create an sslserversocket SS

Sslcontext context = sslcontext. getinstance ("TLS", "sunjsse ");

Context. INIT (mykeymanagers, mytrustmanagers, securerandom. getinstance ("sha1prng", "Sun "));

Sslserversocketfactory ssfactory = context. getserversocketfactory ();

Sslserversocket Ss = ssfactory. createserversocket ();

SS. setenabledprotocols (protocols );

SS. setenabledciphersuites (cipher_suites); // exception occurs here (exception output is printed below)

// Output a bunch of useful debugging information

System. Out. println (system. getproperty ("Java. Version") + "\ n ");

 

Provider [] providers = Security. getproviders ();

For(IntI = 0; I <providers. length; ++ I)

System. out. println (providers [I] + "\ n" + providers [I]. getinfo () + "\ n ********************");

String [] enabledprotocols = ss. getenabledprotocols ();

For(IntI = 0; I <enabledprotocols. length; ++ I)

System. Out. println (enabledprotocols [I]);

String [] enabledciphersuites = ss. getenabledciphersuites ();

For(IntI = 0; I <enabledciphersuites. length; ++ I)

System. Out. println (enabledciphersuites [I]);

_

Output

Java. Lang. illegalargumentexception: cannot support tls_dhe_rsa_with_aes_256_cbc_sha with currently installed providers

At com.sun.net. SSL. Internal. SSL. ciphersuitelist. <init> (dashoa6275)

At com.sun.net. SSL. Internal. SSL. sslserversocketimpl. setenabledciphersuites (dashoa6275)

At test. util. concretesslserversocketfactory. initsocket (concretesslserversocketfactory. Java: 111)

At test. util. concretesslserversocketfactory. createserversocket (concretesslserversocketfactory. Java: 100)

At Test. Test. INIT (test. Java: 151)

At Test. Test. Main (test. Java: 111)

JRE version

1.4.2

Security Providers

Sun version 1.42

Sun (DSA key/parameter generation; DSA signing; SHA-1, MD5 digests; securerandom; X.509 certificates; jks keystore; pkix certpathvalidator; pkix certpathbuilder; LDAP, collection certstores)

********************

Sun JSSE version 1.42

Sun JSSE provider (ImplementsRSA signatures, PKCS12, sunx509 key/trust factories, SSLv3, tlsv1)

********************

Sunrsasign version 1.42

Sun's provider for RSA signatures

********************

Sunjce version 1.42

Sunjce provider (ImplementsDes, Triple DES, AES, blowfish, PBE, Diffie-Hellman, HMAC-MD5, HMAC-SHA1)

********************

Sun jgss Version 1.0

Sun (Kerberos V5)

********************

Enabled protocols

SSLv3

Tlsv1

Enabled cipher suites

Ssl_rsa_with_rc4_128_md5

Ssl_rsa_with_rc4_128_sha

Tls_rsa_with_aes_128_cbc_sha

Tls_dhe_rsa_with_aes_128_cbc_sha

Tls_dhe_dss_with_aes_128_cbc_sha

Ssl_rsa_with_3des_ede_cbc_sha

Ssl_dhe_rsa_with_3des_ede_cbc_sha

Ssl_dhe_dss_with_3des_ede_cbc_sha

Ssl_rsa_with_des_cbc_sha

Ssl_dhe_rsa_with_des_cbc_sha

Ssl_dhe_dss_with_des_cbc_sha

Ssl_rsa_export_with_rc4_40_md5

Ssl_rsa_export_with_des40_cbc_sha

Ssl_dhe_rsa_export_with_des40_cbc_sha

Ssl_dhe_dss_export_with_des40_cbc_sha

 

 

Hey, self. Why don't you try using the unlimited strength cryptography files

The JRE you are using does not have the advanced ciphers enabled.

Unlimited strength Java Cryptography extenstion (JCE) policy files

Due to import control restrictions, the version of JCE policy files that are bundled in the JDK (TM) 6 environment allow "strong" but limited cryptography to be used. for our usage, We need to download a bundle that provide "unlimited strength" policy FIES which contain no restrictions on cryptographic strengths.

Here are the installation instruction:

  1. Download the latest unlimited strength JCE policy files from sun here
  2. Uncompress and extract the downloaded file. This will create a subdirectory called JCE. This directory contains the following files:
    • Readme.txt
    • Copyright.html
    • Local_policy.jar-unlimited strength local policy file
    • Us_export_policy.jar-unlimited strength US export policy file
  3. Install the unlimited strength policy jar files.

    To utilize the encryption/Decryption functionalities of the JCE framework without any limitation, first make a copy of the original JCE policy files (parameters and local_policy.jar in the standard place for JCE Jurisdiction Policy jar files) in case you later decide to revert to these "strong" versions. then replace the strong policy files with the unlimited strength versions extracted in the previous step.

    The standard place for JCE Jurisdiction Policy jar files is:

    • /Lib/security [UNIX]
    • \ Lib \ Security [Win32]
  4. For detailed informatation on downloading JCE files goto C: \ Program Files \ common files \ watchguard \ Java \ j2re1.6.0 _ 05 \ Lib \ Security and refer the readme.txt file [assuming WSM is installed under c: \ Program Files \ watchguard].

 

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.