-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mark,
On 10/23/2009 7:53 AM, Mark Thomas wrote: > http://java.sun.com/javase/6/docs/ > "Security" leads to > http://java.sun.com/javase/6/docs/technotes/guides/security/index.html > "Standard Algorithm Names" leads to > http://java.sun.com/javase/6/docs/technotes/guides/security/StandardNames.html > and finally "Additional JSSE Standard Names" leads to > http://java.sun.com/javase/6/docs/technotes/guides/security/StandardNames.html#jssenames# These just seem to list the names of algorithms. If a cipher is available does that mean it's enabled? That sounds like a pretty stupid question, but here: > You could also have just searched the archives for the users list. > Searching for "default ciphers" would have found this: > http://tomcat.markmail.org/search/default+ciphers+list:org%2Eapache%2Etomcat%2Eusers > > Ignoring your thread, the answer you want is the first one in the list. ...you said this: > The ciphers enabled by default with a 1.6.0_05 JVM are: > SSL_RSA_WITH_RC4_128_MD5 > SSL_RSA_WITH_RC4_128_SHA > TLS_RSA_WITH_AES_128_CBC_SHA > TLS_DHE_RSA_WITH_AES_128_CBC_SHA > TLS_DHE_DSS_WITH_AES_128_CBC_SHA > SSL_RSA_WITH_3DES_EDE_CBC_SHA > SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA > SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA > SSL_RSA_WITH_DES_CBC_SHA > SSL_DHE_RSA_WITH_DES_CBC_SHA > SSL_DHE_DSS_WITH_DES_CBC_SHA > SSL_RSA_EXPORT_WITH_RC4_40_MD5 > SSL_RSA_EXPORT_WITH_DES40_CBC_SHA > SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA > SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA > > The full list (all the ones you can use) is: > SSL_RSA_WITH_RC4_128_MD5 > SSL_RSA_WITH_RC4_128_SHA > TLS_RSA_WITH_AES_128_CBC_SHA > TLS_DHE_RSA_WITH_AES_128_CBC_SHA > TLS_DHE_DSS_WITH_AES_128_CBC_SHA > SSL_RSA_WITH_3DES_EDE_CBC_SHA > SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA > SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA > SSL_RSA_WITH_DES_CBC_SHA > SSL_DHE_RSA_WITH_DES_CBC_SHA > SSL_DHE_DSS_WITH_DES_CBC_SHA > SSL_RSA_EXPORT_WITH_RC4_40_MD5 > SSL_RSA_EXPORT_WITH_DES40_CBC_SHA > SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA > SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA > SSL_RSA_WITH_NULL_MD5 > SSL_RSA_WITH_NULL_SHA > SSL_DH_anon_WITH_RC4_128_MD5 > TLS_DH_anon_WITH_AES_128_CBC_SHA > SSL_DH_anon_WITH_3DES_EDE_CBC_SHA > SSL_DH_anon_WITH_DES_CBC_SHA > SSL_DH_anon_EXPORT_WITH_RC4_40_MD5 > SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA > TLS_KRB5_WITH_RC4_128_SHA > TLS_KRB5_WITH_RC4_128_MD5 > TLS_KRB5_WITH_3DES_EDE_CBC_SHA > TLS_KRB5_WITH_3DES_EDE_CBC_MD5 > TLS_KRB5_WITH_DES_CBC_SHA > TLS_KRB5_WITH_DES_CBC_MD5 > TLS_KRB5_EXPORT_WITH_RC4_40_SHA > TLS_KRB5_EXPORT_WITH_RC4_40_MD5 > TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA > TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5 It's clear to me that the list of available ciphers is different than the list of enabled ciphers. Is there a way to get this list programmatically? I have a small Java program that dumps everything about a Provider (see below for the code), but it doesn't dump the ciphers in the format you have shown above (and doesn't indicate which items are enabled by default). Thanks, - -chris ================ CUT =================== My code: public static void main(String args[]) { String providerName = null; Provider providers[]; if(null != args && 0 < args.length) { providers = new Provider[args.length]; for(int i = 0; i < args.length; i++) providers[i] = Security.getProvider(args[i]); } else { providers = Security.getProviders(); } for(int i = 0; i < providers.length; i++) { Provider p = providers[i]; System.out.println("Provider: " + p); System.out.println("==============================="); System.out.println("provider properties:"); ArrayList keys = new ArrayList(p.keySet()); Collections.sort(keys); String key; for(Iterator j = keys.iterator(); j.hasNext(); System.out.println(key + "=" + p.get(key))) key = (String)j.next(); System.out.println("-------------------------------"); } } -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkrlx/MACgkQ9CaO5/Lv0PB1JwCffdMQyKvibbZD8mxTkMFqg7XY rV8An0+dR1k/bPxvIDyRFhz8d++80CK5 =rjqj -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
