-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
All,
On 6/10/2011 3:59 PM, Christopher Schultz wrote:
> It's best to find out what your JVM supports and use that.
>
> I wrote a short bit of code a while back to determine the supported
> algorithms and the default cipher suite for an SSLSocketFactory.
As promised, see below. No warranty. Free license. Attributions appreciated.
- -chris
package com.chadis.tools.security;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.Map;
import java.util.TreeMap;
import java.security.Provider;
import java.security.Security;
import javax.net.ssl.SSLServerSocketFactory;
public class SSLInfo
{
public static void main(String[] args)
throws Exception
{
boolean enumeratedProviders = (null != args && 0 < args.length);
// Get SSL protocol info
String providerName = null;
Provider providers[];
if(enumeratedProviders)
{
providers = new Provider[args.length];
for(int i = 0; i < args.length; i++)
providers[i] = Security.getProvider(args[i]);
} else {
providers = Security.getProviders();
}
System.out.println("Supported SSL Protocols:");
boolean foundProtocol = false;
for(int i = 0; i < providers.length; i++)
{
Provider p = providers[i];
// Skip any providers that don't actually exist
if(null == p) continue;
ArrayList keys = new ArrayList(p.keySet());
Collections.sort(keys);
for(Iterator j = keys.iterator(); j.hasNext(); )
{
String key = (String)j.next();
if(key.startsWith("SSLContext.")
&& !"SSLContext.Default".equals(key))
{
foundProtocol |= true;
System.out.print(" ");
System.out.print(key.substring("SSLContext.".length()));
System.out.print(" (");
System.out.print(p.getName());
System.out.println(")");
}
}
}
if(!foundProtocol)
if(enumeratedProviders)
System.out.println(" ! No SSL protocols supported by any
requested provider");
else
System.out.println(" ! No SSL protocols supported by any
provider");
// Get cipher suite info
SSLServerSocketFactory ssf =
(SSLServerSocketFactory)SSLServerSocketFactory.getDefault();
String[] defaultCiphers = ssf.getDefaultCipherSuites();
String[] availableCiphers = ssf.getSupportedCipherSuites();
TreeMap ciphers = new TreeMap();
for(int i=0; i<availableCiphers.length; ++i )
ciphers.put(availableCiphers[i], Boolean.FALSE);
for(int i=0; i<defaultCiphers.length; ++i )
ciphers.put(defaultCiphers[i], Boolean.TRUE);
System.out.println("Default\tCipher Name");
for(Iterator i = ciphers.entrySet().iterator(); i.hasNext(); ) {
Map.Entry cipher=(Map.Entry)i.next();
if(Boolean.TRUE.equals(cipher.getValue()))
System.out.print('*');
else
System.out.print(' ');
System.out.print('\t');
System.out.println(cipher.getKey());
}
}
}
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk3yfN8ACgkQ9CaO5/Lv0PCLdwCffjuhJ/EznrfRr3EqfGHijSyK
GtQAnAnWSmk8g8luGF73lPWWXdrTssc+
=0/80
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
