可以将文章内容翻译成中文,广告屏蔽插件可能会导致该功能失效(如失效，请关闭广告屏蔽插件后再试):

问题:

I need to check whether a server supports SSL and the ciphers from the web server.

I looked into SSLSocket in Java but I do not get it to work properly.

I used the method getSupportedProtocols() it always gives out the same protocols for each url. Moreover I do not get the ciphers that are given from the server. I guessed getEnabledCipherSuites() would be the correct method

try {
    SSLContext ctx = SSLContext.getDefault();
    ctx.getClientSessionContext().setSessionTimeout(5); // in seconds
    SSLSocket socket = (SSLSocket) ctx.getSocketFactory().createSocket("host.com", 443);

    socket.setSoTimeout(5000); // in millis
    String[] result = socket.getEnabledCipherSuites();
    Arrays.sort(result);
    for (int i = 0; i < result.length; i++) {
        System.out.println(result[i]); 
    }
 } catch (IOException ex) {
     System.out.println("Error!");
 }

How can I check that the server uses SSL? What ciphers were returned from the server?

回答1:

getSupportedProtocols()/CipherSuites() returns the lists of protocols and ciphers (respectively) that your side can support. getEnabledProtocols()/CipherSuites() returns the subset of these lists that are enabled on your side.

That won't tell you much about about what the server supports.

According to the TLS specification, the client sends the highest protocol version can use and the list of cipher suites it wants to use. The server then uses the highest protocol it supports within that list (if any) and selects the cipher suite it wants amongst that list (if any).

There's some flexibility regarding how the cipher suite selection is done (see SSLHonorCipherOrder directive in Apache Httpd, for example).

Essentially, if you want to see which cipher suites are actually supported by your server, you'll have to iterate through each cipher suite you support and enable them one by one to try a handshake.