{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 Evening l夕情丶 的问题《How can I edit the list of cipher suite in Java us》','https://www.manongdao.com/q-248760.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
The following code lists the supported cipher suites by Java SE 8:
import java.io.IOException;
import java.net.UnknownHostException;
import java.util.Arrays;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLSocketFactory;
public class ListCiphers {
public static void main(String[] args) throws UnknownHostException, IOException
{
SSLSocketFactory factory = HttpsURLConnection.getDefaultSSLSocketFactory();
String[] cipherSuites = factory.getSupportedCipherSuites();
System.out.println(Arrays.toString(cipherSuites));
} //end main
}
I want to make SSL client which is configured with some specific list of cipher suites. The cipher suites I want to use are standardized but not supported by Jva SE 8. For example, this cipher is listed in firefox:
ECDHE_ECDSA_WITH_AES_256_SHA
Please, help me with any way that allows me to edit the list of cipher suite in my SSL client. Does Bouncy Castle help in this? How? Please, give me clear step by step. Also if you knwo what I want can be achieved by using another language such as python, also please help me.
You can't edit the cipher suites directly on factory.
However you can choose what exact ciphers to support (from the available) on the
SSLSocketSee Which Cipher Suites to enable for SSL Socket? and use
SSLSocketFactoryEx. Its a drop-in replacement for Java'sSSLSocketFactoryIf you don't want to use
SSLSocketFactoryEx, then rip the code to find the intersection of cipher suites.It controls both protocols and cipher suites. There are no unexpected surprises, like getting a SSLv3 socket back from
SSLSocketFactory.getInstance("TLS");.Nothing is configurable, so the user cannot shoot themselves in the foot. It's also ready for TLS 1.3
TLS_ECDHE_ECDSA_WITH_AES_256_SHA is supported by Java 8 (and 7) without adding BouncyCastle, and it is enabled in JSSE by default so you don't need to "edit" anything. But all JREs disallow all 256-bit symmetric crypto (including 256-bit SSL/TLS ciphersuites) unless you install the "JCE Unlimited Strength Jurisdiction Policy Files"; see http://www.oracle.com/technetwork/java/javase/downloads/index.html under "Additional Resources" near the bottom.