Im currenlty using OpenJDK (shhhh! don't tell any one!) =) so its currently doing JCE. I just was wondering the correct format to specify the ciphers suite, openssl style, gnutls style?
Anyone has a working example I could see? 2014-09-09 16:59 GMT-04:30 Jason Pell <[email protected]>: > Or just copy the US policy file to the local one. Its already included in > the JVM (at least on Linux) > On 10/09/2014 12:47 AM, "Emmanuel Lécharny" <[email protected]> wrote: > > > > > You may need to install the JCEunlimited strength juridiction policy > > file from > > > > > http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html > > in order to have Java support AES 256. > > > > > > Le 09/09/14 15:53, Victor Medina a écrit : > > > root@ldap001:/home/administrador# openssl s_client -connect > > localhost:10636 > > > CONNECTED(00000003) > > > depth=0 C = US, O = ASF, OU = Directory, CN = ldap001.test.local > > > verify error:num=20:unable to get local issuer certificate > > > verify return:1 > > > depth=0 C = US, O = ASF, OU = Directory, CN = ldap001.test.local > > > verify error:num=27:certificate not trusted > > > verify return:1 > > > depth=0 C = US, O = ASF, OU = Directory, CN = ldap001.test.local > > > verify error:num=21:unable to verify the first certificate > > > verify return:1 > > > --- > > > Certificate chain > > > 0 s:/C=US/O=ASF/OU=Directory/CN=ldap001.test.local > > > i:/C=US/O=ASF/OU=Directory/CN=ApacheDS > > > --- > > > Server certificate > > > -----BEGIN CERTIFICATE----- > > > MIIBfTCCAScCBgFIVuerVjANBgkqhkiG9w0BAQUFADBCMQswCQYDVQQGEwJVUzEM > > > MAoGA1UEChMDQVNGMRIwEAYDVQQLEwlEaXJlY3RvcnkxETAPBgNVBAMTCEFwYWNo > > > ZURTMB4XDTE0MDkwODIwMTQ1NloXDTE1MDkwODIwMTQ1NlowTDELMAkGA1UEBhMC > > > VVMxDDAKBgNVBAoTA0FTRjESMBAGA1UECxMJRGlyZWN0b3J5MRswGQYDVQQDExJs > > > ZGFwMDAxLnRlc3QubG9jYWwwXDANBgkqhkiG9w0BAQEFAANLADBIAkEApzet+vAT > > > GSioE1Gqf6CDdHlZYu/wQjS0Go/43LCZxfZ48W6jnn4Kl1ZAkCLlZF1mTKD1bZpn > > > dtlJmnJw8v3X4wIDAQABMA0GCSqGSIb3DQEBBQUAA0EAEZKUIUbQ7SxqO2GrFCwK > > > AUqQUu1L3TiSo8anFIx9ADG+H0Ac8x+s4hTIljddPYdE0sC12+z+y58a6eNdL5fO > > > OA== > > > -----END CERTIFICATE----- > > > subject=/C=US/O=ASF/OU=Directory/CN=ldap001.test.local > > > issuer=/C=US/O=ASF/OU=Directory/CN=ApacheDS > > > --- > > > No client certificate CA names sent > > > --- > > > SSL handshake has read 837 bytes and written 567 bytes > > > --- > > > New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA384 > > > Server public key is 512 bit > > > Secure Renegotiation IS supported > > > Compression: NONE > > > Expansion: NONE > > > SSL-Session: > > > Protocol : TLSv1.2 > > > Cipher : ECDHE-RSA-AES256-SHA384 > > > Session-ID: > > > 540F05BAF680AD3AF54796DA292A8EDCCADDE28677AE541EA4772A81DBA04B08 > > > Session-ID-ctx: > > > Master-Key: > > > > > > 981A10E4F208E3F003B91C9F5E67230DCB64A50876E680F0A04FD597622B6011820083B6F7F0D7A64D8FC69CFEFC3205 > > > Key-Arg : None > > > PSK identity: None > > > PSK identity hint: None > > > SRP username: None > > > Start Time: 1410270650 > > > Timeout : 300 (sec) > > > Verify return code: 21 (unable to verify the first certificate) > > > --- > > > > > > It seems very strong to me, I was looking if it supported GCM, which > > seems > > > faster. > > > > > > 2014-09-09 9:10 GMT-04:30 Victor Medina <[email protected]>: > > > > > >> so... > > >> > > >> where can i find a list of valdi values for TLS Cipher suite? > > >> ads-enabledCipherSuites > > >> > > >> 2014-09-09 8:58 GMT-04:30 Emmanuel Lécharny <[email protected]>: > > >> > > >> Le 09/09/14 14:05, Kiran Ayyagari a écrit : > > >>>> On Tue, Sep 9, 2014 at 5:35 PM, Victor Medina < > > >>> [email protected]> > > >>>> wrote: > > >>>> > > >>>>> But I believe it uses bouncy castle right? > > >>>>> > > >>>>> yes > > >>> Not anymore for that purpose. We only use the X509 utiliy classes > from > > >>> BC. Everything else is handled by the default Java security classes. > > >>> > > >>> > > >> > > >> -- > > >> > > >> Víctor E. Medina M. > > >> Software > > >> +58424 291 4561 > > >> BB #79A8AFA2 /@VMCibersys > > >> > > >> > > > > > > > > -- Víctor E. Medina M. Software +58424 291 4561 BB #79A8AFA2 /@VMCibersys
