Re: Is there a REAL solution to the "BEAST attack" (CVE-2011-3389) for Tomcat 7.x

[Christopher Schultz]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Brian,

On 9/15/12 2:59 PM, Brian Braun wrote:
> Where can I get the list of all available ciphers for Sun JVM 6
> update 35?

Using Java 6u35, run this code (apologies for any poor word wrapping).

Enjoy,
- -chris

import java.util.ArrayList;
import java.util.Collections;
import java.util.Map;
import java.util.TreeMap;

import java.security.Provider;
import java.security.Security;

import javax.net.ssl.SSLServerSocketFactory;

public class SSLInfo
{
    public static void main(String[] args)
        throws Exception
    {
        boolean enumeratedProviders = (null != args && 0 < args.length);

        // Get SSL protocol info
        Provider providers[];
        if(enumeratedProviders)
        {
            providers = new Provider[args.length];
            for(int i = 0; i < args.length; i++)
                providers[i] = Security.getProvider(args[i]);

        } else {
            providers = Security.getProviders();
        }

        System.out.println("Supported SSL Protocols:");
        boolean foundProtocol = false;

        for(int i = 0; i < providers.length; i++)
        {
            Provider p = providers[i];

            // Skip any providers that don't actually exist
            if(null == p) continue;

            ArrayList<String> keys = new ArrayList<String>();

            // Grab only the String keys
            for(Object o : p.keySet())
                if(o instanceof String)
                    keys.add((String)o);

            Collections.sort(keys);
            for(String key : keys)
            {
                if(key.startsWith("SSLContext.")
                   && !"SSLContext.Default".equals(key))
                {
                    foundProtocol |= true;
                    System.out.print("  ");

System.out.print(key.substring("SSLContext.".length()));
                    System.out.print(" (");
                    System.out.print(p.getName());
                    System.out.println(")");
                }
            }
        }

        if(!foundProtocol)
            if(enumeratedProviders)
                System.out.println(" ! No SSL protocols supported by
any requested provider");
            else
                System.out.println(" ! No SSL protocols supported by
any provider");

        // Get cipher suite info
        SSLServerSocketFactory ssf =
(SSLServerSocketFactory)SSLServerSocketFactory.getDefault();

        String[] defaultCiphers = ssf.getDefaultCipherSuites();
        String[] availableCiphers = ssf.getSupportedCipherSuites();

        TreeMap<String,Boolean> ciphers = new TreeMap<String,Boolean>();

        for(int i=0; i<availableCiphers.length; ++i )
            ciphers.put(availableCiphers[i], Boolean.FALSE);

        for(int i=0; i<defaultCiphers.length; ++i )
            ciphers.put(defaultCiphers[i], Boolean.TRUE);

        System.out.println("Default\tCipher Name");

        for(Map.Entry<String,Boolean> cipher : ciphers.entrySet()) {
            if(Boolean.TRUE.equals(cipher.getValue()))
                System.out.print('*');
            else
                System.out.print(' ');

            System.out.print('\t');
            System.out.println(cipher.getKey());
        }
    }
}
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iEYEARECAAYFAlBVQKoACgkQ9CaO5/Lv0PDqhQCfQbMl2lq5KaQRXI9NjE5utXV6
y6YAniCYUMan2nuSpIq53qx0DXkr2YI/
=euvP
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org