On 27/05/2014, at 6:09 am, Christopher Schultz <ch...@christopherschultz.net> wrote:
<snip> > > If you run the code I referenced elsewhere in this thread, you'll see > that some of the components are available, just not in the > combinations you have above: > > $ java -showversion -classpath build/ SSLInfo | grep '\(256\|384\)' > java version "1.7.0_55" > Java(TM) SE Runtime Environment (build 1.7.0_55-b13) > Java HotSpot(TM) 64-Bit Server VM (build 24.55-b03, mixed mode) > > Supported SSL Protocols: > TLSv1 (SunJSSE) > TLSv1.1 (SunJSSE) > TLSv1.2 (SunJSSE) > Default Cipher Name > * TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 > * TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 > TLS_DH_anon_WITH_AES_128_CBC_SHA256 > * TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 > * TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 > * TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 > * TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 > * TLS_RSA_WITH_AES_128_CBC_SHA256 > TLS_RSA_WITH_NULL_SHA256 > > So, you can get ECDHE_(ECDSA|RSA)_AES, but not with a 256-bit cipher. > You can get a 128-bit cipher and a 256-bit hash, but not higher-bit > hash functions. > >> Oracle Java 7 has no GCM support (AIX does I think, but from >> memory the cipher suite names are different), and some of the >> cipher-suites don’t exist (see below). GCM was originally targeted >> for JDK 7 (which is why the cipher suite names and AEAD APIs in the >> JCE are there) but the implementation didn’t show up until JDK 8. > > I find no ciphers with 384-bit hashes in Oracle Java 8, but there are > 256-bit ones -- at least in the Mac OS X build: Do you have the unrestricted crypto policy files installed? Without those, > 128 bit security ciphers (== 256 bit hashes) are suppressed. Cipher suites with SHA384 are definitely available on both JDK 7 and JDK 8 on OS X. I’m using the interactive mode of https://github.com/timw/groktls to dump these. tim --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
