Reputation: 7779
Define cipher suite for TLS in JCA
I want the support of the following cipher suites in TLS using JCA:
- TLS_PSK_WITH_3DES_EDE_CBC_SHA
- TLS_PSK_WITH_AES_128_CBC_SHA
- TLS_PSK_WITH_NULL_SHA
- TLS_PSK_WITH_AES_128_CBC_SHA256
- TLS_PSK_WITH_NULL_SHA256
They are available in JDK7 but not JDK6, neither BouncyCastle.
If I want the support in JDK6, could I extends JCA to implement the support of these PSK extensions, using SPI, providers and callback methods of JSSE. I can already redefine or add new cipher implementations on runtime, but I'm not sure JCA offers enough granularity to add new cipher suites in TLS.
Upvotes: 10
Views: 1689
Answers (2)
Reputation: 42660
The clean way would be to implement your own SSLSocketFactory.
If you want to try adding I only see the way to modify the internal classes via reflection.
The relevant class is:
com.sun.net.ssl.internal.ssl.CipherSuite
It has an overloaded private static method "add" for adding cipher implementations to the supported list. May be worth a try.
Upvotes: 4
Reputation: 7779
Still not sure it is possible or not, but we found an implementation of several TLS PSK cipher suites for the Jessie Library.
Upvotes: 3
Related Questions
- Java Crypto Api - how to choose a cipher provider
- How to enable and use Cipher Suite TLS_RSA_WITH_AES_128_CBC_SHA in Java v1.8
- Java SSLHandshakeException: no cipher suites in common
- Java - no cipher suites in common
- Java cipher suites
- How to configure SSL Cipher Suites for https in Java
- How do I set up the cipher suites in java/eclipse for an http client?
- Java HTTPS connection with Custom CipherSuites
- unsupported SSL ciphersuite
- How to specify the ciphersuite to be used in SSL session