CODEWITHSUNDEEP
javasslencryption
Richard T
Richard T

Reputation: 4665

What cipher suites come with Java jdk1.7.0_03, and / or how do I provision my RMI installation with them?

I've been wracking my brain on this problem, here, and suddenly thought to check if ANY cipher suites were available to the RMI Server. So, I put the following code in JUST BEFORE the RMI Registry is started:

msg("trustStore: "+System.getProperty("javax.net.ssl.trustStore"));
msg("trustStorePassword: "+System.getProperty("javax.net.ssl.trustStorePassword"));
msg("keyStore: "+System.getProperty("javax.net.ssl.keyStore")); 
msg("keyStorePassword: "+System.getProperty("javax.net.ssl.keyStorePassword"));
msg("rmi.server.hostname: "+System.getProperty("java.rmi.server.hostname"));msg("supportedCipherSuites: "+System.getProperty("javax.rmi.ssl.client.supportedCipherSuites"));
msg("enabledCipherSuites: "+System.getProperty("javax.rmi.ssl.client.enabledCipherSuites"));
msg("debug: "+System.getProperty("javax.net.debug"));

(where msg just sends data via System.out.println.)

...And to my horror found that "supportedCipherSuites" is NULL!

What?!

I looked all over creation, "used the google", and haven't yet figured out how I'm supposed to populate my instalation with suitable cipher suites. ...I'm not looking for much special, just the basic ordinary stuff will do fine!

Arg!

P.S. Where does the RMI Registry's output from javax.net.debug go? Can't find it anywhere! Thanks....

Upvotes: 2

Views: 5742

Answers (1)

Bruno
Bruno

Reputation: 122739

You'll find the list of supported cipher suites in Oracle JRE 7 in the SunJSSE provider documentation: there are two tables for those enabled and disabled by default, respectively.

I wouldn't worry too much about System.getProperty("javax.rmi.ssl.client.supportedCipherSuites")) returning null: these system properties are for you to make settings, not for the JRE/RMI API to publish its current state. In addition, there is no mention of this system property in the documentation where javax.rmi.ssl.client.enabledCipherSuites is documented. If you want to use specific cipher suites, set javax.rmi.ssl.client.enabledCipherSuites, don't read it.

Getting the javax.net.ssl.* properties won't necessarily tell you what the actual used values are (see this answer). For example a null javax.net.ssl.trustStore will still use the default truststore.

Same for javax.net.debug: it's for you to set and the Net/SSL API to use, not the other way around.

Upvotes: 2

Related Questions