Which security protocols and cipher suites are enabled in a specific Java Release bundle

Question: What security protocols and cipher suites are enabled in a specific Java Release Bundle?  For example:

zulu8.50.0.51 build jdk1.8.0_275-b01

 

Answer: 

Zulu 8.50.0.51 is an OpenJDK 8 release of 1.8.0_275.  

Officially OpenJDK 1.8.0_275 implements the following protocols (see output below for cipher suites):

  • SSLv2Hello
  • SSLv3
  • TLSv1
  • TLSv1.1
  • TLSv1.2

To check the security protocols enabled in any Java release, you can use the following "ProtocolTest.java" code (also attached).

import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLContext;
import javax.net.SocketFactory;
import javax.net.ssl.SSLSocketFactory;
import java.security.NoSuchAlgorithmException;

public class ProtocolTest {

public static void main(String[] args) throws Exception {

SSLContext context = SSLContext.getInstance("TLS"); context.init(null,null,null);
SSLSocketFactory factory = (SSLSocketFactory)context.getSocketFactory();
SSLSocket socket = (SSLSocket)factory.createSocket();
String[] protocols = socket.getSupportedProtocols();

int loop = 1;
while (loop > 0) {
System.out.println("Supported Protocols: " + protocols.length);
for(int i = 0; i < protocols.length; i++) {
System.out.println(" " + protocols[i]);
}
loop = loop - 1;
Thread.sleep(10);
}
System.out.println("Supported Cipher Suites: ");
try {
String[] ciphers = SSLContext.getDefault().getSocketFactory().getSupportedCipherSuites();
for (int i = 1; i < ciphers.length; i++) {
System.out.println(" " + i + ". " + ciphers[i]);
}
} catch (NoSuchAlgorithmException e) {
System.out.println("Failed to get default SSL context.");
}
}
}

 

Notice that in this particular implementation of Java version 1.8.0_275, we support the additional protocol TLSv1.3.

For example:

$ java -version
zulu8.50.0.51 build jdk1.8.0_275-b01
$ javac ProtocolTest.java

$ java ProtocolTest
Supported Protocols: 6
TLSv1.3
TLSv1.2
TLSv1.1
TLSv1
SSLv3
SSLv2Hello
Supported Cipher Suites:
1. TLS_AES_256_GCM_SHA384
2. TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
3. TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
4. TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
5. TLS_RSA_WITH_AES_256_GCM_SHA384
6. TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
7. TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
8. TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
9. TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
10. TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
11. TLS_RSA_WITH_AES_128_GCM_SHA256
12. TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
13. TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
14. TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
15. TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
16. TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
17. TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
18. TLS_RSA_WITH_AES_256_CBC_SHA256
19. TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
20. TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
21. TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
22. TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
23. TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
24. TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
25. TLS_RSA_WITH_AES_256_CBC_SHA
26. TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
27. TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
28. TLS_DHE_RSA_WITH_AES_256_CBC_SHA
29. TLS_DHE_DSS_WITH_AES_256_CBC_SHA
30. TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
31. TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
32. TLS_RSA_WITH_AES_128_CBC_SHA256
33. TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
34. TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
35. TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
36. TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
37. TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
38. TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
39. TLS_RSA_WITH_AES_128_CBC_SHA
40. TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
41. TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
42. TLS_DHE_RSA_WITH_AES_128_CBC_SHA
43. TLS_DHE_DSS_WITH_AES_128_CBC_SHA
44. TLS_EMPTY_RENEGOTIATION_INFO_SCSV

 

Add Comment

Comments

0 comments

Please sign in to leave a comment.

Was this article helpful?
0 out of 0 found this helpful