Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > Java > JDK 1.6.0_24 and AES256 ciphers

Reply
Thread Tools

JDK 1.6.0_24 and AES256 ciphers

 
 
Stone
Guest
Posts: n/a
 
      06-14-2011
Dear users,

I am trying to build up application where following ciphers will be
available:
"TLS_RSA_WITH_AES_128_CBC_SHA",
"TLS_RSA_WITH_AES_256_CBC_SHA",
"TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
"TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
"TLS_DHE_RSA_WITH_AES_256_CBC_SHA",
"TLS_RSA_WITH_3DES_EDE_CBC_SHA"

but som ciphers are available but ciphers like AES.*256 without any
success.
Some hints are: http://java.sun.com/developer/techni...ES/AES_v1.html

Java which is used on the my system is: Sun Java jdk1.6.0_24

Protocols which are available are:
TLSv1 and SSLv3

But when I am connecting to the server over SSL I am receiving those
set:
SSL_RSA_WITH_RC4_128_MD5
SSL_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
SSL_RSA_WITH_3DES_EDE_CBC_SHA
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
SSL_RSA_WITH_DES_CBC_SHA
SSL_DHE_RSA_WITH_DES_CBC_SHA
SSL_DHE_DSS_WITH_DES_CBC_SHA
SSL_RSA_EXPORT_WITH_RC4_40_MD5
SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
TLS_EMPTY_RENEGOTIATION_INFO_SCSV
SSL_RSA_WITH_NULL_MD5
SSL_RSA_WITH_NULL_SHA
SSL_DH_anon_WITH_RC4_128_MD5
TLS_DH_anon_WITH_AES_128_CBC_SHA
SSL_DH_anon_WITH_3DES_EDE_CBC_SHA
SSL_DH_anon_WITH_DES_CBC_SHA
SSL_DH_anon_EXPORT_WITH_RC4_40_MD5
SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA
TLS_KRB5_WITH_RC4_128_SHA
TLS_KRB5_WITH_RC4_128_MD5
TLS_KRB5_WITH_3DES_EDE_CBC_SHA
TLS_KRB5_WITH_3DES_EDE_CBC_MD5
TLS_KRB5_WITH_DES_CBC_SHA
TLS_KRB5_WITH_DES_CBC_MD5
TLS_KRB5_EXPORT_WITH_RC4_40_SHA
TLS_KRB5_EXPORT_WITH_RC4_40_MD5
TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA
TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5

Thank you in advance

Petr
 
Reply With Quote
 
 
 
 
Stone
Guest
Posts: n/a
 
      06-14-2011
I have made a list of providers:
Provider:SUN
Provider:SunRsaSign
Provider:SunJSSE
Provider:SunJCE
Provider:SunJGSS
Provider:SunSASL
Provider:XMLDSig
Provider:SunPCSC
Provider:SunMSCAPI

in java.security is mentioned:
security.provider.1=sun.security.provider.Sun
security.provider.2=sun.security.rsa.SunRsaSign
security.provider.3=com.sun.net.ssl.internal.ssl.P rovider
security.provider.4=com.sun.crypto.provider.SunJCE

On 14 čvn, 09:56, Stone <(E-Mail Removed)> wrote:
> Dear users,
>
> I am trying to build up application where following ciphers will be
> available:
> "TLS_RSA_WITH_AES_128_CBC_SHA",
> "TLS_RSA_WITH_AES_256_CBC_SHA",
> "TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
> "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
> "TLS_DHE_RSA_WITH_AES_256_CBC_SHA",
> "TLS_RSA_WITH_3DES_EDE_CBC_SHA"
>
> but som ciphers are available but ciphers like AES.*256 without any
> success.
> Some hints are:http://java.sun.com/developer/techni...ES/AES_v1.html
>
> Java which is used on the my system is: Sun Java jdk1.6.0_24
>
> Protocols which are available are:
> TLSv1 and SSLv3
>
> But when I am connecting to the server over SSL I am receiving those
> set:
> SSL_RSA_WITH_RC4_128_MD5
> SSL_RSA_WITH_RC4_128_SHA
> TLS_RSA_WITH_AES_128_CBC_SHA
> TLS_DHE_RSA_WITH_AES_128_CBC_SHA
> TLS_DHE_DSS_WITH_AES_128_CBC_SHA
> SSL_RSA_WITH_3DES_EDE_CBC_SHA
> SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
> SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
> SSL_RSA_WITH_DES_CBC_SHA
> SSL_DHE_RSA_WITH_DES_CBC_SHA
> SSL_DHE_DSS_WITH_DES_CBC_SHA
> SSL_RSA_EXPORT_WITH_RC4_40_MD5
> SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
> SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
> SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
> TLS_EMPTY_RENEGOTIATION_INFO_SCSV
> SSL_RSA_WITH_NULL_MD5
> SSL_RSA_WITH_NULL_SHA
> SSL_DH_anon_WITH_RC4_128_MD5
> TLS_DH_anon_WITH_AES_128_CBC_SHA
> SSL_DH_anon_WITH_3DES_EDE_CBC_SHA
> SSL_DH_anon_WITH_DES_CBC_SHA
> SSL_DH_anon_EXPORT_WITH_RC4_40_MD5
> SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA
> TLS_KRB5_WITH_RC4_128_SHA
> TLS_KRB5_WITH_RC4_128_MD5
> TLS_KRB5_WITH_3DES_EDE_CBC_SHA
> TLS_KRB5_WITH_3DES_EDE_CBC_MD5
> TLS_KRB5_WITH_DES_CBC_SHA
> TLS_KRB5_WITH_DES_CBC_MD5
> TLS_KRB5_EXPORT_WITH_RC4_40_SHA
> TLS_KRB5_EXPORT_WITH_RC4_40_MD5
> TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA
> TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5
>
> Thank you in advance
>
> Petr


 
Reply With Quote
 
 
 
 
Roedy Green
Guest
Posts: n/a
 
      06-14-2011
On Tue, 14 Jun 2011 00:56:48 -0700 (PDT), Stone <(E-Mail Removed)>
wrote, quoted or indirectly quoted someone who said :

>but som ciphers are available but ciphers like AES.*256 without any
>success.


The US government does not allow American corporations to export
software containing high security ciphers, even though the math is
published and this creates employment opportunities outside the USA,
e.g. for BouncyCastle. This puts US manufacturers at a disadvantage.

I believe the standard shipped version is still hobbled and you have
to get a patch to turn them on.

See
https://cds.sun.com/is-bin/INTERSHOP...-CDS_Developer
--
Roedy Green Canadian Mind Products
http://mindprod.com
One of the great annoyances in programming derives from the irregularity
of English spelling especially when you have international teams.
I want to find a method or variable, but I don't know precisely
how its is spelled or worded. English is only approximately phonetic.
Letters are randomly doubled. The dictionary often lists variant spellings.
British, Canadian and American spellings differ.I would like to see an
experiment where variable names were spelled in a simplified English, where
there were no double letters.I also think you could add a number of rules
about composing variable names so that a variable name for something would
be highly predictable. You would also need automated enforcement of the
rules as well as possible.
 
Reply With Quote
 
Esmond Pitt
Guest
Posts: n/a
 
      06-15-2011
On 15/06/2011 1:43 AM, Roedy Green wrote:
>
> The US government does not allow American corporations to export
> software containing high security ciphers, even though the math is
> published and this creates employment opportunities outside the USA,
> e.g. for BouncyCastle. This puts US manufacturers at a disadvantage.


Those restrictions were lifted during the Clinton administration.
 
Reply With Quote
 
Roedy Green
Guest
Posts: n/a
 
      06-15-2011
On Tue, 14 Jun 2011 09:40:14 -0700, Steve Sobol <(E-Mail Removed)>
wrote, quoted or indirectly quoted someone who said :

>
>I thought those restrictions were lifted long ago.


the files in
See
https://cds.sun.com/is-bin/INTERSHOP...-CDS_Developer

Are dated 2006.

It is plausible then that Sun is still shipping a hobbled JCE. I
think some experiments are in order.
--
Roedy Green Canadian Mind Products
http://mindprod.com
One of the great annoyances in programming derives from the irregularity
of English spelling especially when you have international teams.
I want to find a method or variable, but I don't know precisely
how its is spelled or worded. English is only approximately phonetic.
Letters are randomly doubled. The dictionary often lists variant spellings.
British, Canadian and American spellings differ.I would like to see an
experiment where variable names were spelled in a simplified English, where
there were no double letters.I also think you could add a number of rules
about composing variable names so that a variable name for something would
be highly predictable. You would also need automated enforcement of the
rules as well as possible.
 
Reply With Quote
 
Stone
Guest
Posts: n/a
 
      06-15-2011
I have added that Cryptography extension and it works.

But I have try to include also following cipher but it is not
supported.
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA

Is there anyware some another fix?

best regards
Petr

On 15 čvn, 05:57, Roedy Green <(E-Mail Removed)>
wrote:
> On Tue, 14 Jun 2011 09:40:14 -0700, Steve Sobol <(E-Mail Removed)>
> wrote, quoted or indirectly quoted someone who said :
>
>
>
> >I thought those restrictions were lifted long ago.

>
> the files in
> Seehttps://cds.sun.com/is-bin/INTERSHOP.enfinity/WFS/CDS-CDS_Developer-S....
>
> Are dated 2006.
>
> It is plausible then that Sun is still shipping a hobbled JCE. *I
> think some experiments are in order.
> --
> Roedy Green Canadian Mind Productshttp://mindprod.com
> One of the great annoyances in programming derives from the irregularity
> of English spelling especially when you have international teams. *
> I want to find a method or variable, but I don't know precisely
> how its is spelled or worded. English is only approximately phonetic. *
> Letters are randomly doubled. *The dictionary often lists variant spellings.
> British, Canadian and American spellings differ.I would like to see an
> experiment where variable names were spelled in a simplified English, where
> there were no double letters.I also think you could add a number of rules
> about composing variable names so that a variable name for something would
> be highly predictable. You would also need automated enforcement of the
> rules as well as possible.


 
Reply With Quote
 
Roedy Green
Guest
Posts: n/a
 
      06-19-2011
On Wed, 15 Jun 2011 00:03:49 -0700 (PDT), Stone <(E-Mail Removed)>
wrote, quoted or indirectly quoted someone who said :

>But I have try to include also following cipher but it is not
>supported.
>TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
>
>Is there anyware some another fix?


you can find out what is supported with the code posted at
http://mindprod.com/jgloss/jce.html

The main other supplier is bouncycastle

See http://mindprod.com/jgloss/bouncycastle.html
--
Roedy Green Canadian Mind Products
http://mindprod.com
One of the great annoyances in programming derives from the irregularity
of English spelling especially when you have international teams.
I want to find a method or variable, but I don't know precisely
how its is spelled or worded. English is only approximately phonetic.
Letters are randomly doubled. The dictionary often lists variant spellings.
British, Canadian and American spellings differ.I would like to see an
experiment where variable names were spelled in a simplified English, where
there were no double letters.I also think you could add a number of rules
about composing variable names so that a variable name for something would
be highly predictable. You would also need automated enforcement of the
rules as well as possible.
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
EXP(ORT) ciphers and M2Crypto/OpenSSL miroslav.stampar@gmail.com Python 0 06-19-2012 01:23 PM
Java Source For Asymmetric Key Ciphers Luc The Perverse Java 54 02-08-2011 06:08 AM
AES256 in PyCrypto mirandacascade@yahoo.com Python 5 01-08-2007 04:56 PM
Problem locating Sun ciphers (DESede) mattpryor Java 0 04-28-2006 10:43 AM
block ciphers Trevor Perrin Python 4 04-20-2004 07:21 PM



Advertisments