Mercurial Mercurial > jdk-sandbox / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
test/jdk/javax/net/ssl/sanity/ciphersuites/CheckCipherSuites.java
changeset 53608 6c377af36a5c
parent 47216 71c04702a3d5
child 53621 8b3d33bfb407
equal deleted inserted replaced
53577:7d19ac37d7d1 53608:6c377af36a5c 
     1 /*
 
     1 /*
 
     2  * Copyright (c) 2002, 2010, Oracle and/or its affiliates. All rights reserved.
 
     2  * Copyright (c) 2002, 2019, Oracle and/or its affiliates. All rights reserved.
 
     3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 
     3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 
     4  *
 
     4  *
 
     5  * This code is free software; you can redistribute it and/or modify it
 
     5  * This code is free software; you can redistribute it and/or modify it
 
     6  * under the terms of the GNU General Public License version 2 only, as
 
     6  * under the terms of the GNU General Public License version 2 only, as
 
     7  * published by the Free Software Foundation.
 
     7  * published by the Free Software Foundation.
 
    21  * questions.
 
    21  * questions.
 
    22  */
 
    22  */
 
    23 
    23 
    24 /*
 
    24 /*
 
    25  * @test
 
    25  * @test
 
    26  * @bug 4750141 4895631
 
    26  * @bug 4750141 4895631 8217579
 
    27  * @summary Check enabled and supported ciphersuites are correct
 
    27  * @summary Check enabled and supported ciphersuites are correct
 
    28  * @ignore JSSE supported cipher suites are changed with CR 6916074,
 
    28  * @run main CheckCipherSuites default
 
    29  *     need to update this test case in JDK 7 soon
 
    29  * @run main/othervm CheckCipherSuites limited
 
    30  */
 
    30  */
 
    31 
    31 
    32 import java.util.*;
 
    32 import java.util.*;
 
    33 
    33 import java.security.Security;
 
    34 import javax.net.ssl.*;
 
    34 import javax.net.ssl.*;
 
    35 
    35 
    36 import javax.crypto.Cipher;
 
       
    37 import javax.crypto.spec.*;
 
       
    38 
       
    39 public class CheckCipherSuites {
 
    36 public class CheckCipherSuites {
 
    40 
    37 
       
    38     // List of enabled cipher suites when the "crypto.policy" security
 
       
    39     // property is set to "unlimited" (the default value).
 
    41     private final static String[] ENABLED_DEFAULT = {
 
    40     private final static String[] ENABLED_DEFAULT = {
 
    42         "SSL_RSA_WITH_RC4_128_MD5",
 
    41         "TLS_AES_128_GCM_SHA256",
 
    43         "SSL_RSA_WITH_RC4_128_SHA",
 
    42         "TLS_AES_256_GCM_SHA384",
 
    44         "TLS_RSA_WITH_AES_128_CBC_SHA",
 
    43         "TLS_CHACHA20_POLY1305_SHA256",
 
    45         "TLS_ECDH_ECDSA_WITH_RC4_128_SHA",
 
    44         "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
 
    46         "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA",
 
    45         "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
 
    47         "TLS_ECDH_RSA_WITH_RC4_128_SHA",
 
    46         "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
 
    48         "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA",
 
    47         "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
 
    49         "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
 
    48         "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
 
    50         "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
 
    49         "TLS_RSA_WITH_AES_256_GCM_SHA384",
 
    51         "TLS_ECDHE_RSA_WITH_RC4_128_SHA",
 
    50         "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384",
 
    52         "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
 
    51         "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384",
 
    53         "TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
 
    52         "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",
 
    54         "TLS_DHE_DSS_WITH_AES_128_CBC_SHA",
 
    53         "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
 
    55         "SSL_RSA_WITH_3DES_EDE_CBC_SHA",
 
    54         "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384",
 
    56         "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA",
 
    55         "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
 
    57         "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA",
 
    56         "TLS_RSA_WITH_AES_128_GCM_SHA256",
 
    58         "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA",
 
    57         "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256",
 
    59         "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",
 
    58         "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256",
 
    60         "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
 
    59         "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
 
    61         "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA",
 
    60         "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256",
 
    62         "SSL_RSA_WITH_DES_CBC_SHA",
 
    61         "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
 
    63         "SSL_DHE_RSA_WITH_DES_CBC_SHA",
 
    62         "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
 
    64         "SSL_DHE_DSS_WITH_DES_CBC_SHA",
 
    63         "TLS_RSA_WITH_AES_256_CBC_SHA256",
 
    65         "SSL_RSA_EXPORT_WITH_RC4_40_MD5",
 
    64         "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384",
 
    66         "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA",
 
    65         "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384",
 
    67         "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
 
    66         "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256",
 
    68         "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA",
 
    67         "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256",
 
    69         "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
 
    68         "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
 
    70 
    69         "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
 
    71     };
 
       
    72 
       
    73     private final static String[] ENABLED_UNLIMITED = {
 
       
    74         "SSL_RSA_WITH_RC4_128_MD5",
 
       
    75         "SSL_RSA_WITH_RC4_128_SHA",
 
       
    76         "TLS_RSA_WITH_AES_128_CBC_SHA",
 
       
    77         "TLS_RSA_WITH_AES_256_CBC_SHA",
 
    70         "TLS_RSA_WITH_AES_256_CBC_SHA",
 
    78         "TLS_ECDH_ECDSA_WITH_RC4_128_SHA",
 
       
    79         "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA",
 
       
    80         "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA",
 
    71         "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA",
 
    81         "TLS_ECDH_RSA_WITH_RC4_128_SHA",
 
       
    82         "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA",
 
       
    83         "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA",
 
    72         "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA",
 
    84         "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
 
    73         "TLS_DHE_RSA_WITH_AES_256_CBC_SHA",
 
    85         "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
 
    74         "TLS_DHE_DSS_WITH_AES_256_CBC_SHA",
 
       
    75         "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
 
       
    76         "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
 
       
    77         "TLS_RSA_WITH_AES_128_CBC_SHA256",
 
       
    78         "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256",
 
       
    79         "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256",
 
       
    80         "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256",
 
       
    81         "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256",
 
       
    82         "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
 
       
    83         "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
 
       
    84         "TLS_RSA_WITH_AES_128_CBC_SHA",
 
       
    85         "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA",
 
       
    86         "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA",
 
       
    87         "TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
 
       
    88         "TLS_DHE_DSS_WITH_AES_128_CBC_SHA",
 
       
    89         "TLS_EMPTY_RENEGOTIATION_INFO_SCSV"
 
       
    90     };
 
       
    91 
       
    92     // List of enabled cipher suites when the "crypto.policy" security
 
       
    93     // property is set to "limited".
 
       
    94     private final static String[] ENABLED_LIMITED = {
 
       
    95         "TLS_AES_128_GCM_SHA256",
 
       
    96         "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
 
       
    97         "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
 
       
    98         "TLS_RSA_WITH_AES_128_GCM_SHA256",
 
       
    99         "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256",
 
       
   100         "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256",
 
       
   101         "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
 
       
   102         "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256",
 
       
   103         "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
 
       
   104         "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
 
       
   105         "TLS_RSA_WITH_AES_128_CBC_SHA256",
 
       
   106         "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256",
 
       
   107         "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256",
 
       
   108         "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256",
 
       
   109         "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256",
 
       
   110         "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
 
       
   111         "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
 
       
   112         "TLS_RSA_WITH_AES_128_CBC_SHA",
 
       
   113         "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA",
 
       
   114         "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA",
 
       
   115         "TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
 
       
   116         "TLS_DHE_DSS_WITH_AES_128_CBC_SHA",
 
       
   117         "TLS_EMPTY_RENEGOTIATION_INFO_SCSV"
 
       
   118     };
 
       
   119 
       
   120     // List of supported cipher suites when the "crypto.policy" security
 
       
   121     // property is set to "unlimited" (the default value).
 
       
   122     private final static String[] SUPPORTED_DEFAULT = {
 
       
   123         "TLS_AES_128_GCM_SHA256",
 
       
   124         "TLS_AES_256_GCM_SHA384",
 
       
   125         "TLS_CHACHA20_POLY1305_SHA256",
 
       
   126         "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
 
       
   127         "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
 
       
   128         "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
 
       
   129         "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
 
       
   130         "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
 
       
   131         "TLS_RSA_WITH_AES_256_GCM_SHA384",
 
       
   132         "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384",
 
       
   133         "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384",
 
       
   134         "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",
 
       
   135         "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
 
       
   136         "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384",
 
       
   137         "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
 
       
   138         "TLS_RSA_WITH_AES_128_GCM_SHA256",
 
       
   139         "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256",
 
       
   140         "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256",
 
       
   141         "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
 
       
   142         "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256",
 
       
   143         "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
 
       
   144         "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
 
       
   145         "TLS_RSA_WITH_AES_256_CBC_SHA256",
 
       
   146         "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384",
 
       
   147         "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384",
 
       
   148         "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256",
 
       
   149         "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256",
 
    86         "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
 
   150         "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
 
    87         "TLS_ECDHE_RSA_WITH_RC4_128_SHA",
 
       
    88         "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
 
       
    89         "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
 
   151         "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
 
    90         "TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
 
   152         "TLS_RSA_WITH_AES_256_CBC_SHA",
 
       
   153         "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA",
 
       
   154         "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA",
 
    91         "TLS_DHE_RSA_WITH_AES_256_CBC_SHA",
 
   155         "TLS_DHE_RSA_WITH_AES_256_CBC_SHA",
 
    92         "TLS_DHE_DSS_WITH_AES_128_CBC_SHA",
 
       
    93         "TLS_DHE_DSS_WITH_AES_256_CBC_SHA",
 
   156         "TLS_DHE_DSS_WITH_AES_256_CBC_SHA",
 
    94         "SSL_RSA_WITH_3DES_EDE_CBC_SHA",
 
   157         "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
 
    95         "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA",
 
   158         "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
 
    96         "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA",
 
   159         "TLS_RSA_WITH_AES_128_CBC_SHA256",
 
    97         "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA",
 
   160         "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256",
 
    98         "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",
 
   161         "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256",
 
    99         "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
 
   162         "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256",
 
   100         "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA",
 
   163         "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256",
 
   101         "SSL_RSA_WITH_DES_CBC_SHA",
 
   164         "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
 
   102         "SSL_DHE_RSA_WITH_DES_CBC_SHA",
 
   165         "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
 
   103         "SSL_DHE_DSS_WITH_DES_CBC_SHA",
 
   166         "TLS_RSA_WITH_AES_128_CBC_SHA",
 
   104         "SSL_RSA_EXPORT_WITH_RC4_40_MD5",
 
   167         "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA",
 
   105         "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA",
 
   168         "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA",
 
   106         "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
 
   169         "TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
 
   107         "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA",
 
   170         "TLS_DHE_DSS_WITH_AES_128_CBC_SHA",
 
   108         "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
 
   171         "TLS_EMPTY_RENEGOTIATION_INFO_SCSV"
 
   109 
   172     };
 
   110     };
 
   173 
   111 
   174     // List of supported cipher suites when the "crypto.policy" security
 
   112     // supported ciphersuites using default JCE policy jurisdiction files
 
   175     // property is set to "limited".
 
   113     // AES/256 unavailable
 
   176     private final static String[] SUPPORTED_LIMITED = {
 
   114     private final static String[] SUPPORTED_DEFAULT = {
 
   177         "TLS_AES_128_GCM_SHA256",
 
   115         "SSL_RSA_WITH_RC4_128_MD5",
 
   178         "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
 
   116         "SSL_RSA_WITH_RC4_128_SHA",
 
   179         "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
 
   117         "TLS_RSA_WITH_AES_128_CBC_SHA",
 
   180         "TLS_RSA_WITH_AES_128_GCM_SHA256",
 
   118         "TLS_ECDH_ECDSA_WITH_RC4_128_SHA",
 
   181         "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256",
 
   119         "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA",
 
   182         "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256",
 
   120         "TLS_ECDH_RSA_WITH_RC4_128_SHA",
 
   183         "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
 
   121         "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA",
 
   184         "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256",
 
   122         "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
 
   185         "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
 
   123         "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
 
   186         "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
 
   124         "TLS_ECDHE_RSA_WITH_RC4_128_SHA",
 
   187         "TLS_RSA_WITH_AES_128_CBC_SHA256",
 
   125         "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
 
   188         "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256",
 
   126         "TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
 
   189         "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256",
 
   127         "TLS_DHE_DSS_WITH_AES_128_CBC_SHA",
 
   190         "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256",
 
   128         "SSL_RSA_WITH_3DES_EDE_CBC_SHA",
 
   191         "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256",
 
   129         "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA",
 
   192         "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
 
   130         "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA",
 
   193         "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
 
   131         "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA",
 
   194         "TLS_RSA_WITH_AES_128_CBC_SHA",
 
   132         "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",
 
   195         "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA",
 
   133         "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
 
   196         "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA",
 
   134         "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA",
 
   197         "TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
 
   135         "SSL_RSA_WITH_DES_CBC_SHA",
 
   198         "TLS_DHE_DSS_WITH_AES_128_CBC_SHA",
 
   136         "SSL_DHE_RSA_WITH_DES_CBC_SHA",
 
   199         "TLS_EMPTY_RENEGOTIATION_INFO_SCSV"
 
   137         "SSL_DHE_DSS_WITH_DES_CBC_SHA",
 
       
   138         "SSL_RSA_EXPORT_WITH_RC4_40_MD5",
 
       
   139         "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA",
 
       
   140         "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
 
       
   141         "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA",
 
       
   142         "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
 
       
   143 
       
   144         "SSL_RSA_WITH_NULL_MD5",
 
       
   145         "SSL_RSA_WITH_NULL_SHA",
 
       
   146         "TLS_ECDH_ECDSA_WITH_NULL_SHA",
 
       
   147         "TLS_ECDH_RSA_WITH_NULL_SHA",
 
       
   148         "TLS_ECDHE_ECDSA_WITH_NULL_SHA",
 
       
   149         "TLS_ECDHE_RSA_WITH_NULL_SHA",
 
       
   150         "SSL_DH_anon_WITH_RC4_128_MD5",
 
       
   151         "TLS_DH_anon_WITH_AES_128_CBC_SHA",
 
       
   152         "SSL_DH_anon_WITH_3DES_EDE_CBC_SHA",
 
       
   153         "SSL_DH_anon_WITH_DES_CBC_SHA",
 
       
   154         "TLS_ECDH_anon_WITH_RC4_128_SHA",
 
       
   155         "TLS_ECDH_anon_WITH_AES_128_CBC_SHA",
 
       
   156         "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA",
 
       
   157         "SSL_DH_anon_EXPORT_WITH_RC4_40_MD5",
 
       
   158         "SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA",
 
       
   159         "TLS_ECDH_anon_WITH_NULL_SHA",
 
       
   160         "TLS_KRB5_WITH_RC4_128_SHA",
 
       
   161         "TLS_KRB5_WITH_RC4_128_MD5",
 
       
   162         "TLS_KRB5_WITH_3DES_EDE_CBC_SHA",
 
       
   163         "TLS_KRB5_WITH_3DES_EDE_CBC_MD5",
 
       
   164         "TLS_KRB5_WITH_DES_CBC_SHA",
 
       
   165         "TLS_KRB5_WITH_DES_CBC_MD5",
 
       
   166         "TLS_KRB5_EXPORT_WITH_RC4_40_SHA",
 
       
   167         "TLS_KRB5_EXPORT_WITH_RC4_40_MD5",
 
       
   168         "TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA",
 
       
   169         "TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5",
 
       
   170 
       
   171     };
 
       
   172 
       
   173     // supported ciphersuites using unlimited JCE policy jurisdiction files
 
       
   174     // AES/256 available
 
       
   175     private final static String[] SUPPORTED_UNLIMITED = {
 
       
   176         "SSL_RSA_WITH_RC4_128_MD5",
 
       
   177         "SSL_RSA_WITH_RC4_128_SHA",
 
       
   178         "TLS_RSA_WITH_AES_128_CBC_SHA",
 
       
   179         "TLS_RSA_WITH_AES_256_CBC_SHA",
 
       
   180         "TLS_ECDH_ECDSA_WITH_RC4_128_SHA",
 
       
   181         "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA",
 
       
   182         "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA",
 
       
   183         "TLS_ECDH_RSA_WITH_RC4_128_SHA",
 
       
   184         "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA",
 
       
   185         "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA",
 
       
   186         "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
 
       
   187         "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
 
       
   188         "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
 
       
   189         "TLS_ECDHE_RSA_WITH_RC4_128_SHA",
 
       
   190         "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
 
       
   191         "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
 
       
   192         "TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
 
       
   193         "TLS_DHE_RSA_WITH_AES_256_CBC_SHA",
 
       
   194         "TLS_DHE_DSS_WITH_AES_128_CBC_SHA",
 
       
   195         "TLS_DHE_DSS_WITH_AES_256_CBC_SHA",
 
       
   196         "SSL_RSA_WITH_3DES_EDE_CBC_SHA",
 
       
   197         "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA",
 
       
   198         "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA",
 
       
   199         "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA",
 
       
   200         "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",
 
       
   201         "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
 
       
   202         "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA",
 
       
   203         "SSL_RSA_WITH_DES_CBC_SHA",
 
       
   204         "SSL_DHE_RSA_WITH_DES_CBC_SHA",
 
       
   205         "SSL_DHE_DSS_WITH_DES_CBC_SHA",
 
       
   206         "SSL_RSA_EXPORT_WITH_RC4_40_MD5",
 
       
   207         "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA",
 
       
   208         "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
 
       
   209         "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA",
 
       
   210         "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
 
       
   211 
       
   212         "SSL_RSA_WITH_NULL_MD5",
 
       
   213         "SSL_RSA_WITH_NULL_SHA",
 
       
   214         "TLS_ECDH_ECDSA_WITH_NULL_SHA",
 
       
   215         "TLS_ECDH_RSA_WITH_NULL_SHA",
 
       
   216         "TLS_ECDHE_ECDSA_WITH_NULL_SHA",
 
       
   217         "TLS_ECDHE_RSA_WITH_NULL_SHA",
 
       
   218         "SSL_DH_anon_WITH_RC4_128_MD5",
 
       
   219         "TLS_DH_anon_WITH_AES_128_CBC_SHA",
 
       
   220         "TLS_DH_anon_WITH_AES_256_CBC_SHA",
 
       
   221         "SSL_DH_anon_WITH_3DES_EDE_CBC_SHA",
 
       
   222         "SSL_DH_anon_WITH_DES_CBC_SHA",
 
       
   223         "TLS_ECDH_anon_WITH_RC4_128_SHA",
 
       
   224         "TLS_ECDH_anon_WITH_AES_128_CBC_SHA",
 
       
   225         "TLS_ECDH_anon_WITH_AES_256_CBC_SHA",
 
       
   226         "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA",
 
       
   227         "SSL_DH_anon_EXPORT_WITH_RC4_40_MD5",
 
       
   228         "SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA",
 
       
   229         "TLS_ECDH_anon_WITH_NULL_SHA",
 
       
   230         "TLS_KRB5_WITH_RC4_128_SHA",
 
       
   231         "TLS_KRB5_WITH_RC4_128_MD5",
 
       
   232         "TLS_KRB5_WITH_3DES_EDE_CBC_SHA",
 
       
   233         "TLS_KRB5_WITH_3DES_EDE_CBC_MD5",
 
       
   234         "TLS_KRB5_WITH_DES_CBC_SHA",
 
       
   235         "TLS_KRB5_WITH_DES_CBC_MD5",
 
       
   236         "TLS_KRB5_EXPORT_WITH_RC4_40_SHA",
 
       
   237         "TLS_KRB5_EXPORT_WITH_RC4_40_MD5",
 
       
   238         "TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA",
 
       
   239         "TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5",
 
       
   240 
       
   241     };
 
   200     };
 
   242 
   201 
   243     private static void showSuites(String[] suites) {
 
   202     private static void showSuites(String[] suites) {
 
   244         if ((suites == null) || (suites.length == 0)) {
 
   203         if ((suites == null) || (suites.length == 0)) {
 
   245             System.out.println("<none>");
 
   204             System.out.println("<none>");
 
   250     }
 
   209     }
 
   251 
   210 
   252     public static void main(String[] args) throws Exception {
 
   211     public static void main(String[] args) throws Exception {
 
   253         long start = System.currentTimeMillis();
 
   212         long start = System.currentTimeMillis();
 
   254 
   213 
       
   214         if (args.length != 1) {
 
       
   215             throw new Exception("One arg required");
 
       
   216         }
 
       
   217 
   255         String[] ENABLED;
 
   218         String[] ENABLED;
 
   256         String[] SUPPORTED;
 
   219         String[] SUPPORTED;
 
   257         try {
 
   220         if (args[0].equals("default")) {
 
   258             Cipher c = Cipher.getInstance("AES/CBC/NoPadding");
 
       
   259             SecretKeySpec key = new SecretKeySpec(new byte[32], "AES");
 
       
   260             c.init(Cipher.ENCRYPT_MODE, key);
 
       
   261             System.out.println("AES/256 is available");
 
       
   262             ENABLED = ENABLED_UNLIMITED;
 
       
   263             SUPPORTED = SUPPORTED_UNLIMITED;
 
       
   264         } catch (Exception e) {
 
       
   265             System.out.println("AES/256 is NOT available (" + e + ")");
 
       
   266             ENABLED = ENABLED_DEFAULT;
 
   221             ENABLED = ENABLED_DEFAULT;
 
   267             SUPPORTED = SUPPORTED_DEFAULT;
 
   222             SUPPORTED = SUPPORTED_DEFAULT;
 
       
   223         } else if (args[0].equals("limited")) {
 
       
   224             Security.setProperty("crypto.policy", "limited");
 
       
   225             ENABLED = ENABLED_LIMITED;
 
       
   226             SUPPORTED = SUPPORTED_LIMITED;
 
       
   227         } else {
 
       
   228             throw new Exception("Illegal argument");
 
   268         }
 
   229         }
 
   269 
   230 
   270         SSLSocketFactory factory = (SSLSocketFactory)SSLSocketFactory.getDefault();
 
   231         SSLSocketFactory factory = (SSLSocketFactory)SSLSocketFactory.getDefault();
 
   271         SSLSocket socket = (SSLSocket)factory.createSocket();
 
   232         SSLSocket socket = (SSLSocket)factory.createSocket();
 
   272         String[] enabled = socket.getEnabledCipherSuites();
 
   233         String[] enabled = socket.getEnabledCipherSuites();
jdk-sandbox