How can I get a list of cipher suites available in java 11?

Question

I'm debugging an SSL problem and trying find how Java knows what cipher suites are supported.

How can I get a list of the cipher suites that are supported by TLSv1.2 in Java 11?

Is there Java code I could write to list the cipher suites available?

Searching for answers:

I found that openssl can list several.

openssl ciphers -V | head
          0xC0,0x30 - ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(256) Mac=AEAD
          0xC0,0x2C - ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(256) Mac=AEAD
          0xC0,0x28 - ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA384
          0xC0,0x24 - ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(256)  Mac=SHA384
          0xC0,0x14 - ECDHE-RSA-AES256-SHA    SSLv3 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA1
          0xC0,0x0A - ECDHE-ECDSA-AES256-SHA  SSLv3 Kx=ECDH     Au=ECDSA Enc=AES(256)  Mac=SHA1
          0x00,0xA5 - DH-DSS-AES256-GCM-SHA384 TLSv1.2 Kx=DH/DSS   Au=DH   Enc=AESGCM(256) Mac=AEAD
          0x00,0xA3 - DHE-DSS-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=DSS  Enc=AESGCM(256) Mac=AEAD
          0x00,0xA1 - DH-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH/RSA   Au=DH   Enc=AESGCM(256) Mac=AEAD
          0x00,0x9F - DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(256) Mac=AEAD

Ardit Meti · Answer 1 · 2023-03-22T20:39:16.403

2

SSLSocketFactory f = (SSLSocketFactory) SSLSocketFactory.getDefault();
SSLSocket secureSocket = (SSLSocket) f.createSocket();
stream(secureSocket.getSupportedCipherSuites()).forEach(System.out::println);

p.s. Also there is this cool link from mozilla that recommend based on the webserver: https://ssl-config.mozilla.org/#server=tomcat&version=9.0.30&config=intermediate&guideline=5.6

edited Mar 22 '23 at 20:39

answered Mar 22 '23 at 20:17

Ardit Meti

571
5
22

On the last line of your sample code, I got a syntax error and changed it to get it to compile. – PatS Mar 24 '23 at 15:40

score 1 · Answer 2 · answered Mar 22 '23 at 19:56

The SO question Which Cipher Suites Algorithm Are Supported in Jdk11 and Which One is Best to Use with TLSv1.2 has the answer buried in details of answering a related question.

The link is: https://docs.oracle.com/en/java/javase/11/docs/specs/security/standard-names.html#jsse-cipher-suite-names

The table is very large so it is not reproduced below.

How can I get a list of cipher suites available in java 11?

Searching for answers:

2 Answers2