1/* 2 * Copyright (c) 2002, 2010, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24/* 25 * @test 26 * @bug 4750141 4895631 27 * @summary Check enabled and supported ciphersuites are correct 28 * @ignore JSSE supported cipher suites are changed with CR 6916074, 29 * need to update this test case in JDK 7 soon 30 */ 31 32import java.util.*; 33 34import javax.net.ssl.*; 35 36import javax.crypto.Cipher; 37import javax.crypto.spec.*; 38 39public class CheckCipherSuites { 40 41 private final static String[] ENABLED_DEFAULT = { 42 "SSL_RSA_WITH_RC4_128_MD5", 43 "SSL_RSA_WITH_RC4_128_SHA", 44 "TLS_RSA_WITH_AES_128_CBC_SHA", 45 "TLS_ECDH_ECDSA_WITH_RC4_128_SHA", 46 "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", 47 "TLS_ECDH_RSA_WITH_RC4_128_SHA", 48 "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", 49 "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", 50 "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", 51 "TLS_ECDHE_RSA_WITH_RC4_128_SHA", 52 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", 53 "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", 54 "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", 55 "SSL_RSA_WITH_3DES_EDE_CBC_SHA", 56 "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", 57 "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", 58 "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", 59 "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", 60 "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA", 61 "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA", 62 "SSL_RSA_WITH_DES_CBC_SHA", 63 "SSL_DHE_RSA_WITH_DES_CBC_SHA", 64 "SSL_DHE_DSS_WITH_DES_CBC_SHA", 65 "SSL_RSA_EXPORT_WITH_RC4_40_MD5", 66 "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", 67 "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", 68 "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", 69 "TLS_EMPTY_RENEGOTIATION_INFO_SCSV", 70 71 }; 72 73 private final static String[] ENABLED_UNLIMITED = { 74 "SSL_RSA_WITH_RC4_128_MD5", 75 "SSL_RSA_WITH_RC4_128_SHA", 76 "TLS_RSA_WITH_AES_128_CBC_SHA", 77 "TLS_RSA_WITH_AES_256_CBC_SHA", 78 "TLS_ECDH_ECDSA_WITH_RC4_128_SHA", 79 "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", 80 "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", 81 "TLS_ECDH_RSA_WITH_RC4_128_SHA", 82 "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", 83 "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", 84 "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", 85 "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", 86 "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", 87 "TLS_ECDHE_RSA_WITH_RC4_128_SHA", 88 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", 89 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", 90 "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", 91 "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", 92 "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", 93 "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", 94 "SSL_RSA_WITH_3DES_EDE_CBC_SHA", 95 "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", 96 "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", 97 "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", 98 "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", 99 "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA", 100 "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA", 101 "SSL_RSA_WITH_DES_CBC_SHA", 102 "SSL_DHE_RSA_WITH_DES_CBC_SHA", 103 "SSL_DHE_DSS_WITH_DES_CBC_SHA", 104 "SSL_RSA_EXPORT_WITH_RC4_40_MD5", 105 "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", 106 "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", 107 "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", 108 "TLS_EMPTY_RENEGOTIATION_INFO_SCSV", 109 110 }; 111 112 // supported ciphersuites using default JCE policy jurisdiction files 113 // AES/256 unavailable 114 private final static String[] SUPPORTED_DEFAULT = { 115 "SSL_RSA_WITH_RC4_128_MD5", 116 "SSL_RSA_WITH_RC4_128_SHA", 117 "TLS_RSA_WITH_AES_128_CBC_SHA", 118 "TLS_ECDH_ECDSA_WITH_RC4_128_SHA", 119 "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", 120 "TLS_ECDH_RSA_WITH_RC4_128_SHA", 121 "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", 122 "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", 123 "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", 124 "TLS_ECDHE_RSA_WITH_RC4_128_SHA", 125 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", 126 "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", 127 "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", 128 "SSL_RSA_WITH_3DES_EDE_CBC_SHA", 129 "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", 130 "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", 131 "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", 132 "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", 133 "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA", 134 "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA", 135 "SSL_RSA_WITH_DES_CBC_SHA", 136 "SSL_DHE_RSA_WITH_DES_CBC_SHA", 137 "SSL_DHE_DSS_WITH_DES_CBC_SHA", 138 "SSL_RSA_EXPORT_WITH_RC4_40_MD5", 139 "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", 140 "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", 141 "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", 142 "TLS_EMPTY_RENEGOTIATION_INFO_SCSV", 143 144 "SSL_RSA_WITH_NULL_MD5", 145 "SSL_RSA_WITH_NULL_SHA", 146 "TLS_ECDH_ECDSA_WITH_NULL_SHA", 147 "TLS_ECDH_RSA_WITH_NULL_SHA", 148 "TLS_ECDHE_ECDSA_WITH_NULL_SHA", 149 "TLS_ECDHE_RSA_WITH_NULL_SHA", 150 "SSL_DH_anon_WITH_RC4_128_MD5", 151 "TLS_DH_anon_WITH_AES_128_CBC_SHA", 152 "SSL_DH_anon_WITH_3DES_EDE_CBC_SHA", 153 "SSL_DH_anon_WITH_DES_CBC_SHA", 154 "TLS_ECDH_anon_WITH_RC4_128_SHA", 155 "TLS_ECDH_anon_WITH_AES_128_CBC_SHA", 156 "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA", 157 "SSL_DH_anon_EXPORT_WITH_RC4_40_MD5", 158 "SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA", 159 "TLS_ECDH_anon_WITH_NULL_SHA", 160 "TLS_KRB5_WITH_RC4_128_SHA", 161 "TLS_KRB5_WITH_RC4_128_MD5", 162 "TLS_KRB5_WITH_3DES_EDE_CBC_SHA", 163 "TLS_KRB5_WITH_3DES_EDE_CBC_MD5", 164 "TLS_KRB5_WITH_DES_CBC_SHA", 165 "TLS_KRB5_WITH_DES_CBC_MD5", 166 "TLS_KRB5_EXPORT_WITH_RC4_40_SHA", 167 "TLS_KRB5_EXPORT_WITH_RC4_40_MD5", 168 "TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA", 169 "TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5", 170 171 }; 172 173 // supported ciphersuites using unlimited JCE policy jurisdiction files 174 // AES/256 available 175 private final static String[] SUPPORTED_UNLIMITED = { 176 "SSL_RSA_WITH_RC4_128_MD5", 177 "SSL_RSA_WITH_RC4_128_SHA", 178 "TLS_RSA_WITH_AES_128_CBC_SHA", 179 "TLS_RSA_WITH_AES_256_CBC_SHA", 180 "TLS_ECDH_ECDSA_WITH_RC4_128_SHA", 181 "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", 182 "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", 183 "TLS_ECDH_RSA_WITH_RC4_128_SHA", 184 "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", 185 "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", 186 "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", 187 "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", 188 "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", 189 "TLS_ECDHE_RSA_WITH_RC4_128_SHA", 190 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", 191 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", 192 "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", 193 "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", 194 "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", 195 "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", 196 "SSL_RSA_WITH_3DES_EDE_CBC_SHA", 197 "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", 198 "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", 199 "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", 200 "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", 201 "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA", 202 "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA", 203 "SSL_RSA_WITH_DES_CBC_SHA", 204 "SSL_DHE_RSA_WITH_DES_CBC_SHA", 205 "SSL_DHE_DSS_WITH_DES_CBC_SHA", 206 "SSL_RSA_EXPORT_WITH_RC4_40_MD5", 207 "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", 208 "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", 209 "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", 210 "TLS_EMPTY_RENEGOTIATION_INFO_SCSV", 211 212 "SSL_RSA_WITH_NULL_MD5", 213 "SSL_RSA_WITH_NULL_SHA", 214 "TLS_ECDH_ECDSA_WITH_NULL_SHA", 215 "TLS_ECDH_RSA_WITH_NULL_SHA", 216 "TLS_ECDHE_ECDSA_WITH_NULL_SHA", 217 "TLS_ECDHE_RSA_WITH_NULL_SHA", 218 "SSL_DH_anon_WITH_RC4_128_MD5", 219 "TLS_DH_anon_WITH_AES_128_CBC_SHA", 220 "TLS_DH_anon_WITH_AES_256_CBC_SHA", 221 "SSL_DH_anon_WITH_3DES_EDE_CBC_SHA", 222 "SSL_DH_anon_WITH_DES_CBC_SHA", 223 "TLS_ECDH_anon_WITH_RC4_128_SHA", 224 "TLS_ECDH_anon_WITH_AES_128_CBC_SHA", 225 "TLS_ECDH_anon_WITH_AES_256_CBC_SHA", 226 "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA", 227 "SSL_DH_anon_EXPORT_WITH_RC4_40_MD5", 228 "SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA", 229 "TLS_ECDH_anon_WITH_NULL_SHA", 230 "TLS_KRB5_WITH_RC4_128_SHA", 231 "TLS_KRB5_WITH_RC4_128_MD5", 232 "TLS_KRB5_WITH_3DES_EDE_CBC_SHA", 233 "TLS_KRB5_WITH_3DES_EDE_CBC_MD5", 234 "TLS_KRB5_WITH_DES_CBC_SHA", 235 "TLS_KRB5_WITH_DES_CBC_MD5", 236 "TLS_KRB5_EXPORT_WITH_RC4_40_SHA", 237 "TLS_KRB5_EXPORT_WITH_RC4_40_MD5", 238 "TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA", 239 "TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5", 240 241 }; 242 243 private static void showSuites(String[] suites) { 244 if ((suites == null) || (suites.length == 0)) { 245 System.out.println("<none>"); 246 } 247 for (int i = 0; i < suites.length; i++) { 248 System.out.println(" " + suites[i]); 249 } 250 } 251 252 public static void main(String[] args) throws Exception { 253 long start = System.currentTimeMillis(); 254 255 String[] ENABLED; 256 String[] SUPPORTED; 257 try { 258 Cipher c = Cipher.getInstance("AES/CBC/NoPadding"); 259 SecretKeySpec key = new SecretKeySpec(new byte[32], "AES"); 260 c.init(Cipher.ENCRYPT_MODE, key); 261 System.out.println("AES/256 is available"); 262 ENABLED = ENABLED_UNLIMITED; 263 SUPPORTED = SUPPORTED_UNLIMITED; 264 } catch (Exception e) { 265 System.out.println("AES/256 is NOT available (" + e + ")"); 266 ENABLED = ENABLED_DEFAULT; 267 SUPPORTED = SUPPORTED_DEFAULT; 268 } 269 270 SSLSocketFactory factory = (SSLSocketFactory)SSLSocketFactory.getDefault(); 271 SSLSocket socket = (SSLSocket)factory.createSocket(); 272 String[] enabled = socket.getEnabledCipherSuites(); 273 274 System.out.println("Default enabled ciphersuites:"); 275 showSuites(enabled); 276 277 if (Arrays.equals(ENABLED, enabled) == false) { 278 System.out.println("*** MISMATCH, should be ***"); 279 showSuites(ENABLED); 280 throw new Exception("Enabled ciphersuite mismatch"); 281 } 282 System.out.println("OK"); 283 System.out.println(); 284 285 String[] supported = socket.getSupportedCipherSuites(); 286 System.out.println("Supported ciphersuites:"); 287 showSuites(supported); 288 289 if (Arrays.equals(SUPPORTED, supported) == false) { 290 System.out.println("*** MISMATCH, should be ***"); 291 showSuites(SUPPORTED); 292 throw new Exception("Supported ciphersuite mismatch"); 293 } 294 System.out.println("OK"); 295 296 long end = System.currentTimeMillis(); 297 System.out.println("Done (" + (end - start) + " ms)."); 298 } 299 300} 301