问题:
在Ubuntu OpenJDK 7上启用密码
贺元明
我编写了以下Java程序来转储JVM中启用的密码:
import java.security.KeyStore;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManagerFactory;
public class ListCiphers
{
public static void main(String[] args)
throws Exception
{
SSLContext ctx = SSLContext.getInstance("TLSv1");
// Create an empty TrustManagerFactory to avoid loading default CA
KeyStore ks = KeyStore.getInstance("JKS");
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(ks);
ctx.init(null, tmf.getTrustManagers(), null);
SSLSocket socket = (SSLSocket) ctx.getSocketFactory().createSocket("mozilla.org", 443);
printSupportedCiphers(socket);
printEnabledCiphers(socket);
}
private static void printSupportedCiphers(SSLSocket socket)
{
printInfos("Supported cipher suites", socket.getSupportedCipherSuites());
}
private static void printEnabledCiphers(SSLSocket socket)
{
printInfos("Enabled cipher suites", socket.getEnabledCipherSuites());
}
private static void printInfos(String prefix, String[] values)
{
System.out.println(prefix + ":");
for (int i = 0; i < values.length; i++)
System.out.println(" " + values[i]);
}
}
当我在Ubuntu 12.04.3上运行这个程序时,启用了openjdk-7-jre/amd64 7u25-2.3.10-1ubuntu0.12.04.2(/usr/lib/jvm/java-7-openjdk-amd64/jre/bin/java),并启用了调试,我得到了以下输出:
$ /usr/lib/jvm/java-7-openjdk-amd64/jre/bin/java -Djavax.net.debug=all ListCiphers
trigger seeding of SecureRandom
done seeding SecureRandom
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Supported cipher suites:
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_DSS_WITH_AES_256_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
TLS_ECDHE_RSA_WITH_RC4_128_SHA
SSL_RSA_WITH_RC4_128_SHA
TLS_ECDH_ECDSA_WITH_RC4_128_SHA
TLS_ECDH_RSA_WITH_RC4_128_SHA
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
SSL_RSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
SSL_RSA_WITH_RC4_128_MD5
TLS_EMPTY_RENEGOTIATION_INFO_SCSV
TLS_DH_anon_WITH_AES_256_CBC_SHA256
TLS_ECDH_anon_WITH_AES_256_CBC_SHA
TLS_DH_anon_WITH_AES_256_CBC_SHA
TLS_DH_anon_WITH_AES_128_CBC_SHA256
TLS_ECDH_anon_WITH_AES_128_CBC_SHA
TLS_DH_anon_WITH_AES_128_CBC_SHA
TLS_ECDH_anon_WITH_RC4_128_SHA
SSL_DH_anon_WITH_RC4_128_MD5
TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA
SSL_DH_anon_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_NULL_SHA256
TLS_ECDHE_ECDSA_WITH_NULL_SHA
TLS_ECDHE_RSA_WITH_NULL_SHA
SSL_RSA_WITH_NULL_SHA
TLS_ECDH_ECDSA_WITH_NULL_SHA
TLS_ECDH_RSA_WITH_NULL_SHA
TLS_ECDH_anon_WITH_NULL_SHA
SSL_RSA_WITH_NULL_MD5
SSL_RSA_WITH_DES_CBC_SHA
SSL_DHE_RSA_WITH_DES_CBC_SHA
SSL_DHE_DSS_WITH_DES_CBC_SHA
SSL_DH_anon_WITH_DES_CBC_SHA
SSL_RSA_EXPORT_WITH_RC4_40_MD5
SSL_DH_anon_EXPORT_WITH_RC4_40_MD5
SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA
TLS_KRB5_WITH_RC4_128_SHA
TLS_KRB5_WITH_RC4_128_MD5
TLS_KRB5_WITH_3DES_EDE_CBC_SHA
TLS_KRB5_WITH_3DES_EDE_CBC_MD5
TLS_KRB5_WITH_DES_CBC_SHA
TLS_KRB5_WITH_DES_CBC_MD5
TLS_KRB5_EXPORT_WITH_RC4_40_SHA
TLS_KRB5_EXPORT_WITH_RC4_40_MD5
TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA
TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5
Enabled cipher suites:
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_DSS_WITH_AES_256_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
TLS_ECDHE_RSA_WITH_RC4_128_SHA
SSL_RSA_WITH_RC4_128_SHA
TLS_ECDH_ECDSA_WITH_RC4_128_SHA
TLS_ECDH_RSA_WITH_RC4_128_SHA
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
SSL_RSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
SSL_RSA_WITH_RC4_128_MD5
TLS_EMPTY_RENEGOTIATION_INFO_SCSV
我感到奇怪的是,调试日志报告某些密码不受支持,但它们仍然报告在由getSupportedCipherSuites()返回的支持列表中。
我的平台有什么问题吗?
共有1个答案
印劲
我认为你是对的,警告信息没有帮助。如果您查看sun中的代码。安全ssl。SSLContextImpl生成位置:
for (CipherSuite suite : allowedCipherSuites) {
/* snip */
if (suite.isAvailable() &&
suite.obsoleted > protocols.min.v &&
suite.supported <= protocols.max.v) {
/* snip */
} else if (debug != null &&
Debug.isOn("sslctx") && Debug.isOn("verbose")) {
if (suite.obsoleted <= protocols.min.v) {
System.out.println(
"Ignoring obsoleted cipher suite: " + suite);
} else if (suite.supported > protocols.max.v) {
System.out.println(
"Ignoring unsupported cipher suite: " + suite);
} else {
System.out.println(
"Ignoring unavailable cipher suite: " + suite);
}
}
}
它在允许的密码套件中循环,而不是在支持的密码套件中循环。
类似资料:
-
问题内容: 我编写了以下Java程序以将启用的密码转储到JVM中: 当我在具有openjdk-7-jre / amd64 7u25-2.3.10-1ubuntu0.12.04.2(/ usr / lib / jvm / java-7-openjdk-amd64 / jre / bin / java的Ubuntu 12.04.3上运行此程序时)启用了调试,我得到以下输出: 我感到奇怪的是,调试日志报
-
我有一个在NeoVim中没有按预期发射的关键命令。下面是我neovim配置的摘录: 来自:nmap的适用条目显示绑定尚未被覆盖。 但按
-
问题内容: 我正在尝试让HTTPS在node.express.js上工作,但我无法弄清楚。 这是我的代码。 当我运行它时,它似乎仅响应HTTP请求。 我写了简单的基于香草的HTTPS应用程序: 当我运行此应用程序时,它 确实 响应HTTPS请求。请注意,我认为fs结果上的toString()并不重要,因为我使用了两者的组合,但仍然没有es bueno。 编辑添加: 对于生产系统,最好使用Nginx
-
问题内容: 我有这个wordpress网站,带有一个名为JSON API的插件。此插件为wordpress中的内容提供JSON格式。我可以通过添加header(“ Access-Control-Allow-Origin:*”)来在wordpress上启用CORS。在php标头上。但是,当我尝试使用JSON API插件提供的CORS的网址时,它不再起作用。 这是我正在测试的wordpress网站…我
-
我想运行PHP脚本,它有卷曲。 但以下功能被php.ini禁用: exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,show_source 我在php中更改了以下行。ini: disable_functions=exec,通过,shell_exec,系统,proc_open,流行,show_sourc
-
Ubuntu 16.04.1 LTS Hadoop 3.3.1 当我运行start dfs时。上海, hadoop@ubuntu:/hadoop/sbin$启动dfs。在[ubuntu]上启动namenodes(名称节点):警告:将“ubuntu”(ECDSA)永久添加到已知主机列表中 启动datanodes localhost:警告:将“localhost”(ECDSA)永久添加到已知主机列表中