¿Qué conjuntos de cifrado vienen con Java jdk1.7.0_03 y / o cómo aprovisiono mi instalación RMI con ellos?

I've been wracking my brain on this problem, aquí, and suddenly thought to check if ANY cipher suites were available to the RMI Server. So, I put the following code in JUST BEFORE the RMI Registry is started:

msg("trustStore: "+System.getProperty("javax.net.ssl.trustStore"));
msg("trustStorePassword: "+System.getProperty("javax.net.ssl.trustStorePassword"));
msg("keyStore: "+System.getProperty("javax.net.ssl.keyStore")); 
msg("keyStorePassword: "+System.getProperty("javax.net.ssl.keyStorePassword"));
msg("rmi.server.hostname: "+System.getProperty("java.rmi.server.hostname"));msg("supportedCipherSuites: "+System.getProperty("javax.rmi.ssl.client.supportedCipherSuites"));
msg("enabledCipherSuites: "+System.getProperty("javax.rmi.ssl.client.enabledCipherSuites"));
msg("debug: "+System.getProperty("javax.net.debug"));

(where msg just sends data via System.out.println.)

...And to my horror found that "supportedCipherSuites"es NULL!


I looked all over creation, "used the google", and haven't yet figured out how I'm supposed to populate my instalation with suitable cipher suites. ...I'm not looking for much special, just the basic ordinary stuff will do fine!


PS Where does the RMI Registry's output from javax.net.debug go? Can't find it anywhere! Thanks....

preguntado el 09 de marzo de 12 a las 23:03

Did you install the unlimited strength cryptography policy files? -

@MarkRotteveel Not explicitly - how do I do that? Back in the day, there was a JSSE download, but I didn't find one today. ...I think that's a part of my stated question, "how am I supposed to populate my installation with suitable cipher suites?" -smile- Sounds like you could tell me! -

By default the Java installation restricts the encryption strength because of weird American export laws (and this has always been the case). You can download the policy files at java.oracle.com (BTW: I am not saying this is the solution) -

1 Respuestas

You'll find the list of supported cipher suites in Oracle JRE 7 in the SunJSSE provider documentation: there are two tables for those enabled and disabled by default, respectively.

No me preocuparía demasiado por System.getProperty("javax.rmi.ssl.client.supportedCipherSuites")) volver null: these system properties are for you to make settings, not for the JRE/RMI API to publish its current state. In addition, there is no mention of this system property en la documentación dónde javax.rmi.ssl.client.enabledCipherSuites is documented. If you want to use specific cipher suites, set javax.rmi.ssl.client.enabledCipherSuites, don't read it.

Obteniendo el javax.net.ssl.* properties won't necessarily tell you what the actual used values are (see esta respuesta). For example a null javax.net.ssl.trustStore will still use the default truststore.

Igual por javax.net.debug: it's for you to set and the Net/SSL API to use, not the other way around.

contestado el 23 de mayo de 17 a las 13:05

I can't show that you're wrong about "javax.rmi.ssl.client.enabledCipherSuites", however if it is indeed used as you describe then its name is estúpido. It should be "setCipherSuites" or even just "enableCipherSuites" - that "ed" makes it PAST TENSE. I'd find it beyond odd that the engineers who created the Java SSE would be que unaware of the proper use and meanings of suffixes in english! That said, your answer otherwise appears to be correct, so I'm flagging it as so! -smile- Thank you for your help. - ricardo t

As far as I'm aware, "-ed" is not just for past tense or preterite, but can be used a noun modifiers almost as adjectives (e.g. "Something is required."), although "something is enabled" and "something has been enabled" could both work, I think. System properties are settings, not methods; an active verb would imply an action there and then, which is not something that system properties are meant to do. Perhaps it's something to ask on espanol.stackexchange.com :-)- Marrón

Hmmm, I like my "drop the d" solution better - that way it's not an action, like set, but a request, as in "please!" -smile- Boy, software would be SO MUCH BETTER if we were the engineers making it! Oh, wait, we ARE, just not Java engineers! - ricardo t

No es la respuesta que estás buscando? Examinar otras preguntas etiquetadas or haz tu propia pregunta.