Submit My Question - Recent Questions - Recent Answer
java >> Security >> Java Secure Socket Extension (JSSE)

Enabled protocols question

Running the code below I get as a return from getEnabledProtocols SSLv2Hello, SSLv3 and TLSv1.

Since I have set TLSv1 in the context, shouldn磘 it return only this protocol? I understand it is possible to send TLS Client Hello messages wrapped in SSLv2, but I don磘 want it to happen.

Are there any way to remove the other protocols from the created socket other than calling setEnabledProtocols()?

Thanks in advance.

import javax.net.ssl.*;

publicclass SSLTest{

publicstaticvoid main(String[] args){

try{

SSLContext ctx = SSLContext.getInstance("TLSv1");

ctx.init(null, null,null);

SSLSocketFactory f = ctx.getSocketFactory();

SSLSocket s = (SSLSocket) f.createSocket("<aHost>", <aPort>);

String[] ps = s.getEnabledProtocols();

for (int i = 0; i < ps.length; i++){

System.out.println("Proto: " + ps[i]);

}

}catch (Exception e){

e.printStackTrace();

}

}

}

[1705 byte] By [mdedianaa] at [2007-9-24]
«« Why My JSTL Tag Cannont Do What Struts Tag Does?
»» Getting Old Version of Class with ANT
# 1
I think the TLSv1 you got the SSLContext for is treated as the highest level to support, with the other lower levels supported. If you had said 'SSL" maybe you wouldn't have got TLS enabled.I'm not aware of any way other than setEnabledProtocols().
ejpa at 2007-7-14 > top of java,Security,Java Secure Socket Extension (JSSE)...
# 2

my turn to answer to you ejp.. :)

With SUN JSSE,

SSLContext.getInstance("SSL") and SSLContext.getInstance("TLS") returns the very same object

The choice is made by calling setEnabledProtocols(), and at this point it is a good idea to add the SSLv2Hello

example :

daSocket.setEnabledProtocols(new String[] {"SSLv3", "SSLv2Hello"});

or :

daSocket.setEnabledProtocols(new String[] {"TLSv1", "SSLv2Hello"});

However, if you're running the IBM JSSE, it is very different

http://java.sun.com/j2se/1.5.0/docs/guide/security/jsse/JSSERefGuide.html#SupportClasses

http://www-128.ibm.com/developerworks/java/jdk/security/142/secguides/jssedocs/JSSERefGuide.html

elysianfr/NephYliM

NephYliMa at 2007-7-14 > top of java,Security,Java Secure Socket Extension (JSSE)...
# 3
> at this point it is a good idea to add the SSLv2HelloIn IBM's implementation it can't be added because it's not supported. As the link you posted says.
ejpa at 2007-7-14 > top of java,Security,Java Secure Socket Extension (JSSE)...
Security
Java Secure Socket Extension (JSSE)

Security Hot Topic

Security New Topic

Security

Site Classified