Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How to set ciphersuite for a SSLContext object? #103

Open
Poojam-murthy opened this issue Jun 12, 2023 · 2 comments
Open

How to set ciphersuite for a SSLContext object? #103

Poojam-murthy opened this issue Jun 12, 2023 · 2 comments

Comments

@Poojam-murthy
Copy link

Poojam-murthy commented Jun 12, 2023
edited
Loading

We are trying to set only those ciphers required for us in client hello , so trying to set ciphers in context object as shown in below code but our changes are not reflecting still client uses default ciphers only, can you suggest ways to set ciphers to context and client should offer only those ciphers in request?
public SSLContext getContext() {
String[] cipherSuites = Arrays.asList("Ciphers");// required Ciphers list
SSLContext context = SSLContext.getInstance("TLSv1.2", "SunJSSE");
context.init(keyManagerFactory.getKeyManagers(), trustMgrFactory.getTrustManagers(),
SecureRandom.getInstance("DEFAULT", provider));
context.getDefaultSSLParameters().setCipherSuites(cipherSuites);
}
@Poojam-murthy Poojam-murthy mentioned this issue Jun 14, 2023
Open
@sownaRajkumar
Copy link

try using system property
-Djdk.tls.client.cipherSuites=TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA

@Poojam-murthy
Copy link
Author

We actually want to set ciphers wrt to client not at jdk level, and tried setting ciphers by creating socket using SSLContext like below but everytime new socket is created by client cloudbees instead of our setting, is there a way how can we set ciphers to SSLContext so client uses custom settings?

{
TcpSyslogMessageSender messageSendertcp = new TcpSyslogMessageSender();
// Construct tcp Header
messageSendertcp.setSyslogServerHostname(syslogServerDetails.getHostName());
messageSendertcp.setSyslogServerPort(syslogServerDetails.getPort());
messageSendertcp.setMessageFormat(MessageFormat.RFC_5425);
messageSendertcp.setDefaultMessageHostname(this.getHostName());
messageSendertcp.setDefaultAppName(syslogMessage.getAppName());
messageSendertcp.setDefaultFacility(syslogMessage.getFacility());
messageSendertcp.setDefaultSeverity(syslogMessage.getSeverity());
messageSendertcp.setPostfix("");
SSLContext context = getSSLContext();
if (context != null) {

    messageSendertcp.setSSLContext(context);
    messageSendertcp.setSsl(true);
    messageSendertcp.getSSLContext().setDefault(context);
}

}
public SSLContext getContext() {
String[] cipherSuites = Arrays.asList("Ciphers"); // required Ciphers list
SSLContext context = SSLContext.getInstance("TLSv1.2", "SunJSSE");
context.init(keyManagerFactory.getKeyManagers(), trustMgrFactory.getTrustManagers(),
SecureRandom.getInstance("DEFAULT", provider));
SSLSocketFactory socketFac = context.getSocketFactory();
SSLSocket sslSocket = (SSLSocket) socketFac.createSocket();
sslSocket.setEnabledCipherSuites(cipherSuites);
context.init(keyManagerFactory.getKeyManagers(), trustMgrFactory.getTrustManagers(),
SecureRandom.getInstance("DEFAULT", provider));
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sownaRajkumar @Poojam-murthy