将密码套件 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 添加到 Java 7
Add cipher suite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 to Java 7
我想在 Java 7.
中将 TLSv1.2 与 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 一起使用
我已将 -Ddeployment.security.TLSv1.2=true 添加到 VM 参数中,我想知道如何添加上述密码套件。
@ dave_thompson_085 提供的提示。
Java 7 JSSE (the SSL/TLS provider) does not implement GCM ciphersuites, only Java 8 does. A thirdparty provider like BouncyCastle might. Also remember all Oracle/Sun JREs support AES-256 suites (and more-than-128-bit symmetric encryption generally) only if the JCE Unlimited Strength option is installed.
I said (Java8 OR MAYBE BC) AND (UnlimitedStrength OR NOT Oracle -- or more exactly openjdk). I thought I recalled BCprov doing SSL/TLS but on checking it's only the lightweight API, so unless you rewrite your code (and any involved libraries) you need (Java8 to get GCM) AND (UnlimitedStrength OR openjdk to get AES256).
我想在 Java 7.
中将TLSv1.2 与 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 一起使用
我已将 -Ddeployment.security.TLSv1.2=true 添加到 VM 参数中,我想知道如何添加上述密码套件。
@ dave_thompson_085 提供的提示。
Java 7 JSSE (the SSL/TLS provider) does not implement GCM ciphersuites, only Java 8 does. A thirdparty provider like BouncyCastle might. Also remember all Oracle/Sun JREs support AES-256 suites (and more-than-128-bit symmetric encryption generally) only if the JCE Unlimited Strength option is installed.
I said (Java8 OR MAYBE BC) AND (UnlimitedStrength OR NOT Oracle -- or more exactly openjdk). I thought I recalled BCprov doing SSL/TLS but on checking it's only the lightweight API, so unless you rewrite your code (and any involved libraries) you need (Java8 to get GCM) AND (UnlimitedStrength OR openjdk to get AES256).