Java 7 support of AES-GCM in SSL/TLS?

Question

According to Java 7 documentation as well as third party vendors, it appears Java 7 should support AES-GCM suites:

1. ibm java 7
2. java 7 ssl doc

Answer 1

I've recently been messing around with Java and this cipher suite nonsense quite a bit recently.

From my experience, you need the unlimited policy files to get some extra suites. I can't remember off the top my head if using those would get you the GCM ciphers, but from my recollection with IBM java it at least got me the AES256 bit ciphers.

This link shows that you can at least initialise an SSLContext with TLSv1.2 (so you should be able atleast support all of the TLSv1.2 cipher suites that do not require the unlimited jurisditcion policy files)

Having a glance at some of the links I've looked at before I can't see any GCM ciphers on oracle's cipher suite list! orace-enabled/supported-cipher-suites.

Hopefully some of those links help you out!

(I'm typing this while running out of work so forgive me if I missed any gcm ciphers :) )

Answer 2

There are no GCM cipher suites in the SunJSSE Provider of Java 7 (assuming an Oracle JRE), although it supports TLS 1.2.

These have been introduced in Java 8 (see cipher suite table in the "The SunJSSE Provider" section).

1.8.0-ea-b124    
Connecting with 71 cipher suites supported:

 ********* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 ********* 
 ********* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 ********* 
 ********* TLS_RSA_WITH_AES_128_CBC_SHA256 ********* 
 ********* TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 ********* 
 ********* TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 ********* 
 ********* TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 ********* 
 ********* TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 ********* 
 ********* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA ********* 
 ********* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA ********* 
 ********* TLS_RSA_WITH_AES_128_CBC_SHA ********* 
 ********* TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA ********* 
 ********* TLS_ECDH_RSA_WITH_AES_128_CBC_SHA ********* 
 ********* TLS_DHE_RSA_WITH_AES_128_CBC_SHA ********* 
 ********* TLS_DHE_DSS_WITH_AES_128_CBC_SHA ********* 
 ********* TLS_ECDHE_ECDSA_WITH_RC4_128_SHA ********* 
 ********* TLS_ECDHE_RSA_WITH_RC4_128_SHA ********* 
 ********* SSL_RSA_WITH_RC4_128_SHA ********* 
 ********* TLS_ECDH_ECDSA_WITH_RC4_128_SHA ********* 
 ********* TLS_ECDH_RSA_WITH_RC4_128_SHA ********* 
 ********* TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ********* 
 ********* TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ********* 
 ********* TLS_RSA_WITH_AES_128_GCM_SHA256 ********* 
 ********* TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 ********* 
 ********* TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 ********* 
 ********* TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 ********* 
 ********* TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 ********* 
 ********* TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA ********* 
 ********* TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA ********* 
 ********* SSL_RSA_WITH_3DES_EDE_CBC_SHA ********* 
 ********* TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA ********* 
 ********* TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA ********* 
 ********* SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA ********* 
 ********* SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA ********* 
 ********* SSL_RSA_WITH_RC4_128_MD5 ********* 
 ********* TLS_EMPTY_RENEGOTIATION_INFO_SCSV ********* 
 ********* TLS_DH_anon_WITH_AES_128_GCM_SHA256 ********* 
 ********* TLS_DH_anon_WITH_AES_128_CBC_SHA256 ********* 
 ********* TLS_ECDH_anon_WITH_AES_128_CBC_SHA ********* 
 ********* TLS_DH_anon_WITH_AES_128_CBC_SHA ********* 
 ********* TLS_ECDH_anon_WITH_RC4_128_SHA ********* 
 ********* SSL_DH_anon_WITH_RC4_128_MD5 ********* 
 ********* TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA ********* 
 ********* SSL_DH_anon_WITH_3DES_EDE_CBC_SHA ********* 
 ********* TLS_RSA_WITH_NULL_SHA256 ********* 
 ********* TLS_ECDHE_ECDSA_WITH_NULL_SHA ********* 
 ********* TLS_ECDHE_RSA_WITH_NULL_SHA ********* 
 ********* SSL_RSA_WITH_NULL_SHA ********* 
 ********* TLS_ECDH_ECDSA_WITH_NULL_SHA ********* 
 ********* TLS_ECDH_RSA_WITH_NULL_SHA ********* 
 ********* TLS_ECDH_anon_WITH_NULL_SHA ********* 
 ********* SSL_RSA_WITH_NULL_MD5 ********* 
 ********* SSL_RSA_WITH_DES_CBC_SHA ********* 
 ********* SSL_DHE_RSA_WITH_DES_CBC_SHA ********* 
 ********* SSL_DHE_DSS_WITH_DES_CBC_SHA ********* 
 ********* SSL_DH_anon_WITH_DES_CBC_SHA ********* 
 ********* SSL_RSA_EXPORT_WITH_RC4_40_MD5 ********* 
 ********* SSL_DH_anon_EXPORT_WITH_RC4_40_MD5 ********* 
 ********* SSL_RSA_EXPORT_WITH_DES40_CBC_SHA ********* 
 ********* SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA ********* 
 ********* SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA ********* 
 ********* SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA ********* 
 ********* TLS_KRB5_WITH_RC4_128_SHA ********* 
 ********* TLS_KRB5_WITH_RC4_128_MD5 ********* 
 ********* TLS_KRB5_WITH_3DES_EDE_CBC_SHA ********* 
 ********* TLS_KRB5_WITH_3DES_EDE_CBC_MD5 ********* 
 ********* TLS_KRB5_WITH_DES_CBC_SHA ********* 
 ********* TLS_KRB5_WITH_DES_CBC_MD5 ********* 
 ********* TLS_KRB5_EXPORT_WITH_RC4_40_SHA ********* 
 ********* TLS_KRB5_EXPORT_WITH_RC4_40_MD5 ********* 
 ********* TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA ********* 
 ********* TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5 ********* 

Answer 3

As others said Java 1.7 does not support that cipher but, if you have the possibility to tweak your java installation you can add the security providers. Here the steps:

1. download from bouncycastle.org bcprov-ext-jdk15on-159.jar and bctls-jdk15on-159.jar and put then into the lib/ext directory of your jre/jdk (159 is the latest version now)
2. edit the file lib/security/java.security of your jre/jdk and put the following lines:

• security.provider.1=org.bouncycastle.jce.provider.BouncyCastleProvider -security.provider.2=org.bouncycastle.jsse.provider.BouncyCastleJsseProvider

3. renumerate all the following security providers by adding 2 (so security.provider.1=sun.security.provider.Sun becomes security.provider.3=sun.security.provider.Sun)

That's all, it should work now

Answer 4

AES-GCM is available in TLS v1.2. See [The Transport Layer Security (TLS) Protocol Version 1.2][1], section 6.2.3.3. TLSv1.1 did not add any cipher suites, and TLSv1.0 never had AES-GCM or the elliptic curve gear. (The elliptic curve stuff showed up in TLSv1.2 also).

The latest public build 80 of Java 7

• does support TLSv1.2 after changing code to use SSLContext.getInstance("TLSv1.2") in case of socket programming or just declaring the -Dhttps.protocols=TLSv1.2 in case of HTTP programming.

• does not support the AES-GCM cipher suite even under TLSv1.2, according to a request implemented only in a commercial build 191 of Java 7,

  https://bugs.java.com/bugdatabase/view_bug.do?bug_id=8180834

Its interesting that the TLS_ECDHE_ECDSA_* cipher suites are showing up in your dump since they are TLSv1.2 ciphers.

Answer 5

Both Oracle JDK and OpenJDK start to support GCM ciphers in java 8.

• For OpenJDK, please see JEP 115: AEAD CipherSuites
• For Oracle JDK, please see JDK 8 Security Enhancements and Java Cryptography Architecture Oracle Providers Documentation for JDK 8