I want the support of the following cipher suites in TLS using JCA:
- TLS_PSK_WITH_3DES_EDE_CBC_SHA
- TLS_PSK_WITH_AES_128_CBC_SHA
- TLS_PSK_WITH_NULL_SHA
- TLS_PSK_WITH_AES_128_CBC_SHA256
- TLS_PSK_WITH_NULL_SHA256
They are available in JDK7 but not JDK6, neither BouncyCastle.
If I want the support in JDK6, could I extends JCA to implement the support of these PSK extensions, using SPI, providers and callback methods of JSSE. I can already redefine or add new cipher implementations on runtime, but I'm not sure JCA offers enough granularity to add new cipher suites in TLS.
The clean way would be to implement your own SSLSocketFactory.
If you want to try adding I only see the way to modify the internal classes via reflection.
The relevant class is:
com.sun.net.ssl.internal.ssl.CipherSuite
It has an overloaded private static method "add" for adding cipher implementations to the supported list. May be worth a try.
Still not sure it is possible or not, but we found an implementation of several TLS PSK cipher suites for the Jessie Library.
来源:https://stackoverflow.com/questions/6264875/define-cipher-suite-for-tls-in-jca