问题
I'd like to use TLSv1.2
with TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
in Java 7.
I've added -Ddeployment.security.TLSv1.2=true
to the VM arguments and I'd like to know how to add the cipher suite mentioned above.
回答1:
Hints provided by @ dave_thompson_085.
Java 7 JSSE (the SSL/TLS provider) does not implement GCM ciphersuites, only Java 8 does. A thirdparty provider like BouncyCastle might. Also remember all Oracle/Sun JREs support AES-256 suites (and more-than-128-bit symmetric encryption generally) only if the JCE Unlimited Strength option is installed.
I said (Java8 OR MAYBE BC) AND (UnlimitedStrength OR NOT Oracle -- or more exactly openjdk). I thought I recalled BCprov doing SSL/TLS but on checking it's only the lightweight API, so unless you rewrite your code (and any involved libraries) you need (Java8 to get GCM) AND (UnlimitedStrength OR openjdk to get AES256).
来源:https://stackoverflow.com/questions/33439478/add-cipher-suite-tls-dhe-rsa-with-aes-256-gcm-sha384-to-java-7