Monday, 29 February 2016

WAS - Looking at Ciphers

I was interested in the list of SSL/TLS ciphers available, once I switched to TLS 1.2 and the unrestricted JRE ciphers.

This is how I can find out what WAS is offering: -

cellID = AdminControl.getCell()
print AdminTask.listSSLCiphers('[-sslConfigAliasName CellDefaultSSLSettings -scopeName (cell):'+cellID+' -securityLevel HIGH ]')


SSL_RSA_WITH_AES_128_CBC_SHA
SSL_RSA_WITH_AES_256_CBC_SHA
SSL_DHE_RSA_WITH_AES_128_CBC_SHA
SSL_DHE_RSA_WITH_AES_256_CBC_SHA
SSL_DHE_DSS_WITH_AES_128_CBC_SHA
SSL_DHE_DSS_WITH_AES_256_CBC_SHA
SSL_RSA_WITH_3DES_EDE_CBC_SHA
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
SSL_RSA_WITH_AES_256_GCM_SHA384
SSL_RSA_WITH_AES_256_CBC_SHA256
SSL_DHE_DSS_WITH_AES_256_GCM_SHA384
SSL_DHE_RSA_WITH_AES_256_GCM_SHA384
SSL_DHE_RSA_WITH_AES_256_CBC_SHA256
SSL_DHE_DSS_WITH_AES_256_CBC_SHA256
SSL_RSA_WITH_AES_128_GCM_SHA256
SSL_RSA_WITH_AES_128_CBC_SHA256
SSL_DHE_RSA_WITH_AES_128_GCM_SHA256
SSL_DHE_RSA_WITH_AES_128_CBC_SHA256
SSL_DHE_DSS_WITH_AES_128_GCM_SHA256
SSL_DHE_DSS_WITH_AES_128_CBC_SHA256


and: -

print AdminTask.listSSLCiphers('[-sslConfigAliasName CellDefaultSSLSettings -scopeName (cell):'+cellID+' -securityLevel CUSTOM]')

SSL_RSA_WITH_AES_128_CBC_SHA
SSL_RSA_WITH_AES_256_CBC_SHA
SSL_DHE_RSA_WITH_AES_128_CBC_SHA
SSL_DHE_RSA_WITH_AES_256_CBC_SHA
SSL_DHE_DSS_WITH_AES_128_CBC_SHA
SSL_DHE_DSS_WITH_AES_256_CBC_SHA
SSL_RSA_WITH_3DES_EDE_CBC_SHA
SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
SSL_RSA_WITH_AES_256_GCM_SHA384
SSL_RSA_WITH_AES_256_CBC_SHA256
SSL_DHE_DSS_WITH_AES_256_GCM_SHA384
SSL_DHE_RSA_WITH_AES_256_GCM_SHA384
SSL_DHE_RSA_WITH_AES_256_CBC_SHA256
SSL_DHE_DSS_WITH_AES_256_CBC_SHA256
SSL_RSA_WITH_AES_128_GCM_SHA256
SSL_RSA_WITH_AES_128_CBC_SHA256
SSL_DHE_RSA_WITH_AES_128_GCM_SHA256
SSL_DHE_RSA_WITH_AES_128_CBC_SHA256
SSL_DHE_DSS_WITH_AES_128_GCM_SHA256
SSL_DHE_DSS_WITH_AES_128_CBC_SHA256
SSL_RSA_WITH_RC4_128_MD5
SSL_RSA_WITH_RC4_128_SHA
SSL_DHE_DSS_WITH_RC4_128_SHA
SSL_RSA_EXPORT_WITH_RC4_40_MD5
SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA


For the record, I'm using Java 1.6 ( aka Java 6 ): -

/opt/IBM/WebSphere/AppServer/java/jre/bin/java -fullversion

java full version "JRE 1.6.0 IBM Linux build pxa6460_26sr8fp7ifx-20150930_01 (SR8 FP7)"


For the record, I wrote about the unrestricted ciphers a while ago: -

No comments: