jsse – Make Me Engineer

How to override the cipherlist sent to the server by Android when using HttpsURLConnection?

June 1, 2023 by Tarik

This piece of code is a bit raw. please use with care. public class PreferredCipherSuiteSSLSocketFactory extends SSLSocketFactory { private static final String PREFERRED_CIPHER_SUITE = “TLS_RSA_WITH_AES_128_CBC_SHA”; private final SSLSocketFactory delegate; public PreferredCipherSuiteSSLSocketFactory(SSLSocketFactory delegate) { this.delegate = delegate; } @Override public String[] getDefaultCipherSuites() { return setupPreferredDefaultCipherSuites(this.delegate); } @Override public String[] getSupportedCipherSuites() { return setupPreferredSupportedCipherSuites(this.delegate); } @Override public … Read more

scp transfer via java

April 27, 2023 by Tarik

I ended up using Jsch- it was pretty straightforward, and seemed to scale up pretty well (I was grabbing a few thousand files every few minutes).

Why does Java’s SSLSocket send a version 2 client hello?

December 2, 2022 by Tarik

Sun’s JSSE doesn’t support SSLv2 but it supports the SSlv2ClientHello, to support some SSL servers that require it. You can turn it off by removing it from the enabled protocols. IBM’s JSSE does support SSLv2 entirely. From the JSSE Reference Guide: For example, some older server implementations speak only SSLv3 and do not understand TLS. … Read more

Keystore type: which one to use?

November 2, 2022 by Tarik

There are a few more types than what’s listed in the standard name list you’ve linked to. You can find more in the cryptographic providers documentation. The most common are certainly JKS (the default) and PKCS12 (for PKCS#12 files, often with extension .p12 or sometimes .pfx). JKS is the most common if you stay within … Read more

java – path to trustStore – set property doesn’t work?

July 20, 2022 by Tarik

You have a typo – it is trustStore. Apart from setting the variables with System.setProperty(..), you can also use -Djavax.net.ssl.keyStore=path/to/keystore.jks

Registering multiple keystores in JVM [duplicate]

July 19, 2022 by Tarik

Raz’s answer was a great start, but wasn’t quite flexible enough to meet my needs. The MultiStoreKeyManager explicitly checks the custom KeyManager and then falls back to the jvm KeyManager if an operation fails. I actually want to check jvm certs first; the best solution should be able to handle either case. Additionally, the answer … Read more

javax.net.ssl.SSLException: Received fatal alert: protocol_version

June 23, 2022 by Tarik

On Java 1.8 default TLS protocol is v1.2. On Java 1.6 and 1.7 default is obsoleted TLS1.0. I get this error on Java 1.8, because url use old TLS1.0 (like Your – You see ClientHello, TLSv1). To resolve this error You need to use override defaults for Java 1.8. System.setProperty(“https.protocols”, “TLSv1”); More info on the … Read more

Java client certificates over HTTPS/SSL

May 11, 2022 by Tarik

Finally solved it ;). Got a strong hint here (Gandalfs answer touched a bit on it as well). The missing links was (mostly) the first of the parameters below, and to some extent that I overlooked the difference between keystores and truststores. The self-signed server certificate must be imported into a truststore: keytool -import -alias … Read more

How can I use different certificates on specific connections?

April 30, 2022 by Tarik

Create an SSLSocket factory yourself, and set it on the HttpsURLConnection before connecting. … HttpsURLConnection conn = (HttpsURLConnection)url.openConnection(); conn.setSSLSocketFactory(sslFactory); conn.setMethod(“POST”); … You’ll want to create one SSLSocketFactory and keep it around. Here’s a sketch of how to initialize it: /* Load the keyStore that includes self-signed cert as a “trusted” entry. */ KeyStore keyStore = … Read more