ssl - Determine Diffie-Hellman "Parameters" Length for a TLS handshake in Java -


i'd make https connection server and, if i'm using non-ephemeral dh key exchange, i'd know parameters connection. actually, don't care if it's ephemeral or not.

what i'm looking ability make connection , warn if connection using "weak" dh parameters. can check @ connection-time? or set of dh parameters (or, more specifically, length of parameters, in bits) defined cipher suite itself?

for example, qualys community thread has illustration of cipher suites ssllabs considers "weak" (well, considers them weak... have public tool complains them): https://community.qualys.com/thread/14821

they mention e.g. tls_dhe_rsa_with_aes_256_gcm_sha384 cipher suite 0x9f , mention dh parameters. parameters' parameters baked-into cipher suite (meaning always 1024-bit) or configuration of server makes cipher suites weak due specific dh parameter choice?

in either case, i'd able sniff information connection if @ possible. know if can done, , how?

i've written code attempt information handshake, keep getting null object hoping contain data.

sslsocketfactory sf = ...; socket sock = new socket(); sock.connect(address, timeout);  sslsocket socket = (sslsocket)sf.createsocket(sock, host, port, true); socket.starthandshake(); sslsession sess = socket.gethandshakesession();

i hoping sess @ point contain interesting information handshake, it's null. javadoc starthandshake indicates notify event listener when handshake completed. tried this:

sslsocketfactory sf = ...; socket sock = new socket(); sock.connect(address, timeout);  sslsocket socket = (sslsocket)sf.createsocket(sock, host, port, true); socket.starthandshake(); // sslsession sess = socket.gethandshakesession(); sslsession sess = socket.getsession(); // forces handshake complete sess = socket.gethandshakesession();

... sess still null @ point. "real" sslsession exist , gives me information connection, "handshake session" seems null.

so tried writing handshakecompletedlistener, , in fact sslsession, appears same 1 can sslsocket already, "handshake" session seems unhelpful.

how can parameters sslsession?

are parameters' parameters baked-into cipher suite (meaning 1024-bit) or configuration of server makes cipher suites weak due specific dh parameter choice?

no, configuration parameter for protocol. there default of 1024 bits java may changed globally jsse (the java tls implementation) using system property: jdk.tls.ephemeraldhkeysize. best set during startup -d option java vm.

for static dh key pairs (that used authentication) have dh certificate. don't think you'll find any, uses rsa authentication.

in either case, i'd able sniff information connection if @ possible. know if can done, , how?

well, sniffing tools such wireshark suffice. undoubtedly can parse things dh parameters tls connection (if used in first place of course).

you can debug connections using -djavax.net.debug

for java applications / libraries cipher suite , then, if contains dhe_ aforementioned system property (keeping in mind default values).

the java jsse api not written deep packet inspection in mind. it's (literally) service oriented implementation servers , client applications. although of course use openjdk code (it's gpl'ed, right?) better off using separate implementation, possibly more permissive license.

for sniffer rather use c/c++ (or @ least c/c++ frontend) java.


-

Comments

Post a Comment

Popular posts from this blog

serialization - Convert Any type in scala to Array[Byte] and back -

i have following question: i have variable value in program declared value. i want convert value byte array.. how can serialize byte array , back? found examples related other types such double or int, not any. this should need. it's pretty similar how 1 in java. import java.io.{bytearrayinputstream, bytearrayoutputstream, objectinputstream, objectoutputstream} object serialization extends app { def serialise(value: any): array[byte] = { val stream: bytearrayoutputstream = new bytearrayoutputstream() val oos = new objectoutputstream(stream) oos.writeobject(value) oos.close stream.tobytearray } def deserialise(bytes: array[byte]): = { val ois = new objectinputstream(new bytearrayinputstream(bytes)) val value = ois.readobject ois.close value } println(deserialise(serialise("my test"))) println(deserialise(serialise(list(1)))) println(deserialise(serialise(map(1 -> 2)))) println(deserialise(seri
Read more

matplotlib support failed in PyCharm on OSX -

any idea how fix ? how can debug might problem ? not seem : https://youtrack.jetbrains.com/issue/py-15520 i in console: python 2.6.9 (unknown, jul 14 2015, 19:46:31) [gcc 4.2.1 compatible apple llvm 6.0 (clang-600.0.39)] on darwin >>> import matplotlib.pyplot plt matplotlib support failed the backend : >>> import matplotlib >>> print(matplotlib.rcparams['backend']) macosx
Read more

python - Matplotlib: TypeError: 'AxesSubplot' object is not callable -

i new programming please pardon me if rookie mistake. i writing python script have defined functions create subplots of distributions. i have slider widget end user change value of variables(mu , sigma) , see effect on distribution. here's code import numpy np print np.__version__ import scipy print scipy.__version__ scipy.stats import norm, lognorm, uniform import matplotlib print matplotlib.__version__ import matplotlib.pyplot plt matplotlib.widgets import slider, button, radiobuttons, checkbuttons #####calculating mean , standard deviation##### global mu_a1 mu_a1 = 1 global mu_b1 mu_b1 = 10 global mu_c1 mu_c1 = -13 global sigma_a1 sigma_a1 = 0.14 global sigma_b1 sigma_b1 = 1.16 global sigma_c1 sigma_c1 = 2.87 mu_x01 = -11 sigma_x01 = 1.9 #####_____##### #####generating random data##### a1 = 0.75*mu_a1 + (1.25 - 0.75)*sigma_a1*np.random.sample(10000) b1 = 8*mu_b1 + (12 - 8)*sigma_b1*np.random.sample(10000) c1 = -12*mu_c1 + 2*sigma_c1*np.random.sample(10000)
Read more