We recently went through an issue at work that required digging into the cipher suite negotiation between a WebSphere client and a web service exposed via CICS. The trickiness of this was based on how these two side expose their cipher suites to admins. On the Host side, the cipher suites are presented as a string of hex codes identifying the unique cipher IDs. On the WebSphere side, the suites are listed by name -- but the WebSphere cipher suite names do not match up with the cipher suite names in host documentation. I tried for a bit to find a cross reference somewhere on web but gave up. So I made my own which I present below. I did this by looking at openJDK's CipherSuite.java which maps the java cipher suite names to cipher IDs. Then I matched those cipher IDs to the Host cipher suite names. Trival. This is not a complete list of all available ciphers on these platforms -- it was what we needed for our current problem.
Hope this helps someone.
As a final bit of fun with names, note that depending on the
particular Java you are using, the JAVA names may interchange the three-letter acronyms
TLS and SSL. For example, the IBMJSSE2 suite does this. Refer to documentation
here: https://www-01.ibm.com/support/knowledgecenter/SSYKE2_7.0.0/com.ibm.java.security.component.71.doc/security-component/jsse2Docs/ciphersuites.html
Hope this helps someone.
CIPHER
ID
|
CICS
NAME
|
JAVA
Name
|
35
|
TLS1_RSA_WITH_AES_256_SHA
|
TLS_RSA_WITH_AES_256_CBC_SHA
|
36
|
TLS1_DH_DSS_WITH_AES_256_SHA
|
N/A
WEBSPHERE
|
37
|
TLS1_DH_RSA_WITH_AES_256_SHA
|
N/A
WEBSPHERE
|
38
|
TLS1_DHE_DSS_WITH_AES_256_SHA
|
TLS_DHE_DSS_WITH_AES_256_CBC_SHA
|
39
|
TLS1_DHE_RSA_WITH_AES_256_SHA
|
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
|
2F
|
TLS1_RSA_WITH_AES_128_SHA
|
TLS_RSA_WITH_AES_128_CBC_SHA
|
30
|
TLS1_DH_DSS_WITH_AES_128_SHA
|
N/A
WEBSPHERE
|
31
|
TLS1_DH_RSA_WITH_AES_128_SHA
|
N/A
WEBSPHERE
|
32
|
TLS1_DHE_DSS_WITH_AES_128_SHA
|
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
|
33
|
TLS1_DHE_RSA_WITH_AES_128_SHA
|
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
|
0A
|
SSL3_RSA_DES_192_CBC3_SHA
|
SSL_RSA_WITH_3DES_EDE_CBC_SHA
|
16
|
SSL3_EDH_RSA_DES_192_CBC3_SHA
|
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
|
13
|
SSL3_EDH_DSS_DES_192_CBC3_SHA
|
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
|
10
|
SSL3_DH_RSA_DES_192_CBC3_SHA
|
SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA
|
0D
|
SSL3_DH_DSS_DES_192_CBC3_SHA
|
SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA
|
09
|
SSL3_RSA_DES_64_CBC_SHA
|
SSL_RSA_WITH_DES_CBC_SHA
|
15
|
SSL3_EDH_RSA_DES_64_CBC_SHA
|
SSL_DHE_RSA_WITH_DES_CBC_SHA
|
12
|
SSL3_EDH_DSS_DES_64_CBC_SHA
|
SSL_DHE_DSS_WITH_DES_CBC_SHA
|
0F
|
SSL3_DH_RSA_DES_64_CBC_SHA
|
SSL_DH_RSA_WITH_DES_CBC_SHA
|
0C
|
SSL3_DH_DSS_DES_64_CBC_SHA
|
SSL_DH_DSS_WITH_DES_CBC_SHA
|
No comments:
Post a Comment