Java Ciphers

Curious about which encryption ciphers your JVM offers and allows?

import java.util.Iterator;
import java.util.Map;
import java.util.TreeMap;
import javax.net.ssl.SSLServerSocketFactory;

public class Ciphers
{
    public static void main(String[] args)
        throws Exception
    {
        SSLServerSocketFactory ssf = (SSLServerSocketFactory)SSLServerSocketFactory.getDefault();

        String[] defaultCiphers = ssf.getDefaultCipherSuites();
        String[] availableCiphers = ssf.getSupportedCipherSuites();

        TreeMap<String, Boolean> ciphers = new TreeMap<String, Boolean>();

        for(int i=0; i<availableCiphers.length; ++i )
            ciphers.put(availableCiphers[i], Boolean.FALSE);

        for(int i=0; i<defaultCiphers.length; ++i )
            ciphers.put(defaultCiphers[i], Boolean.TRUE);

        System.out.println("Default\tCipher");
        for(Iterator i = ciphers.entrySet().iterator(); i.hasNext(); ) {
            Map.Entry cipher=(Map.Entry)i.next();

            if(Boolean.TRUE.equals(cipher.getValue()))
                System.out.print('*');
            else
                System.out.print(' ');

            System.out.print('\t');
            System.out.println(cipher.getKey());
        }
    }
}

Find your JVM. You may have several, find the one that matters.

Use that JVM’s javac compiler to compile Ciphers.java.

javac Ciphers.java

Then use that JVM’s java to run the compiled class.

java Ciphers

Examine your results.

Sample Ciphers Output

Default	Cipher
*	TLS_AES_128_GCM_SHA256
*	TLS_AES_256_GCM_SHA384
*	TLS_DHE_DSS_WITH_AES_128_CBC_SHA
*	TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
*	TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
*	TLS_DHE_DSS_WITH_AES_256_CBC_SHA
*	TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
*	TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
*	TLS_DHE_RSA_WITH_AES_128_CBC_SHA
*	TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
*	TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
*	TLS_DHE_RSA_WITH_AES_256_CBC_SHA
*	TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
*	TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
*	TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
*	TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
*	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
*	TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
*	TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
*	TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
*	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
*	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
*	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
*	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
*	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
*	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
*	TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
*	TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
*	TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
*	TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
*	TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
*	TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
*	TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
*	TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
*	TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
*	TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
*	TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
*	TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
*	TLS_EMPTY_RENEGOTIATION_INFO_SCSV
*	TLS_RSA_WITH_AES_128_CBC_SHA
*	TLS_RSA_WITH_AES_128_CBC_SHA256
*	TLS_RSA_WITH_AES_128_GCM_SHA256
*	TLS_RSA_WITH_AES_256_CBC_SHA
*	TLS_RSA_WITH_AES_256_CBC_SHA256
*	TLS_RSA_WITH_AES_256_GCM_SHA384