Short version:
- Add TLS_RSA_WITH_AES_128_CBC_SHA256
- Add TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
- Add TLS_DHE_DSS_WITH_AES_128_CBC_SHA25
- 3DES, XP.
:
JVM . JVM - , .
package org.apache.markt;
import java.security.NoSuchAlgorithmException;
import java.security.Security;
import java.util.Set;
import javax.crypto.Cipher;
import javax.net.ssl.SSLServerSocketFactory;
public class CryptoInfo {
public static void main(String[] args) {
try {
Set<String> algorithms = Security.getAlgorithms("Cipher");
for(String algorithm: algorithms) {
int max;
max = Cipher.getMaxAllowedKeyLength(algorithm);
System.out.printf("%-22s: %dbit%n", algorithm,
Integer.valueOf(max));
}
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
}
SSLServerSocketFactory f =
(SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
String[] cs = f.getSupportedCipherSuites();
for (String c : cs) {
System.out.println(c);
}
}
}
, , - KRB5 .
TLS_EMPTY_RENEGOTIATION_INFO_SCSV ( , , ), .
, NULL, anon, export DES .
RC4 , , , .
IE8 ECDH, .
IE8 XP ECDHE, .
, :
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
, , 3DES . , IE8 XP AES (IE8 Vista ). , , .
:
http://www.g-sec.lu/sslharden/SSL_comp_report2011.pdf
https://www.ssllabs.com/downloads/SSL_TLS_Deployment_Best_Practices_1.3.pdf