Java 7 support of AES-GCM in SSL/TLS?

Question

According to Java 7 documentation as well as third party vendors, it appears Java 7 should support AES-GCM suites:

I was hitting some errors in negotiation between client and server unable to negotiate a cipher due to restricting it to only the AES-GCM ciphers. After investigation I found that it appears that the cipher suites are not supported on client nor server (tomcat instance). Ran some sample code on client to get the output:

// Create an SSLContext that uses our TrustManager
SSLContext context = SSLContext.getInstance("TLS");
context.init(null, trustAllCerts, new SecureRandom());

SSLParameters params = context.getSupportedSSLParameters();
String[] suites = params.getCipherSuites();
System.out.println("Java version : " + System.getProperty("java.runtime.version"));
System.out.println("Connecting with " + suites.length + " cipher suites supported:");

for (int i = 0; i < suites.length; i++) {
    System.out.println();
    System.out.print(" ********* ");
    System.out.print(suites[i]);
    System.out.print(" ********* ");
}

Java version: 1.7.0_51-b13
Connecting with 63 cipher suites supported:

 ********* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 ********* 
 ********* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 ********* 
 ********* TLS_RSA_WITH_AES_128_CBC_SHA256 ********* 
 ********* TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 ********* 
 ********* TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 ********* 
 ********* TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 ********* 
 ********* TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 ********* 
 ********* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA ********* 
 ********* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA ********* 
 ********* TLS_RSA_WITH_AES_128_CBC_SHA ********* 
 ********* TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA ********* 
 ********* TLS_ECDH_RSA_WITH_AES_128_CBC_SHA ********* 
 ********* TLS_DHE_RSA_WITH_AES_128_CBC_SHA ********* 
 ********* TLS_DHE_DSS_WITH_AES_128_CBC_SHA ********* 
 ********* TLS_ECDHE_ECDSA_WITH_RC4_128_SHA ********* 
 ********* TLS_ECDHE_RSA_WITH_RC4_128_SHA ********* 
 ********* SSL_RSA_WITH_RC4_128_SHA ********* 
 ********* TLS_ECDH_ECDSA_WITH_RC4_128_SHA ********* 
 ********* TLS_ECDH_RSA_WITH_RC4_128_SHA ********* 
 ********* TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA ********* 
 ********* TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA ********* 
 ********* SSL_RSA_WITH_3DES_EDE_CBC_SHA ********* 
 ********* TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA ********* 
 ********* TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA ********* 
 ********* SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA ********* 
 ********* SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA ********* 
 ********* SSL_RSA_WITH_RC4_128_MD5 ********* 
 ********* TLS_EMPTY_RENEGOTIATION_INFO_SCSV ********* 
 ********* TLS_DH_anon_WITH_AES_128_CBC_SHA256 ********* 
 ********* TLS_ECDH_anon_WITH_AES_128_CBC_SHA ********* 
 ********* TLS_DH_anon_WITH_AES_128_CBC_SHA ********* 
 ********* TLS_ECDH_anon_WITH_RC4_128_SHA ********* 
 ********* SSL_DH_anon_WITH_RC4_128_MD5 ********* 
 ********* TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA ********* 
 ********* SSL_DH_anon_WITH_3DES_EDE_CBC_SHA ********* 
 ********* TLS_RSA_WITH_NULL_SHA256 ********* 
 ********* TLS_ECDHE_ECDSA_WITH_NULL_SHA ********* 
 ********* TLS_ECDHE_RSA_WITH_NULL_SHA ********* 
 ********* SSL_RSA_WITH_NULL_SHA ********* 
 ********* TLS_ECDH_ECDSA_WITH_NULL_SHA ********* 
 ********* TLS_ECDH_RSA_WITH_NULL_SHA ********* 
 ********* TLS_ECDH_anon_WITH_NULL_SHA ********* 
 ********* SSL_RSA_WITH_NULL_MD5 ********* 
 ********* SSL_RSA_WITH_DES_CBC_SHA ********* 
 ********* SSL_DHE_RSA_WITH_DES_CBC_SHA ********* 
 ********* SSL_DHE_DSS_WITH_DES_CBC_SHA ********* 
 ********* SSL_DH_anon_WITH_DES_CBC_SHA ********* 
 ********* SSL_RSA_EXPORT_WITH_RC4_40_MD5 ********* 
 ********* SSL_DH_anon_EXPORT_WITH_RC4_40_MD5 ********* 
 ********* SSL_RSA_EXPORT_WITH_DES40_CBC_SHA ********* 
 ********* SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA ********* 
 ********* SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA ********* 
 ********* SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA ********* 
 ********* TLS_KRB5_WITH_RC4_128_SHA ********* 
 ********* TLS_KRB5_WITH_RC4_128_MD5 ********* 
 ********* TLS_KRB5_WITH_3DES_EDE_CBC_SHA ********* 
 ********* TLS_KRB5_WITH_3DES_EDE_CBC_MD5 ********* 
 ********* TLS_KRB5_WITH_DES_CBC_SHA ********* 
 ********* TLS_KRB5_WITH_DES_CBC_MD5 ********* 
 ********* TLS_KRB5_EXPORT_WITH_RC4_40_SHA ********* 
 ********* TLS_KRB5_EXPORT_WITH_RC4_40_MD5 ********* 
 ********* TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA ********* 
 ********* TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5 ********* INFO - Received response from post device of :

Did not know if anyone else has come across such an issue.

Does Java 7 support use of AES-GCM in SSL/TLS?

score 14 · Answer 1 · edited Jan 23 '14 at 10:57

There are no GCM cipher suites in the SunJSSE Provider of Java 7 (assuming an Oracle JRE), although it supports TLS 1.2.

These have been introduced in Java 8 (see cipher suite table in the "The SunJSSE Provider" section).

1.8.0-ea-b124    
Connecting with 71 cipher suites supported:

 ********* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 ********* 
 ********* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 ********* 
 ********* TLS_RSA_WITH_AES_128_CBC_SHA256 ********* 
 ********* TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 ********* 
 ********* TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 ********* 
 ********* TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 ********* 
 ********* TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 ********* 
 ********* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA ********* 
 ********* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA ********* 
 ********* TLS_RSA_WITH_AES_128_CBC_SHA ********* 
 ********* TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA ********* 
 ********* TLS_ECDH_RSA_WITH_AES_128_CBC_SHA ********* 
 ********* TLS_DHE_RSA_WITH_AES_128_CBC_SHA ********* 
 ********* TLS_DHE_DSS_WITH_AES_128_CBC_SHA ********* 
 ********* TLS_ECDHE_ECDSA_WITH_RC4_128_SHA ********* 
 ********* TLS_ECDHE_RSA_WITH_RC4_128_SHA ********* 
 ********* SSL_RSA_WITH_RC4_128_SHA ********* 
 ********* TLS_ECDH_ECDSA_WITH_RC4_128_SHA ********* 
 ********* TLS_ECDH_RSA_WITH_RC4_128_SHA ********* 
 ********* TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ********* 
 ********* TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ********* 
 ********* TLS_RSA_WITH_AES_128_GCM_SHA256 ********* 
 ********* TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 ********* 
 ********* TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 ********* 
 ********* TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 ********* 
 ********* TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 ********* 
 ********* TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA ********* 
 ********* TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA ********* 
 ********* SSL_RSA_WITH_3DES_EDE_CBC_SHA ********* 
 ********* TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA ********* 
 ********* TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA ********* 
 ********* SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA ********* 
 ********* SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA ********* 
 ********* SSL_RSA_WITH_RC4_128_MD5 ********* 
 ********* TLS_EMPTY_RENEGOTIATION_INFO_SCSV ********* 
 ********* TLS_DH_anon_WITH_AES_128_GCM_SHA256 ********* 
 ********* TLS_DH_anon_WITH_AES_128_CBC_SHA256 ********* 
 ********* TLS_ECDH_anon_WITH_AES_128_CBC_SHA ********* 
 ********* TLS_DH_anon_WITH_AES_128_CBC_SHA ********* 
 ********* TLS_ECDH_anon_WITH_RC4_128_SHA ********* 
 ********* SSL_DH_anon_WITH_RC4_128_MD5 ********* 
 ********* TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA ********* 
 ********* SSL_DH_anon_WITH_3DES_EDE_CBC_SHA ********* 
 ********* TLS_RSA_WITH_NULL_SHA256 ********* 
 ********* TLS_ECDHE_ECDSA_WITH_NULL_SHA ********* 
 ********* TLS_ECDHE_RSA_WITH_NULL_SHA ********* 
 ********* SSL_RSA_WITH_NULL_SHA ********* 
 ********* TLS_ECDH_ECDSA_WITH_NULL_SHA ********* 
 ********* TLS_ECDH_RSA_WITH_NULL_SHA ********* 
 ********* TLS_ECDH_anon_WITH_NULL_SHA ********* 
 ********* SSL_RSA_WITH_NULL_MD5 ********* 
 ********* SSL_RSA_WITH_DES_CBC_SHA ********* 
 ********* SSL_DHE_RSA_WITH_DES_CBC_SHA ********* 
 ********* SSL_DHE_DSS_WITH_DES_CBC_SHA ********* 
 ********* SSL_DH_anon_WITH_DES_CBC_SHA ********* 
 ********* SSL_RSA_EXPORT_WITH_RC4_40_MD5 ********* 
 ********* SSL_DH_anon_EXPORT_WITH_RC4_40_MD5 ********* 
 ********* SSL_RSA_EXPORT_WITH_DES40_CBC_SHA ********* 
 ********* SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA ********* 
 ********* SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA ********* 
 ********* SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA ********* 
 ********* TLS_KRB5_WITH_RC4_128_SHA ********* 
 ********* TLS_KRB5_WITH_RC4_128_MD5 ********* 
 ********* TLS_KRB5_WITH_3DES_EDE_CBC_SHA ********* 
 ********* TLS_KRB5_WITH_3DES_EDE_CBC_MD5 ********* 
 ********* TLS_KRB5_WITH_DES_CBC_SHA ********* 
 ********* TLS_KRB5_WITH_DES_CBC_MD5 ********* 
 ********* TLS_KRB5_EXPORT_WITH_RC4_40_SHA ********* 
 ********* TLS_KRB5_EXPORT_WITH_RC4_40_MD5 ********* 
 ********* TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA ********* 
 ********* TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5 *********

The new Java 8 documentation and cipher suites client side listing appear from the surface to have the new AES-GCM ciphers. The documentation also clears up some confusion I was seeing with client/server side TLS 1.2 support (especially for Java 7) as I couldn't figure out why with Java 7 attempting to enable TLSv1.2 client side was failing but appeared to work server side fine. Makes sense now after getting these docs and where to look in them. — user2403018, Jan 23 '14 at 11:07
@user2403018, the AES-GCM ciphers appear only in a paid release 191 of Java 7, https://bugs.java.com/bugdatabase/view_bug.do?bug_id=8180834 — eel ghEEz, Jan 21 '19 at 17:37

score 7 · Answer 2 · edited Sep 15 '20 at 19:33

7

As others said Java 1.7 does not support that cipher but, if you have the possibility to tweak your java installation you can add the security providers. Here the steps:

download from bouncycastle.org bcprov-ext-jdk15on-159.jar and bctls-jdk15on-159.jar and put then into the lib/ext directory of your jre/jdk (159 is the latest version now)
edit the file lib/security/java.security of your jre/jdk and put the following lines:

security.provider.1=org.bouncycastle.jce.provider.BouncyCastleProvider -security.provider.2=org.bouncycastle.jsse.provider.BouncyCastleJsseProvider

renumerate all the following security providers by adding 2 (so security.provider.1=sun.security.provider.Sun becomes security.provider.3=sun.security.provider.Sun)

That's all, it should work now

edited Sep 15 '20 at 19:33

Igor

33,276
14
79
112

answered Mar 07 '18 at 14:58

dandfra

171
3
4

Didnt work for me with version 161 - java.lang.IllegalArgumentException: 'protocols' cannot be null, or contain unsupported protocols – RakeshS Apr 29 '19 at 15:39
Its worked, Thank you for making this in simple instructions. – Rohan Jain Jun 22 '21 at 22:16
Worked for me as well with the following modifications. Needed to include the bcutil jar in lib/ext as well. Also needed to set JVM arg -Djdk.tls.trustNameService=true for cert validation. This is using Java 1.7 and bouncy castle 1.70 – AEW Mar 18 '22 at 17:31

score 4 · Accepted Answer · edited Jun 20 '20 at 09:12

4

AES-GCM is available in TLS v1.2. See [The Transport Layer Security (TLS) Protocol Version 1.2][1], section 6.2.3.3. TLSv1.1 did not add any cipher suites, and TLSv1.0 never had AES-GCM or the elliptic curve gear. (The elliptic curve stuff showed up in TLSv1.2 also).

The latest public build 80 of Java 7

does support TLSv1.2 after changing code to use SSLContext.getInstance("TLSv1.2") in case of socket programming or just declaring the -Dhttps.protocols=TLSv1.2 in case of HTTP programming.
does not support the AES-GCM cipher suite even under TLSv1.2, according to a request implemented only in a commercial build 191 of Java 7,

https://bugs.java.com/bugdatabase/view_bug.do?bug_id=8180834

Its interesting that the TLS_ECDHE_ECDSA_* cipher suites are showing up in your dump since they are TLSv1.2 ciphers.

edited Jun 20 '20 at 09:12

Community

1
1

answered Jan 22 '14 at 17:14

jww

97,681
90
411
885

2

That part of the JSSE reference guide might not be up to date, but support for TLS 1.2 in Java 7 and 8 is referenced multiple times in this guide. – Bruno Jan 22 '14 at 17:58
Thanks Bruno. I can only go on what the vendor states. – jww Jan 22 '14 at 18:02
1

I guess they haven't touched the introduction for a while. If you search for "1.2" throughout the document, it's mentioned a few times. Of course, what really matters is also the link to the "Oracle Provider Documentation" in Appendix A at the end of the guide (it doesn't necessarily stand out...) – Bruno Jan 22 '14 at 18:06
-1 I think what Bruno mentioned should be included in this answer, otherwise it's misleading. It's especially bad considering it is the accepted answer. – John29 Nov 19 '18 at 21:47

score 4 · Answer 4 · answered Mar 17 '15 at 08:55

4

Both Oracle JDK and OpenJDK start to support GCM ciphers in java 8.

For OpenJDK, please see JEP 115: AEAD CipherSuites
For Oracle JDK, please see JDK 8 Security Enhancements and Java Cryptography Architecture Oracle Providers Documentation for JDK 8

answered Mar 17 '15 at 08:55

William Bao

298
3
6

It's now supported in 7u201, which is not public (https://bugs.openjdk.java.net/browse/JDK-8180834) – John29 Nov 19 '18 at 22:04

score 1 · Answer 5 · answered Jan 22 '14 at 18:08

I've recently been messing around with Java and this cipher suite nonsense quite a bit recently.

From my experience, you need the unlimited policy files to get some extra suites. I can't remember off the top my head if using those would get you the GCM ciphers, but from my recollection with IBM java it at least got me the AES256 bit ciphers.

This link shows that you can at least initialise an SSLContext with TLSv1.2 (so you should be able atleast support all of the TLSv1.2 cipher suites that do not require the unlimited jurisditcion policy files)

Having a glance at some of the links I've looked at before I can't see any GCM ciphers on oracle's cipher suite list! orace-enabled/supported-cipher-suites.

Hopefully some of those links help you out!

(I'm typing this while running out of work so forgive me if I missed any gcm ciphers :) )

score 1 · Answer 6 · answered Jun 22 '22 at 04:02

This answer is just derived from @dandfra answer, but without adding or amending Java JRE lib/ext. This may be useful in case you use the same Java library for multiple application, and you would not impact any applications.

First, add bouncy-castle into pom.xml

<dependency>
    <groupId>org.bouncycastle</groupId>
    <artifactId>bcprov-jdk15on</artifactId>
    <version>1.59</version>
</dependency>
<dependency>
    <groupId>org.bouncycastle</groupId>
    <artifactId>bctls-jdk15on</artifactId>
    <version>1.59</version>
</dependency>

Then add it to Java when Java program starts.

ProviderList list = Providers.getFullProviderList();
list = ProviderList.insertAt(list, new BouncyCastleProvider(), 0);
list = ProviderList.insertAt(list, new BouncyCastleJsseProvider(), 0);
Providers.setProviderList(list);

Note that use of Security.addProvider will not work, as it simply appends the provider at the end.

Security.addProvider(new BouncyCastleProvider());
Security.addProvider(new BouncyCastleJsseProvider());

You may verify it using Security,getProviders().

Java 7 support of AES-GCM in SSL/TLS?

6 Answers6

Linked