3

When a Java client has established a SSL/TLS session, it can get the used protocol and the cipher name:

    SSLSession session = s.getSession();
    String protocol = session.getProtocol(); // e.g. "TLSv1"
    String cipher = session.getCipherSuite(); // e.g. "TLS_RSA_WITH_AES_128_CBC_SHA"

But some of the ciphers can have keys of size 128 or 256 (for example, AES CBC).

How can I get the actual key size negotiated for this particular connection?

I have found this code in Apache codebase:

static final CipherData cipherSizes[] = {
    new CipherData("_WITH_NULL_", 0),
    new CipherData("_WITH_IDEA_CBC_", 128),
    new CipherData("_WITH_RC2_CBC_40_", 40),
    new CipherData("_WITH_RC4_40_", 40),
    new CipherData("_WITH_RC4_128_", 128),
    new CipherData("_WITH_DES40_CBC_", 40),
    new CipherData("_WITH_DES_CBC_", 56),
    new CipherData("_WITH_3DES_EDE_CBC_", 168),
    new CipherData("_WITH_AES_128_CBC_", 128),
    new CipherData("_WITH_AES_256_CBC_", 256)
};

It looks like an acceptable workaround. Is it the only way to do it?

Vladimir Dyuzhev
  • 18,130
  • 10
  • 48
  • 62
  • 1
    Why would this be useful to you? E.g. RC4 is probably bad regardless of key size. – Artjom B. Apr 13 '15 at 17:14
  • I'm making a repository of some 600 services connected via ESB to see which ones may because a problem when upgrading to newer certificates and TLS1.1. – Vladimir Dyuzhev Apr 13 '15 at 17:22
  • you could simply take the public key and check its length – Zielu Apr 13 '15 at 17:26
  • how's public key related to the block cipher used to encrypt the transmission? o_O – Vladimir Dyuzhev Apr 13 '15 at 17:29
  • isn't the public key which is used to encrypt the transcription? – Zielu Apr 13 '15 at 17:32
  • Nope, public key per se is used for trust only. Too long to encrypt the traffic. Public/private key encryption AFAIR is used in the initial phase on negotiation to exchange the block keys... though I may be wrong about this piece. In any case, the traffic is encrypted with block cipher of relatively small length (128, 256) and those keys are re-negotiated from time to time. – Vladimir Dyuzhev Apr 13 '15 at 17:35

1 Answers1

3

You can simply parse the key size out of the connection string. If it's DES EDE it's 168 (or 192 if you count the parity bits). Otherwise it has a default or the key size is directly behind the name of the symmetric algorithm.

I would say that the Apache way seems a very acceptable way to do it yes. You'll have to manually insert the default key sizes - for those ciphers such as IDEA - anyway. Instantiating a Cipher object just to get to the acceptable key sizes seems overkill to me.

Abstraction/automation is all very nice but you can go too far. Nothing wrong with a (semi) hard coded table here.

Maarten Bodewes
  • 90,524
  • 13
  • 150
  • 263
  • Note that the size of the session keys (for the symmetric cipher used for message confidentiality) doesn't have much to do with the certificates used for the authentication during the handshake (re-reading the comments below the question). – Maarten Bodewes Apr 14 '15 at 14:31