0

I'm well aware that Java 7 by default doesn't support GCM based ciphers. Therefore I have tried to get it done via Bouncy Castle.

I have the following ciphers configured in my Tomcat's HTTPS connector:

ciphers="TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256"

And I have placed bcprov-jdk15on-156.jar in jdk1.7.0_80/jre/lib/ext.

Also have added the following property to jdk1.7.0_80/jre/lib/security/java.security

security.provider.1=org.bouncycastle.jce.provider.BouncyCastleProvider

When GCM ciphers are configured in the Tomcat connector, clients cannot connect to my server at all. Seems configuring Bouncy Castle has no effect at all.

Is there anyway I can make this working? Any other JCE provider that I could use maybe?

NOTE: I'm using Oracle JDK 1.7.0_80. It is not possible to migrate to Java 8.

drox
  • 7,523
  • 4
  • 23
  • 34

1 Answers1

0

In Oracle Java JDK some strength of cryptography is limited.

Please install:
Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html

Slawomir Jaranowski
  • 7,381
  • 3
  • 25
  • 33
  • Unlimited Strength Jurisdiction Policy is already added. It won't have any effect on the GCM ciphers in Java 7 – drox Feb 20 '17 at 01:40