Or just copy the US policy file to the local one. Its already included in the JVM (at least on Linux) On 10/09/2014 12:47 AM, "Emmanuel Lécharny" <[email protected]> wrote:
> > You may need to install the JCEunlimited strength juridiction policy > file from > > http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html > in order to have Java support AES 256. > > > Le 09/09/14 15:53, Victor Medina a écrit : > > root@ldap001:/home/administrador# openssl s_client -connect > localhost:10636 > > CONNECTED(00000003) > > depth=0 C = US, O = ASF, OU = Directory, CN = ldap001.test.local > > verify error:num=20:unable to get local issuer certificate > > verify return:1 > > depth=0 C = US, O = ASF, OU = Directory, CN = ldap001.test.local > > verify error:num=27:certificate not trusted > > verify return:1 > > depth=0 C = US, O = ASF, OU = Directory, CN = ldap001.test.local > > verify error:num=21:unable to verify the first certificate > > verify return:1 > > --- > > Certificate chain > > 0 s:/C=US/O=ASF/OU=Directory/CN=ldap001.test.local > > i:/C=US/O=ASF/OU=Directory/CN=ApacheDS > > --- > > Server certificate > > -----BEGIN CERTIFICATE----- > > MIIBfTCCAScCBgFIVuerVjANBgkqhkiG9w0BAQUFADBCMQswCQYDVQQGEwJVUzEM > > MAoGA1UEChMDQVNGMRIwEAYDVQQLEwlEaXJlY3RvcnkxETAPBgNVBAMTCEFwYWNo > > ZURTMB4XDTE0MDkwODIwMTQ1NloXDTE1MDkwODIwMTQ1NlowTDELMAkGA1UEBhMC > > VVMxDDAKBgNVBAoTA0FTRjESMBAGA1UECxMJRGlyZWN0b3J5MRswGQYDVQQDExJs > > ZGFwMDAxLnRlc3QubG9jYWwwXDANBgkqhkiG9w0BAQEFAANLADBIAkEApzet+vAT > > GSioE1Gqf6CDdHlZYu/wQjS0Go/43LCZxfZ48W6jnn4Kl1ZAkCLlZF1mTKD1bZpn > > dtlJmnJw8v3X4wIDAQABMA0GCSqGSIb3DQEBBQUAA0EAEZKUIUbQ7SxqO2GrFCwK > > AUqQUu1L3TiSo8anFIx9ADG+H0Ac8x+s4hTIljddPYdE0sC12+z+y58a6eNdL5fO > > OA== > > -----END CERTIFICATE----- > > subject=/C=US/O=ASF/OU=Directory/CN=ldap001.test.local > > issuer=/C=US/O=ASF/OU=Directory/CN=ApacheDS > > --- > > No client certificate CA names sent > > --- > > SSL handshake has read 837 bytes and written 567 bytes > > --- > > New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA384 > > Server public key is 512 bit > > Secure Renegotiation IS supported > > Compression: NONE > > Expansion: NONE > > SSL-Session: > > Protocol : TLSv1.2 > > Cipher : ECDHE-RSA-AES256-SHA384 > > Session-ID: > > 540F05BAF680AD3AF54796DA292A8EDCCADDE28677AE541EA4772A81DBA04B08 > > Session-ID-ctx: > > Master-Key: > > > 981A10E4F208E3F003B91C9F5E67230DCB64A50876E680F0A04FD597622B6011820083B6F7F0D7A64D8FC69CFEFC3205 > > Key-Arg : None > > PSK identity: None > > PSK identity hint: None > > SRP username: None > > Start Time: 1410270650 > > Timeout : 300 (sec) > > Verify return code: 21 (unable to verify the first certificate) > > --- > > > > It seems very strong to me, I was looking if it supported GCM, which > seems > > faster. > > > > 2014-09-09 9:10 GMT-04:30 Victor Medina <[email protected]>: > > > >> so... > >> > >> where can i find a list of valdi values for TLS Cipher suite? > >> ads-enabledCipherSuites > >> > >> 2014-09-09 8:58 GMT-04:30 Emmanuel Lécharny <[email protected]>: > >> > >> Le 09/09/14 14:05, Kiran Ayyagari a écrit : > >>>> On Tue, Sep 9, 2014 at 5:35 PM, Victor Medina < > >>> [email protected]> > >>>> wrote: > >>>> > >>>>> But I believe it uses bouncy castle right? > >>>>> > >>>>> yes > >>> Not anymore for that purpose. We only use the X509 utiliy classes from > >>> BC. Everything else is handled by the default Java security classes. > >>> > >>> > >> > >> -- > >> > >> Víctor E. Medina M. > >> Software > >> +58424 291 4561 > >> BB #79A8AFA2 /@VMCibersys > >> > >> > > > >
