Skip to content

i81b4u/GetCiphers-java

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

17 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

GetCiphers-java

Small dependency-free Java utility that prints the TLS protocols and cipher suites supported by the Java runtime that runs it.

This is useful when you need to compare TLS support across JDK versions, vendors, containers, or hosts.

Usage

Compile and run with the Java version you want to inspect:

javac GetCiphers.java
java GetCiphers

By default the tool uses SSLContext.getInstance("TLS"). You can pass a specific TLS protocol if you want to inspect that context:

java GetCiphers TLSv1.3
java GetCiphers TLSv1.2

The output includes:

  • Java runtime details
  • Supported TLS protocols
  • Default TLS protocols
  • Cipher suites for the requested context
  • Supported cipher suites
  • Default cipher suites
  • Installed security providers

Reading the output

Supported means the Java security provider knows how to handle that protocol or cipher suite.

Default means Java enables it for normal SSL/TLS use unless an application, JVM property, or security policy changes the settings. For most operational checks, the default lists are the most important ones.

Cipher Suites For Requested Context is a derived view. JSSE reports provider-wide cipher suite support from SSLContext, so this tool filters the list for a specific protocol version and removes SCSV signaling values that are not negotiable cipher suites. When the default TLS context is requested, the section includes suites from both the TLS 1.3 and pre-TLS 1.3 families.

If the requested protocol or context is unavailable in the selected Java runtime, the tool prints an error and usage information to standard error and exits with status 1.

It is normal for modern JDKs to list old protocols such as SSLv3, TLSv1, or TLSv1.1 under supported protocols while not enabling them by default.

The security provider list helps explain platform differences. For example, Windows JDKs may include SunMSCAPI, which integrates with Windows cryptographic services and certificate stores.

Notes

Older one-liners using jrunscript are no longer reliable because jrunscript was deprecated in Java 9 and removed in later JDK releases.

This source intentionally avoids build tooling and third-party dependencies so it can be copied or run directly on the Java runtime being inspected.

Smoke test

Run the dependency-free smoke test with:

./smoketest.sh

About

Get supported protocols and ciphers from java

Topics

Resources

License

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors