Note: the instructions below are based on a Windows Server that has a local Java installation (.exe), however they should also work on other environments but you might need to change the way how you call the java executable.

1. Create a “Ciphers.java” file

Create a new text file called “Ciphers.java” with the following content:

import java.util.Iterator;
import java.util.Map;
import java.util.TreeMap;
import javax.net.ssl.SSLServerSocketFactory;

public class Ciphers
{
    public static void main(String[] args)
        throws Exception
    {
        SSLServerSocketFactory ssf = (SSLServerSocketFactory)SSLServerSocketFactory.getDefault();

        String[] defaultCiphers = ssf.getDefaultCipherSuites();
        String[] availableCiphers = ssf.getSupportedCipherSuites();

        TreeMap<String, Boolean> ciphers = new TreeMap<String, Boolean>();

        for(int i=0; i<availableCiphers.length; ++i )
            ciphers.put(availableCiphers[i], Boolean.FALSE);

        for(int i=0; i<defaultCiphers.length; ++i )
            ciphers.put(defaultCiphers[i], Boolean.TRUE);

        System.out.println("Default\tCipher");
        for(Iterator i = ciphers.entrySet().iterator(); i.hasNext(); ) {
            Map.Entry cipher=(Map.Entry)i.next();

            if(Boolean.TRUE.equals(cipher.getValue()))
                System.out.print('*');
            else
                System.out.print(' ');

            System.out.print('\t');
            System.out.println(cipher.getKey());
        }
    }
}

2. Execute the “Ciphers.java” file via Powershell

Then run the following command from the command line (e.g. in Powershell on Windows):

PS [install-dir-of-java]\bin> .\java.exe Ciphers.java

This will output the following list of all enabled SSL ciphers of this local Java installation:

Default Cipher
*       TLS_AES_128_GCM_SHA256
*       TLS_AES_256_GCM_SHA384
*       TLS_CHACHA20_POLY1305_SHA256
*       TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
*       TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
*       TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
*       TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
*       TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
*       TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
*       TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
*       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
*       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
*       TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
*       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
*       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
*       TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
*       TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
*       TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
*       TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
*       TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
*       TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
*       TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
*       TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
*       TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
*       TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
*       TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
*       TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
*       TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
*       TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
*       TLS_EMPTY_RENEGOTIATION_INFO_SCSV
*       TLS_RSA_WITH_AES_128_CBC_SHA
*       TLS_RSA_WITH_AES_128_CBC_SHA256
*       TLS_RSA_WITH_AES_128_GCM_SHA256
*       TLS_RSA_WITH_AES_256_CBC_SHA
*       TLS_RSA_WITH_AES_256_CBC_SHA256
*       TLS_RSA_WITH_AES_256_GCM_SHA384

3. (Optionally) Disable certain SSL ciphers in Java

If you wish to disable a certain SSL cipher, edit the file in the directory “conf\security\java.security” and look for the following line. Here you can add individual SSL ciphers to disable. The below shows an example that disables common weak TLS ciphers.

jdk.tls.disabledAlgorithms=SSLv3,TLSv1.0, TLSv1.1, RC4, DES, \
            MD5withRSA,                          \
            DH keySize < 2048,                   \
            EC keySize < 224,                    \
            3DES_EDE_CBC,                        \
            anon,                                \
            NULL,                                \
            TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, \
            TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, \
            TLS_DHE_RSA_WITH_AES_256_CBC_SHA,    \
            TLS_DHE_DSS_WITH_AES_256_CBC_SHA,    \
            TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, \
            TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, \
            TLS_DHE_RSA_WITH_AES_128_CBC_SHA,    \
            TLS_DHE_DSS_WITH_AES_128_CBC_SHA,    \
            TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, \
            TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, \
            TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, \
            TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, \
	    TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256

The post Java get all enabled TLS cipher suites on Windows via Powershell appeared first on Lanedirt.tech.

$ sudo rpm --import https://yum.corretto.aws/corretto.key
$ sudo curl -L -o /etc/yum.repos.d/corretto.repo https://yum.corretto.aws/corretto.repo
$ sudo yum install -y java-11-amazon-corretto-devel

After running the above commands, check if Java 11 is successfully installed:

$ java -version

openjdk version "11.0.15" 2022-04-19 LTS
OpenJDK Runtime Environment Corretto-11.0.15.9.1 (build 11.0.15+9-LTS)
OpenJDK 64-Bit Server VM Corretto-11.0.15.9.1 (build 11.0.15+9-LTS, mixed mode)

That’s it!

The post How to install Java 11 Amazon Corretto on RedHat 8 / CentOS 8 / AlmaLinux 8 appeared first on Lanedirt.tech.