How to get support for cipher suite TLS_PSK_WITH_AES_128_GCM_SHA256?

1
votes

Cipher suite TLS_PSK_WITH_AES_128_GCM_SHA256 is included in JSSE Cipher Suite Names (Ref: https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html).

But same is not included in the list supported cipher suites (Ref: https://docs.oracle.com/javase/8/docs/technotes/guides/security/SunProviders.html).

Also I re-checked whether it is supported by running code ... sslSocketFactory.getSupportedCipherSuites(). But it isn't.

What does it mean? How can I get the support for this Cipher suite? If I have to provide implemntation for this cipher suite, how can I proceed?

2
javasecurityencryptionjava-8

2 Answers

1
votes

For your own implementation you need to create a signed security provider and implement the suite yourself.

You could also try and find a provider that implements this ciphersuite (off topic here, your search engine is as good as mine).

It is not impossible to alter the OpenJDK or trick the system in accepting the unsigned provider if you cannot get the required certificate from Oracle.

1
votes

The IAIK Provider for the Java™ Cryptography Extension (IAIK-JCE) is a set of APIs and implementations of cryptographic functionality. It supports symmetric key cipher suites including this one - TLS_PSK_WITH_AES_128_GCM_SHA256.

Ref: https://jce.iaik.tugraz.at/sic/Products/Public-Key-Infrastructure/JCA_JCE