List ciphers used by JVM

Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Summary

These are instructions to list all the ciphers that the JVM has available to it when using secure connections.

Solution

List the ciphers

  1. Save the code block as Ciphers.java to a temporary location (e.g. /tmp):

    1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 import java.util.Iterator; import java.util.Map; import java.util.TreeMap; import javax.net.ssl.SSLServerSocketFactory; public class Ciphers { public static void main(String[] args) throws Exception { SSLServerSocketFactory ssf = (SSLServerSocketFactory)SSLServerSocketFactory.getDefault(); String[] defaultCiphers = ssf.getDefaultCipherSuites(); String[] availableCiphers = ssf.getSupportedCipherSuites(); TreeMap ciphers = new TreeMap(); for(int i=0; i<availableCiphers.length; ++i ) ciphers.put(availableCiphers[i], Boolean.FALSE); for(int i=0; i<defaultCiphers.length; ++i ) ciphers.put(defaultCiphers[i], Boolean.TRUE); System.out.println("Default\tCipher"); for(Iterator i = ciphers.entrySet().iterator(); i.hasNext(); ) { Map.Entry cipher=(Map.Entry)i.next(); if(Boolean.TRUE.equals(cipher.getValue())) System.out.print('*'); else System.out.print(' '); System.out.print('\t'); System.out.println(cipher.getKey()); } } }

  2. From the command line navigate to this location and run:

    1 2 javac Ciphers.java java Ciphers

The command above will produce a list of ciphers that the JVM knows about.

To add other ciphers

You may need to have more ciphers in your JVM. For that, you need to download and install the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files for your JDK.

  1. Access http://www.oracle.com/technetwork/java/javase/downloads/index.html, search for JCE and download it.

  2. Make sure you are downloading the JCE for your JDK version.

  3. Unpack the download in a temporary location (e.g. /tmp).

  4. Locate the lib/security directory inside your JAVA_HOME. Depending on whether you're running a JDK or a JRE that would be JAVA_HOME/lib/security or JAVA_HOME/jre/lib/security

  5. Backup the local_policy.jar and US_export_policy.jar jars from that directory.

  6. Copy the local_policy.jar and US_export_policy.jar jars from the JCE policy files into your lib/security directory.

  7. Run java Ciphers again. More ciphers from you compatible ciphers list should be found now. If so, proceed with the next steps.

  8. Make sure the ciphers attribute is present as described on Git clone fails with SSL routines:SSL23_GET_SERVER_HELLO

  9. Restart Bitbucket Server.

Updated on April 11, 2025
Platform
Data Center only
Product
Bitbucket Data Center
On this pageSummarySolution

Still need help?

The Atlassian Community is here for you.
Ask the Community