Setting Java Cryptography Extension (JCE) Unlimited Strength

Default java installation is not coming with high encryption extension files. These files are valid for USA country and are need to be downloaded and installed separately:

1. Download the JCE Policy jar files from the below location:

http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html

2. The zip file would contain two jar files (local_policy.jar and US_export_policy.jar).

3. These jar files need to be placed under the ‘jre/lib/security’ location. For my MAC, this location is as follow:

/Library/Java/JavaVirtualMachines/jdk1.7.0_67.jdk/Contents/Home/jre/lib/security

Enjoy strong encryption algorithm now 🙂

SSL enabled TCP Trace

I was facing an issue while taking TCP trace on client end for SSL enabled server, encrypted trace 🙂

I like using Grinder for TCP dump by running TCP Proxy on different port.

Following is the way, you can generate readable (decrypt) trace:

1. Using Grinder:

java -cp grinder/grinder.jar -Xms16m -Xmx32m net.grinder.TCPProxy -localhost localhost -localport 9090 -remotehost  <Server Address> -remoteport 443 -keystore myserverJKS.jks -keyStorePassword abcd1234 -ssl

Run above command out of your grinder package (or change jar file path accordingly)

Note “-ssl” keyword in command.

2. Using Wireshark

Wireshark is great and can easily be configured for SSL based TCP traces:

– If you do not have .key file, regenerate it from your JKS and password.

keytool -certreq -alias <domain-name> -keystore <jks file name> -file myKey.key

It will ask your jks password, it should be same as it is used to generate JKS.

– Open Wireshark, Edit > Preferences > Protocols > SSL > (Pre)-Master-Secret log filename > select .key file

– Start TCP trace