[JAVA] How can I add a ciphersuite?

[xor]

Hi guys,


So I'm reverse engineering the communication protocol between a DynDNS update client and their server to see what traffic is being sent and how they authenticate it.


However, in my travels I figured out that it uses the following cipher suite for communication: TLS_RSA_WITH_RC4_128_SHA


Unfortunately, Java doesn't appear to have this in its list of enabled / available cipher suites as seen below:

Code: [Select]


TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
SSL_RSA_WITH_RC4_128_SHA
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_RC4_128_SHA
TLS_ECDH_ECDSA_WITH_RC4_128_SHA
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDH_RSA_WITH_RC4_128_SHA
TLS_EMPTY_RENEGOTIATION_INFO_SCSV
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
SSL_RSA_WITH_RC4_128_MD5
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
SSL_RSA_WITH_3DES_EDE_CBC_SHA


My question is... how do I add another cipher suite to this list? Last time I tried I got the following:

Code: [Select]

Exception in thread "main" java.lang.IllegalArgumentException: Unsupported ciphersuite TLS_RSA_WITH_RC4_128_SHA


Any ideas?

[xzid]

So I'm reverse engineering the communication protocol between a DynDNS update client and their server to see what traffic is being sent and how they authenticate it.

Am I missing something? the dyndns update client for linux is perl script:

http://dyn.com/support/clients/linux/

If your talking more than just info, what about key + packet sniff

[xor]

Well, I've found out that it communicates using TLS_RSA_WITH_RC4_128_SHA which is essentially synonymous with SSH_RSA_WITH_RC4_128_SHA.

I wrote a DynDNS client to communicate with their update.dyndns.org and the server accepted the communication using the SSH_ encryption. The server I made supports accepting SSH_ version of the encryption, but I get the above error, which means that the windows client is enforcing its communication using TLS. I'll check out the linux script and see if there's anything I can glean from it.

What I'm really trying to do is figure out how to configure bind to accept dynamic updates so I can have my own Dynamic DNS server, without having to read someone elses article on how to do it

[xzid]

Well you could do your testing using stunnel/nc. And if you're tired of fucking around with ssl, just use HTTP in your java program, let stunnel do it. Example:

Code: [Select]

[root@centos /]# stunnel -fd 0 << EOF
> client = yes
> [https]
> accept = 444
> connect = update.dyndns.org:443
> TIMEOUTclose = 0
> EOF
[root@centos /]# nc localhost 444 -vv
Connection to localhost 444 port [tcp/snpp] succeeded!
GET / HTTP/1.1
Host: update.dyndns.org

HTTP/1.1 404 Not Found
Date: Mon, 12 Sep 2011 01:31:09 GMT
Server: Apache
X-UpdateCode: X
Content-Length: 3
Connection: close
Content-Type: text/html; charset=iso-8859-1

404

If you check in web-browser it will return same output, I ain't falling for it.