search

adoptium / temurin-build

Eclipse Temurin™ build scripts - common across all releases/versions
Apache License 2.0
1.02k stars 247 forks source link

Missing ECDHE Ciphers in 8-jdk-alpine #3002

Open tommyreilly opened 2 years ago

tommyreilly commented 2 years ago

What are you trying to do?

Confirm that JDK 8 termurin alpine image has same set of ciphers as other JDK 8 temurin operating system versions. Seeing SSL handshake errors in code when using latest JDK 8 termurin alpine image that were not seen when using the same code with the older AdoptOpenJDK 8 alpine image.

Expected behaviour:

No SSL handshake errors when relying on ECDHE Ciphers in using an image derived from the JDK 8 termurin alpine image

Expect to see the same list of ciphers in the Alpine 8 JDK image as seen in non-Alpine 8 JDK images.

Observed behaviour:

darkedges reported this issue succinctly in https://github.com/adoptium/temurin-build/issues/2963 but decided to close the issue. I've opened this so that the community can find a resolution in the code base.

Any other comments:

tommyreilly commented 2 years ago

The list of ciphers seen in the (legacy) adoptopenjdk alpine 8 image shows a fuller set of ciphers (using https://confluence.atlassian.com/stashkb/list-ciphers-used-by-jvm-679609085.html to list the ciphers):

Ubuntu based default AdoptOpenJDK 8 image:

docker run -it adoptopenjdk/openjdk8 sh
# apt-get update
Get:1 http://security.ubuntu.com/ubuntu focal-security InRelease [114 kB]
Get:2 http://archive.ubuntu.com/ubuntu focal InRelease [265 kB]
Get:3 http://security.ubuntu.com/ubuntu focal-security/multiverse amd64 Packages [27.5 kB]
Get:4 http://archive.ubuntu.com/ubuntu focal-updates InRelease [114 kB]
Get:5 http://security.ubuntu.com/ubuntu focal-security/restricted amd64 Packages [1,331 kB]
Get:6 http://archive.ubuntu.com/ubuntu focal-backports InRelease [108 kB]
Get:7 http://archive.ubuntu.com/ubuntu focal/main amd64 Packages [1,275 kB]
Get:8 http://security.ubuntu.com/ubuntu focal-security/main amd64 Packages [1,979 kB]
Get:9 http://archive.ubuntu.com/ubuntu focal/restricted amd64 Packages [33.4 kB]            
Get:10 http://archive.ubuntu.com/ubuntu focal/universe amd64 Packages [11.3 MB]              
Get:11 http://security.ubuntu.com/ubuntu focal-security/universe amd64 Packages [881 kB]      
Get:12 http://archive.ubuntu.com/ubuntu focal/multiverse amd64 Packages [177 kB]          
Get:13 http://archive.ubuntu.com/ubuntu focal-updates/multiverse amd64 Packages [30.3 kB]
Get:14 http://archive.ubuntu.com/ubuntu focal-updates/main amd64 Packages [2,420 kB]
Get:15 http://archive.ubuntu.com/ubuntu focal-updates/universe amd64 Packages [1,161 kB]
Get:16 http://archive.ubuntu.com/ubuntu focal-updates/restricted amd64 Packages [1,411 kB]
Get:17 http://archive.ubuntu.com/ubuntu focal-backports/universe amd64 Packages [27.1 kB]
Get:18 http://archive.ubuntu.com/ubuntu focal-backports/main amd64 Packages [54.2 kB]
Fetched 22.8 MB in 5s (4,211 kB/s)                          
Reading package lists... Done
# apt-get install vim
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following additional packages will be installed:
  alsa-topology-conf alsa-ucm-conf file libasound2 libasound2-data libcanberra0 libgpm2 libltdl7 libmagic-mgc libmagic1 libmpdec2 libogg0 libpython3.8
  libpython3.8-minimal libpython3.8-stdlib libreadline8 libtdb1 libvorbis0a libvorbisfile3 mime-support readline-common sound-theme-freedesktop vim-common
  vim-runtime xxd xz-utils
Suggested packages:
  libasound2-plugins alsa-utils libcanberra-gtk0 libcanberra-pulse gpm readline-doc ctags vim-doc vim-scripts
The following NEW packages will be installed:
  alsa-topology-conf alsa-ucm-conf file libasound2 libasound2-data libcanberra0 libgpm2 libltdl7 libmagic-mgc libmagic1 libmpdec2 libogg0 libpython3.8
  libpython3.8-minimal libpython3.8-stdlib libreadline8 libtdb1 libvorbis0a libvorbisfile3 mime-support readline-common sound-theme-freedesktop vim vim-common
  vim-runtime xxd xz-utils
0 upgraded, 27 newly installed, 0 to remove and 7 not upgraded.
Need to get 13.0 MB of archives.
After this operation, 64.7 MB of additional disk space will be used.
Do you want to continue? [Y/n] Y
Get:1 http://archive.ubuntu.com/ubuntu focal/main amd64 libmagic-mgc amd64 1:5.38-4 [218 kB]
Get:2 http://archive.ubuntu.com/ubuntu focal/main amd64 libmagic1 amd64 1:5.38-4 [75.9 kB]
Get:3 http://archive.ubuntu.com/ubuntu focal/main amd64 file amd64 1:5.38-4 [23.3 kB]
Get:4 http://archive.ubuntu.com/ubuntu focal/main amd64 libmpdec2 amd64 2.4.2-3 [81.1 kB]
Get:5 http://archive.ubuntu.com/ubuntu focal-updates/main amd64 libpython3.8-minimal amd64 3.8.10-0ubuntu1~20.04.4 [717 kB]
Get:6 http://archive.ubuntu.com/ubuntu focal/main amd64 mime-support all 3.64ubuntu1 [30.6 kB]
Get:7 http://archive.ubuntu.com/ubuntu focal/main amd64 readline-common all 8.0-4 [53.5 kB]
Get:8 http://archive.ubuntu.com/ubuntu focal/main amd64 libreadline8 amd64 8.0-4 [131 kB]
Get:9 http://archive.ubuntu.com/ubuntu focal-updates/main amd64 libpython3.8-stdlib amd64 3.8.10-0ubuntu1~20.04.4 [1,675 kB]
Get:10 http://archive.ubuntu.com/ubuntu focal-updates/main amd64 xxd amd64 2:8.1.2269-1ubuntu5.7 [50.0 kB]
Get:11 http://archive.ubuntu.com/ubuntu focal-updates/main amd64 vim-common all 2:8.1.2269-1ubuntu5.7 [85.0 kB]
Get:12 http://archive.ubuntu.com/ubuntu focal-updates/main amd64 xz-utils amd64 5.2.4-1ubuntu1.1 [82.6 kB]
Get:13 http://archive.ubuntu.com/ubuntu focal/main amd64 alsa-topology-conf all 1.2.2-1 [7,364 B]
Get:14 http://archive.ubuntu.com/ubuntu focal-updates/main amd64 alsa-ucm-conf all 1.2.2-1ubuntu0.13 [27.0 kB]
Get:15 http://archive.ubuntu.com/ubuntu focal-updates/main amd64 libasound2-data all 1.2.2-2.1ubuntu2.5 [20.1 kB]
Get:16 http://archive.ubuntu.com/ubuntu focal-updates/main amd64 libasound2 amd64 1.2.2-2.1ubuntu2.5 [335 kB]
Get:17 http://archive.ubuntu.com/ubuntu focal/main amd64 libltdl7 amd64 2.4.6-14 [38.5 kB]                                                                      
Get:18 http://archive.ubuntu.com/ubuntu focal-updates/main amd64 libtdb1 amd64 1.4.3-0ubuntu0.20.04.1 [44.2 kB]                                                 
Get:19 http://archive.ubuntu.com/ubuntu focal/main amd64 libogg0 amd64 1.3.4-0ubuntu1 [24.0 kB]                                                                 
Get:20 http://archive.ubuntu.com/ubuntu focal/main amd64 libvorbis0a amd64 1.3.6-2ubuntu1 [87.0 kB]                                                             
Get:21 http://archive.ubuntu.com/ubuntu focal/main amd64 libvorbisfile3 amd64 1.3.6-2ubuntu1 [16.1 kB]                                                          
Get:22 http://archive.ubuntu.com/ubuntu focal/main amd64 sound-theme-freedesktop all 0.8-2ubuntu1 [384 kB]                                                      
Get:23 http://archive.ubuntu.com/ubuntu focal/main amd64 libcanberra0 amd64 0.30-7ubuntu1 [38.1 kB]                                                             
Get:24 http://archive.ubuntu.com/ubuntu focal/main amd64 libgpm2 amd64 1.20.7-5 [15.1 kB]                                                                       
Get:25 http://archive.ubuntu.com/ubuntu focal-updates/main amd64 libpython3.8 amd64 3.8.10-0ubuntu1~20.04.4 [1,625 kB]                                          
Get:26 http://archive.ubuntu.com/ubuntu focal-updates/main amd64 vim-runtime all 2:8.1.2269-1ubuntu5.7 [5,872 kB]                                               
Get:27 http://archive.ubuntu.com/ubuntu focal-updates/main amd64 vim amd64 2:8.1.2269-1ubuntu5.7 [1,238 kB]                                                     
Fetched 13.0 MB in 21s (617 kB/s)                                                                                                                               
debconf: delaying package configuration, since apt-utils is not installed
Selecting previously unselected package libmagic-mgc.
(Reading database ... 7341 files and directories currently installed.)
Preparing to unpack .../00-libmagic-mgc_1%3a5.38-4_amd64.deb ...
Unpacking libmagic-mgc (1:5.38-4) ...
Selecting previously unselected package libmagic1:amd64.
Preparing to unpack .../01-libmagic1_1%3a5.38-4_amd64.deb ...
Unpacking libmagic1:amd64 (1:5.38-4) ...
Selecting previously unselected package file.
Preparing to unpack .../02-file_1%3a5.38-4_amd64.deb ...
Unpacking file (1:5.38-4) ...
Selecting previously unselected package libmpdec2:amd64.
Preparing to unpack .../03-libmpdec2_2.4.2-3_amd64.deb ...
Unpacking libmpdec2:amd64 (2.4.2-3) ...
Selecting previously unselected package libpython3.8-minimal:amd64.
Preparing to unpack .../04-libpython3.8-minimal_3.8.10-0ubuntu1~20.04.4_amd64.deb ...
Unpacking libpython3.8-minimal:amd64 (3.8.10-0ubuntu1~20.04.4) ...
Selecting previously unselected package mime-support.
Preparing to unpack .../05-mime-support_3.64ubuntu1_all.deb ...
Unpacking mime-support (3.64ubuntu1) ...
Selecting previously unselected package readline-common.
Preparing to unpack .../06-readline-common_8.0-4_all.deb ...
Unpacking readline-common (8.0-4) ...
Selecting previously unselected package libreadline8:amd64.
Preparing to unpack .../07-libreadline8_8.0-4_amd64.deb ...
Unpacking libreadline8:amd64 (8.0-4) ...
Selecting previously unselected package libpython3.8-stdlib:amd64.
Preparing to unpack .../08-libpython3.8-stdlib_3.8.10-0ubuntu1~20.04.4_amd64.deb ...
Unpacking libpython3.8-stdlib:amd64 (3.8.10-0ubuntu1~20.04.4) ...
Selecting previously unselected package xxd.
Preparing to unpack .../09-xxd_2%3a8.1.2269-1ubuntu5.7_amd64.deb ...
Unpacking xxd (2:8.1.2269-1ubuntu5.7) ...
Selecting previously unselected package vim-common.
Preparing to unpack .../10-vim-common_2%3a8.1.2269-1ubuntu5.7_all.deb ...
Unpacking vim-common (2:8.1.2269-1ubuntu5.7) ...
Selecting previously unselected package xz-utils.
Preparing to unpack .../11-xz-utils_5.2.4-1ubuntu1.1_amd64.deb ...
Unpacking xz-utils (5.2.4-1ubuntu1.1) ...
Selecting previously unselected package alsa-topology-conf.
Preparing to unpack .../12-alsa-topology-conf_1.2.2-1_all.deb ...
Unpacking alsa-topology-conf (1.2.2-1) ...
Selecting previously unselected package alsa-ucm-conf.
Preparing to unpack .../13-alsa-ucm-conf_1.2.2-1ubuntu0.13_all.deb ...
Unpacking alsa-ucm-conf (1.2.2-1ubuntu0.13) ...
Selecting previously unselected package libasound2-data.
Preparing to unpack .../14-libasound2-data_1.2.2-2.1ubuntu2.5_all.deb ...
Unpacking libasound2-data (1.2.2-2.1ubuntu2.5) ...
Selecting previously unselected package libasound2:amd64.
Preparing to unpack .../15-libasound2_1.2.2-2.1ubuntu2.5_amd64.deb ...
Unpacking libasound2:amd64 (1.2.2-2.1ubuntu2.5) ...
Selecting previously unselected package libltdl7:amd64.
Preparing to unpack .../16-libltdl7_2.4.6-14_amd64.deb ...
Unpacking libltdl7:amd64 (2.4.6-14) ...
Selecting previously unselected package libtdb1:amd64.
Preparing to unpack .../17-libtdb1_1.4.3-0ubuntu0.20.04.1_amd64.deb ...
Unpacking libtdb1:amd64 (1.4.3-0ubuntu0.20.04.1) ...
Selecting previously unselected package libogg0:amd64.
Preparing to unpack .../18-libogg0_1.3.4-0ubuntu1_amd64.deb ...
Unpacking libogg0:amd64 (1.3.4-0ubuntu1) ...
Selecting previously unselected package libvorbis0a:amd64.
Preparing to unpack .../19-libvorbis0a_1.3.6-2ubuntu1_amd64.deb ...
Unpacking libvorbis0a:amd64 (1.3.6-2ubuntu1) ...
Selecting previously unselected package libvorbisfile3:amd64.
Preparing to unpack .../20-libvorbisfile3_1.3.6-2ubuntu1_amd64.deb ...
Unpacking libvorbisfile3:amd64 (1.3.6-2ubuntu1) ...
Selecting previously unselected package sound-theme-freedesktop.
Preparing to unpack .../21-sound-theme-freedesktop_0.8-2ubuntu1_all.deb ...
Unpacking sound-theme-freedesktop (0.8-2ubuntu1) ...
Selecting previously unselected package libcanberra0:amd64.
Preparing to unpack .../22-libcanberra0_0.30-7ubuntu1_amd64.deb ...
Unpacking libcanberra0:amd64 (0.30-7ubuntu1) ...
Selecting previously unselected package libgpm2:amd64.
Preparing to unpack .../23-libgpm2_1.20.7-5_amd64.deb ...
Unpacking libgpm2:amd64 (1.20.7-5) ...
Selecting previously unselected package libpython3.8:amd64.
Preparing to unpack .../24-libpython3.8_3.8.10-0ubuntu1~20.04.4_amd64.deb ...
Unpacking libpython3.8:amd64 (3.8.10-0ubuntu1~20.04.4) ...
Selecting previously unselected package vim-runtime.
Preparing to unpack .../25-vim-runtime_2%3a8.1.2269-1ubuntu5.7_all.deb ...
Adding 'diversion of /usr/share/vim/vim81/doc/help.txt to /usr/share/vim/vim81/doc/help.txt.vim-tiny by vim-runtime'
Adding 'diversion of /usr/share/vim/vim81/doc/tags to /usr/share/vim/vim81/doc/tags.vim-tiny by vim-runtime'
Unpacking vim-runtime (2:8.1.2269-1ubuntu5.7) ...
Selecting previously unselected package vim.
Preparing to unpack .../26-vim_2%3a8.1.2269-1ubuntu5.7_amd64.deb ...
Unpacking vim (2:8.1.2269-1ubuntu5.7) ...
Setting up libpython3.8-minimal:amd64 (3.8.10-0ubuntu1~20.04.4) ...
Setting up libgpm2:amd64 (1.20.7-5) ...
Setting up libogg0:amd64 (1.3.4-0ubuntu1) ...
Setting up mime-support (3.64ubuntu1) ...
Setting up alsa-ucm-conf (1.2.2-1ubuntu0.13) ...
Setting up libmagic-mgc (1:5.38-4) ...
Setting up libtdb1:amd64 (1.4.3-0ubuntu0.20.04.1) ...
Setting up libmagic1:amd64 (1:5.38-4) ...
Setting up file (1:5.38-4) ...
Setting up xxd (2:8.1.2269-1ubuntu5.7) ...
Setting up libasound2-data (1.2.2-2.1ubuntu2.5) ...
Setting up vim-common (2:8.1.2269-1ubuntu5.7) ...
Setting up xz-utils (5.2.4-1ubuntu1.1) ...
update-alternatives: using /usr/bin/xz to provide /usr/bin/lzma (lzma) in auto mode
update-alternatives: warning: skip creation of /usr/share/man/man1/lzma.1.gz because associated file /usr/share/man/man1/xz.1.gz (of link group lzma) doesn't exist
update-alternatives: warning: skip creation of /usr/share/man/man1/unlzma.1.gz because associated file /usr/share/man/man1/unxz.1.gz (of link group lzma) doesn't exist
update-alternatives: warning: skip creation of /usr/share/man/man1/lzcat.1.gz because associated file /usr/share/man/man1/xzcat.1.gz (of link group lzma) doesn't exist
update-alternatives: warning: skip creation of /usr/share/man/man1/lzmore.1.gz because associated file /usr/share/man/man1/xzmore.1.gz (of link group lzma) doesn't exist
update-alternatives: warning: skip creation of /usr/share/man/man1/lzless.1.gz because associated file /usr/share/man/man1/xzless.1.gz (of link group lzma) doesn't exist
update-alternatives: warning: skip creation of /usr/share/man/man1/lzdiff.1.gz because associated file /usr/share/man/man1/xzdiff.1.gz (of link group lzma) doesn't exist
update-alternatives: warning: skip creation of /usr/share/man/man1/lzcmp.1.gz because associated file /usr/share/man/man1/xzcmp.1.gz (of link group lzma) doesn't exist
update-alternatives: warning: skip creation of /usr/share/man/man1/lzgrep.1.gz because associated file /usr/share/man/man1/xzgrep.1.gz (of link group lzma) doesn't exist
update-alternatives: warning: skip creation of /usr/share/man/man1/lzegrep.1.gz because associated file /usr/share/man/man1/xzegrep.1.gz (of link group lzma) doesn't exist
update-alternatives: warning: skip creation of /usr/share/man/man1/lzfgrep.1.gz because associated file /usr/share/man/man1/xzfgrep.1.gz (of link group lzma) doesn't exist
Setting up libvorbis0a:amd64 (1.3.6-2ubuntu1) ...
Setting up libltdl7:amd64 (2.4.6-14) ...
Setting up alsa-topology-conf (1.2.2-1) ...
Setting up sound-theme-freedesktop (0.8-2ubuntu1) ...
Setting up libasound2:amd64 (1.2.2-2.1ubuntu2.5) ...
Setting up libmpdec2:amd64 (2.4.2-3) ...
Setting up vim-runtime (2:8.1.2269-1ubuntu5.7) ...
Setting up readline-common (8.0-4) ...
Setting up libreadline8:amd64 (8.0-4) ...
Setting up libvorbisfile3:amd64 (1.3.6-2ubuntu1) ...
Setting up libpython3.8-stdlib:amd64 (3.8.10-0ubuntu1~20.04.4) ...
Setting up libcanberra0:amd64 (0.30-7ubuntu1) ...
Setting up libpython3.8:amd64 (3.8.10-0ubuntu1~20.04.4) ...
Setting up vim (2:8.1.2269-1ubuntu5.7) ...
update-alternatives: using /usr/bin/vim.basic to provide /usr/bin/vim (vim) in auto mode
update-alternatives: using /usr/bin/vim.basic to provide /usr/bin/vimdiff (vimdiff) in auto mode
update-alternatives: using /usr/bin/vim.basic to provide /usr/bin/rvim (rvim) in auto mode
update-alternatives: using /usr/bin/vim.basic to provide /usr/bin/rview (rview) in auto mode
update-alternatives: using /usr/bin/vim.basic to provide /usr/bin/vi (vi) in auto mode
update-alternatives: warning: skip creation of /usr/share/man/da/man1/vi.1.gz because associated file /usr/share/man/da/man1/vim.1.gz (of link group vi) doesn't exist
update-alternatives: warning: skip creation of /usr/share/man/de/man1/vi.1.gz because associated file /usr/share/man/de/man1/vim.1.gz (of link group vi) doesn't exist
update-alternatives: warning: skip creation of /usr/share/man/fr/man1/vi.1.gz because associated file /usr/share/man/fr/man1/vim.1.gz (of link group vi) doesn't exist
update-alternatives: warning: skip creation of /usr/share/man/it/man1/vi.1.gz because associated file /usr/share/man/it/man1/vim.1.gz (of link group vi) doesn't exist
update-alternatives: warning: skip creation of /usr/share/man/ja/man1/vi.1.gz because associated file /usr/share/man/ja/man1/vim.1.gz (of link group vi) doesn't exist
update-alternatives: warning: skip creation of /usr/share/man/pl/man1/vi.1.gz because associated file /usr/share/man/pl/man1/vim.1.gz (of link group vi) doesn't exist
update-alternatives: warning: skip creation of /usr/share/man/ru/man1/vi.1.gz because associated file /usr/share/man/ru/man1/vim.1.gz (of link group vi) doesn't exist
update-alternatives: warning: skip creation of /usr/share/man/man1/vi.1.gz because associated file /usr/share/man/man1/vim.1.gz (of link group vi) doesn't exist
update-alternatives: using /usr/bin/vim.basic to provide /usr/bin/view (view) in auto mode
update-alternatives: warning: skip creation of /usr/share/man/da/man1/view.1.gz because associated file /usr/share/man/da/man1/vim.1.gz (of link group view) doesn't exist
update-alternatives: warning: skip creation of /usr/share/man/de/man1/view.1.gz because associated file /usr/share/man/de/man1/vim.1.gz (of link group view) doesn't exist
update-alternatives: warning: skip creation of /usr/share/man/fr/man1/view.1.gz because associated file /usr/share/man/fr/man1/vim.1.gz (of link group view) doesn't exist
update-alternatives: warning: skip creation of /usr/share/man/it/man1/view.1.gz because associated file /usr/share/man/it/man1/vim.1.gz (of link group view) doesn't exist
update-alternatives: warning: skip creation of /usr/share/man/ja/man1/view.1.gz because associated file /usr/share/man/ja/man1/vim.1.gz (of link group view) doesn't exist
update-alternatives: warning: skip creation of /usr/share/man/pl/man1/view.1.gz because associated file /usr/share/man/pl/man1/vim.1.gz (of link group view) doesn't exist
update-alternatives: warning: skip creation of /usr/share/man/ru/man1/view.1.gz because associated file /usr/share/man/ru/man1/vim.1.gz (of link group view) doesn't exist
update-alternatives: warning: skip creation of /usr/share/man/man1/view.1.gz because associated file /usr/share/man/man1/vim.1.gz (of link group view) doesn't exist
update-alternatives: using /usr/bin/vim.basic to provide /usr/bin/ex (ex) in auto mode
update-alternatives: warning: skip creation of /usr/share/man/da/man1/ex.1.gz because associated file /usr/share/man/da/man1/vim.1.gz (of link group ex) doesn't exist
update-alternatives: warning: skip creation of /usr/share/man/de/man1/ex.1.gz because associated file /usr/share/man/de/man1/vim.1.gz (of link group ex) doesn't exist
update-alternatives: warning: skip creation of /usr/share/man/fr/man1/ex.1.gz because associated file /usr/share/man/fr/man1/vim.1.gz (of link group ex) doesn't exist
update-alternatives: warning: skip creation of /usr/share/man/it/man1/ex.1.gz because associated file /usr/share/man/it/man1/vim.1.gz (of link group ex) doesn't exist
update-alternatives: warning: skip creation of /usr/share/man/ja/man1/ex.1.gz because associated file /usr/share/man/ja/man1/vim.1.gz (of link group ex) doesn't exist
update-alternatives: warning: skip creation of /usr/share/man/pl/man1/ex.1.gz because associated file /usr/share/man/pl/man1/vim.1.gz (of link group ex) doesn't exist
update-alternatives: warning: skip creation of /usr/share/man/ru/man1/ex.1.gz because associated file /usr/share/man/ru/man1/vim.1.gz (of link group ex) doesn't exist
update-alternatives: warning: skip creation of /usr/share/man/man1/ex.1.gz because associated file /usr/share/man/man1/vim.1.gz (of link group ex) doesn't exist
update-alternatives: using /usr/bin/vim.basic to provide /usr/bin/editor (editor) in auto mode
update-alternatives: warning: skip creation of /usr/share/man/da/man1/editor.1.gz because associated file /usr/share/man/da/man1/vim.1.gz (of link group editor) doesn't exist
update-alternatives: warning: skip creation of /usr/share/man/de/man1/editor.1.gz because associated file /usr/share/man/de/man1/vim.1.gz (of link group editor) doesn't exist
update-alternatives: warning: skip creation of /usr/share/man/fr/man1/editor.1.gz because associated file /usr/share/man/fr/man1/vim.1.gz (of link group editor) doesn't exist
update-alternatives: warning: skip creation of /usr/share/man/it/man1/editor.1.gz because associated file /usr/share/man/it/man1/vim.1.gz (of link group editor) doesn't exist
update-alternatives: warning: skip creation of /usr/share/man/ja/man1/editor.1.gz because associated file /usr/share/man/ja/man1/vim.1.gz (of link group editor) doesn't exist
update-alternatives: warning: skip creation of /usr/share/man/pl/man1/editor.1.gz because associated file /usr/share/man/pl/man1/vim.1.gz (of link group editor) doesn't exist
update-alternatives: warning: skip creation of /usr/share/man/ru/man1/editor.1.gz because associated file /usr/share/man/ru/man1/vim.1.gz (of link group editor) doesn't exist
update-alternatives: warning: skip creation of /usr/share/man/man1/editor.1.gz because associated file /usr/share/man/man1/vim.1.gz (of link group editor) doesn't exist
Processing triggers for libc-bin (2.31-0ubuntu9.9) ...
# cd /tmp
# vi Ciphers.java
# javac Ciphers.java
# java Ciphers     
Default Cipher
*   TLS_AES_128_GCM_SHA256
*   TLS_AES_256_GCM_SHA384
*   TLS_DHE_DSS_WITH_AES_128_CBC_SHA
*   TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
*   TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
*   TLS_DHE_DSS_WITH_AES_256_CBC_SHA
*   TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
*   TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
*   TLS_DHE_RSA_WITH_AES_128_CBC_SHA
*   TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
*   TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
*   TLS_DHE_RSA_WITH_AES_256_CBC_SHA
*   TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
*   TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
*   TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
*   TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
*   TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
*   TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
*   TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
*   TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
*   TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
*   TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
*   TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
*   TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
*   TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
*   TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
*   TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
*   TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
*   TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
*   TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
*   TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
*   TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
*   TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
*   TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
*   TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
*   TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
*   TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
*   TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
*   TLS_EMPTY_RENEGOTIATION_INFO_SCSV
*   TLS_RSA_WITH_AES_128_CBC_SHA
*   TLS_RSA_WITH_AES_128_CBC_SHA256
*   TLS_RSA_WITH_AES_128_GCM_SHA256
*   TLS_RSA_WITH_AES_256_CBC_SHA
*   TLS_RSA_WITH_AES_256_CBC_SHA256
*   TLS_RSA_WITH_AES_256_GCM_SHA384
# exit

Alpine specific AdoptOpenJDK 8 image:

docker run -it adoptopenjdk/openjdk8:alpine sh
Unable to find image 'adoptopenjdk/openjdk8:alpine' locally
alpine: Pulling from adoptopenjdk/openjdk8
8663204ce13b: Pull complete 
48bd205985bd: Pull complete 
5763c111bbb8: Pull complete 
Digest: sha256:11f827d7b11767a74a54767a130fa4a1728b94327d85dcf5220bdc0d27388e3f
Status: Downloaded newer image for adoptopenjdk/openjdk8:alpine
/ # apk update
fetch https://dl-cdn.alpinelinux.org/alpine/v3.14/main/x86_64/APKINDEX.tar.gz
fetch https://dl-cdn.alpinelinux.org/alpine/v3.14/community/x86_64/APKINDEX.tar.gz
v3.14.6-77-gc88baf16ee [https://dl-cdn.alpinelinux.org/alpine/v3.14/main]
v3.14.6-75-g95d33475fe [https://dl-cdn.alpinelinux.org/alpine/v3.14/community]
OK: 14963 distinct packages available
/ # cd /tmp
/tmp # vi Ciphers.java
/tmp # javac Ciphers.java 
/tmp # java Ciphers
Default Cipher
*   TLS_AES_128_GCM_SHA256
*   TLS_AES_256_GCM_SHA384
*   TLS_DHE_DSS_WITH_AES_128_CBC_SHA
*   TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
*   TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
*   TLS_DHE_DSS_WITH_AES_256_CBC_SHA
*   TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
*   TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
*   TLS_DHE_RSA_WITH_AES_128_CBC_SHA
*   TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
*   TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
*   TLS_DHE_RSA_WITH_AES_256_CBC_SHA
*   TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
*   TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
*   TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
*   TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
*   TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
*   TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
*   TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
*   TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
*   TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
*   TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
*   TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
*   TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
*   TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
*   TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
*   TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
*   TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
*   TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
*   TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
*   TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
*   TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
*   TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
*   TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
*   TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
*   TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
*   TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
*   TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
*   TLS_EMPTY_RENEGOTIATION_INFO_SCSV
*   TLS_RSA_WITH_AES_128_CBC_SHA
*   TLS_RSA_WITH_AES_128_CBC_SHA256
*   TLS_RSA_WITH_AES_128_GCM_SHA256
*   TLS_RSA_WITH_AES_256_CBC_SHA
*   TLS_RSA_WITH_AES_256_CBC_SHA256
*   TLS_RSA_WITH_AES_256_GCM_SHA384
/tmp # exit
karianna commented 2 years ago

Added to PMC agenda

zdtsw commented 2 years ago

maybe related to this one https://github.com/alpinelinux/aports/pull/1697

karianna commented 2 years ago

build team will look into this.

BlueIce commented 2 years ago

The ciphers are also missing in the newly created alpine image (JDK8u342).

tommyreilly commented 2 years ago

I was wondering if there is any update to this request and, if possible, any potential ETA to provide an Alpine Java 8 version with the mission ciphers?

karianna commented 2 years ago

Thinking out loud. We currently download and integrate the same cipher suite as Mozilla. I'm not sure if ECDHE is supported in that set, that would be my next step for investigation. Will ping the build team

ofyaniv commented 2 years ago

@karianna

Thank you for the update.

Bouncy Castle license is similar to MIT License. https://www.bouncycastle.org/licence.html

The following simple script is adding bouncy castle jar file to JAVA_HOME - resolving the missing ciphers issue.

update_bouncy_castle_in_java_security.sh

!/bin/sh

if [[ ! -z "${JAVA_HOME}" ]]; then export JAVA_PATH=which java export JAVA_RESOLVED_PATH=readlink -fn $JAVA_PATH export JAVA_HOME=echo $JAVA_RESOLVED_PATH | sed 's/\/bin\/java$//' fi

export JAVA_LIB_FOLDER=$JAVA_HOME/lib export JAVA_LIB_SECURITY_FOLDER=$JAVA_LIB_FOLDER/security export JAVA_SECURITY_FILE=$JAVA_LIB_SECURITY_FOLDER/java.security

chmod 777 "$JAVA_SECURITY_FILE" /bin/mv "$JAVA_SECURITY_FILE" "$JAVA_SECURITY_FILE.$$"

cat "$JAVA_SECURITY_FILE.$$" | awk 'BEGIN{x=0}{if ($1 ~ /^security.provider./) {split($1,c,"=") ; split(c[1],d,".") ; if (d[3]==2) {x=1 ; print "security.provider.2=org.bouncycastle.jce.provider.BouncyCastleProvider"} ; print "security.provider."d[3]+x"="c[2]} else {print $0}}' > "$JAVA_SECURITY_FILE" chmod 644 "$JAVA_SECURITY_FILE"

export BOUNCY_CASTLE_DOWNLOAD_BASE_URL=https://www.bouncycastle.org/download export BOUNCY_CASTLE_JAVA_VERSION=jdk18on export BOUNCY_CASTLE_VERSION_NUMBER=171 export BOUNCY_CASTLE_VERSION=$BOUNCY_CASTLE_JAVA_VERSION-$BOUNCY_CASTLE_VERSION_NUMBER export BOUNCY_CASTLE_JAR_FILE=bcprov-$BOUNCY_CASTLE_VERSION.jar export BOUNCY_CASTLE_DOWNLOAD_URL=$BOUNCY_CASTLE_DOWNLOAD_BASE_URL/$BOUNCY_CASTLE_JAR_FILE export BOUNCY_CASTLE_PATH=$JAVA_LIB_FOLDER/ext/$BOUNCY_CASTLE_JAR_FILE

wget -O $BOUNCY_CASTLE_PATH $BOUNCY_CASTLE_DOWNLOAD_URL chmod 644 "$BOUNCY_CASTLE_PATH"

codeseedr commented 1 year ago

I found that sun.security.ec.SunEC provider initializes in !useFullImplementation mode due to:

java.lang.UnsatisfiedLinkError: /opt/java/openjdk/lib/amd64/libsunec.so: Error loading shared library libgcc_s.so.1: No such file or directory (needed by /opt/java/openjdk/lib/amd64/libsunec.so)

Once I installed libgcc package through:

# apk add libgcc
(1/1) Installing libgcc (11.2.1_git20220219-r2)
OK: 31 MiB in 29 packages

the issue went away.

jerboaa commented 1 year ago

@gdams Could missing libgcc in alpine images be the source of the trouble we were seeing with those? See: https://github.com/adoptium/temurin-build/issues/3002#issuecomment-1334115925

https://github.com/adoptium/containers/issues/319 might be related too.

gdams commented 1 year ago

Quite possibly @jerboaa, I'll do some testing

gdams commented 1 year ago

Yup as per @codeseedr's comment:

Without libgcc installed:

SSLServerSocketFactory -> sun.security.ssl.SSLServerSocketFactoryImpl
1 TLS_AES_256_GCM_SHA384
2 TLS_AES_128_GCM_SHA256
3 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
4 TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
5 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
6 TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
7 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
8 TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
9 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
10 TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
11 TLS_DHE_RSA_WITH_AES_256_CBC_SHA
12 TLS_DHE_DSS_WITH_AES_256_CBC_SHA
13 TLS_DHE_RSA_WITH_AES_128_CBC_SHA
14 TLS_DHE_DSS_WITH_AES_128_CBC_SHA
15 TLS_RSA_WITH_AES_256_GCM_SHA384
16 TLS_RSA_WITH_AES_128_GCM_SHA256
17 TLS_RSA_WITH_AES_256_CBC_SHA256
18 TLS_RSA_WITH_AES_128_CBC_SHA256
19 TLS_RSA_WITH_AES_256_CBC_SHA
20 TLS_RSA_WITH_AES_128_CBC_SHA
21 TLS_EMPTY_RENEGOTIATION_INFO_SCSV

With libgcc installed:

SSLServerSocketFactory -> sun.security.ssl.SSLServerSocketFactoryImpl
1 TLS_AES_256_GCM_SHA384
2 TLS_AES_128_GCM_SHA256
3 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
4 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
5 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
6 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
7 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
8 TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
9 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
10 TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
11 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
12 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
13 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
14 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
15 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
16 TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
17 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
18 TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
19 TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
20 TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
21 TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
22 TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
23 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
24 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
25 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
26 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
27 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
28 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
29 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
30 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
31 TLS_DHE_RSA_WITH_AES_256_CBC_SHA
32 TLS_DHE_DSS_WITH_AES_256_CBC_SHA
33 TLS_DHE_RSA_WITH_AES_128_CBC_SHA
34 TLS_DHE_DSS_WITH_AES_128_CBC_SHA
35 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
36 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
37 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
38 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
39 TLS_RSA_WITH_AES_256_GCM_SHA384
40 TLS_RSA_WITH_AES_128_GCM_SHA256
41 TLS_RSA_WITH_AES_256_CBC_SHA256
42 TLS_RSA_WITH_AES_128_CBC_SHA256
43 TLS_RSA_WITH_AES_256_CBC_SHA
44 TLS_RSA_WITH_AES_128_CBC_SHA
45 TLS_EMPTY_RENEGOTIATION_INFO_SCSV
gdams commented 1 year ago

I guess the question becomes should we ship libgcc as part of our alpine Docker image?

zdtsw commented 1 year ago

probably should move this issue into https://github.com/adoptium/containers to continue discussion.

jerboaa commented 1 year ago

I guess the question becomes should we ship libgcc as part of our alpine Docker image?

Would be something to consider, yes. Or find a way for libsunec.so to not require it. https://github.com/adoptium/containers/issues/319 indicates that this breaks some TLS 1.3 use cases too.

karianna commented 1 year ago

To follow the Alpine philosophy, we should try to avoid shipping libgcc :-), hopefully we can fix libsunec.so here.

itineric commented 1 year ago

I used some ugly (but working) hack:

FROM eclipse-temurin:11-alpine as jdk-cipher-hack
COPY --from=jdk-cipher-hack /opt/java/openjdk/lib/libsunec.so /opt/java/openjdk/jre/lib/amd64/libsunec.so

When the image itself uses FROM eclipse-temurin:8-alpine

The key to solve the issue may be to check how libsunec.so from v11 is linked since it does not depend on libgcc_s.so

jerboaa commented 1 year ago

https://bugs.openjdk.org/browse/JDK-8306037 is the upstream issue.

sadrian commented 5 months ago

I found that sun.security.ec.SunEC provider initializes in !useFullImplementation mode due to:

java.lang.UnsatisfiedLinkError: /opt/java/openjdk/lib/amd64/libsunec.so: Error loading shared library libgcc_s.so.1: No such file or directory (needed by /opt/java/openjdk/lib/amd64/libsunec.so)

Once I installed libgcc package through:

# apk add libgcc
(1/1) Installing libgcc (11.2.1_git20220219-r2)
OK: 31 MiB in 29 packages

the issue went away.

perfect solution

cmjzzx commented 3 months ago

Yup as per @codeseedr's comment:

Without libgcc installed:

SSLServerSocketFactory -> sun.security.ssl.SSLServerSocketFactoryImpl
1 TLS_AES_256_GCM_SHA384
2 TLS_AES_128_GCM_SHA256
3 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
4 TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
5 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
6 TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
7 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
8 TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
9 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
10 TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
11 TLS_DHE_RSA_WITH_AES_256_CBC_SHA
12 TLS_DHE_DSS_WITH_AES_256_CBC_SHA
13 TLS_DHE_RSA_WITH_AES_128_CBC_SHA
14 TLS_DHE_DSS_WITH_AES_128_CBC_SHA
15 TLS_RSA_WITH_AES_256_GCM_SHA384
16 TLS_RSA_WITH_AES_128_GCM_SHA256
17 TLS_RSA_WITH_AES_256_CBC_SHA256
18 TLS_RSA_WITH_AES_128_CBC_SHA256
19 TLS_RSA_WITH_AES_256_CBC_SHA
20 TLS_RSA_WITH_AES_128_CBC_SHA
21 TLS_EMPTY_RENEGOTIATION_INFO_SCSV

With libgcc installed:

SSLServerSocketFactory -> sun.security.ssl.SSLServerSocketFactoryImpl
1 TLS_AES_256_GCM_SHA384
2 TLS_AES_128_GCM_SHA256
3 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
4 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
5 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
6 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
7 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
8 TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
9 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
10 TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
11 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
12 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
13 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
14 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
15 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
16 TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
17 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
18 TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
19 TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
20 TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
21 TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
22 TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
23 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
24 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
25 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
26 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
27 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
28 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
29 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
30 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
31 TLS_DHE_RSA_WITH_AES_256_CBC_SHA
32 TLS_DHE_DSS_WITH_AES_256_CBC_SHA
33 TLS_DHE_RSA_WITH_AES_128_CBC_SHA
34 TLS_DHE_DSS_WITH_AES_128_CBC_SHA
35 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
36 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
37 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
38 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
39 TLS_RSA_WITH_AES_256_GCM_SHA384
40 TLS_RSA_WITH_AES_128_GCM_SHA256
41 TLS_RSA_WITH_AES_256_CBC_SHA256
42 TLS_RSA_WITH_AES_128_CBC_SHA256
43 TLS_RSA_WITH_AES_256_CBC_SHA
44 TLS_RSA_WITH_AES_128_CBC_SHA
45 TLS_EMPTY_RENEGOTIATION_INFO_SCSV

Thank you so much, this is exactly the solution I needed for my situation.