Burp Suite User Forum

Login to post

Enable deprecated TLS Cipher Suites

Shane | Last updated: Nov 14, 2020 07:54PM UTC

I am doing a study on involving TLS and I need to add specific cipher suites that I don't see listed under the TLS Ciphers option. To clarify, I do the following: Project Options > TLS > Enable Custom protocols and ciphers. In the ciphers dropdown I do not see some of the ciphers I am investigating. I have tried messing with the JRE files associated with the disabled ciphers and I have also extracted US_Export and local policy files that are considered unlimited strength. They can be found here https://www.oracle.com/java/technologies/javase-jce8-downloads.html. Please let me know if there is anything I can do to force the use of a deprecated cipher suites. Thank you!

Hannah, PortSwigger Agent | Last updated: Nov 16, 2020 09:28AM UTC

Hi Burp will get your protocols and ciphers from your Java installation that it is launched with. Are you using the platform version of Burp, that comes packaged with its own JRE, or are you using the standalone JAR version of Burp, that you launch with your own Java environment? If the protocols and ciphers you are looking for are only included in Java 8 or below, then you will need to use an older version of Burp. Since v2020.4, our minimum supported version of Java is Java 9. You can download previous versions of Burp from our releases page: https://portswigger.net/burp/releases

You need to Log in to post a reply. Or register here, for free.