I'd like my TLS server app to keep stats on which cipher suites its clients have requested -- so that in future I can make informed decisions about the user impact of disabling a given cipher suite.
Using JSSE I can easily get at the cipher suite agreed upon by the handshake, using HandshakeCompletedEvent.getCipherSuite().
But browsing through the Javadocs, I can't see anything that lets me see details of the client_hello, and thus the other cipher suites listed as acceptable to the client. Is there an API into that, that I've failed to find?
But browsing through the Javadocs, I can't see anything that lets me see details of the client_hello, and thus the other cipher suites listed as acceptable to the client.
There isn't one.
Is there an API into that, that I've failed to find?
No.
You shouldn't disable any cipher suite unless there is a security problem with it, and in that case it is just bad luck if any client relied on it. This is really very unlikely.