SyntaxFix

[java] How to enable TLS 1.2 in Java 7

I am trying to enable TLS 1.2 in my web app which uses JBoss 6.4 and Java 1.7. I have -Dhttp.protocols = TLSv1.2 in my application environment but it doesn't seem to work for me.

Is there anything I could do to enable TLS 1.2?

I wrote a simple program 

context = SSLContext.getInstance("TLSv1.2");
context.init(null,null,null);
SSLContext.setDefault(context); 
SSLSocketFactory factory = (SSLSocketFactory)context.getSocketFactory();
SSLSocket socket = (SSLSocket)factory.createSocket();
protocols = socket.getEnabledProtocols();

After running this program within the app the TLS 1.2 gets enabled. I do not want to run this program but I want to directly enable it during app startup. Is there any way to do it?

This question is related to java jboss java-7 tls1.2

The answer is

To force enable TLSv1.2 in JRE7u_80 I had to use following code snippet before creating JDBC connection.

import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import javax.net.ssl.SSLContextSpi;
import sun.security.jca.GetInstance;
import sun.security.jca.ProviderList;
import sun.security.jca.Providers;

public static void enableTLSv12ForMssqlJdbc() throws NoSuchAlgorithmException
{
    ProviderList providerList = Providers.getProviderList();
    GetInstance.Instance instance = GetInstance.getInstance("SSLContext", SSLContextSpi.class, "TLS");
    for (Provider provider : providerList.providers())
    {
        if (provider == instance.provider)
        {
            provider.put("Alg.Alias.SSLContext.TLS", "TLSv1.2");
        }
    }
}

Able to connect to Windows 10 with SQL server 2017 & TLSv1.2 enabled OS.

I had similar issue when connecting to RDS Oracle even when client and server were both set to TLSv1.2 the certs was right and java was 1.8.0_141 So Finally I had to apply patch at Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files

After applying the patch the issue went away and connection went fine.

I solved this issue by using

Service.setSslSecurityProtocol(SSLSecurityProtocol.TLSv1_2);

There are many suggestions but I found two of them most common.

Re. JAVA_OPTS

I first tried export JAVA_OPTS="-Dhttps.protocols=SSLv3,TLSv1,TLSv1.1,TLSv1.2" on command line before startup of program but it didn't work for me.

Re. constructor

Then I added the following code in the startup class constructor and it worked for me.

try {
        SSLContext ctx = SSLContext.getInstance("TLSv1.2");
        ctx.init(null, null, null);
        SSLContext.setDefault(ctx);
} catch (Exception e) {
        System.out.println(e.getMessage());
}

Frankly, I don't know in detail why ctx.init(null, null, null); but all (SSL/TLS) is working fine for me.

Re. System.setProperty

There is one more option: System.setProperty("https.protocols", "SSLv3,TLSv1,TLSv1.1,TLSv1.2");. It will also go in code but I've not tried it.

The stated answers are correct, but I'm just sharing one additional gotcha that was applicable to my case: in addition to using setProtocol/withProtocol, you may have some nasty jars that won't go away even if have the right jars plus an old one:

Remove

<dependency>
    <groupId>commons-httpclient</groupId>
    <artifactId>commons-httpclient</artifactId>
    <version>3.1</version>
</dependency>

Retain

<dependency>
    <groupId>org.apache.httpcomponents</groupId>
    <artifactId>httpclient</artifactId>
    <version>4.5.2</version>
</dependency>

<dependency>
    <groupId>org.apache.httpcomponents</groupId>
    <artifactId>httpcore</artifactId>
    <version>4.4.6</version>
</dependency>

Java is backward compatible, but most libraries are not. Each day that passes the more I wish shared libraries were outlawed with this lack of accountability.

Further info

java version "1.7.0_80"
Java(TM) SE Runtime Environment (build 1.7.0_80-b15)
Java HotSpot(TM) 64-Bit Server VM (build 24.80-b11, mixed mode)

Add this parameter to JAVA_OPTS or to the command line in Maven: -Dhttps.protocols=TLSv1.2

System.setProperty("https.protocols", "TLSv1.2"); worked in my case. Have you checked that within the application?

Add following option for java application:

-Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2

You can upgrade your Java 7 version to 1.7.0_131-b31

For JRE 1.7.0_131-b31 in Oracle site :

TLSv1.2 and TLSv1.1 are now enabled by default on the TLS client end-points. This is similar behavior to what already happens in JDK 8 releases.

You should probably be looking to the configuration that controls the underlying platform TLS implementation via -Djdk.tls.client.protocols=TLSv1.2.

Source: Stackoverflow.com

Examples related to java

Under what circumstances can I call findViewById with an Options Menu / Action Bar item? How much should a function trust another function How to implement a simple scenario the OO way Two constructors How do I get some variable from another class in Java? this in equals method How to split a string in two and store it in a field How to do perspective fixing? String index out of range: 4 My eclipse won't open, i download the bundle pack it keeps saying error log

Examples related to jboss

How to enable TLS 1.2 in Java 7 Jboss server error : Failed to start service jboss.deployment.unit."jbpm-console.war" SQLException: No suitable Driver Found for jdbc:oracle:thin:@//localhost:1521/orcl PSQLException: current transaction is aborted, commands ignored until end of transaction block JBoss AS 7: How to clean up tmp? How to deploy a war file in JBoss AS 7? How to increase heap size for jBoss server JBoss default password HTTP response header content disposition for attachments PersistenceContext EntityManager injection NullPointerException

Examples related to java-7

How to enable TLS 1.2 in Java 7 "Javac" doesn't work correctly on Windows 10 invalid target release: 1.7 No compiler is provided in this environment. Perhaps you are running on a JRE rather than a JDK? How to set specific Java version to Maven Which JDK version (Language Level) is required for Android Studio? How to set -source 1.7 in Android Studio and Gradle Technically what is the main difference between Oracle JDK and OpenJDK? Create a Path from String in Java7 How to set IntelliJ IDEA Project SDK

Examples related to tls1.2

A fatal error occurred while creating a TLS client credential. The internal error state is 10013 Update .NET web service to use TLS 1.2 How to enable TLS 1.2 in Java 7 TLS 1.2 in .NET Framework 4.0 How to use TLS 1.2 in Java 6 NSURLSession/NSURLConnection HTTP load failed on iOS 9

Tags

Bind2nd Rapaste Vistadb Glteximage2d Mobile-webkit Directoryindex Monad-transformers Jsfl Training-data Chirpy Vhosts S60-3rd-edition Cakephp-2.0 Plesk Serial-number Function-module Max-size Entitycollection Bounding-box Mex Dreamweaver Excel-addins Playing-cards Sscli Junction Cover Etch Remote-backup Directinput Mstsc Comparison Codecvt Httpmodule Build-system Application-variables Hamcrest Powershell-remoting Jdic Dynamic-pages Mutated Qfe Createuser Subscriber Windows-7-x64 Trygetvalue Mysql-error-1054 No-cache Inner-join Elapsedtime Dom4j Hardware-acceleration Multiple-constructors Rescale Cocotron Iqueryable Conditional-comments Distance Jscience Ramaze Django-1.1 Look-and-feel Nested-generics Customtool Blendability Pressflow Application-state Desktop-recording Allegro-cl Microsoft-cdn Heartbeat Fractals Code-statistics Client-side Covariant Obsolete Rd Unix-ar Hunchentoot Xmpp4r Capture-group Inversion-of-control Episerver Export-to-excel Iis-6 Ucs2 Auto-close Wordperfect Thread-local Mdf Css-parsing Array-algorithms Copy-assignment Clientside-caching Certificate-store Stretchdibits Application-role Constraintexception Browser-security Multicol User-extensions.js