How to enable TLS 1.2 in Java 7
I am trying to enable TLS 1.2 in my web app which uses JBoss 6.4 and Java 1.7. I have -Dhttp.protocols = TLSv1.2
in my application environment but it doesn't seem to work for me.
Is there anything I could do to enable TLS 1.2?
I wrote a simple program
context = SSLContext.getInstance("TLSv1.2");
context.init(null,null,null);
SSLContext.setDefault(context);
SSLSocketFactory factory = (SSLSocketFactory)context.getSocketFactory();
SSLSocket socket = (SSLSocket)factory.createSocket();
protocols = socket.getEnabledProtocols();
After running this program within the app the TLS 1.2 gets enabled. I do not want to run this program but I want to directly enable it during app startup. Is there any way to do it?
Solution 1:
There are many suggestions but I found two of them most common.
Re. JAVA_OPTS
I first tried export JAVA_OPTS="-Dhttps.protocols=SSLv3,TLSv1,TLSv1.1,TLSv1.2"
on command line before startup of program but it didn't work for me.
Re. constructor
Then I added the following code in the startup class constructor and it worked for me.
try {
SSLContext ctx = SSLContext.getInstance("TLSv1.2");
ctx.init(null, null, null);
SSLContext.setDefault(ctx);
} catch (Exception e) {
System.out.println(e.getMessage());
}
Frankly, I don't know in detail why ctx.init(null, null, null);
but all (SSL/TLS) is working fine for me.
Re. System.setProperty
There is one more option: System.setProperty("https.protocols", "SSLv3,TLSv1,TLSv1.1,TLSv1.2");
. It will also go in code but I've not tried it.
Solution 2:
You can upgrade your Java 7 version to 1.7.0_131-b31
For JRE 1.7.0_131-b31 in Oracle site :
TLSv1.2 and TLSv1.1 are now enabled by default on the TLS client end-points. This is similar behavior to what already happens in JDK 8 releases.