How to force the java server to accept only TLS 1.2 and reject TLS 1.0 and TLS 1.1 connections

Java

I have an HTTPS web service running on Java 7 I need to make changes so that the service only accepts tls1 2 connect and reject ssl3, tls1 0 and tls1 one

I added the following Java parameters to make tls1 2 is the highest priority

-Dhttps.protocols=TLSv1.2

But it also accepts tls1.0 from Java clients 0 connection If the client also runs the above Java parameters, the connection is tls1 2. If the client does not run with this parameter, the connection is tls1 0

I found Java. Net in the JDK / JRE / lib / security folder Some operations are performed in the security file

I currently have the following disabled algorithms:

jdk.certpath.disabledAlgorithms= MD2,MD4,MD5,SHA224,DSA,EC keySize < 256,RSA keySize < 2048,SHA1 keysize < 224
jdk.tls.disabledAlgorithms=DSA,DHE,SHA1 keysize < 224

I'm using java 7, update 79 I'm not inclined to intercept every connection and check the TLS version

My server certificate is 2048 bits generated using MD5 of RSA algorithm

If the list of disabled algorithms has RSA instead of RSA keysize < 2048, I get the sslhandshakeerror and error message: there is no common ground of cipher suite My test program is to run the HTTP server from the following URL: http://www.herongyang.com/JDK/HTTPS-HttpsEchoer-Better-HTTPS-Server.html

Please help how to make Java accept only TLS 1.2 connections

Solution

I found a solution I set

jdk.tls.disabledAlgorithms= SSLv2Hello,SSLv3,TLSv1,TLSv1.1

The file on the server is JRE / lib / security / Java In security

After setting, the server only accepts tls1 2 connect and reject the lower security protocol version

The content of this article comes from the network collection of netizens. It is used as a learning reference. The copyright belongs to the original author.
THE END
分享
二维码
< <上一篇
下一篇>>