How to force java server to accept only tls 1.2 and reject tls 1.0 and tls 1.1 connections

I found a solution for this. I set the

jdk.tls.disabledAlgorithms= SSLv2Hello, SSLv3, TLSv1, TLSv1.1

in the file jre/lib/security/java.security on the server.

After setting this, server only accepts the TLS1.2 connection and reject lower security protocol versions.

Just a small remark;

In the question you stated that you generated a 2048 size certificate with MD5. But in the cert path alg you disabled MD5 so this normally should not work. Secondly Server certificates generated with a MD5 hash are banned from modern browsers such as Internet Explorer 10/Edge.

I would like to advice you to generate your Server certificate at least with a SHA256 or < hash.

I have also done the same changes in "/java/jdk1.7.0_79/jre/lib/security"-java.security file but some of clients are still able to call my services with SSL protocol.

----Changes jdk.tls.disabledAlgorithms=SSL,SSLv2,SSLv3, TLSv1, TLSv1.1,MD5, SSLv3, DSA, RSA keySize < 2048

How to force java server to accept only tls 1.2 and reject tls 1.0 and tls 1.1 connections

Tags:

Java

Security

Ssl

Https

Related

Recent Posts